ictict503-validate-quality-and-completeness-of-system-design-specifications-1
1.1
List some documents required as input to understanding the system. List at least two items are required to understand the system to be audited.
1.2
The Information Systems Audit and Control Association (ISACA) suggest that audit objectives should be based on seven information criteria and then agreed upon by the organisation. Brief explain what they are.
1.3
Why is it generally better to have the audit team external to the development team? Which of the computer controls are we interested in for the Bazaar Ceramics Project? What are the subsets of the computer control.
1.4
In order to develop the audit criteria, you should review? What are the most common legislative requirements for a website? Give a brief description of each.
1.5
Design a scope of Audit Criteria into metric for classification.
1.6
Determine audit methods and process to undertake review an Audit Assessment.
1.7
List the resources to carry out Audit.
1.8
Develop Audit plan detailing objectives, scope, criteria, testing techniques and resources requirement will be undertaken
2.1
What is the two part process for collecting evidence? What does interviewing the development team (e.g. for a website development) achieve for testing methods? Why is it preferable to have more than one test for each requirement? Say suppose the auditor/s were testing a website. Why is it preferable to randomly select pages to test rather than pages selected from the developers?
2.2
What should an audit plan include? What do resources include? What documents are typically used for measurement?
2.3
Design a simple three column table format to document audit outcomes as audit progresses. Ensure in this table you put logical fields for the headings for each column. Note: You are finding out what was intended with the test in the first place.Hint: If I am an auditor, I need to know the following:
• What am I testing?
• What are the steps to testing the criteria?
• What are the results after I conduct each test?
3.1
Why is it important to review the system contract against the outcomes of the audit? Why is it important to ensure the audit testing is complete and accurate before comparing the system contract against the audit outcomes?
3.2
What can be discovered by comparing system functionality against audit outcomes and system contract? Suggest a mechanism in IT development for correcting system functionality that has been found to fall short as according to audit outcomes and system contract.
3.3
Identify non-compliances based on contract requirements
3.4
Name two scenarios for corrective action when non-compliance is discovered?
3.5
What should be included when documenting non-compliance?
