First American Financial Corporation Research Paper

Description

2 attachmentsSlide 1 of 2attachment_1attachment_1attachment_2attachment_2

Unformatted Attachment Preview

Audit Report Template
Date: 20/03/2018
1/6
TABLE OF CONTENTS
1 PURPOSE OF THE AUDIT …………………………………………………………………………………………3
2 SCOPE OF THE AUDIT …………………………………………………………………………………………….3
3 AUDIT SUMMARY …………………………………………………………………………………………………3
3.1 Audit Information ……………………………………………………………………………………………… 3
3.2 Audit Report Distribution …………………………………………………………………………………… 3
3.3 Audit Summary …………………………………………………………………………………………………. 3
3.3.1 Method of Performing the Audit …………………………………………………………………… 3
3.3.2 Strong areas identified …………………………………………………………………………………. 4
3.3.3 Weak areas identified ………………………………………………………………………………….. 4
3.4 Categorization of findings …………………………………………………………………………………… 4
3.5 Audit Findings …………………………………………………………………………………………………… 5
4 DETAILED ACTION PLAN …………………………………………………………………………………………6
Date: 20/03/2018
2/6
1
PURPOSE OF THE AUDIT
The purpose of the Audit [IDENTIFIER OF THE AUDIT] was to objectively evaluate adherence and
the level of compliance to the requirements as these are defined in [reference of the applicable
procedures or the baseline eHealth that will serve the auditor to be informed about what they
need to check compliance against] and the applicable standards ISO/IEC 20000-1:2011, ISO/IEC
27001:2013 (or 27001:2005 to be defined), ITIL v3 framework.
In addition, the audit aimed at examining any areas of potential improvement or inconsistencies
in order to propose corrective or proactive/improvement actions.
[If this is a follow-up audit, then the purpose of the audit is as well that all actions from the
previous audit were followed-up.]
2
SCOPE OF THE AUDIT
The Audit was conducted at the [Name of Entity Audited/ Location] and covered the following
areas:
•
•
•
•
•
•
3
Legislative Requirements and Compliance
Semantics Requirements
Organisational Requirements
Operational Readiness
Information Security
Technical Requirements
AUDIT SUMMARY
3.1
Audit Information
(This information is traceable in addition in the Audit checklist)
Audited Entity:
Auditee(s):
Auditor(s):
3.2
Audit Report Distribution
To be defined that that the distribution list is based on the need-to-know principle. The list should
be predefined.)
3.3
Audit Summary
3.3.1 Method of Performing the Audit
– Records review
– Walkthrough review
– Desktop review
– etc.
Date: 20/03/2018
3/6
3.3.2 Strong areas identified
The areas identified where findings implementation level is above 50% or areas that are in partial
compliance (Finding-B) but need low effort to increase the implementation level should be
mentioned in this paragraph.
3.3.3 Weak areas identified
The areas identified that perform below 50% and have a risk of decreasing their performance
should be mentioned here.
3.4
Categorization of findings
For the purpose of the audit the definitions that will be used to classify the findings are detailed
in the Audit Framework [Ref.]:
Findings
Category
Finding-A
Implementa
tion Level
Severity Description
Follow-up
Timeframe
Closure
Timeframe
Not
Implemente
d
The requirement of
implementing this criterion is not
met.
2 months before
going live
Before going
live
(0%-25%)
A finding of this type can be a
result but not limited to the
following:
Within 6 months
after going live
Within
1
year after
going live
– a weakness that diminishes the
readiness criterion
– a disregarded
requirement/criterion
– a weak application of a control
which under circumstances can
bypass a requirement/criterion
– complete absence of relevant
documentation
The Finding-A should be
described in detail and
supportive proof provided.
Finding-B
Partially
Implemente
d
The criterion is understood and
has proof of an ad hoc
implementation.
(25%-50%)
A finding of this type is partially
met but might have one or more
limitations such as:
– Some inconsistencies in the the
implementation
– Not adequately following the
requirement
– Inconsistencies or gaps
between the documentation and
the actual implementation,
which require improvement of
Date: 20/03/2018
4/6
Findings
Category
Implementa
tion Level
Severity Description
Follow-up
Timeframe
Closure
Timeframe
2 years after the
Go-Live date
2 years after
the Go-Live
date
No action
No action
NCPeH decision
NCPeH
decision
documentation and/or
implementation.
– A weak application of a control
which under circumstances can
bypass a requirement and lead to
a Fining-A weakness
Recommendatio
n
Largely
Implemente
d
(50%-75%)
This is implemented to an extent
where the criterion is largely met,
and a documented description
exists.
It has a low impact but might
become greater in time.
The fulfilment of the criterion
should be monitored.
Success
75%-100%
Fully
implemented
and
satisfactorily and systematically
executed.
Documentation is supportive and
sufficient.
Improvement
3.5
–
Improvements
to
increase
efficiency or effectiveness
Audit Findings
[…] Attachment of the checklist with the detailed and documented findings
Date: 20/03/2018
5/6
4
DETAILED ACTION PLAN
The below action plan has been discussed and agreed between [Auditing Entities] and [Auditee Entities] and Action items and resolution and implementation agreed upon
during the closure meeting that took place on the [Date and Place]
Requirement ID
Finding
Corrective Action Agreed
(short description or copy
the finding from the
Readiness
Criteria
Checklist)
Date: 20/03/2018
6/6
Owner
Implementation Due Date
Follow up planning
ACCG3058 IS AUDIT AND ASSURANCE
IS AUDIT REPORT
Important note:
This is an individual assignment. You must complete the task independently. If you submit a report
that is similar to any of your classmate’s reports it will be considered academic dishonesty.
Refer to the Macquarie University Academic Honesty Procedure and associated documents.
Please also refer to the submission instruction as per unit guide.
Estimated student workload: 40 hours
Task
Perform a web search on recent (in the past 3 years) articles to find an interesting case study, such as
news articles in relation to IS risks.
You will need to provide the URL link to the original case in the appendix when you submit the
assignment.
Assuming that you are an IS auditor, prepare an IS audit plan and report to the management of your
client. The document must include the followings:
1) Executive Summary
You will need to prepare an executive summary document (0.5 page maximum) to
the board of directors.
2) Background to the Case
Background to the client’s business and computerised environment. – This is to demonstrate
your understanding of the client’s business and IS environment.
3) IS Risks
Identify IS risks from the case study, including analysing the likelihood, level of risks and
implications to the business.
4) Audit Areas, Audit Objectives and Procedures
Prepare an audit plan outlining the areas that you propose to audit. In addition, you will need to
include audit objectives and audit procedures for each of the area(s) that you plan to audit.
5) Audit Questions and Documents
For each of the audit objectives, provide at least three examples of interview questions that
you will use to gather evidence from clients, including naming relevant documents that you
may want to obtain for the audit.
6) Control Recommendations
1
Provide a set of recommendations of control mechanism(s) to mitigate for each of the IS risks.
Identify the benefits of your recommendation to your client.
Note: You can make use or adapt the audit table when answering questions 4 to 6.
Required
Write a report that addresses all of the above sections.
Format requirements: “Times New Roman” size 12 with 1.5 line spacing, approximately 1500
– 2000 words in total (not including references). You must include the total of words used
in your report. The report should have appropriate headings and subheadings (including an
introduction and conclusion).
You must acknowledge the use of the work of others (e.g. the academic journal articles on
which your report is based) using the Harvard referencing style (see
http://www.lib.mq.edu.au/research/referencing.html). Any ideas or quotations must be
correctly cited in the body of your report and a reference list must be provided at the end of
your report.
Once you have submitted your report, check the originality report in turn-it-in and ensure
similarity with other sources is referenced. You can resubmit your report until the due date.
Please note that the originality report for a resubmission takes 24 hours to be produced.
Please ensure that you allow adequate time, if you are considering resubmission.
Review the marking rubric so that you understand the expected standards and how
you will receive feedback.
Submission
Students will need to upload their assignment to http://ilearn.mq.edu.au (Turn-it-in) by
11.59p.m. on Friday 8th April (Week 7) Otherwise your assignment will be
considered late.
Penalties
Please refer to the Unit Guide for information on penalties that may apply for missing
the deadline.
Marking Criteria
Available via the Turnitin Link.
2
3

Purchase answer to see full
attachment

Explanation & Answer:
1500 Words

Tags:
system

firewall installation

protocols

User generated content is uploaded by users for the purposes of learning and should be used following Studypool’s honor code & terms of service.