Preview

AUDIT ENGAGEMENT LETTER Draft

Powerful Essays
Open Document
Open Document
1681 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
AUDIT ENGAGEMENT LETTER Draft
10/23/2013
Dear The Management Committee of XYZ Company (“XYZ”): The purpose of this letter is to set out the basis on which we are to act as Information System auditors of the XYZ and the respective areas of responsibility of the XYZ’s Management Committee (“MC”) and of ourselves.

Project Overview Any organization that depends on technology in the conduct of business needs evidence that such technology is efficiently and securely managed. A security policy is a set of vital mechanisms by which the XYZ’s security objectives can be defined and attained. These key information security objectives should consist of:
Confidentiality to ensure that only the people who are authorized to have access to assigned areas are able to do so. It’s about keeping valuable information only in the hands of those people who are intended to see it.
Integrity to maintain the value of logs information, which means that it is protected from unauthorized modification. Logs information only has value if we know that it’s correct. A major objective of security policies is thus to ensure that logs information in not modified or destroyed or subverted in any way.
Availability to ensure that all the utilities and systems are available and operational when they are needed. A major objective of an access security policy must be to ensure that utilities information is always available to support critical business processing. The purpose of this audit is to evaluate the access and security internal controls related to the XYZ and to assess whether there are internal control weaknesses that could allow errors and irregularities to go undetected.

Audit Scope. Based on an initial risk-based assessment plus a discussion with client, the scope has been defined as the 3rd floor VIP rooms and all access points to those rooms. The QTTR audit team has categorized the audit area into three main sections for convenience. Those sections are defined as follows:
1. Outside:
a. Golf putting area

You May Also Find These Documents Helpful

  • Better Essays

    Whitman, M., & Mattord, H. (2004). Information Security Policy. In Management of information security(Fourth ed., p. 154). Boston, Mass.: Thomson Course…

    • 2101 Words
    • 8 Pages
    Better Essays
  • Satisfactory Essays

    When specifying security policies for an enterprise, setting security on an individual-by-individual basis provides the tightest and most personalized security. The tradeoff, however, is the increased amount of administration effort in setting up the security and maintaining it on an ongoing basis. You have been brought in as a consultant from Smith Systems Consulting to advise Riordan Manufacturing on what it will take to establish adequate enterprise security policies. You will need to prepare a 3-5 page paper that highlights why they should establish separation of duties via role assignment and how this will provide safeguards to protecting the data in their information systems.…

    • 354 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    within the facility, and training goals on the recognition and prevention of social engineering attacks. Authorization policies will also include access controls for data by specifying which data should be encrypted, they would…

    • 439 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    IT255 Project 1

    • 663 Words
    • 2 Pages

    At Richman Investments the personnel is accountable for the appropriate use of IT assets. Therefore, it is in the best interest of the organization to ensure employees handle security procedures with integrity. It is essential to create a strong AUP (Acceptable Use Policy) procedure and as part of the process, require employees sign an agreement to guarantee they understand and conform to implemented rules and regulations. In addition, the company will conduct security awareness training, annual security exercises, notices about securing information, and constant reminders security is everyone’s responsibility.…

    • 663 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Before any strategy takes place, an auditor must determine the end result desired from the Information Technology being used as well as the type of technology being dealt with. The most important thing is security thus it is vital to know this technology in and out to be able to determine its strengths and weaknesses. This allows for proper compensation to combat such attacks whether they are fraudulent or accidental in nature. It is necessary to be familiar with different types of proven viable internal control setups to properly test and gage an IT’s internal control system. There are three different strategies use when testing internal controls. First includes assessing the controls using user control information. In this strategy, an auditor would gather computer-generated reports and compare those to all documentation on specific transactions. This process is also known as auditing around the computer because it deals with more hard copy documents. The next strategy entails using application controls to determine the level of risk…

    • 627 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    Imagine that you are working for a startup technology organization that has had overnight success. The organization’s immediate growth requires for it to formulate a corporate strategy for information security. You have been recruited to serve as part of a team that will develop this strategy.…

    • 514 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    internal and external users to whom access to the organization’s network, data or other sensitive…

    • 3990 Words
    • 15 Pages
    Good Essays
  • Good Essays

    BSA/310

    • 674 Words
    • 3 Pages

    In business, an information security is a set of policies to protect the companies and small businesses infrastructure, physical, and information technology assets, and to ensure that information technology users within the domain of the companies and small businesses comply with the rules and guidelines related to the security of the information stored digitally at any network within the boundaries of authority. In short, it can protect data from the outside and even inside threat. The data and information, which the companies and small businesses have, are arguably the most important assets. They should ensure the data confidentiality, integrity, availability, non-repudiation, authentication, and authorization. Most small businesses and companies must have information security to ensure their business and information assets. Information security protects data and controls how it should be distributed within or without the businesses boundaries. This means that information should be encrypted and may have restrictions placed on its distribution to the third party. Information security should protect the data from the outside threats such as:…

    • 674 Words
    • 3 Pages
    Good Essays
  • Good Essays

    An auditor should document firstly the understanding of the client’s internal control system audits and also he should document the basis for the conclusion about the assessed level of control risk.…

    • 1065 Words
    • 5 Pages
    Good Essays
  • Good Essays

    Describe how and why discretionary access control will be used. Include an explanation of how the principle of least privilege applies to assure…

    • 838 Words
    • 4 Pages
    Good Essays
  • Better Essays

    Final Project

    • 4129 Words
    • 13 Pages

    An effective IT Security policy protects the organization against possible threats to the infrastructure and data that the organization has. It will provide and maintain its ability to provide confidentiality, integrity, availability, and security of the client’s data within the organization’s environment.…

    • 4129 Words
    • 13 Pages
    Better Essays
  • Better Essays

    Audit Proposal

    • 1321 Words
    • 6 Pages

    Team C analyzed the accounts payable, accounts receivable, payroll, and inventory systems for Kudler Fine Foods. Kudler would now like to see a proposed audit schedule for these systems. The team will distinguish between the types of audits that may use for each process. The team will also recommend the most appropriate audit for each process and explain how to conduct the audits. Identifying events that may prevent reliance on auditing through the computer will also be presented to Kudler for review (Apollo Group, 2009).…

    • 1321 Words
    • 6 Pages
    Better Essays
  • Good Essays

    References: Johnson, Rob. with Merkow, Mike. Security Policies and Implementation Issues. First Edition. Copyright © 2011by Jones & Bartlett Learning, LLC, an Ascend Learning company…

    • 577 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    Confidentiality and information security are key factors for an organisation. It allows organisations to ensure they preserve these along with…

    • 2721 Words
    • 11 Pages
    Satisfactory Essays
  • Good Essays

    Gives individuals the right to know what information is held about them and provides a framework to ensure the personal information is handled properly.…

    • 475 Words
    • 2 Pages
    Good Essays