Your proposal and presentation were clear and concise. I noticed in your control table that you mentioned “sample” for several controls to be tested in “Evidence That Shows Effectiveness” column. There are several ways to take a sample, but you didn’t specify what methodology you would use to take your sample. Did your team decide on a methodology and just forget to add it, or did you not consider the sample method used to provide assurance? I ask since certain sample methods are more likely to capture areas of vulnerability than others.
I liked how the controls were split up into Preventive and Detective in your table. It was good to provide generic control failures in your plan, as the organization being audited can prepare and check for these before the actual audit. Overall, nice job.
Nice audit proposal/plan. The first thing that stuck out to me was how you guys outlined the each of the risk involved and associated with IT data destruction. It made you entire audit plan very easy to follow and understand. Like others have mentioned, the differentiation of the controls put in place to mitigate/avoid each of those risks is a nice touch – gives the executive board members and people your plan is being presented to clarity and confidence in your auditing services. Lastly, I noticed you guys added the “Exhibit A” – Sample of Certificate Destruction as part of the proposal letter. I thought that good to provide an actual sample, which shows your proposal isn’t just all theory. In general, I think your audit proposal is good.
I like the format of your audit plan, which make this plan more interesting and creative. Meanwhile, I think it is very good for talking about why. Employees may do not know some of them is important. Even auditor, they cannot know all of them. In this case, when we talk about this, it will give them a background knowledge about why they should do this and how they should do to get the goal. Finally, for the video, it is very good in talking about risk to let people know why this plan is important.
I like your presentation very much! It is very clear that help me to understand what you want to audit and what risks related to them. Also, you identified what kind of controls it falls in (detective control, corrective control, preventive control).
Sean Patrick Walsh says
Your proposal and presentation were clear and concise. I noticed in your control table that you mentioned “sample” for several controls to be tested in “Evidence That Shows Effectiveness” column. There are several ways to take a sample, but you didn’t specify what methodology you would use to take your sample. Did your team decide on a methodology and just forget to add it, or did you not consider the sample method used to provide assurance? I ask since certain sample methods are more likely to capture areas of vulnerability than others.
Ahmed A. Alkaysi says
I liked how the controls were split up into Preventive and Detective in your table. It was good to provide generic control failures in your plan, as the organization being audited can prepare and check for these before the actual audit. Overall, nice job.
Alexander B Olubajo says
Team 4,
Nice audit proposal/plan. The first thing that stuck out to me was how you guys outlined the each of the risk involved and associated with IT data destruction. It made you entire audit plan very easy to follow and understand. Like others have mentioned, the differentiation of the controls put in place to mitigate/avoid each of those risks is a nice touch – gives the executive board members and people your plan is being presented to clarity and confidence in your auditing services. Lastly, I noticed you guys added the “Exhibit A” – Sample of Certificate Destruction as part of the proposal letter. I thought that good to provide an actual sample, which shows your proposal isn’t just all theory. In general, I think your audit proposal is good.
Xiaodi Ji says
I like the format of your audit plan, which make this plan more interesting and creative. Meanwhile, I think it is very good for talking about why. Employees may do not know some of them is important. Even auditor, they cannot know all of them. In this case, when we talk about this, it will give them a background knowledge about why they should do this and how they should do to get the goal. Finally, for the video, it is very good in talking about risk to let people know why this plan is important.
Mengxue Ni says
I like your presentation very much! It is very clear that help me to understand what you want to audit and what risks related to them. Also, you identified what kind of controls it falls in (detective control, corrective control, preventive control).