It is worth 30% of my grades
Prepared by Anthony Wilson for ACCG358 Semester 1, 2019 1 ACCG358 INFORMATION SYSTEMS AUDIT AND ASSURANCE Department of Accounting and Corporate Governance IS Audit Report Important note: • This is an individual assignment. You must complete the task independently. If you submit a report that is similar to any of your classmate’s reports it will be considered academic dishonesty. • Refer to the Macquarie University Academic Honesty Procedure and associated documents. • Please also refer to the submission instruction as per unit guide. Estimated student workload: 30 hours Task Failures of, or breakdowns in IS controls can sometimes be revealed in highly public and embarrassing circumstances for the company or organisation concerned. Conduct a web search on recent (in the past 3 years) IS events to find an interesting case study, such as news articles in relation to IS risks. You will need to attach the original version of the case study or provide the URL link to the original case in the appendix when you submit the assignment. Uniqueness of the case study should be considered by students as it is more difficult to differentiate your work against many others using the same case. You are to assume that you are an IS external auditor, and as such, have prepared an IS audit plan and report to the management of your client (i.e. the company at the centre of the case study). Assume the event in the case study has occurred and you are conducting an audit after the event to identify weaknesses in the control environment and make appropriate recommendations. The document must include the following: 1) Executive Summary You will need to prepare an executive summary document (0.5-page maximum) suitable for presentation to the board of directors of the affected organisation. 2) Background to the Case Provide the background to the client’s business and computerised environment. This is to demonstrate your understanding of the client’s business and IS environment. 3) IS Risks Identify IS risks from the case study, including analysing the likelihood, level of risks and implications to the business. This should include not only the risks that eventuated in the case study but any other risks you identify in the organisation’s IS environment. 4) Audit Plan, Objectives and Procedures Prepare an audit plan outlining the areas that you propose to audit. In addition, you will need to include audit objectives and audit procedures for each of the area(s) that you plan to audit. Prepared by Anthony Wilson for ACCG358 Semester 1, 2019 2 5) Audit Questions and Documents For each of the audit objectives, provide at least three examples of interview questions that you will use to gather evidence from the client’s employees, including naming relevant documents that you may want to obtain for the audit. 6) Control Recommendations Provide recommendations of control mechanism(s) to mitigate each of the IS risks identified in part 3. Identify the benefits of your recommendations to your client, and if there is significant expense involved in implementing your recommendation, the justification for this expenditure. Required Write a report that addresses all of the above sections. • Format requirements: “Times New Roman” size 12 with 1.5 line spacing, approximately 1500-2000 words in total (not including references). You must include the total of words used in your report. The report should have appropriate headings and subheadings (including the Executive Summary for the Board and your recommendations). • You must acknowledge the use of the work of others (e.g. the academic journal articles on which your report is based) using the Harvard referencing style (see http://www.lib.mq.edu.au/research/referencing.html). Any ideas or quotations must be correctly cited in the body of your report and a reference list must be provided at the end of your report. • Once you have submitted your report, check the originality report in turn-it-in and ensure similarity with other sources is referenced. You can resubmit your report until the due date. • Please note that the originality report for a resubmission takes 24 hours to be produced. Please ensure that you allow adequate time, if you are considering resubmission. • Review the marking rubric on the following page so that you understand the expected standards and how you will receive feedback. Submission • Students will need to upload their assignment to http://ilearn.mq.edu.au (Turn-it-in) by 11:59 pm Friday 12th April (week 7). Otherwise your assignment will be considered late. • Late assignments must also be submitted via Turn-it-in. Penalties • Late tasks will be accepted up to 72* hours after the submission deadline. There will be a deduction of 20%* of the total available marks made from the total awarded mark for each 24-hour period or part thereof that the submission is late (for example, 25 hours late in submission – a 40% penalty will apply). * This penalty does not apply for cases in which an application for an extension has been approved. Prepared by Anthony Wilson for ACCG358 Semester 1, 2019 3 Marking Criteria The following criteria are how IS audit report will be marked. Not attempted Fail Pass Credit Distinction High Distinction 1) Selection of the case study and risk analysis (30%) No attempt, or the answer is copied or substantially copied from materials or other sources. Poor selection of the case study. Report indicates poor or no understanding of the case study and its associated risks. Average selection of the case study. Report indicates some understanding of the case study and its associated risks. Good selection of the case study. Report indicates good understanding of the case study and its associated risks. Good selection of the case study showing several IS issues. Report indicates high level of understanding of the case study and its associated risks. Unique case study selection representing many IS issues. Report indicates in‐depth understanding of the case study and comprehensive risk analysis. 2) Critical analysis of the case, quality of audit plan and recommendation to target audience. (50%) No attempt, or the answer is copied or substantially copied from materials or other sources. Report indicates poor or no understanding of an audit plan and inappropriate recommendation to target audience. Report indicates some understanding of an audit plan and provides an appropriate recommendation to target audience. Report indicates good understanding of an audit plan and is able to provide multiple appropriate recommendations to target audience. Report indicates high level understanding of audit plan and able to provide many appropriate recommendations to target audience. Report indicates advanced understanding of audit plan and able to provide appropriate recommendations for all risks identified to target audience. 3) Structure of the text (10%) No attempt, or the answer is copied or substantially copied from materials or other sources Report does not follow the structure given and information is not generally clearly organised within each section. Report mostly follows the structure given and information is generally clearly organised within each section. Report follows the structure given and information is generally clearly organised within each section. Report follows the structure given and information in each section is organised in a clear and logical way. Report follows the structure given and information in each section is presented in a clear logical way that supports the overall point /argument of that section. 4) Professional presentation including formatting, spelling, grammar, referencing (10%) No attempt, or the answer is copied or substantially copied from materials or other sources Presentation is of a very poor standard, with numerous errors / inconsistencies. Presentation is of a basic standard, with some formatting, spelling, grammar, referencing errors / inconsistencies Presentation is of a good standard, with infrequent formatting, spelling, grammar, referencing errors/ inconsistencies. Presentation is of a very good standard, with little or no formatting, spelling, grammar, referencing errors/ inconsistencies. Presentation is of a professional standard, with little or no formatting, spelling, grammar, referencing errors/ inconsistencies.