SlideShare una empresa de Scribd logo

1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx

Descargar como DOCX, PDF
H
herminaprocter

The document provides an overview of the operations of the Smallville Collections Processing Entity (SCOPE) which processes payments for the city of Smallville. It describes the services provided, functional areas, information systems used, and control objectives and related controls for physical security of the datacenter and facilities, environmental safeguards, change management, and logical security. The control objectives are to restrict access to authorized personnel and properly document, test, approve and implement changes to protect data and systems.

Educación
1 de 29
1 Running Head: AUDIT EVIDENCE 2 AUDIT EVIDENCE Audit Evidence Katherine Askew BSA 505 April 6, 2020 Evidence Gathering and Sampling Methodologies Gathering techniques are the specific methods and techniques used to collect distinctive kinds of evidence. These techniques include re-performance, inquiry, inspection, and observation, as well as analytical procedures. Audit evidence termed as the information or data collected and used by an auditor as part of his audit work in concluding the opinions if the financial statements prepared in all the material respect and as per the applicable economic frameworks. Inspection is one of the evidence-gathering procedures where an auditor inspects documents and records that provide varying reliability degrees depending on the source and nature of the
material used. Inspecting physical assets provides evidence with higher reliability, and others indicate value. Observation entails checking the application of an entity's or client's procedure and policy hence getting assurance of the process at a particular point of time. Recalculation entails computation or recalculating to provide a higher degree of assurance about arithmetical accuracy. Also used to check the client's records like subtotals for receivables ledger and pricing on invoices. Re-performance can be active in reviewing the client process like bank reconciliation (Abou- Seada & Abdel-Kader 2017). It can be performed via the use of computer-assisted audit techniques or manually. Recalculation and re-performance provide reliable evidence compares to enquiring and observation. Analytical procedures entail studying of plausible relationships among the data. These procedures are limited since evidence relies on the validity of the set data. They are used in the entire audit process and conducted for primary purposes like risk assessment, substantive testing, and overall conclusion. An inquiry used to obtain knowledge of the entity, collect specific evidence, and corroborate evidence collected using other means. The evidence gathering process is summarized or broken down into four primary steps. It begins with designing the audit tests or procedures, including re-performance, inquiry, inspection, and observation, as well as analytical methods. The second step entails carrying out the audit tests r procedures and gathering evidence. The third one involves an analysis of evidence and concluding as well as evaluation of performance against the audit criteria. The fourth step is deciding if additional information is required and can be acquired or if there exists adequate, appropriate evidence. Audit sampling entails the use of audit procedures in selecting the items within a class of transactions or an account balance. It is the process of examining parts of the data set or population that is sufficient to attain rational assurance on the entire data or population. There are several sampling methodologies used
for the controls under the test. The preferred sampling methods should yield some equal probabilities that every unit in the sample could be selected. The controls tested include manual and automated controls. Automatic controls require one sample, while manual controls depend on the method of sampling that an IS auditor use to calculate the sample size. The sampling methodologies include variable sampling used for substantive procedures like testing details of balances. Quality sampling is active when testing internal controls and assessing the number of things in a population encompassing a particular point of interest. A selection is a system of sampling that confirms that every component within a community has an equal possibility of choice by using selective number generators or particular number diagrams. Auditors use haphazard sampling without necessarily following a structured technique. It is recognized as the most suitable method when using statistical sampling (Cascarino, 2017). Auditors must be careful when selecting haphazard sampling to avoid predictability or conscious bias. Preliminary findings and Explanation I. . The employees' data are encrypted and protected from external unauthorized access that might comprise confidentiality and privacy that the information carries. The control objective is that controls provide reasonable assurance that the access to production data files and application programs have strict restrictions on the right authorized programs and personnel. A random sample of six employee's data showed that no unauthorized access to data reported in the last thirty days. II. Testing performed to ascertain that the change meets the outlined requirements in the change management system. The objective is that controls guarantee reasonable assurance that shifts to the statement application are approved, tested, authorized, implemented, and documented appropriately. A sample of five changes shows in the monitoring systems shows that three of the changes tested are not confirmed; they are meet the change requirements.
III. Controls certify reasonable undertakings that the general costs are processed timely and accurately, and the processing allowances resolved. Payments steered by mailroom dispensation and credentials and arrangement of payments. A sample of fifteen payments between date 15th and 26th November 2019 shows that they not governed by payment processing procedures and policies. Keeping leadership abreast of the findings of the audit involves the application of different practices. Developing a timeline and assigning responsibility will help in tracking the results. I will review a list of schedules and work papers needed by the auditors ensuring that the clarifications of the requested information done when necessary—organizing data by creating a repository of audit schedules that can be assessed at any given time by the appropriate personnel. Reference Abou-Seada, M., & Abdel-Kader, M. (2017). Behavioral aspects of auditors' evidence evaluation: a belief revision perspective. Routledge. Cascarino, R. E. (2017). Data Analytics for Internal Auditors. CRC Press. Chang, Y. T., Chen, H., Cheng, R. K., & Chi, W. (2019). The impact of internal audit attributes on the effectiveness of internal control over operations and compliance. Journal of Contemporary Accounting & Economics, 15(1), 1-19. BSA/505 v4 Gail Industries Case Study BSA/505 v4 Page 2 of 14 Gail Industries Case Study This case study is used to complete your assignments throughout the course. Some sections of the case study will be necessary in multiple assignments. See the assignment instructions for specific assignment requirements.Introduction
to Gail Industries Gail Industries is a partner to many Fortune 1000 companies and governments around the world. Gail Industries’ role is to manage essential aspects of their clients’ operations while interacting with and supporting the people their clients serve. They manage millions of digital transactions every day for various back office processing contracts. One of Gail Industries’ clients is the city of Smallville. Smallville, despite its name, is a large metropolis seated in the heart of the nation. The city has 2.5 million residents, and the greater Smallville metropolitan area has a population of about 4 million people. Smallville’s IT department follows the NIST 800-53 standards, and the city requires that all IT service organizations, whether run by city staff or vendors such as Gail Industries, follow these standards. For this case study, you are to assume the following dates: · Audit Period: 1/1/2018 – 12/31/2018 · Audit Field Work Dates: 1/3/2019 – 1/24/2019Overview of the Operations of Smallville Collections Processing Entity (SCOPE) Summary of Services Provided Collections Processing The Smallville Collections Processing Entity (SCOPE) provides collections processing services to the city of Smallville. SCOPE receives tax payments, licensing fees, parking tickets, and court costs for this major municipality. The city of Smallville sends out invoices and other collections notices, and SCOPE processes payments received through the mail, through an online payment website, and through an interactive voice response (IVR) system. Payments are in the form of checks, debit cards, and credit cards. After processing invoices, SCOPE deposits the monies into the bank account for the city. SCOPE is responsible for ensuring the security of the mail that comes into the possession of all employees, subcontractors, and agents at its processing facility, located within Smallville. Controls and procedures for money and mail handling are
established by SCOPE to ensure payments are accounted for, from the earliest point received through processing and deposit. These controls and procedures provide: 1. Assurances for proper segregation of duties 2. The design and use of satisfactory documentation to ensure proper recording of transactions 3. The safeguarding of access to and use of all assets and records 4. Independent checks on performance Payment Receipt The purpose of collections processing is to receive and process various types of payments, post the payment data to the Central Collections System (CCS), and deposit the accompanying funds in the Smallville bank account. This process includes the following types of payment receipts: · Regular mail – paper checks only · Website – credit and debit card payments, electronic checks · IVR – credit and debit card payments Mail Delivery A bonded courier picks up the payments from the United States Postal Service (USPS) facility in Smallville. SCOPE uses a subcontractor for courier services. This courier is dedicated, picking up and delivering mail only for SCOPE. This courier is also required to sign for registered, certified, and express delivery envelopes. Opening and Sorting Mail The daily success of payment processing depends on receiving mail quickly from the postal service, opening that mail, and properly sorting the contents for processing. Batches contain similar payment types: tax payments are processed together, court collections together, and so forth. Deposits Deposits are made daily into the Smallville bank account. Electronic payments (debit cards, credit cards, and paperless checks) are deposited through an interface between CCSys and the bank. Checks are converted to electronic debits and
deposited electronically. However, those that cannot be converted to electronic form are deposited in physical form. Functional Areas of Operations Gail Industries uses the following specific functional roles of operations: · Contract manager – responsible for the overall management of contract deliverables of the payment processing operation, including the monitoring of financial expenditures to ensure compliance with contract budgets. · Operations manager – responsible for planning, managing, and controlling the day-to-day activities of the team that provides operational support for the business unit, including the establishment of operational objectives and work plans and delegation of assignments to subordinate managers. · Information technology manager – responsible for developing and maintaining the strategy of the future direction of IT infrastructure, including developing plan for the implementation of new IT projects and managing relationships with IT-related vendors and subcontractors. · Accounting – responsible for performing a variety of routine clerical and accounting functions within the accounting department, including daily balancing of receipts. In addition, the accountant resolves exception transactions, including charged back checks (bounced checks), forgery affidavits, and recoupment. · Call center – the city of Smallville does not have a centralized call center for handling questions relating to payments and invoices. It is considering adding one to the scope of services offered by Gail Industries. Information Systems Services Gail Industries services are designed around the following tools and technologies:
· Data Capture and Imaging – real-time instrument imaging and data capture—provides imaging, accountability and reporting of checks and remitted payments. · Invoice Management and Reporting – data correction and maintenance utilizing automated payment auditing and historical analysis. A browser-based application is available for internal SCOPE and Smallville staff to perform administrative functions. A separate internet-accessible payment portal allows for citizens, business owners, and others to view invoices and make payments. Processing Platforms Gail Industries currently utilizes cloud-based servers on the Amazon Web Services (AWS) platform for internet-accessible application. Data capture, imaging, and the payment processing application run on local servers in a secured computer room. Local servers run both Linux and Windows Server operating systems. Data is stored on Microsoft SQL Server to provide storage of payment, image, and balancing data. The servers supporting the CCS are housed within the SCOPE server room (also known as the data center) and are managed by Gail Industries’ IT staff. The IT staff provides the following services: · Firewall management – monitoring and management of the firewall systems and networks on a 24/7/365 basis. · Network monitoring – proactive network and server monitoring services to help maximize system performance and uptime. · Data backup – data backup services for the production, payment, imaging, and balancing data. · Incident management – IT incident monitoring, documentation, and resolution management.Control Objectives and Related Controls Physical Security (Datacenter) Control Objective 1: The controls provide reasonable assurance that physical access to computer resources within Gail
Industries’ data center is restricted to authorized and appropriate personnel. To protect physical assets, management has documented and implemented physical access procedures to grant, control, monitor, and revoke access to the on-site SCOPE datacenter. The datacenter requires two-factor authentication: a biometric credential via retinal eye scanner and a badge access card. Individuals requesting badge access document the request on a standardized employee management form that must be approved by departmental management. Administrative access to the badge access system is restricted to authorized IT personnel. When an employee is terminated, IT personnel revoke the badge access privileges as a component of the termination process. In addition, the IT manager performs a review of badge access privileges on a monthly basis to help ensure that terminated employees do not retain badge access. All visitors must sign a logbook upon entering the datacenter, with a picture ID presented to their escort. Access is restricted to authorized IT personnel and equipment technicians. CCTV surveillance cameras are utilized throughout the facility and the datacenter to record activity; these images are retained for a minimum of 45 days. Physical Security (Facilities) Control Objective 2: Controls provide reasonable assurance that physical access to assets within Gail Industries’ facilities is restricted to authorized and appropriate personnel. To protect physical assets, management has documented and implemented physical access procedures to grant, control, monitor, and revoke access to the on-site SCOPE facility. A door badge access system is employed to control access to areas within the facility (including the datacenter) through the use of predefined security zones. Individuals requesting badge access to the facility document the request on a standardized employee management form, accessible through Gail Industries’ employee on-boarding
system (known as GEO). All requests must be approved by departmental management. Administrative access to the badge access system is restricted to authorized IT personnel. Upon termination (voluntary or involuntary), SCOPE IT personnel revoke the badge access privileges as a task in the termination process. In addition, the IT manager performs a monthly review of badge access privileges to ensure that terminated employees do not retain badge access. Both entrances into the facility are locked and are monitored by administrative personnel. The receptionist must unlock the door for visitor access. Visitors are required to ring a video door bell and announce themselves to the receptionist. Visitors sign a logbook when entering the facility, and they are required to wear a visitor’s badge at all times. Visitors must be escorted by an authorized employee when accessing sensitive facility areas such as the mail room and server room. CCTV surveillance cameras are utilized throughout the facility and server room to record activity. Video images are retained for a minimum of 45 days. Environmental Safeguards Control Objective 3: Controls provide reasonable assurance that environmental safeguards protect physical assets and the data that resides on those assets. Management has implemented environmental controls to protect physical assets within the datacenter and office facility, including fire detection and suppression controls. The office facility is protected by audible and visual alarms, fire and smoke detectors, a sprinkler system, and hand-held fire extinguishers. A halon-free fire suppression system and smoke detectors protect the datacenter. An uninterruptible power supply (UPS) is in place to provide temporary electricity in the event of a power outage and mitigate the risk of power surges impacting infrastructure to the data center. Management retains the following inspection reports completed by the third party vendors as evidence of their completion:
· Annual inspection of the fire detection and sprinkler fire suppression system · Annual inspection of hand-held fire extinguishers located throughout the facility · Annual inspection of the fire suppression system · Semi-annual inspection of the UPS systems Change Management Control Objective 4: Controls provide reasonable assurance that changes to network infrastructure and system software are documented, tested, approved, and properly implemented to protect data from unauthorized changes and to support user entities’ internal control over financial reporting. Documented change management policies and procedures are in place to address change management activities. Further, there are provisions for emergency changes to the infrastructure and operating systems. Change requests are documented via a change request (CR) form. CRs include details of the change, including the change requestor, the date of the request, the change description, and change specifications. Management, through the Change Advisory Board (CAB), holds a weekly meeting to review and prioritize change requests. During this meeting, management authorizes change requests by signing off on the CR form. Detailed testing is performed prior to implementation of the change in test environments that are logically separated from the production environment. The CAB approves the changes prior to implementation. The ability to implement infrastructure and operating system updates to the production systems is restricted to user accounts of authorized IT personnel. Logical Security Control Objective 5: Controls provide reasonable assurance that administrative access to network infrastructure and operating system resources is restricted to authorized and appropriate users to support user entities’ internal control over financial
reporting. Information security policies have been documented and are updated annually to assist personnel in the modification of access privileges to information systems and guide them in safeguarding system infrastructure, information assets, and data. Infrastructure and operating system users are authenticated via user account and password prior to being granted access. Password requirements are configured to enforce minimum password length, password expiration intervals, password complexity, password history requirements, and invalid password account lockout threshold, as documented in the IT Procedures and Policies document. The CCS application authenticates users through the use of individual user accounts and password before granting access to the applications. CCS utilizes predefined security groups for role-based access privileges. The application enforces password requirements of password minimum length, password expiration intervals, password complexity, password history, and invalid password account lockout threshold. Payment Processing Control Objective 6: Controls provide reasonable assurance that payments received are processed accurately and timely, and processing exceptions are resolved. Documented payment processing policies and procedures are in place to guide personnel in the following activities: · Mailroom processing · Identification and posting of payments · Research and processing of unidentified payments · Financial reporting · Bank reconciliations Financial instruments are required to remain within the mailroom during payment processing. When mail is delivered by the courier, both the courier and the mail room supervisor initial the mail receipt log to verify the envelope count received.
Physical access privileges of data entry personnel are segregated from balancing and mailroom personnel. Logical access to processing systems are segregated between data entry, balancing, and mailroom personnel. Data Transmission Control Objective 7: Controls provide reasonable assurance that transmitted payment data is complete, accurate, and timely. SCOPE exchanges payment and invoice information electronically with Smallville via scheduled inbound and outbound data transmissions each day. Smallville provides a list of newly created invoices that were issued on the previous business day. SCOPE receives this information in the CCS application and uses this for processing payments. Each day, all payments processed by SCOPE are sent back to the city of Smallville, which imports this data into its systems. Deposits Control Objective 8: Controls provide reasonable assurance that deposits are processed completely, accurately, and in a timely manner. Documented procedures are in place that addresses the transfer and security of financial instruments, including delivery of the mail from the Post Office (P.O) boxes to the SCOPE mailroom and the delivery of deposits from the SCOPE mailroom to the bank processing center. A courier pickup and delivery schedule, outlining the date/times of scheduled mail deliveries by the third party courier, is maintained and posted in the mailroom. SCOPE utilizes a third- party courier service for delivery of financial instruments to the city of Smallville’s bank.Partially Collected Audit Evidence GEO/SCOPE Active Employees Report Generated 1/3/2019 8:26 AM Employee ID Full Name
Department Status Door Badge 10001438 Andrea Bradley Administrator Active 1902 10001337 Cesar Lynch Administrator Active 1904 10001232 Darin Young Administrator Active 2048 10000006 Gina Carmack Administrator Active 1900 10000001 Gail Lucas Administrator Active 1874 10001232 Ken Smith Administrator Active 1999 10001298 Michelle Adams Administrator
Active 2005 10001396 Susan Larame Administrator Active 2010 10001301 Steve Lenzi Administrator Active 1871 10001243 Tessa Hammer Administrator Active 1801 10001188 Victoria Brown Administrator Active 2007 10001156 Yvonne Vasquez Administrator Active 1869 12 Employees Listed
GEO/SCOPE Terminated Employees Report Generated 1/3/2019 8:22 AM Employee ID Full Name Department Status Term Date 10001038 Alan McDonald IT Termed 6/8/2018
1 Employee Listed GEO/SCOPE IT Active Employees Report Generated 1/3/2019 8:55 AM Employee ID Full Name Department Status Hire Date 10001232 Ken Smith IT Active 1/3/2017 10001396 Susan Larame IT
Active 7/5/2018 2 Employees Listed Datacenter Visitor's Log Date Name Title Organization ID presented Escorted By 3/12/2018
Gail Lucas President Gail Industries Alan, IT Specialist 7/2/2018 Kerry Lark IT Director City of Smallville Driver's Lic. Ken, IT Manager 7/31/2018 B. Smith Technician UPS Fixit Driver's Lic. Susan, IT Specialist 9/8/2018 B. Smith Technician UPS Fixit Driver's Lic. Susan, IT Specialist 11/13/2018 John Wilson Technician Fire Suppression Inc. Business Card Susan, IT Specialist Windows Domain Group Policy for Passwords CCS Active Users Report Generated 1/3/2019 8:26 AM User ID Full Name System Rights
Status Email ABradley Andrea Bradley Administrator Active [email protected] AMcdonald Alan McDonald Administrator Active [email protected] CLynch Cesar Lynch Administrator Active [email protected] DYoung Darin Young Administrator Active [email protected] GCarmack Gina Carmack Administrator Active [email protected] GLucas Gail Lucas Administrator Active [email protected] KSmith Ken Smith Administrator Active
[email protected] MAdams Michelle Adams Administrator Active [email protected] SLarame Susan Larame Administrator Active [email protected] SLenzi Steve Lenzi Administrator Active [email protected] THAMMER Tessa Hammer Administrator Active [email protected] VBrown Victoria Brown Administrator Active [email protected] YVasquez Yvonne Vasquez Administrator Active [email protected]
Excerpt from IT Policies and Procedures Manual Version 1.0, 12/31/2016 Revision History Date Author Notes 12/31/2016 Ken Smith Version 1.0, accepted by client Overview This policy is intended to establish guidelines for effectively creating, maintaining, and protecting passwords at SCOPE. Scope This policy shall apply to all employees, contractors, and affiliates of SCOPE, and shall govern acceptable password use on all systems that connect to SCOPE network or access or store SCOPE, city of Smallville, or Gail Industries data. Policy Password Creation 1. All user and admin passwords must be at least [8] characters in length. Longer passwords and passphrases are strongly encouraged. 2. Where possible, password dictionaries should be utilized to prevent the use of common and easily cracked passwords. 3. Passwords must be completely unique, and not used for any other system, application, or personal account. 4. Default installation passwords must be changed immediately after installation is complete. Password Aging
1. User passwords must be changed every 60 days. Previously used passwords may not be reused. 2. System-level passwords must be changed on a monthly basis. Password Protection 1. Passwords must not be shared with anyone (including coworkers and supervisors), and must not be revealed or sent electronically. 2. Passwords shall not be written down or physically stored anywhere in the office. 3. When configuring password “hints,” do not hint at the format of your password (e.g., “zip + middle name”) 4. User IDs and passwords must not be stored in an unencrypted format. 5. User IDs and passwords must not be scripted to enable automatic login. 6. “Remember Password” feature on websites and applications should not be used. 7. All mobile devices that connect to the company network must be secured with a password and/or biometric authentication and must be configured to lock after 3 minutes of inactivity. Enforcement It is the responsibility of the end user to ensure enforcement with the policies above. If you believe your password may have been compromised, please immediately report the incident to the IT Department and change the password. Courier Deposit Log Date Deposit Items Time Courier SCOPE 1/2/2018 328 3:41 PM
V. Barnes Mia Liu 1/3/2018 748 3:45 PM V. Barnes Mia Liu 1/4/2018 1050 4:30 PM V. Barnes Mia Liu 1/5/2018 258 3:31 PM V. Barnes Mia Liu 1/8/2018 1238 3:15 PM V. Barnes Mia Liu 1/9/2018 208 4:02 PM V. Barnes Mia Liu 1/10/2018 1031 3:45 PM V. Barnes Mia Liu 1/11/2018 1343 3:56 PM V. Barnes
Mia Liu 1/12/2018 211 3:01 PM V. Barnes Mia Liu 1/15/2018 230 3:02 PM V. Barnes Mia Liu 1/16/2018 576 3:02 PM V. Barnes Mia Liu 1/17/2018 332 4:02 PM V. Barnes Mia Liu 1/18/2018 1204 Mia Liu 1/19/2018 904 Mia Liu 1/22/2018 231 Mia Liu
1/23/2018 441 Mia Liu 1/24/2018 400 Mia Liu 1/25/2018 1/26/2018 1/29/2018 1/30/2018 1/31/2018 2/1/2018
549 4:02 PM V. Barnes Mia Liu 2/2/2018 2/5/2018 2/6/2018 2/7/2018 2/8/2018 2/9/2018 2/12/2018
2/13/2018 2/14/2018 (No entries after 2/14/2018) Fire Extinguisher Inspection Tag Oldest Camera Image, from September 30, 2018 @3:30 AM Newest Camera Image, from January 3, 2019 Proposed Call Center Operations Department Recently, the city of Smallville has asked Gail Industries to expand the scope of the SCOPE contract by starting up a call center operation within the facility. This call center would handle hundreds of telephone calls placed by those who receive invoices from the city on a daily basis. Callers would be able to talk to a customer service representative (CSR) to check their account balance (ensuring payments had posted), dispute invoices received (which will be investigated by city of Smallville personnel), and accept credit card and debit card payments over the telephone. Copyright© 2018 by University of Phoenix. All rights reserved. Copyright© 2018 by University of Phoenix. All rights reserved.
1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx

Recomendados

Audit procedures
Audit proceduresAudit procedures
Audit proceduresBilal Ahmed Bhatti
 
Chapter 7
Chapter 7Chapter 7
Chapter 7EasyStudy3
 
Chapter 7
Chapter 7Chapter 7
Chapter 7EasyStudy3
 
Audit process
Audit processAudit process
Audit processHema Thayanithy
 
Audit presentation
Audit presentationAudit presentation
Audit presentationMetafrique group
 
01 Auditing CH 1.ppt
01 Auditing CH 1.ppt01 Auditing CH 1.ppt
01 Auditing CH 1.pptShimelisTamene2
 
auditpresentation-121006061658-phpapp02.pdf
auditpresentation-121006061658-phpapp02.pdfauditpresentation-121006061658-phpapp02.pdf
auditpresentation-121006061658-phpapp02.pdfowaissayyed0041
 
auditing.pptx
auditing.pptxauditing.pptx
auditing.pptxDevarajuBn
 

Recomendados

Audit procedures
Audit proceduresAudit procedures
Audit proceduresBilal Ahmed Bhatti
 
Chapter 7
Chapter 7Chapter 7
Chapter 7EasyStudy3
 
Chapter 7
Chapter 7Chapter 7
Chapter 7EasyStudy3
 
Audit process
Audit processAudit process
Audit processHema Thayanithy
 
Audit presentation
Audit presentationAudit presentation
Audit presentationMetafrique group
 
01 Auditing CH 1.ppt
01 Auditing CH 1.ppt01 Auditing CH 1.ppt
01 Auditing CH 1.pptShimelisTamene2
 
auditpresentation-121006061658-phpapp02.pdf
auditpresentation-121006061658-phpapp02.pdfauditpresentation-121006061658-phpapp02.pdf
auditpresentation-121006061658-phpapp02.pdfowaissayyed0041
 
auditing.pptx
auditing.pptxauditing.pptx
auditing.pptxDevarajuBn
 
Chapter 12 - Designing Substantive Procedures
Chapter 12 - Designing Substantive ProceduresChapter 12 - Designing Substantive Procedures
Chapter 12 - Designing Substantive ProceduresSazzad Hossain, ITP, MBA, CSCA™
 
AUDIT.pptx
AUDIT.pptxAUDIT.pptx
AUDIT.pptxbeminaja
 
2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questions2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questionsdouglascarnicelli
 
Regression in Audit Paper
Regression in Audit PaperRegression in Audit Paper
Regression in Audit PaperMarketa Kreuzinger
 
Audit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachAudit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachNur Dalila Zamri
 
VALIDITY AND RELIABILITYddddddddddd.docx
VALIDITY AND RELIABILITYddddddddddd.docxVALIDITY AND RELIABILITYddddddddddd.docx
VALIDITY AND RELIABILITYddddddddddd.docxdanielmahenge49
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iiiAshish Desai
 
Auditing procedure & internal control system
Auditing procedure & internal control systemAuditing procedure & internal control system
Auditing procedure & internal control systemRadhikaGupta215
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 
Nick Brown resume
Nick Brown resumeNick Brown resume
Nick Brown resumeNick R. Brown, CIA, CRMA
 
Quality management system
Quality management systemQuality management system
Quality management systemselinasimpson0101
 
Quality management system
Quality management systemQuality management system
Quality management systemselinasimpson0101
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditingMarc Vael
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Issharing notes123
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsSharing Slides Training
 
What is the procedure for financial statement audit.pdf
What is the procedure for financial statement audit.pdfWhat is the procedure for financial statement audit.pdf
What is the procedure for financial statement audit.pdfRathnakarReddy17
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Sazzad Hossain, ITP, MBA, CSCA™
 
The internal audit compliance designed to relevant audit assessment
The internal audit compliance designed to relevant audit assessmentThe internal audit compliance designed to relevant audit assessment
The internal audit compliance designed to relevant audit assessmentMohammad Wahid Abdullah Khan
 
Data Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and MonitoringData Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and MonitoringJim Kaplan CIA CFE
 
2. Framework Graphic  Candidates will create a graphic that re.docx
2. Framework Graphic  Candidates will create a graphic that re.docx2. Framework Graphic  Candidates will create a graphic that re.docx
2. Framework Graphic  Candidates will create a graphic that re.docxherminaprocter
 
2. Research Article Review – Read one (1) research articles on T.docx
2. Research Article Review – Read one (1) research articles on T.docx2. Research Article Review – Read one (1) research articles on T.docx
2. Research Article Review – Read one (1) research articles on T.docxherminaprocter
 

Más contenido relacionado

Similar a 1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx

AUDIT.pptx
AUDIT.pptxAUDIT.pptx
AUDIT.pptxbeminaja
 
2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questions2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questionsdouglascarnicelli
 
Audit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachAudit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachNur Dalila Zamri
 
VALIDITY AND RELIABILITYddddddddddd.docx
VALIDITY AND RELIABILITYddddddddddd.docxVALIDITY AND RELIABILITYddddddddddd.docx
VALIDITY AND RELIABILITYddddddddddd.docxdanielmahenge49
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iiiAshish Desai
 
Auditing procedure & internal control system
Auditing procedure & internal control systemAuditing procedure & internal control system
Auditing procedure & internal control systemRadhikaGupta215
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditingMarc Vael
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Issharing notes123
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsSharing Slides Training
 
What is the procedure for financial statement audit.pdf
What is the procedure for financial statement audit.pdfWhat is the procedure for financial statement audit.pdf
What is the procedure for financial statement audit.pdfRathnakarReddy17
 
The internal audit compliance designed to relevant audit assessment
The internal audit compliance designed to relevant audit assessmentThe internal audit compliance designed to relevant audit assessment
The internal audit compliance designed to relevant audit assessmentMohammad Wahid Abdullah Khan
 
Data Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and MonitoringData Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and MonitoringJim Kaplan CIA CFE
 

Similar a 1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx (20)

Chapter 12 - Designing Substantive Procedures
Chapter 12 - Designing Substantive ProceduresChapter 12 - Designing Substantive Procedures
Chapter 12 - Designing Substantive Procedures
 
AUDIT.pptx
AUDIT.pptxAUDIT.pptx
AUDIT.pptx
 
2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questions2020 Updated Cisa Real Exam Questions
2020 Updated Cisa Real Exam Questions
 
Regression in Audit Paper
Regression in Audit PaperRegression in Audit Paper
Regression in Audit Paper
 
Audit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit ApproachAudit bab1 sem 6- Audit Approach
Audit bab1 sem 6- Audit Approach
 
VALIDITY AND RELIABILITYddddddddddd.docx
VALIDITY AND RELIABILITYddddddddddd.docxVALIDITY AND RELIABILITYddddddddddd.docx
VALIDITY AND RELIABILITYddddddddddd.docx
 
Information systems and its components iii
Information systems and its components iiiInformation systems and its components iii
Information systems and its components iii
 
Auditing procedure & internal control system
Auditing procedure & internal control systemAuditing procedure & internal control system
Auditing procedure & internal control system
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
 
Nick Brown resume
Nick Brown resumeNick Brown resume
Nick Brown resume
 
Quality management system
Quality management systemQuality management system
Quality management system
 
Quality management system
Quality management systemQuality management system
Quality management system
 
Value-added it auditing
Value-added it auditingValue-added it auditing
Value-added it auditing
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Is
 
Ais Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based IsAis Romney 2006 Slides 09 Auditing Computer Based Is
Ais Romney 2006 Slides 09 Auditing Computer Based Is
 
What is the procedure for financial statement audit.pdf
What is the procedure for financial statement audit.pdfWhat is the procedure for financial statement audit.pdf
What is the procedure for financial statement audit.pdf
 
Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9Audit Risk Assessment Chapter 9
Audit Risk Assessment Chapter 9
 
The internal audit compliance designed to relevant audit assessment
The internal audit compliance designed to relevant audit assessmentThe internal audit compliance designed to relevant audit assessment
The internal audit compliance designed to relevant audit assessment
 
Data Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and MonitoringData Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and Monitoring
 

Más de herminaprocter

2. Framework Graphic  Candidates will create a graphic that re.docx
2. Framework Graphic  Candidates will create a graphic that re.docx2. Framework Graphic  Candidates will create a graphic that re.docx
2. Framework Graphic  Candidates will create a graphic that re.docxherminaprocter
 
2. Research Article Review – Read one (1) research articles on T.docx
2. Research Article Review – Read one (1) research articles on T.docx2. Research Article Review – Read one (1) research articles on T.docx
2. Research Article Review – Read one (1) research articles on T.docxherminaprocter
 
2) In examining Document 4 and Document 6, how did the.docx
2) In examining Document 4 and Document 6, how did the.docx2) In examining Document 4 and Document 6, how did the.docx
2) In examining Document 4 and Document 6, how did the.docxherminaprocter
 
2-3 pages in length (including exhibits, tables and appendices.docx
2-3 pages in length (including exhibits, tables and appendices.docx2-3 pages in length (including exhibits, tables and appendices.docx
2-3 pages in length (including exhibits, tables and appendices.docxherminaprocter
 
2. Sandra is a parent who believes that play is just entertainment f.docx
2. Sandra is a parent who believes that play is just entertainment f.docx2. Sandra is a parent who believes that play is just entertainment f.docx
2. Sandra is a parent who believes that play is just entertainment f.docxherminaprocter
 
2.2 Discussion What Is LeadershipGetting StartedR.docx
2.2 Discussion What Is LeadershipGetting StartedR.docx2.2 Discussion What Is LeadershipGetting StartedR.docx
2.2 Discussion What Is LeadershipGetting StartedR.docxherminaprocter
 
2.  You are a member of the Human Resource Department of a medium-si.docx
2.  You are a member of the Human Resource Department of a medium-si.docx2.  You are a member of the Human Resource Department of a medium-si.docx
2.  You are a member of the Human Resource Department of a medium-si.docxherminaprocter
 
2.1.  What is Strategic Human Resource Management Differentiate bet.docx
2.1.  What is Strategic Human Resource Management Differentiate bet.docx2.1.  What is Strategic Human Resource Management Differentiate bet.docx
2.1.  What is Strategic Human Resource Management Differentiate bet.docxherminaprocter
 
2,___Use of no less than six slides and no more than seven .docx
2,___Use of no less than six slides and no more than seven .docx2,___Use of no less than six slides and no more than seven .docx
2,___Use of no less than six slides and no more than seven .docxherminaprocter
 
2. Multicultural Interview Paper Students may begin this.docx
2. Multicultural Interview Paper Students may begin this.docx2. Multicultural Interview Paper Students may begin this.docx
2. Multicultural Interview Paper Students may begin this.docxherminaprocter
 
2-4A summary of your findings regarding sexual orientation and.docx
2-4A summary of your findings regarding sexual orientation and.docx2-4A summary of your findings regarding sexual orientation and.docx
2-4A summary of your findings regarding sexual orientation and.docxherminaprocter
 
2- to 4A description of the services in your local communi.docx
2- to 4A description of the services in your local communi.docx2- to 4A description of the services in your local communi.docx
2- to 4A description of the services in your local communi.docxherminaprocter
 
2  or more paragraphAs previously noted, the Brocks have some of.docx
2  or more paragraphAs previously noted, the Brocks have some of.docx2  or more paragraphAs previously noted, the Brocks have some of.docx
2  or more paragraphAs previously noted, the Brocks have some of.docxherminaprocter
 
2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docx
2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docx2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docx
2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docxherminaprocter
 
2 postsRe Topic 2 DQ 1Social determinants of health are fac.docx
2 postsRe Topic 2 DQ 1Social determinants of health are fac.docx2 postsRe Topic 2 DQ 1Social determinants of health are fac.docx
2 postsRe Topic 2 DQ 1Social determinants of health are fac.docxherminaprocter
 
2 peer responses due in 4 hoursMALEETAS POSTWorld War .docx
2 peer responses due in 4 hoursMALEETAS POSTWorld War .docx2 peer responses due in 4 hoursMALEETAS POSTWorld War .docx
2 peer responses due in 4 hoursMALEETAS POSTWorld War .docxherminaprocter
 
2 Pages for 4 questions below1) Some say that analytics in gener.docx
2 Pages for 4 questions below1) Some say that analytics in gener.docx2 Pages for 4 questions below1) Some say that analytics in gener.docx
2 Pages for 4 questions below1) Some say that analytics in gener.docxherminaprocter
 
2 Ethics Session 1.pptxEthics in Engineering Pra.docx
2 Ethics Session 1.pptxEthics in Engineering Pra.docx2 Ethics Session 1.pptxEthics in Engineering Pra.docx
2 Ethics Session 1.pptxEthics in Engineering Pra.docxherminaprocter
 
2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docx
2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docx2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docx
2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docxherminaprocter
 
2 Requirements Elicitation A Survey of Techniques, Ap.docx
2 Requirements Elicitation A Survey of Techniques, Ap.docx2 Requirements Elicitation A Survey of Techniques, Ap.docx
2 Requirements Elicitation A Survey of Techniques, Ap.docxherminaprocter
 

Más de herminaprocter (20)

2. Framework Graphic  Candidates will create a graphic that re.docx
2. Framework Graphic  Candidates will create a graphic that re.docx2. Framework Graphic  Candidates will create a graphic that re.docx
2. Framework Graphic  Candidates will create a graphic that re.docx
 
2. Research Article Review – Read one (1) research articles on T.docx
2. Research Article Review – Read one (1) research articles on T.docx2. Research Article Review – Read one (1) research articles on T.docx
2. Research Article Review – Read one (1) research articles on T.docx
 
2) In examining Document 4 and Document 6, how did the.docx
2) In examining Document 4 and Document 6, how did the.docx2) In examining Document 4 and Document 6, how did the.docx
2) In examining Document 4 and Document 6, how did the.docx
 
2-3 pages in length (including exhibits, tables and appendices.docx
2-3 pages in length (including exhibits, tables and appendices.docx2-3 pages in length (including exhibits, tables and appendices.docx
2-3 pages in length (including exhibits, tables and appendices.docx
 
2. Sandra is a parent who believes that play is just entertainment f.docx
2. Sandra is a parent who believes that play is just entertainment f.docx2. Sandra is a parent who believes that play is just entertainment f.docx
2. Sandra is a parent who believes that play is just entertainment f.docx
 
2.2 Discussion What Is LeadershipGetting StartedR.docx
2.2 Discussion What Is LeadershipGetting StartedR.docx2.2 Discussion What Is LeadershipGetting StartedR.docx
2.2 Discussion What Is LeadershipGetting StartedR.docx
 
2.  You are a member of the Human Resource Department of a medium-si.docx
2.  You are a member of the Human Resource Department of a medium-si.docx2.  You are a member of the Human Resource Department of a medium-si.docx
2.  You are a member of the Human Resource Department of a medium-si.docx
 
2.1.  What is Strategic Human Resource Management Differentiate bet.docx
2.1.  What is Strategic Human Resource Management Differentiate bet.docx2.1.  What is Strategic Human Resource Management Differentiate bet.docx
2.1.  What is Strategic Human Resource Management Differentiate bet.docx
 
2,___Use of no less than six slides and no more than seven .docx
2,___Use of no less than six slides and no more than seven .docx2,___Use of no less than six slides and no more than seven .docx
2,___Use of no less than six slides and no more than seven .docx
 
2. Multicultural Interview Paper Students may begin this.docx
2. Multicultural Interview Paper Students may begin this.docx2. Multicultural Interview Paper Students may begin this.docx
2. Multicultural Interview Paper Students may begin this.docx
 
2-4A summary of your findings regarding sexual orientation and.docx
2-4A summary of your findings regarding sexual orientation and.docx2-4A summary of your findings regarding sexual orientation and.docx
2-4A summary of your findings regarding sexual orientation and.docx
 
2- to 4A description of the services in your local communi.docx
2- to 4A description of the services in your local communi.docx2- to 4A description of the services in your local communi.docx
2- to 4A description of the services in your local communi.docx
 
2  or more paragraphAs previously noted, the Brocks have some of.docx
2  or more paragraphAs previously noted, the Brocks have some of.docx2  or more paragraphAs previously noted, the Brocks have some of.docx
2  or more paragraphAs previously noted, the Brocks have some of.docx
 
2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docx
2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docx2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docx
2-1 IntroductionUber Technologies Inc. (Uber) is a tech startu.docx
 
2 postsRe Topic 2 DQ 1Social determinants of health are fac.docx
2 postsRe Topic 2 DQ 1Social determinants of health are fac.docx2 postsRe Topic 2 DQ 1Social determinants of health are fac.docx
2 postsRe Topic 2 DQ 1Social determinants of health are fac.docx
 
2 peer responses due in 4 hoursMALEETAS POSTWorld War .docx
2 peer responses due in 4 hoursMALEETAS POSTWorld War .docx2 peer responses due in 4 hoursMALEETAS POSTWorld War .docx
2 peer responses due in 4 hoursMALEETAS POSTWorld War .docx
 
2 Pages for 4 questions below1) Some say that analytics in gener.docx
2 Pages for 4 questions below1) Some say that analytics in gener.docx2 Pages for 4 questions below1) Some say that analytics in gener.docx
2 Pages for 4 questions below1) Some say that analytics in gener.docx
 
2 Ethics Session 1.pptxEthics in Engineering Pra.docx
2 Ethics Session 1.pptxEthics in Engineering Pra.docx2 Ethics Session 1.pptxEthics in Engineering Pra.docx
2 Ethics Session 1.pptxEthics in Engineering Pra.docx
 
2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docx
2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docx2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docx
2 1 5L e a r n I n g o b j e c t I v e sC H A P T E R.docx
 
2 Requirements Elicitation A Survey of Techniques, Ap.docx
2 Requirements Elicitation A Survey of Techniques, Ap.docx2 Requirements Elicitation A Survey of Techniques, Ap.docx
2 Requirements Elicitation A Survey of Techniques, Ap.docx
 

Último

2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxcallscotland1987
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Association for Project Management
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 

Último (20)

2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 

1Running Head AUDIT EVIDENCE2AUDIT EVIDENCE.docx

  • 1. 1 Running Head: AUDIT EVIDENCE 2 AUDIT EVIDENCE Audit Evidence Katherine Askew BSA 505 April 6, 2020 Evidence Gathering and Sampling Methodologies Gathering techniques are the specific methods and techniques used to collect distinctive kinds of evidence. These techniques include re-performance, inquiry, inspection, and observation, as well as analytical procedures. Audit evidence termed as the information or data collected and used by an auditor as part of his audit work in concluding the opinions if the financial statements prepared in all the material respect and as per the applicable economic frameworks. Inspection is one of the evidence-gathering procedures where an auditor inspects documents and records that provide varying reliability degrees depending on the source and nature of the
  • 2. material used. Inspecting physical assets provides evidence with higher reliability, and others indicate value. Observation entails checking the application of an entity's or client's procedure and policy hence getting assurance of the process at a particular point of time. Recalculation entails computation or recalculating to provide a higher degree of assurance about arithmetical accuracy. Also used to check the client's records like subtotals for receivables ledger and pricing on invoices. Re-performance can be active in reviewing the client process like bank reconciliation (Abou- Seada & Abdel-Kader 2017). It can be performed via the use of computer-assisted audit techniques or manually. Recalculation and re-performance provide reliable evidence compares to enquiring and observation. Analytical procedures entail studying of plausible relationships among the data. These procedures are limited since evidence relies on the validity of the set data. They are used in the entire audit process and conducted for primary purposes like risk assessment, substantive testing, and overall conclusion. An inquiry used to obtain knowledge of the entity, collect specific evidence, and corroborate evidence collected using other means. The evidence gathering process is summarized or broken down into four primary steps. It begins with designing the audit tests or procedures, including re-performance, inquiry, inspection, and observation, as well as analytical methods. The second step entails carrying out the audit tests r procedures and gathering evidence. The third one involves an analysis of evidence and concluding as well as evaluation of performance against the audit criteria. The fourth step is deciding if additional information is required and can be acquired or if there exists adequate, appropriate evidence. Audit sampling entails the use of audit procedures in selecting the items within a class of transactions or an account balance. It is the process of examining parts of the data set or population that is sufficient to attain rational assurance on the entire data or population. There are several sampling methodologies used
  • 3. for the controls under the test. The preferred sampling methods should yield some equal probabilities that every unit in the sample could be selected. The controls tested include manual and automated controls. Automatic controls require one sample, while manual controls depend on the method of sampling that an IS auditor use to calculate the sample size. The sampling methodologies include variable sampling used for substantive procedures like testing details of balances. Quality sampling is active when testing internal controls and assessing the number of things in a population encompassing a particular point of interest. A selection is a system of sampling that confirms that every component within a community has an equal possibility of choice by using selective number generators or particular number diagrams. Auditors use haphazard sampling without necessarily following a structured technique. It is recognized as the most suitable method when using statistical sampling (Cascarino, 2017). Auditors must be careful when selecting haphazard sampling to avoid predictability or conscious bias. Preliminary findings and Explanation I. . The employees' data are encrypted and protected from external unauthorized access that might comprise confidentiality and privacy that the information carries. The control objective is that controls provide reasonable assurance that the access to production data files and application programs have strict restrictions on the right authorized programs and personnel. A random sample of six employee's data showed that no unauthorized access to data reported in the last thirty days. II. Testing performed to ascertain that the change meets the outlined requirements in the change management system. The objective is that controls guarantee reasonable assurance that shifts to the statement application are approved, tested, authorized, implemented, and documented appropriately. A sample of five changes shows in the monitoring systems shows that three of the changes tested are not confirmed; they are meet the change requirements.
  • 4. III. Controls certify reasonable undertakings that the general costs are processed timely and accurately, and the processing allowances resolved. Payments steered by mailroom dispensation and credentials and arrangement of payments. A sample of fifteen payments between date 15th and 26th November 2019 shows that they not governed by payment processing procedures and policies. Keeping leadership abreast of the findings of the audit involves the application of different practices. Developing a timeline and assigning responsibility will help in tracking the results. I will review a list of schedules and work papers needed by the auditors ensuring that the clarifications of the requested information done when necessary—organizing data by creating a repository of audit schedules that can be assessed at any given time by the appropriate personnel. Reference Abou-Seada, M., & Abdel-Kader, M. (2017). Behavioral aspects of auditors' evidence evaluation: a belief revision perspective. Routledge. Cascarino, R. E. (2017). Data Analytics for Internal Auditors. CRC Press. Chang, Y. T., Chen, H., Cheng, R. K., & Chi, W. (2019). The impact of internal audit attributes on the effectiveness of internal control over operations and compliance. Journal of Contemporary Accounting & Economics, 15(1), 1-19. BSA/505 v4 Gail Industries Case Study BSA/505 v4 Page 2 of 14 Gail Industries Case Study This case study is used to complete your assignments throughout the course. Some sections of the case study will be necessary in multiple assignments. See the assignment instructions for specific assignment requirements.Introduction
  • 5. to Gail Industries Gail Industries is a partner to many Fortune 1000 companies and governments around the world. Gail Industries’ role is to manage essential aspects of their clients’ operations while interacting with and supporting the people their clients serve. They manage millions of digital transactions every day for various back office processing contracts. One of Gail Industries’ clients is the city of Smallville. Smallville, despite its name, is a large metropolis seated in the heart of the nation. The city has 2.5 million residents, and the greater Smallville metropolitan area has a population of about 4 million people. Smallville’s IT department follows the NIST 800-53 standards, and the city requires that all IT service organizations, whether run by city staff or vendors such as Gail Industries, follow these standards. For this case study, you are to assume the following dates: · Audit Period: 1/1/2018 – 12/31/2018 · Audit Field Work Dates: 1/3/2019 – 1/24/2019Overview of the Operations of Smallville Collections Processing Entity (SCOPE) Summary of Services Provided Collections Processing The Smallville Collections Processing Entity (SCOPE) provides collections processing services to the city of Smallville. SCOPE receives tax payments, licensing fees, parking tickets, and court costs for this major municipality. The city of Smallville sends out invoices and other collections notices, and SCOPE processes payments received through the mail, through an online payment website, and through an interactive voice response (IVR) system. Payments are in the form of checks, debit cards, and credit cards. After processing invoices, SCOPE deposits the monies into the bank account for the city. SCOPE is responsible for ensuring the security of the mail that comes into the possession of all employees, subcontractors, and agents at its processing facility, located within Smallville. Controls and procedures for money and mail handling are
  • 6. established by SCOPE to ensure payments are accounted for, from the earliest point received through processing and deposit. These controls and procedures provide: 1. Assurances for proper segregation of duties 2. The design and use of satisfactory documentation to ensure proper recording of transactions 3. The safeguarding of access to and use of all assets and records 4. Independent checks on performance Payment Receipt The purpose of collections processing is to receive and process various types of payments, post the payment data to the Central Collections System (CCS), and deposit the accompanying funds in the Smallville bank account. This process includes the following types of payment receipts: · Regular mail – paper checks only · Website – credit and debit card payments, electronic checks · IVR – credit and debit card payments Mail Delivery A bonded courier picks up the payments from the United States Postal Service (USPS) facility in Smallville. SCOPE uses a subcontractor for courier services. This courier is dedicated, picking up and delivering mail only for SCOPE. This courier is also required to sign for registered, certified, and express delivery envelopes. Opening and Sorting Mail The daily success of payment processing depends on receiving mail quickly from the postal service, opening that mail, and properly sorting the contents for processing. Batches contain similar payment types: tax payments are processed together, court collections together, and so forth. Deposits Deposits are made daily into the Smallville bank account. Electronic payments (debit cards, credit cards, and paperless checks) are deposited through an interface between CCSys and the bank. Checks are converted to electronic debits and
  • 7. deposited electronically. However, those that cannot be converted to electronic form are deposited in physical form. Functional Areas of Operations Gail Industries uses the following specific functional roles of operations: · Contract manager – responsible for the overall management of contract deliverables of the payment processing operation, including the monitoring of financial expenditures to ensure compliance with contract budgets. · Operations manager – responsible for planning, managing, and controlling the day-to-day activities of the team that provides operational support for the business unit, including the establishment of operational objectives and work plans and delegation of assignments to subordinate managers. · Information technology manager – responsible for developing and maintaining the strategy of the future direction of IT infrastructure, including developing plan for the implementation of new IT projects and managing relationships with IT-related vendors and subcontractors. · Accounting – responsible for performing a variety of routine clerical and accounting functions within the accounting department, including daily balancing of receipts. In addition, the accountant resolves exception transactions, including charged back checks (bounced checks), forgery affidavits, and recoupment. · Call center – the city of Smallville does not have a centralized call center for handling questions relating to payments and invoices. It is considering adding one to the scope of services offered by Gail Industries. Information Systems Services Gail Industries services are designed around the following tools and technologies:
  • 8. · Data Capture and Imaging – real-time instrument imaging and data capture—provides imaging, accountability and reporting of checks and remitted payments. · Invoice Management and Reporting – data correction and maintenance utilizing automated payment auditing and historical analysis. A browser-based application is available for internal SCOPE and Smallville staff to perform administrative functions. A separate internet-accessible payment portal allows for citizens, business owners, and others to view invoices and make payments. Processing Platforms Gail Industries currently utilizes cloud-based servers on the Amazon Web Services (AWS) platform for internet-accessible application. Data capture, imaging, and the payment processing application run on local servers in a secured computer room. Local servers run both Linux and Windows Server operating systems. Data is stored on Microsoft SQL Server to provide storage of payment, image, and balancing data. The servers supporting the CCS are housed within the SCOPE server room (also known as the data center) and are managed by Gail Industries’ IT staff. The IT staff provides the following services: · Firewall management – monitoring and management of the firewall systems and networks on a 24/7/365 basis. · Network monitoring – proactive network and server monitoring services to help maximize system performance and uptime. · Data backup – data backup services for the production, payment, imaging, and balancing data. · Incident management – IT incident monitoring, documentation, and resolution management.Control Objectives and Related Controls Physical Security (Datacenter) Control Objective 1: The controls provide reasonable assurance that physical access to computer resources within Gail
  • 9. Industries’ data center is restricted to authorized and appropriate personnel. To protect physical assets, management has documented and implemented physical access procedures to grant, control, monitor, and revoke access to the on-site SCOPE datacenter. The datacenter requires two-factor authentication: a biometric credential via retinal eye scanner and a badge access card. Individuals requesting badge access document the request on a standardized employee management form that must be approved by departmental management. Administrative access to the badge access system is restricted to authorized IT personnel. When an employee is terminated, IT personnel revoke the badge access privileges as a component of the termination process. In addition, the IT manager performs a review of badge access privileges on a monthly basis to help ensure that terminated employees do not retain badge access. All visitors must sign a logbook upon entering the datacenter, with a picture ID presented to their escort. Access is restricted to authorized IT personnel and equipment technicians. CCTV surveillance cameras are utilized throughout the facility and the datacenter to record activity; these images are retained for a minimum of 45 days. Physical Security (Facilities) Control Objective 2: Controls provide reasonable assurance that physical access to assets within Gail Industries’ facilities is restricted to authorized and appropriate personnel. To protect physical assets, management has documented and implemented physical access procedures to grant, control, monitor, and revoke access to the on-site SCOPE facility. A door badge access system is employed to control access to areas within the facility (including the datacenter) through the use of predefined security zones. Individuals requesting badge access to the facility document the request on a standardized employee management form, accessible through Gail Industries’ employee on-boarding
  • 10. system (known as GEO). All requests must be approved by departmental management. Administrative access to the badge access system is restricted to authorized IT personnel. Upon termination (voluntary or involuntary), SCOPE IT personnel revoke the badge access privileges as a task in the termination process. In addition, the IT manager performs a monthly review of badge access privileges to ensure that terminated employees do not retain badge access. Both entrances into the facility are locked and are monitored by administrative personnel. The receptionist must unlock the door for visitor access. Visitors are required to ring a video door bell and announce themselves to the receptionist. Visitors sign a logbook when entering the facility, and they are required to wear a visitor’s badge at all times. Visitors must be escorted by an authorized employee when accessing sensitive facility areas such as the mail room and server room. CCTV surveillance cameras are utilized throughout the facility and server room to record activity. Video images are retained for a minimum of 45 days. Environmental Safeguards Control Objective 3: Controls provide reasonable assurance that environmental safeguards protect physical assets and the data that resides on those assets. Management has implemented environmental controls to protect physical assets within the datacenter and office facility, including fire detection and suppression controls. The office facility is protected by audible and visual alarms, fire and smoke detectors, a sprinkler system, and hand-held fire extinguishers. A halon-free fire suppression system and smoke detectors protect the datacenter. An uninterruptible power supply (UPS) is in place to provide temporary electricity in the event of a power outage and mitigate the risk of power surges impacting infrastructure to the data center. Management retains the following inspection reports completed by the third party vendors as evidence of their completion:
  • 11. · Annual inspection of the fire detection and sprinkler fire suppression system · Annual inspection of hand-held fire extinguishers located throughout the facility · Annual inspection of the fire suppression system · Semi-annual inspection of the UPS systems Change Management Control Objective 4: Controls provide reasonable assurance that changes to network infrastructure and system software are documented, tested, approved, and properly implemented to protect data from unauthorized changes and to support user entities’ internal control over financial reporting. Documented change management policies and procedures are in place to address change management activities. Further, there are provisions for emergency changes to the infrastructure and operating systems. Change requests are documented via a change request (CR) form. CRs include details of the change, including the change requestor, the date of the request, the change description, and change specifications. Management, through the Change Advisory Board (CAB), holds a weekly meeting to review and prioritize change requests. During this meeting, management authorizes change requests by signing off on the CR form. Detailed testing is performed prior to implementation of the change in test environments that are logically separated from the production environment. The CAB approves the changes prior to implementation. The ability to implement infrastructure and operating system updates to the production systems is restricted to user accounts of authorized IT personnel. Logical Security Control Objective 5: Controls provide reasonable assurance that administrative access to network infrastructure and operating system resources is restricted to authorized and appropriate users to support user entities’ internal control over financial
  • 12. reporting. Information security policies have been documented and are updated annually to assist personnel in the modification of access privileges to information systems and guide them in safeguarding system infrastructure, information assets, and data. Infrastructure and operating system users are authenticated via user account and password prior to being granted access. Password requirements are configured to enforce minimum password length, password expiration intervals, password complexity, password history requirements, and invalid password account lockout threshold, as documented in the IT Procedures and Policies document. The CCS application authenticates users through the use of individual user accounts and password before granting access to the applications. CCS utilizes predefined security groups for role-based access privileges. The application enforces password requirements of password minimum length, password expiration intervals, password complexity, password history, and invalid password account lockout threshold. Payment Processing Control Objective 6: Controls provide reasonable assurance that payments received are processed accurately and timely, and processing exceptions are resolved. Documented payment processing policies and procedures are in place to guide personnel in the following activities: · Mailroom processing · Identification and posting of payments · Research and processing of unidentified payments · Financial reporting · Bank reconciliations Financial instruments are required to remain within the mailroom during payment processing. When mail is delivered by the courier, both the courier and the mail room supervisor initial the mail receipt log to verify the envelope count received.
  • 13. Physical access privileges of data entry personnel are segregated from balancing and mailroom personnel. Logical access to processing systems are segregated between data entry, balancing, and mailroom personnel. Data Transmission Control Objective 7: Controls provide reasonable assurance that transmitted payment data is complete, accurate, and timely. SCOPE exchanges payment and invoice information electronically with Smallville via scheduled inbound and outbound data transmissions each day. Smallville provides a list of newly created invoices that were issued on the previous business day. SCOPE receives this information in the CCS application and uses this for processing payments. Each day, all payments processed by SCOPE are sent back to the city of Smallville, which imports this data into its systems. Deposits Control Objective 8: Controls provide reasonable assurance that deposits are processed completely, accurately, and in a timely manner. Documented procedures are in place that addresses the transfer and security of financial instruments, including delivery of the mail from the Post Office (P.O) boxes to the SCOPE mailroom and the delivery of deposits from the SCOPE mailroom to the bank processing center. A courier pickup and delivery schedule, outlining the date/times of scheduled mail deliveries by the third party courier, is maintained and posted in the mailroom. SCOPE utilizes a third- party courier service for delivery of financial instruments to the city of Smallville’s bank.Partially Collected Audit Evidence GEO/SCOPE Active Employees Report Generated 1/3/2019 8:26 AM Employee ID Full Name
  • 14. Department Status Door Badge 10001438 Andrea Bradley Administrator Active 1902 10001337 Cesar Lynch Administrator Active 1904 10001232 Darin Young Administrator Active 2048 10000006 Gina Carmack Administrator Active 1900 10000001 Gail Lucas Administrator Active 1874 10001232 Ken Smith Administrator Active 1999 10001298 Michelle Adams Administrator
  • 15. Active 2005 10001396 Susan Larame Administrator Active 2010 10001301 Steve Lenzi Administrator Active 1871 10001243 Tessa Hammer Administrator Active 1801 10001188 Victoria Brown Administrator Active 2007 10001156 Yvonne Vasquez Administrator Active 1869 12 Employees Listed
  • 16. GEO/SCOPE Terminated Employees Report Generated 1/3/2019 8:22 AM Employee ID Full Name Department Status Term Date 10001038 Alan McDonald IT Termed 6/8/2018
  • 17. 1 Employee Listed GEO/SCOPE IT Active Employees Report Generated 1/3/2019 8:55 AM Employee ID Full Name Department Status Hire Date 10001232 Ken Smith IT Active 1/3/2017 10001396 Susan Larame IT
  • 18. Active 7/5/2018 2 Employees Listed Datacenter Visitor's Log Date Name Title Organization ID presented Escorted By 3/12/2018
  • 19. Gail Lucas President Gail Industries Alan, IT Specialist 7/2/2018 Kerry Lark IT Director City of Smallville Driver's Lic. Ken, IT Manager 7/31/2018 B. Smith Technician UPS Fixit Driver's Lic. Susan, IT Specialist 9/8/2018 B. Smith Technician UPS Fixit Driver's Lic. Susan, IT Specialist 11/13/2018 John Wilson Technician Fire Suppression Inc. Business Card Susan, IT Specialist Windows Domain Group Policy for Passwords CCS Active Users Report Generated 1/3/2019 8:26 AM User ID Full Name System Rights
  • 20. Status Email ABradley Andrea Bradley Administrator Active [email protected] AMcdonald Alan McDonald Administrator Active [email protected] CLynch Cesar Lynch Administrator Active [email protected] DYoung Darin Young Administrator Active [email protected] GCarmack Gina Carmack Administrator Active [email protected] GLucas Gail Lucas Administrator Active [email protected] KSmith Ken Smith Administrator Active
  • 21. [email protected] MAdams Michelle Adams Administrator Active [email protected] SLarame Susan Larame Administrator Active [email protected] SLenzi Steve Lenzi Administrator Active [email protected] THAMMER Tessa Hammer Administrator Active [email protected] VBrown Victoria Brown Administrator Active [email protected] YVasquez Yvonne Vasquez Administrator Active [email protected]
  • 22. Excerpt from IT Policies and Procedures Manual Version 1.0, 12/31/2016 Revision History Date Author Notes 12/31/2016 Ken Smith Version 1.0, accepted by client Overview This policy is intended to establish guidelines for effectively creating, maintaining, and protecting passwords at SCOPE. Scope This policy shall apply to all employees, contractors, and affiliates of SCOPE, and shall govern acceptable password use on all systems that connect to SCOPE network or access or store SCOPE, city of Smallville, or Gail Industries data. Policy Password Creation 1. All user and admin passwords must be at least [8] characters in length. Longer passwords and passphrases are strongly encouraged. 2. Where possible, password dictionaries should be utilized to prevent the use of common and easily cracked passwords. 3. Passwords must be completely unique, and not used for any other system, application, or personal account. 4. Default installation passwords must be changed immediately after installation is complete. Password Aging
  • 23. 1. User passwords must be changed every 60 days. Previously used passwords may not be reused. 2. System-level passwords must be changed on a monthly basis. Password Protection 1. Passwords must not be shared with anyone (including coworkers and supervisors), and must not be revealed or sent electronically. 2. Passwords shall not be written down or physically stored anywhere in the office. 3. When configuring password “hints,” do not hint at the format of your password (e.g., “zip + middle name”) 4. User IDs and passwords must not be stored in an unencrypted format. 5. User IDs and passwords must not be scripted to enable automatic login. 6. “Remember Password” feature on websites and applications should not be used. 7. All mobile devices that connect to the company network must be secured with a password and/or biometric authentication and must be configured to lock after 3 minutes of inactivity. Enforcement It is the responsibility of the end user to ensure enforcement with the policies above. If you believe your password may have been compromised, please immediately report the incident to the IT Department and change the password. Courier Deposit Log Date Deposit Items Time Courier SCOPE 1/2/2018 328 3:41 PM
  • 24. V. Barnes Mia Liu 1/3/2018 748 3:45 PM V. Barnes Mia Liu 1/4/2018 1050 4:30 PM V. Barnes Mia Liu 1/5/2018 258 3:31 PM V. Barnes Mia Liu 1/8/2018 1238 3:15 PM V. Barnes Mia Liu 1/9/2018 208 4:02 PM V. Barnes Mia Liu 1/10/2018 1031 3:45 PM V. Barnes Mia Liu 1/11/2018 1343 3:56 PM V. Barnes
  • 25. Mia Liu 1/12/2018 211 3:01 PM V. Barnes Mia Liu 1/15/2018 230 3:02 PM V. Barnes Mia Liu 1/16/2018 576 3:02 PM V. Barnes Mia Liu 1/17/2018 332 4:02 PM V. Barnes Mia Liu 1/18/2018 1204 Mia Liu 1/19/2018 904 Mia Liu 1/22/2018 231 Mia Liu
  • 27. 549 4:02 PM V. Barnes Mia Liu 2/2/2018 2/5/2018 2/6/2018 2/7/2018 2/8/2018 2/9/2018 2/12/2018
  • 28. 2/13/2018 2/14/2018 (No entries after 2/14/2018) Fire Extinguisher Inspection Tag Oldest Camera Image, from September 30, 2018 @3:30 AM Newest Camera Image, from January 3, 2019 Proposed Call Center Operations Department Recently, the city of Smallville has asked Gail Industries to expand the scope of the SCOPE contract by starting up a call center operation within the facility. This call center would handle hundreds of telephone calls placed by those who receive invoices from the city on a daily basis. Callers would be able to talk to a customer service representative (CSR) to check their account balance (ensuring payments had posted), dispute invoices received (which will be investigated by city of Smallville personnel), and accept credit card and debit card payments over the telephone. Copyright© 2018 by University of Phoenix. All rights reserved. Copyright© 2018 by University of Phoenix. All rights reserved.