An information system (IS) auditor was asked to review the alignment between information technology (IT) and business goals for Cachero, a small but rapidly growing financial institution. The IS...


An information system (IS) auditor was asked to review the alignment between information technology (IT) and business goals for Cachero, a small but rapidly growing financial institution. The IS auditor requested information including business and IT goals and objectives; however, these were limited to a short, bulleted list for business goals and PowerPoint slides used in reporting meetings for IT goals. It was also found in the documentation provided that over the past two (2) years, the risk management committee (composed of senior management) met on only three (3) occasions, and no minutes of what was discussed were kept for these meetings. When the IT budget for the upcoming year was compared to the strategic plans for IT, it was noted that several of the initiatives mentioned in the plans for the upcoming year were not included in the budget for that year.


The IS auditor also discovered that Cachero does not have a full-time chief information officer (CIO). The


organizational chart of the entity denotes an IS manager reporting to the chief financial officer (CFO), who,


in turn, reports to the board of directors. The board plays a major role in monitoring IT initiatives in the entity,


and the CFO frequently communicates the progress of IT initiatives.


When the IS auditor reviewed the segregation of duties (SoD) matrix, it was apparent that application


programmers are only required to obtain approval from the database administrator (DBA) to directly access


the production data. It was also noted that the application programmers must provide the developed program code to the librarian, who then migrates it to production. IS audits are carried out by the internal audit department, which reports to the CFO at the end of every month, as part of the business performance review process; the financial results of the entity are reviewed in detail and signed off by the business managers for the correctness of data contained therein.





Questions:



1. In no more than five (5) sentences, discuss what should an IS auditor suggest regarding the governance structure of Cachero.



2. The IS budgeting process should be integrated with business processes and aligned with organizational budget cycles. What advice would the IS auditor give to the organization to ensure the budget covers all aspects and can be accepted by the board? Discuss your answer in no more than five (5) sentences.

Jun 04, 2022
SOLUTION.PDF

Get Answer To This Question

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here