Assignment #1 Requirements
9/28/2016
You are a team of IT auditors from XYZ Company’s Internal Audit department. You are assigned for the upcoming audit in 2016 for the company’s distributed database environment.
You are asked to develop an Audit Planning Memorandum (APM) base on your understanding of the company’s database environment and your research on risks and controls associated with the relational database management systems (RDBMS).
Key components of an APM should include the following:
- Entity background or overview (reporting structure, DBMS environment, key applications using DBs, etc.
- Audit objective(s) and scope (Thinking about the C.I.A components)
- Out-of-scope area (what not to cover during this audit and why – Ref. to where should they belong to)
- Key risk areas and risk rating (ref. to text book, CISA review manual and Gartner paper)
- Prior audit finding (if any…)
- Management self-identified issues (based on your own experience)
- Current development or on-going project
- Key contact from business lines
- Audit resources and responsibilities
- Audit time period
Due Date: 10/12 before the class
Submission: Team Leader via email