QUESTION 1
In Chapter 14 of Davis, Schiller, and Wheeler (2011), the authors explored various steps for Auditing Cloud Computing AND Outsourced Operations, which seemed to suggest (implied) organizations having business relationships with third-party service providers. Heiser and Nicolett (2008) contemplated risks, and how organizations might ASSESS risks – that were associated with outsourcing or Cloud computing.
Considering your understanding of Davis, Schiller, and Wheeler (2011), as well as Heiser and Nicolett (2008), compare and contrast vital steps (recommendations) given by each source. Identify 4 recommendations that were similar or closely align BETWEEN (not From) each source. Explain how they were similar.
Davis, C., Schiller, M., & Wheeler, K. (2011). IT Auditing: Using controls to protect information assets (2nd ed.). New York: McGraw-Hill.
Heiser, J., &Nicolett, M. (2008). Assessing the Security Risks of Cloud Computing (G00157782). Stamford, CT: Gartner, Incorporated.
QUESTION 2
In Chapter 15 of Davis, Schiller, and Wheeler (2011), we considered the Auditing function of company or organizational projects from a Project Management perspective. Chapter 16 presented us with a variety of Frameworks and Standards (TOOLS) for carrying out audits in a SYSTEMATIC fashion.
Identify the one framework that is ALL about Information Technology Governance, is comprised of 34 high-level control objectives, and 215 lower-level control activities. What are the 7 qualities that are emphasized by this particular framework (provide as a LIST)?
Davis, C., Schiller, M., & Wheeler, K. (2011). IT Auditing: Using controls to protect information assets (2nd ed.). New York: McGraw-Hill.
QUESTION 3
You might be asking, “what relates accounting with IT?” The URL for The Public Company Accounting and Oversight Board’s Audit Standard #5 is referenced below. Bullet point 27 mentions IT specifically but other bullets may require IT resolutions. Chapter 17 of Davis, Schiller, and Wheeler (2011), discusses SOX requirements in the ‘Specific IT Controls Required for SOX Compliance’ section starting on p422. Choose three of the IT control area and discuss how they might resolve the problems discussed in PCOAB standard 5 referencing specific bullet points in the standard.
Davis, C., Schiller, M., & Wheeler, K. (2011). IT Auditing: Using controls to protect information assets (2nd ed.). New York: McGraw-Hill.
PCAOB. (n.d.). Auditing Standard No. 5. Retrieved from http://pcaobus.org/Standards/Auditing/Pages/Auditing_Standard_5.aspx#introduction