SBM4302 IT Audit and Controls

genetics of cystic fibrosis – Elite Writing Geeks
July 22, 2021
eng 225 paper – Writer Bay
July 22, 2021


Page | 1
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
1-3 Fitzwilliam Street, Parramatta NSW 2150: 02-8319 2100
PRV12007; CRICOS 03048D
Approved: 21/9/2020 & Version 1.1
Unit Code and Title: SBM4302 IT Audit and Controls
Assessment Information

Assessment Task Weighting Due Length ULO
Assessment 1: Quiz
Quiz covering lecture materials on a bi-weekly basis.
40% Week 3,
5, 7, 9
15 mins ULO-1
ULO-2
ULO-3
ULO-4
Assessment 2: Report
An individual work pertaining to a real world IT audit report
30% Week 5 2500 words ULO-1
ULO-2
ULO-3
ULO-4
ULO-5
Assessment 3: Case Study
A group work that involves designing an audit work of an
organization’s IT functionalities
30% Week 12 2500 words ULO-1
ULO-2
ULO-3
ULO-4
ULO-5
ULO-6
ULO-7

Assessment Details
Page | 2
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
1-3 Fitzwilliam Street, Parramatta NSW 2150: 02-8319 2100
PRV12007; CRICOS 03048D
Approved: 21/9/2020 & Version 1.1
Assessment 1: Quiz

Due date: Weeks 3, 5, 7, 9
Group/individual: Individual
Word count / Time provided: 15 minutes
Weighting: 40%
Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4

Assessment Details:
This test will assess your knowledge of key content areas (on a bi-weekly basis). For successful
completion of the quiz, you are required to study the material provided (lecture slides, tutorials, and
reading materials), engage in the unit’s activities, and in the discussion forums. The prescribed
textbook is the main reference along with the recommended reading material. By completing this
assessment successfully, you will be able to identify key aspects of IT Audit and controls.
Marking Information: The quiz will be marked out of 100 and will be weighted 10% of the total
unit mark.
Assessment 2: Report

Due date: Week 5
Group/individual: Individual
Word count / Time provided: 2500
Weighting: 30%
Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6, ULO-7
Course Learning Outcomes: CLO-1, CLO-6, CLO-8, CLO-9

Assessment Details:
This assessment is designed to assess students’ ability to apply theoretical learning to practical, real
world situations. In this assessment students are given an IT audit report conducted by the office of
the New South Wales Auditor General and asked to do the followings:
• Identify the audit focus and scope
• Describe high risk IT issues in the NSW city councils
• Describe audit findings related to IT governance in the NSW city councils
• Describe audit findings related to IT general controls in the NSW city councils
• Describe audit findings related to cyber security management in the NSW city councils
• Highlight the professional, legal, and ethical responsibilities of an IT auditor.
In completing this assessment successfully, you will be able to learn how to analyse an IT audit report,
learn relevant legislation, generally accepted auditing standards and ISACA’s CORBIT framework,
which will help in achieving ULO1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6, and ULO-7.
Page | 3
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
1-3 Fitzwilliam Street, Parramatta NSW 2150: 02-8319 2100
PRV12007; CRICOS 03048D
Approved: 21/9/2020 & Version 1.1
Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 30%
of the total unit mark

Marking Criteria Not satisfactory
(0-49%) of the
criterion mark)
Satisfactory
(50-64%) of the
criterion mark
Good
(65-74%) of the
criterion mark
Very Good
(75-84%) of the
criterion mark
Excellent
(85-100%) of the
criterion mark
Identify the
audit focus and
scope of the given
audit report
(10 marks)
Inadequate
identification of
audit focus and
scope from the
report
Basic level
identification of
audit focus and
scope from the
report
Moderate level
identification of
audit focus and
scope from the
report
Accurate
and detailed
identification of
audit focus and
scope
Displays
exceptional level
identification of
audit focus and
scope
Describe high risk
IT issues in the
NSW city councils
(20 marks)
Inadequate
description of the
high risk IT issues
Basic description
of the high risk IT
issues
Moderate level
description of the
high risk IT issues
Accurate and
detailed
description of the
high risk IT issues
Displays
exceptional level
description of the
high risk IT issues
Describe audit
findings related
to IT governance
in the NSW city
councils
(20 marks)
Inadequate
description of the
findings related to
IT governance
Basic description
of the findings
related to IT
governance
Moderate level
description of the
findings related to
IT governance
Accurate and
detailed
description of the
findings related to
IT governance
Displays
exceptional level
description of the
findings related to
IT governance
Describe audit
findings related
to IT general
controls in the
NSW city councils
(20 marks)
Inadequate
description of the
findings related to
IT general controls
Basic description
of the findings
related to IT
general controls
Moderate level
description of the
findings related to
IT general controls
Accurate and
detailed
description of the
findings related to
IT general controls
Displays
exceptional level
description of the
findings related to
IT general controls
Describe audit
findings related
to cyber security
management in
the NSW city
councils
(20 marks)
Inadequate
description of the
findings related to
cyber security
management
Basic description
of the findings
related to cyber
security
management
Moderate level
description of the
findings related to
cyber security
management
Accurate and
detailed
description of the
findings related to
cyber security
management
Displays
exceptional level
description of the
findings related to
cyber security
management

Page | 4
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
1-3 Fitzwilliam Street, Parramatta NSW 2150: 02-8319 2100
PRV12007; CRICOS 03048D
Approved: 21/9/2020 & Version 1.1

Describe and
discuss the
professional,
legal, and ethical
responsibilities of
an IT Auditor
(10 marks)
Inadequate
understanding of
the professional,
legal, and ethical
responsibilities of
an IT Auditor;
cannot discuss
concepts in own
words.
Basic knowledge
of the
professional,
legal, and ethical
responsibilities of
an IT Auditor.
Exhibits breadth
and depth of
understanding
of the
professional,
legal, and ethical
responsibilities of
an IT Auditor.
Exhibits accurate
and detailed
breadth and
depth of
understanding
professional,
legal, and ethical
responsibilities of
an IT Auditor.
Displays
exceptional
understanding of
concepts and their
practical
application of the
professional,
legal, and ethical
responsibilities of
an IT Auditor

Assessment 3: Case Study

Due date: Week 12
Group/individual: Group
Word count / Time provided: 2500 words
Weighting: 30%
Unit Learning Outcomes: ULO1, ULO2, ULO3, ULO4, ULO5, ULO6, ULO7

Assessment Details:
This assessment is designed to assess students’ ability to apply theoretical learning to practical, real
world situations. In this assessment students are given a sample case study and asked to design an IT
audit based on it. In particular, emphasis on the reason(s) behind the situation that unfolded and
actions that could have been taken to prevent such incidents from occurring.
Case Study: Service NSW Data Breach
On September 7th 2020, media reports showed that the Service NSW, the New South Wales
state’s biggest data collection agency, suffered a massive data breach through a cyber attack.
Personal data of 186,000 customers and staff were leaked after a cyber attack occurred through
phishing emails earlier this year, in which 47 employees had their email accounts
compromised. A four-month investigation, which began in April, concluded that roughly 3.8
million documents had to be analysed to assess the severity of any possible breaches.
“This rigorous first step surfaced about 500,000 documents which referenced personal
information,” Service NSW chief executive Damon Rees said. “The data is made up of
documents such as handwritten notes and forms, scans, and records of transaction
applications.”
The total size of the breach was 738 gigabytes of data, but not all of that was personal
information, a spokesperson for Service NSW said. There is no evidence that individual
MyServiceNSW account data or Service NSW databases were compromised.
Page | 5
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
1-3 Fitzwilliam Street, Parramatta NSW 2150: 02-8319 2100
PRV12007; CRICOS 03048D
Approved: 21/9/2020 & Version 1.1
Customers who have been identified as “at-risk” will be notified by mail, which will include
instructions on how to get support. The department said it “will never call or email a customer
out of the blue requesting customer information about this or any other data breach”.
Based on the above case study, you have to prepare a report and then a subsequent presentation to
answer the followings:
– objectify your audit focus and scope
– which IT resources of Service NSW, are you planning to audit? And how can you detect regularities,
abnormalities in them?
– what suggestions, recommendations do you want to provide to Service NSW based on your findings?
– As IT auditor, what are the rules and regulations that you plan to adhere to?
Marking Information: The case study will be marked out of 100 and will be weighted 30% of the
total unit mark

Marking Criteria Not satisfactory
(0-49%) of the
criterion mark)
Satisfactory
(50-64%) of the
criterion mark
Good
(65-74%) of the
criterion mark
Very Good
(75-84%) of the
criterion mark
Excellent
(85-100%) of the
criterion mark
Identify the
audit focus and
scope
(20 marks)
Inadequate
identification of
audit focus and
scope
Basic level
identification of
audit focus and
scope
Moderate level
identification of
audit focus and
scope
Accurate
and detailed
identification of
audit focus and
scope
Displays
exceptional level
identification of
audit focus and
scope
Analysis and
findings (30
marks)
Inadequate
analysis and
findings
Basic description
of analysis and
findings
Moderate level
description of
analysis and
findings
Accurate and
detailed
description of
analysis and
findings
Displays
exceptional level
description of
analysis and
findings
Auditor’s
recommendations
(20 marks)
Inadequate
description of the
auditor’s
recommendations
Basic description
of the auditor’s
recommendations
Moderate level
description of the
auditor’s
recommendations
Accurate and
detailed
description of the
auditor’s
recommendations
Displays
exceptional level
description of the
auditor’s
recommendations
Presentation (30
marks)
Inadequate
representation of
the designed audit
Basic
representation of
the designed audit
Moderate level
representation of
the designed audit
Accurate and
detailed
representation of
the designed audit
Exceptional
representation of
the designed audit
WE’VE HAD A GOOD SUCCESS RATE ON THIS ASSIGNMENT. PLACE THIS ORDER OR A SIMILAR ORDER AND GET AN AMAZING DISCOUNT

Leave a Reply

Your email address will not be published. Required fields are marked *