Audit and Audit Standards Essay

Submitted By Ffgblue1
Words: 650
Pages: 3
Open Document
The intent of testing is to appraise the level of security and identify vulnerabilities for mitigation measures. Vulnerability assessments identify and report on security weaknesses and vulnerabilities in the target system. This analysis is an important element of any activity in risk management. Vulnerability assessment components help in integrating all the steps in this analysis by automating the process of detecting, identifying, measuring, and understanding the vulnerabilities found in a target ICT system or infrastructure (Anderson & Rainie, 2010). In order to achieve this, the process involves both passive and active scanning, and this is important in verifying that the vulnerabilities are both present and exploitable.

In addition, tools used in vulnerability assessment are capable of performing on various network nodes including networking and networked devices such as printers, routers, and firewalls, as well as desktops, servers, and mobile devices, which present a new set of security issues that requires being handled (Price, 2003).

Penetration testing uses security tools and techniques that help identify and validate vulnerabilities. External penetration testing helps identify weaknesses in a company’s network that might be exploited by an attacker to attack the enterprise environment from the internet. Internal testing seeks to detect and exploit weaknesses to determine if the unauthorized access or other shady activity can be performed in the target network (Price, 2003). This gives an indication whether the system is able to withstand any attack emerging at the point where the test was accessed. By testing the security of the system in this way, we seek to answer this question: “Can an attacker exploit the identified weaknesses?”

This information is necessary to help the company’s security team gain experience in defending against cyber-crimes (Anderson & Rainie, 2010). It provides objectivity regarding the existing vulnerabilities and the efficacy of defense and mitigating mechanisms in place and those intended to be implemented in future.

Audit Standards

Companies favor an integrated audit that covers financial controls as well as the information systems. Organizations have to ensure that they comply with the set audit standards and legislations in this process. An audit standard like Statement of Auditing Standard (SAS) number 70 complies with the American Institute of Certified Public Accountants (AICPA) and ensures that the measures of financial records and processes are sound (University of Maryland University College, 2010).

Integrating financial control and its audits is more practical for large organizations since most data are stored electronically and information systems are used in their day-to-day business. In addition, legislation like Sarbanes-Oxley requires companies to ensure compliance in
Show More

Related Documents: Audit and Audit Standards Essay

In Terms Of Professional Standards When Is A Disclaimer More Appropriate Than An Audit Opinion?

Several federal laws require external audits to protect the public. Should federal laws also require internal audits within a public corporation? Provide an example to support your response. DQ 2: Professional auditing standards provide for an unqualified audit report with three standard paragraphs. Briefly describe those paragraphs. Which is the most important? Why? DQ 3: In terms of professional standards, when is a disclaimer more appropriate than an audit opinion? Explain the basis for your example…

Words 372 - Pages 2

Aas Summry Icai Essay

Summary of Auditing & Assurance Standards as prescribed by ICAI AAS-1 Basic Principals governing an Audit This Auditing and Assurance Standard was the first standard on auditing issued by the Institute. As the name suggests, it seeks to lie down and briefly explain the basic principles which govern the auditor’s professional responsibilities and which should be complied with whenever an audit is carried out. These principles are, namely, integrity, objectivity and independence, confidentiality, skills…

Words 4709 - Pages 19

Vertical Auditing

to carryout regular audits to ensure they are obtaining the standards that the laboratory has set. Standards that are set by laboratories are codes of best practice that are set out to ensure efficiency and safety of all working in that laboratory. The international organisation for standardisation (ISO) is the world’s largest publisher and developer of standards but it is UKAS, the UKs national accreditation body, which is recognised by the UK governments to assess the standards of ISO and issue accreditation…

Words 832 - Pages 4

Audit Notes Essay

Nature, Timing & Extent Chapter 1: Why Audit: Legal and Contractual Requirements Restrictive Covenants in Debt Agreements Modern Corporation Setup – Absentee Stockholders and professional Managers Principal –Agent Relationships Lack on information symmetry Conflicts of Interest Cost Effective Monitoring Device Information asymmetry: when on party has more or better information that the other party. Independence: Independence is a backbone of auditing. If an auditor is not independent…

Words 1473 - Pages 6

Essay Building Conceptual Frameworks

Traditionally, audits were mainly associated with gaining information about financial systems and the financial records of a company or a business. Financial audits are performed to ascertain the validity and reliability of information, as well as to provide an assessment of a system's internal control. The goal of an audit is to express an opinion of the person / organization / system (etc.) in question, under evaluation based on work done on a test basis.[citation needed] Due to constraints, an audit seeks…

Words 1831 - Pages 8

Essay on Innovation: Audit and Audit Expectation Gap

Expanded audit report Empirical studies have been conducted in the US, the UK and Australia to examine whether using an expanded audit report is effective in reducing an audit expectation gap. A survey conducted by Nair and Rittenberg (1987) in the USA revealed that an expanded audit report changes the users’ perceptions with regard to the responsibilities of the auditors. Likewise, Gay and Schelluch (1993) found that audit reports based on the revised Statement of Auditing AUP3 (i.e…

Words 687 - Pages 3

Acc 490 Week 1

Week 1 Paper Auditing Standards Amy Jarvis ACC 490 Febuary 23, 2015 Looking into the Generally Accepted Auditing Standards there are 10 different type of elements that is associated with the Generally Accepted Auditing Standards which are separated into three different categories such as the general standards, standards of field work, and standards of reporting. In the general standards categories you have three elements, the auditor must have technical training, maintain independence…

Words 682 - Pages 3

Taking A Look At The Sarbanes-Oxley Act

enhancing the audit independence and oversight of public company audits, strengthening audit committees and corporate governance, and enhancing transparency, executive accountability and investor protection (Ey 2012). Firstly, SOX enhances the audit independence and oversight of public company audits. The Sarbanes-Oxley Act sets up several standards for restricting audit performance and non-audit services, and they also established the PCAOB for setting, enforcing audit standards. According to…

Words 565 - Pages 3

Audit Support Systems Article Summary

September 6, 2014 Audit Support Systems Article Summary Jason Simonds In the assigned article, Audit support systems and decision aid: Current practice and opportunities for future research, Carlin Dowling and Stewart Leech examine the use of audit support systems within large accounting firms and the effectiveness of their design. These audit support systems are electronic programs that use digital workbooks and online files to help direct the auditor to proper standards and efficient audits. The systems…

Words 709 - Pages 3

Essay on Internal Auditing Case Study

Appreciative Internal Audit: A Strength-Based Approach to Quality System Auditing – A Case Study. Jon Morris President JDQ Systems Inc. Vancouver, BC, Canada Introduction Traditional internal audits fulfill an important need for companies with fresh ISO 9001:2000 Quality Management System implementations, but for companies with mature systems, those registered for more than five years, an innovative approach to auditing called “Appreciative Internal Quality Audit” can take them beyond compliance…

Words 4401 - Pages 18