You can download the solution to the following question for free. For further assistance in Accounting assignments please check our offerings in Accounting assignment solutions. Our subject-matter experts provide online assignment help to Accounting students from across the world and deliver plagiarism free solution with free Grammarly report with every solution.
(ExpertAssignmentHelp does not recommend anyone to use this sample as their own work.)
The engagement partner has requested a meeting tomorrow to discuss audit plan for MTI She has requested several documents for that meeting.
1. A preliminary audit plan assessing internal control risk and providing preliminary judgment for detection risk.
2. A description of specific substantive procedures that could be conducted for the WIP inventory. You are required to justify the audit plan by referring to theoretical grounds learnt from this unit.
Review your requirements with our FREE Assignment Understanding Brief and avoid last minute chaos.
We provide you services from PhD experts from well known universities across the globe.
No more plagiarism worries. We give you a FREE Grammarly report with every assignment.
Statements of Auditing Standards 300(SASs) (2004) provide guidance in accounting and internal system controlsof risk,audit framework and assessing the internal control risk carried under the WIP inventory. Thepreliminary model of audit plans the assignment focuses at the risk inherent to the system and substantive procedures on the 'Working in Progress' inventory .
The following case study addresses belowrequirements primarily with the audit plan;
1. InMTI office movement, bookkeeping standard was lost and issues like server crash.
2. Strategic approach to access and formulate guidance for the MIT and EI.
3. Suppliers sent sample programs that had been infected with a virus. No mechanism to detect and investigate.
4. Securedstrategies, legislative regulations for effective and economical use of resources.
5. Ensure dependability of data, records and information.
6. Safeguard MTI's interests and assets from losses of all kinds, like fraud, irregularity or corruption and monitor the achievement based on (CAD/CAM) system .
SECTION 1: Preliminary Audit Plan, Assessing Internal Control Risk
The information security audit plan can be drafted as per the global standard of ISO 27001 which is Information Security and Management System (ISMS) and considers all aspects of the security to be implemented at an enterprise level. Thus, at a very high level MTI should have a robust information security policy to address a well-defined audit plan risk and control which is helpful in early detection of risk. So the structure as per the ISO 27001 auditing standard is a layered architecture for information security. For any organization to successfully implement Information Security Management there needs to be well defined policy in place to assign the accountability, in case an incident occurs. MTI sets a well-defined policy/ Plan in place for managing such incidents.
Policy: Layer 1 also known as policy layer. MTI's policies mandate what must be done and standards tell you how to be compliant with policy(s). It mainly comprises of enterprise security policies. This is the most import layer as it lays down the entire enterprise framework, its scope, goals and purpose. (SANS 2013).
Standards: Layer 2 comprises of enterprise standards. MTI's standards include the minimum requirements necessary to make compliant with policy with stringent measures documented in the standards.
Procedures: This layer sets the expectations on the usage of the above two layer. It can be briefly explained by Data Classification Procedure of MTI:
All data / Information do not have the same importance to a business. Few can be undeniably mission critical; while some will be of temporary values. Data is growing at a very high exponential manner. Thus, Data classification Procedure in MTI, defines the recovery, access and discovery characteristics of an enterprise to facilitate business objectives.
Guidelines: Setting of the guidelines is kept as a local responsibility of the concerned office Periodic revisions to this guideline will be published as is necessary and practicable.
The security layered architecture of MTI Security, ensures that the Information system can be managed in a substantial manner, providing a robust framework for all employees. This helps to set standards for data classification and protection that must be applied to all MTI data resources. All data must be classified to ensure that MTI information assets receive the right level of protection. As there are different data types (e.g., personnel data, project data, financial data, etc.), MTI data will require different levels of protection, depending on its sensitivity and criticality.