https://audit.wa.gov.au/wp-content/uploads/2018/08/report2018_14-IS-GCC-App-Pass.pdfPage | 1 Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College 55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111 PRV12007; CRICOS 03048D Approved: DATE & Version IT Audit and Controls (SBM 4302) Assessment 3: Report Due date: Final date: Week 12 Group/individual: Group Word count / Time provided: 1500 Weighting: 20% Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6, ULO-7 Course Learning Outcomes: CLO-1, CLO-6, CLO-8, CLO-9 Graduate Attributes: GA8, GA9, GA11 Assessment Details: This assessment is designed to assess students’ ability to apply theoretical learning to practical, real world situations. In this assessment students are given a sample IT audit report and asked to comment upon it. Students are expected to identify and discuss any irregularities found in the report, for example, securing and preserving evidence. They should discuss possible audit strategies used to produce the report and what actions, recommendations, or sanctions might be included in the report as a result of the identification of irregularities. In completing this assessment successfully, you will be able to learn how to analyse an IT audit report, learn relevant legislation, generally accepted auditing standards and ISACA’s CORBIT framework, which will help in achieving ULO1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6, and ULO-7. Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 20% of the total unit mark Marking Criteria Not satisfactory (0-49%) of the criterion mark) Satisfactory (50-64%) of the criterion mark Good (65-74%) of the criterion mark Very Good (75-84%) of the criterion mark Excellent (85-100%) of the criterion mark Identify the risks relevant to planning and conducting IT audit and control activities (30 marks) Inadequate understanding of organizational and managerial risks relevant to planning and conducting IT audit and control activities. Basic knowledge of organizational and managerial risks relevant to planning and conducting IT audit and control activities. Exhibits breadth and depth of understanding of organizational and managerial risks relevant to planning and conducting IT audit and control activities. Exhibits accurate and detailed breadth and depth of understanding of organizational and managerial risks relevant to planning and conducting IT audit and control activities. Displays exceptional understanding of concepts and their practical application of organizational and managerial risks relevant to planning and conducting IT audit and control activities. Page | 2 Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College 55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111 PRV12007; CRICOS 03048D Approved: DATE & Version Describe audit methodologies (30 marks) Inadequate understanding of audit methodologies, cannot discuss concepts in own words. Basic knowledge of audit methodologies, limited depth of basic concepts. Exhibits breadth and depth of understanding of audit methodologies. Exhibits accurate and detailed breadth and depth of understanding of audit methodologies. Displays exceptional understanding of concepts and their practical application of audit methodologies. Impact of IT Audit controls on business operations (20 marks) Inadequate understanding of the basic IT controls and their impact on related business operations. Basic knowledge of IT audit controls and their relationships to business risks. Exhibits breadth and depth of understanding of IT audit controls and their impact on related business operations. Exhibits accurate and detailed breadth and depth of understanding of IT audit controls and associated business risks. Displays exceptional understanding of concepts and their practical application of IT audit controls and impact on business operations. Describe and discuss the professional, legal, and ethical responsibilities of an IT Auditor (20 marks) Inadequate understanding of the professional, legal, and ethical responsibilities of an IT Auditor; cannot discuss concepts in own words. Basic knowledge of the professional, legal, and ethical responsibilities of an IT Auditor. Exhibits breadth and depth of understanding of the professional, legal, and ethical responsibilities of an IT Auditor. Exhibits accurate and detailed breadth and depth of understanding professional, legal, and ethical responsibilities of an IT Auditor. Displays exceptional understanding of concepts and their practical application of the professional, legal, and ethical responsibilities of an IT Auditor