Assignment Two
10/03/2017
Internal Audit Senior Managers are asking you to develop a Risk and Control Matrix for the IT audit entity you plan to audit and incorporate the RCM into the Audit Planning Memo your team worked on.
The risk and control matrix should identify and key risks associated with the operating systems you are going to audit and should be created in a table format (Ref. to RCM Template) and should contain the following components:
- Risk Events (C.I.A) & Risk Description Detail – Answer the “so what” question
- Inherent Risk Rating Rationale (Likelihood, Impact)
- Inherent Risk Rating (H/M/L)
- Expected Controls (What should be in place to mitigate the risk identified)
- Control Assessment (evaluating of the design of the controls – Hypothetical)
Sample IT Risk Definition:
-
- IT Governance
- System Development
- System Documentation
- Library Management and Change Control
- Information Security
- Desktop and Servers
- Infrastructure Disaster Recovery
- Data Center Operation Services
- Data Center Physical Security
- Data Transmission
- Data Integrity
- End User Computing
- Telecommunication
- Vendor Resilience
Due Date: EOD 10/17/2017
Sample RAM Template:
risk-assessment-matrix-template
Email to: Liang.yao@temple.edu Please call me or email me should you have any questions regarding the completion of this assignment BEFORE the due date.