INFORMATION SYSTEMS AUDIT AND ASSURANCE Department of Accounting and Corporate Governance IS Audit Report

Important note:
 This is an individual assignment. You must complete the task independently. If you submit a
report that is similar to any of your classmate’s reports it will be considered academic
dishonesty. Refer to the Macquarie University Academic Honesty Procedure and associated
documents.
 Please also refer to the submission instruction as per unit guide.
Estimated student workload: 30 hours
This assignment consists of two parts, which are Part 1: IS audit report and Part 2: Role playing
activity.
Part 1: IS Audit Report (30%)
Task
Perform a web search on recent (in the past 4 years) articles to find an interesting case study, such as
news articles in relation to IS risks.
You will need to attach the original version of the case study and reference source in the appendix
when you submit the assignment.
Assuming that you are an IS auditor, prepare an IS Audit Plan and report to the management of your
client. The document must include the followings:
1) Executive Summary
You will need to prepare an executive summary document (1 page maximum) to the board of
directors.
2) Background to the Case
Background to the client’s business and computerised environment. – This is to demonstrate
your understanding of the client’s business and IS environment.
3) IS Risks
Identify IS risks from the case study, including analysing the likelihood, level of risks and
implications to the business.
4) Audit Plan and Objectives
Prepare an audit plan outlining the methodologies/frameworks and areas that you propose to
audit. In addition, you will need to include audit objectives for each of the area(s) that you
plan to audit.
5) Interview Questions and Documents
ACCG358
INFORMATION SYSTEMS AUDIT AND ASSURANCE
Department of Accounting and Corporate Governance
IS Audit Report
Prepared by Dr. Savanid Vatanasakdakul 2
For each of the audit objectives, provide at least three examples of questions that you will use
to gather evidence from clients, including naming relevant documents that you may want to
obtain for the audit.
6) Recommendation
Provide a set of recommendations of control mechanism(s) to mitigate for each of the IS
risks. Identify the benefits of your recommendation to your client.
Required
Write a report that addresses all of the above sections.
 Format requirements: “Times New Roman” size 12 with 1.5 line spacing, approximately
1500 – 2000 words in total (not including references). You must include the total of words
used in your report. The report should have appropriate headings and subheadings
(including an introduction and conclusion).
 You must acknowledge the use of the work of others (e.g. the academic journal articles on
which your report is based) using the Harvard referencing style (see
http://www.lib.mq.edu.au/research/referencing.html). Any ideas or quotations must be
correctly cited in the body of your report and a reference list must be provided at the end of
your report.
 Once you have submitted your report, check the originality report in turn-it-in and ensure
similarity with other sources is referenced. You can resubmit your report until the due date.
 Please note that the originality report for a resubmission takes 24 hours to be produced.
Please ensure that you allow adequate time, if you are considering resubmission.
 Review the marking rubric so that you understand the expected standards and how you will
receive feedback.
Submission
 Students will need to upload their assignment to http://ilearn.mq.edu.au (Turn-it-in) by
11:59 pm of Friday 1st May (week 8). Otherwise your assignment will be considered
late.
 Late assignment will also be submitted via Turn-it-in.
Penalties
 Late tasks will be accepted up to 72* hours after the submission deadline. There will be a
deduction of 20%* of the total available marks made from the total awarded mark for each
24 hour period or part thereof that the submission is late (for example, 25 hours late in
submission – 40% penalty). *This penalty does not apply for cases in which an application
for an extension has been approved.
Prepared by Dr. Savanid Vatanasakdakul 3
Marking Criteria
The following criteria are how IS audit report will be marked.
Not
attempted
Fail Pass Credit Distinction High Distinction
1) Selection of
the case study
and risk
analysis (30%)
No attempt.
or
The answer
is copied or
substantially
copied from
materials or
other
sources.
Poor selection of
the case study.
Report indicates
poor or no
understanding of
the case study
and its
associated risks.
Good selection
of the case
study. Report
indicates some
understanding
of the case
study and its
associated
risks.
Good selection of
the case study.
Report indicates
good
understanding of
the case study
and its
associated risks
Good selection of
the case study.
Report indicates
high level of
understanding of
the case study and
its associated risks.
Good selection of
the case study.
Report indicates
in‐depth
understanding of
the case study and
comprehensive
risk analysis.
2) Critical
analysis of the
case, quality of
audit plan and
recommendati
on to target
audience.
(50%)
No attempt.
or
The answer
is copied or
substantially
copied from
materials or
other
sources.
Report indicates
poor or no
understanding of
audit plan and in
appropriate
recommendation
to target
audience.
Report
indicates some
understanding
of audit plan
and able to
provide
appropriate
recommendati
on to target
audience.
Report indicates
good
understanding of
audit plan and
able to provide
appropriate
recommendation
to target
audience.
Report indicates
high level
understanding of
audit plan and able
to provide
appropriate
recommendation
to target audience.
Report indicates
advanced
understanding of
audit plan and able
to provide
appropriate
recommendation.
to target audience
3) Structure of
the text
(10%)
No attempt,
or
The answer
is copied or
substantially
copied from
materials or
other
sources
Report does not
follow the
structure given
and information
is not generally
clearly organised
within each
section.
Report mostly
follows the
structure given
and
information is
generally
clearly
organised
within each
section.
Report follows
the structure
given and
information is
generally clearly
organised within
each section.
Report follows the
structure given and
information in each
section is
organised in a clear
and logical way.
Report follows the
structure given and
information in each
section is
presented in a
clear logical way
that supports the
overall
point/argument of
that section.
4) Professional
presentation
including
formatting,
spelling,
grammar,
referencing
(10%)
No attempt,
or
The answer
is copied or
substantially
copied from
materials or
other
sources
Presentation is of
a very poor
standard, with
numerous
errors/
inconsistencies.
Presentation is
of a basic
standard, with
some
formatting,
spelling,
grammar,
referencing
errors/inconsi
stencies
Presentation is of
a good standard,
with infrequent
formatting,
spelling,
grammar,
referencing
errors/inconsiste
ncies.
Presentation is of a
good standard,
with little or no
formatting,
spelling, grammar,
referencing
errors/inconsisten
cies.
Presentation is of a
professional
standard, with
little or no
formatting,
spelling, grammar,
referencing
errors/inconsisten
cies.
Prepared by Dr. Savanid Vatanasakdakul 4
Part 2: Role playing activity (10%)
Task
You must attend the tutorials on weeks 11, 12 and 13.
In week 11, you will be allocated into groups/roles. Please bring hard copy of your assignment 2
report to class. You will be asked to share your assignment with your group members. Tutors provide
instructions on the group initiation in preparation for week 12 and 13.
There will be two IS auditor teams and two client teams. There are approximately 6 members in each
team. One IS auditor team will be assigned to work with one client team.
Role 1 –IS auditor role
 You will act as IS auditor and present 1) background to the case, 2) audit methodology 3)
risks, and 4) controls, etc to the board members of your clients.
 In week 11, the IS auditor team will select a case study that will represent your group. The
case study will be chosen from one of your group member’s assignment. Then, you will
inform the client team the choice of your case. This is to assist the client team to do some
research prior to your presentation on week 12 or 13.
 The presentation on week 12/13 will be done in random basis. Each week, there will be only
one presentation conducted by one IS auditor team and one client team. However, students
will need to attend tutorials in both weeks.
 The auditor team will have 20 minutes presentation time. All group members will need to
participate in the presentation. The auditor team will need complete a presentation using
PowerPoint.
 The auditor team should assign the roles among your team members such as audit partners,
managers and graduates.
Role 2 – Client role
 While your fellow students act as IS auditors and present their findings, as a client, you will
need to assess the IS auditors’ performance and recommendation.
 The client team will need to complete the client evaluation form as well as prepare a list of
questions that you plan to ask the IS auditors. While the client evaluation form can be filled
during the tutorial. The list of questions and assessment criteria to assess the auditors should
be prepared prior to the class. Please print and bring the client evaluation form to tutorial.
 The client team will need to do research on the case that will be presented by auditor team
prior to week 12. The auditor team will need to inform you the case that they will choose in
week 11.
 The client team will need to lead the presentation and introduce the team members to the
auditing team. Please assign the executive roles to each member.
 Then, the auditors will have 20 minutes to present their findings.
 The client team will have 15 minutes to question the auditor team.
 The client team will have another 10 minutes to finalise their opinions among team members.
Then, the client team will need to provide feedbacks to the auditor team if they agree or
disagree with their recommendation and why?
Submission
Role 1 –IS auditor
 As a group, you will need to submit a hard copy of your power point presentation to your
tutor during the tutorial.
Prepared by Dr. Savanid Vatanasakdakul 5
Role 2 – Client
 As a group, you will need to submit only one client evaluation form to your tutor during the
tutorial.
Penalties
 No applicable. No late submission will be granted. If you fail to participate in week 11, 12
and 13 tutorials, you will receive no mark for this component. There will be no rescheduling
of presentation and assessment.
Marking Criteria
The following criteria are how role playing activity will be marked.
Criteria HD D CR P F
Participation in
Preparation and
Presentation
(20%)
Always willing
and
focused during
group work and
presentation.
Usually willing
and
focused during
group work and
presentation.
Sometimes
willing
and focused
during group
work
and presentation.
Rarely willing
and
focused during
group work and
presentation.
No
attempt
Presentation of
Character
(20%)
Convincing
communication
of
character’s
feelings,
situation
and motives.
Competent
communication
of
character’s
feelings,
situations
and motives.
Adequate
communication of
character’s
feelings, situation
and motives.
Limited
communication
of
character’s
feelings,
situation
and motives.
No
attempt
Achievement of
Purpose
(20%)
Purpose is
clearly
established and
effectively
sustained.
Purpose is
clearly
established and
generally
sustained.
Purpose is
established but
may not be
sustained.
Purpose is
vaguely
established and
may not be
sustained.
No
attempt
Use of Non-Verbal
Cues (voice,
gestures, eye
contact, props,
costumes)
(20%)
Impressive
variety
of non-verbal
cues
are used in an
exemplary way.
Good variety of
non-verbal cues
are used in a
competent way.
Satisfactory
variety
of non-verbal
cues
used in an
acceptable way.
Limited variety
of
non-verbal cues
are used in a
developing
way.
No
attempt
Imagination and
Creativity
(20%)
Choices
demonstrate
insight and
powerfully
enhance role
play.
Choices
demonstrate
thoughtfulness
and
completely
enhance role
play.
Choices
demonstrate
awareness and
developing
acceptably
enhance role play.
Choices
demonstrate
little
awareness and
do
little to
enhance
role play.
No
attempt
(Adopted from the role playing Rubric from University of Alberta, Canada
http://education.alberta.ca/physicaleducationonline/edmonton2001/pdf/7-12/(Q)AssessmentSuggestionsp51-
56.pdf)
Prepared by Dr. Savanid Vatanasakdakul 6
ACCG 358: INFORMATION SYSTEMS AUDIT AND ASSURANCE
IS Auditor team
(Please print and bring to your class on weeks 12/13)
Your mark / 100
Your role ______________________________________________________________
Tutorial ________________________________________________________________
Topic of presentation _____________________________________________________
Group name _____________________________________________________________________
Team member
No. Student ID Name and Last Name
Prepared by Dr. Savanid Vatanasakdakul 7
ACCG 358: INFORMATION SYSTEMS AUDIT AND ASSURANCE
Client team
(Please print and bring to your class on weeks 12/13)
Your mark / 100
Your role ______________________________________________________________
Tutorial ________________________________________________________________
Topic of presentation from the IS auditor team_________________________________
Group name _____________________________________________________________________
Team member
No. Student ID Name and Last Name
Prepared by Dr. Savanid Vatanasakdakul 8
ACCG 358: INFORMATION SYSTEMS AUDIT AND ASSURANCE
CLIENT EVALUATION FORM
(Please print and bring to your class on week 12/13)
Group name _____________________________________________________________________
Tutorial _______________________________________________________________
Topic of presentation ____________________________________________________
1) What are the risks presented in this case?
 ___________________________________________________________________________
 ___________________________________________________________________________
 ___________________________________________________________________________
 ___________________________________________________________________________
 ___________________________________________________________________________
2) What are the controls presented in this case?
 ___________________________________________________________________________
 ___________________________________________________________________________
 ___________________________________________________________________________
 ___________________________________________________________________________
 ___________________________________________________________________________
3) Do you agree or disagree with the IS auditor’s recommendation and why?
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
__________________________________________________________________________________
_________________________________________________________________________________
__________________________________________________________________________________

Is this the question you were looking for? If so, place your order here to get started!