Skip to content

COMP1431 Audit & Security Coursework


Question 1

Organizational assets are important to an IT auditor because an IT auditor must have information about the organizational assets such as they must know that what they have to protect. The role of an IT auditor is supposed to analyze or assess infrastructure to make sure about the efficiency and effectiveness of the running process. It is important to review and audit all the financial sectors for the infrastructure that would lead to the growth of business processes globally (Gaddis, 2018).

Information technology auditor is responsible to determine IT issues that are occurred in the audit process. IT issues are related to risk management and security. When IT issues are identified then the IT auditor is supposed to resolve all the issues that would lead to an improvement in the overall structure of an organization.

The role and responsibility of the IT auditor are to develop, implement, test, and evaluate the overall procedure of audit. IT audit standards are applied to conduct IT audit projects. It could be extended to software, programs, communication system, networks and security system that are based on technological infrastructure of a company. It plays a major role in the overall development such as a small technical issue could create an issue for the structure of an organization (Chambers, et al., 2015).

IT auditor is responsible for the different audit of technologies and processes of an organization. IT audits are also called computer audits and automated data processing audits. It is referred to as an electronic data processing audit. Information security audit could be followed for the evaluation of risk management of an organization. IT audit is to be done for the security development.

Auditing of organization assets is the verification of assets effectively and efficiently. It could be an internal audit or an external audit. It is done to manage transparency and accuracy in the entire organization.

Internal audit defines the efficiency of internal control of an organization. It is the systematic framework of the accounting process. Internal auditors are the internal employee of an organization. The role of the internal auditor is to improve the structure of the operations of an organization (Gaddis, 2018).

Its main aim is to develop the effectiveness and accuracy of internal control for specific asset management. The financial balance sheet would be corrected when all the records of assets are correct. If the assets records are not maintained properly then it would affect financial statistics and the taxation process. It is done to keep safe all the assets from uncertain hurdles.

There are various benefits of asset auditing for IT auditors. Asset audition is beneficial for managing the depreciation criteria in the organization. Value of asset decreases with the time such as depreciation is applied to the asset and it is deducted from the original amount of asset. The different fixed asset has different depreciation rate. Depreciation provides a chance for the company to maintain the cost of an asset that is associated with the life of an asset. Depreciation could be calculated with two methods such as straight-line method and written down value (Chambers, et al., 2015).


Question 2

Audit evidence can take many forms. The most important form as evidence is to take account of CAAT’s and Flowcharts.

The computer-assisted audit technique is one of the techniques that are utilized by auditors. It provides a facility to research data from irregularities. It is helpful to provide effective analytical outcomes. It is utilized in the industry sector and various organization environments. Forensic accounting with more effectiveness could be done with CAAT’s technique. It is helpful for the auditor to work innovatively and efficiently (Zuca, 2018).

CAAT’s technique provides direction to make utilization of technology to control the activities by assessment of relevant data and eliminate unnecessary data. It could be known as data analytics. It could be utilized by a small organization as well as a large organization. It is the process that includes basic excels knowledge, word knowledge, well-organized strategy, simple tricks, and tips. It is the step to achieve organizational goals with efficiency and accuracy.  It is the combination of small actions that would lead to big changes in the growth of an organization (Zuca, 2018).

CAAT’S technique is beneficial for the development of auditing department such as-

1) Access the data stored in the computer system without depending on any other client.

2) Enhance the correctness of audit test effectively and efficiently

3) Examination of dependability of software such as IT application control

4) Represent audit test effectually that would lead to long term advantage such as cost-effectiveness.

5) It provides a chance to test a vast volume of data and facility to control operations.

6) It is one of the tools that determine human error and provide a high stage of audit evidence.

A flowchart technique is the form of a diagram that presents a process. The flow chart is also called cross-functional. It could be divided into different lanes. This approach provides a chance for internal auditors to determine roles and responsibilities. It defines the criteria including who presents the activity. A flowchart is a solution to two questions such as what has been happened and who has done it (Koval, et al., 2019).

There are three approaches of Flowchart that could be utilized as the evidence of audit.

1) It has a traditional approach that could be utilized to keep a record of establishing and end times. It could be done using a stopwatch in the environment of an industry. It could be used to acquire process during the process of observation in the operation department (Knechel, et al., 2016).

2) Document management software could be utilized. It includes user, date, and time stamps at every step of the flowchart process. This information could be inspected and downloaded through data analytics by connecting the flowchart with the different steps.

3) Operation creates an output with the Tact time rate. This formula is applied to calculate the average amount of time, activities, and pace. It could be utilized to identify speed to remain a process smooth without the utilization of backlogs. It offers an average time for all the operation during a specific period (Knechel, et al., 2016).

Flowchart must be framed clearly and simply. All the team members must be a true contributor to the process of the flowchart.


Question 3

The Auditor is supposed to evaluate a business continuity plan that includes the content of the plan to change control information stating changes since the last update of the plan.

A business continuity plan is a systematic manner that includes a framework of recovery and prevention from possible threats of a company. The plan provides surety about the effectiveness of workers and the availability of assets in tough times. In advance, The BCP plan is prepared including suggestions from stakeholders and managers (Fani, et al., 2019).

It is a framework that is documented simply and clearly. It defines the process of continuous operation in an unexpected period. It is inclusive than a research recovery plan. It contains action plans for human resources, business partners, and business processes.

BCP includes strategies to overall all the occurred risks in the operation department of an organization. It involves a risk management strategy. Risk is of any type such as disaster risks and cyber-attacks (Fani, et al., 2019). It follows a plan to overcome disaster risks as well as cyber-attacks such as-

1) Identification of the impact of risks on the operation department of an organization

2) Assessment of procedure to overcome the identified risks

3) Evaluation of all procedures to check whether they work effectually or not

4) Analysis of process to keep a check on its updated version

A business continuity plan audit is a method to evaluate the performance of a business continuity plan. The main aim of the audit is to recognize that plan whether the plan complies with organization objectives or not.

An internal business continuity plan audit describes the overall risks and threats that would be occurred in the upcoming year. It conducts tests to check the effect of risks and threats on the growth of an organization. An audit provides recommendations to the manager about the weakness and strengths of the business continuity plan of an organization.

A business continuity plan audit could be done through an internal processor with the help of a third party. The objective of the audit is to control and update the plan. The internal audit team plays a major role in the effectiveness of the business continuity plan process (Graham, et al., 2015).

The internal organization of standardization’s ISO 22301 provides a structured framework of audit that is helpful for the business continuity plan process of an organization. It defines that audit is to be done according to industry control and practices.

Business continuity plan audit presents feedback that could improve business continuity plan through innovative updates and actions. It is helpful to review the structure of management and best practices of the common industry (Graham, et al., 2015).


Accuracy – The team members must be clear about the needs and requirements of the business continuity plan while presenting an audit. Rusk assessment and impact analysis must be up to date. A business continuity plan must comply with the standards and it should be included in the areas of the audit.

Maintenance – A business continuity plan is not a one day process or one handwork. It is done with the efforts of different persons. It is a long process. The audit of BCP must be revised as often as changes occurred in the organization (Chambers, et al., 2015).


Question 4

An economical double keying approach would be conducted when all the clerks are paid at the same rate.

The order department has all information about the orders in the organization. First, the orders are sent in the post by customers, and then it is entered in the system through clerks. Clerks are working 200 days a day through 5 hours a day. It means clerks are working for 1000 hours in a year. They type around 20 orders entry in an hour. It means they type 20,000 order entries in a year. But it has been analyzed that they do mistake while entering the order entries. Their probity for incorrect order entry is 10%. The amount that is provided to correct the incorrect entry is £per order entry (Chambers, et al., 2015).

The manager has suggested following a double key entry strategy. The double key entry is a framework in which all the data are recorded through two different operators. It is done to maintain correct information about the data. If order entry is maintained by two different operators then the chances of incorrect entry would be less. There would be cost-effectiveness such as the cost of paying another member to correct the incorrect entry would be removed completely by following double key entry. The data entered by two different operators could be checked by comparing the records of both operators.

The total order type by the client is –

Working hours in a year – 1000 hours

They type orders in an hour – 20 orders entry

Total typed order – 1000 hours * 20 orders = 20,000 orders

Total typed orders – 20,000

Incorrect order – 10 % of corrected orders

20,000 * 10% = 2,000 orders

The cost of correction of 1 order is = £2

Cost of correction of 2,000 orders is = £2000 * 2 = £4,000

When the cost of correction of £1 order is = £5

Cost of correction of 2,000 orders would be = 2,000 * 5 = £10,000

The cost of 2000 uncorrected orders would be £4,000 while following double key entry. As when the double key entry strategy would be followed it would lead to two different data records. When the two data records are not matched then the data would be corrected by offering £2 per order. It would lead to an overall cost of £4,000 for correcting all the uncorrected order entries (Sangster, et al., 2016).

The cost of 2000 uncorrected orders would be £10,000 while getting it done uncorrected entry by other clerks paying the same amount £5 per order. When the other clerk would correct the incorrect country that person would give the same time and effort while correcting the entry on its own. It would lead to a high cost that is the same as the original cost that was paid to the clerk who has done mistaking while typing.

A double key entry system is economical as compared to appoint another person to get it corrected paying the same amount per order (Sangster, et al., 2016).


Question 5

All the concepts that have been discussed in the four tasks are important to understand for IT auditors. IT auditors must be aware of the overall organization asset so that it could be maintained and audited effectively and efficiently.

IT auditors must be aware of their roles and responsibilities. Audit facilitates a clear set of all financial statements and offers confidence to all stakeholders to ensure about all the standards are fair and true. The audit is helpful for the improvement of internal control and the system of an organization. In the first task, the discussion has been done on the roles and responsibilities of an IT auditor. It is necessary to keep records of an overall fixed asset so that it could be utilized in tough times. In tough times, assets could be eliminated to avoid unnecessary expenses. Auditing on rental assets is critical. It defines the hurdles of the rental side of an organization.

Discussion about audit evidence has been done in task two. The auditor must follow CAAT’s such as computer-assisted audit technique and flowchart to measure the overall performance procedure. CAAT’S technique is applied to measure the performance of audit and process of an organization. It is helpful for the analytical procedure while determining changes and indiscretion. It is beneficial to implement different components to acquire information for the testing of the audit. It includes investigation of application controls and evaluation of running agenda. It includes the assessment of common controls of the audit. It works to provide a clear set of operating system and evaluation of organization structure. It provides a solution to different issues of trade. It includes the process of recalculation and assessment of the utilization of software in the various activities of an organization (Shanasirova, 2018).

Discussion about the business continuity plan has been done in task three. A business continuity plan audit is beneficial to reduce and overcome the overall potential risks of an organization. It defines the framework to discuss the improvement areas of an organization. A business continuity plan is boosted up by representing an audit on it. It evaluates the areas that need progress. It includes all the strategies and actions to overcome all the identified risks and hurdles in the organization. Business continuity plan growth and success depend on the Audit process of an organization. A business continuity plan is the systematic manner of analysis, create a design to resolve issues, implementation to overcome occurred issues, testing & acceptance and maintenance is to be done.

The discussion has been done on the wages of clerks in the order department. Mistakes are natural while typing so it must be analyzed with the IT auditor that how many orders have been typed correctly and how many orders have been typed incorrectly. It needs to evaluate the extra cost paid by the organization to get all the entries corrected. It is necessary to evaluate the overall cost of an organization that is occurred on wages of clerks. It must be reviewed from time to time for the development of an organization (Chambers, et al., 2015).


Alexandria, S. V., Aleksandrov, M. N., & Vasiliev, V. A. (2018, September). Business continuity management system. In 2018 IEEE International Conference” Quality Management, Transport and Information Security, Information Technologies”(IT&QM&IS) (pp. 14-17). IEEE.

Chambers, A. D., & Odar, M. (2015). A new vision for internal audit. Managerial Auditing Journal.

Chambers, A. D., & Odar, M. (2015). A new vision for internal audit. Managerial Auditing Journal.

Fani, S. V., & Subriadi, A. P. (2019). Business continuity plan: examining of multi-usable framework. Procedia Computer Science161, 275-282.

Gaddis, S. M. (2018). An introduction to audit studies in the social sciences. In Audit studies: Behind the scenes with theory, method, and nuance (pp. 3-44). Springer, Cham.

Graham, J., & Kaye, D. (2015). A Risk Management Approach to Business Continuity: Aligning Business Continuity and Corporate Governance. Rothstein Publishing.

Knechel, W. R., & Salterio, S. E. (2016). Auditing: Assurance and risk. Taylor & Francis.

Koval, V., Nazarova, K., Hordopolov, V., Kopotiienko, T., Miniailo, V., & Diachenko, Y. (2019). Audit in the state economic security system. Management Theory and Studies for Rural Business and Infrastructure Development41(3), 419-430.

Sangster, A. (2016). The genesis of double entry bookkeeping. The Accounting Review91(1), 299-315.

Shanasirova, N. (2018). THE ISSUES OF ORGANISING INTERNAL AUDIT. International Finance and Accounting2018(4), 34.

Zuca, M. (2018). The contribution of computer assisted auditing techniques (CAAT) and of the business intelligence instruments in financial audit.

Leave a Reply

Your email address will not be published. Required fields are marked *