This document outlines homework assignments for an IT auditing class. The first assignment asks students to describe what a data flow diagram is and why it is useful for IT auditing in two paragraphs. The second assignment asks students to explain computer-assisted audit techniques (CAATs) and their benefits in one paragraph. The third assignment asks students to describe two techniques CAATs use to define sample size and select samples in two paragraphs. The fourth assignment asks students to explain the importance of flowcharting as an audit analysis tool in one paragraph. The document also outlines a case study assignment on change control management processes due on a later date.

1. Lesson 4 Homework
100 points total
Due : Tuesday October 18th, 11:59PM
1. [25 points] Describe what a Data Flow Diagram is and why it
is useful for IT auditing. One paragraph should describe what a
Data Flow Diagram is, and the second paragraph should
describe why it is useful for IT auditing.
2. [25 points] In one paragraph, what are CAATs and what
benefits do they provide to IT auditors?
3. [25 points] CAATs are known to assist auditors in defining
sample size and selecting a sample for testing purposes.
Describe two techniques used by CAATs to define sample size
and select the sample. One paragraph for each technique.
4. [25 points] Explain the importance of flowcharting as an
audit analysis tool in one paragraph.
IASP 340 Project 3
Fall 2022
50 points total
Due Date : Tuesday October 25th, 11:59PM
CASE—CHANGE CONTROL MANAGEMENT PROCESS

2. OVERVIEW: A change control management process is a method
that formally defines,
evaluates, and approves application changes prior to their
implementation into live or
production environments. The process includes several control
procedures to ensure that
implemented changes will cause minimal impact to the
objectives of the organization. These
procedures involve submission of change requests,
determination of feasibility, approval, and
implementation. The following describes typical roles and
procedures undertaken in a change
control management process.
ROLE: CHANGE REQUESTER
The Change Requester identifies a requirement for change to the
application (e.g., upgrades to
new editions, etc.). The Requester then prepares a Change
Request Form (CRF), including
description of the change, cost and benefits analyses, impact,
approvals, and any other
supporting documentation deemed necessary. He or she then
submits the CRF to the Project
Manager for further review.
ROLE: PROJECT MANAGER
Upon receipt, the Project Manager reviews the CRF and
determines whether or not additional
information is required for the Change Control Board to assess
the full impact of the change in
terms of time, scope, and cost (i.e., feasibility). The decision is
based among others on factors,
such as:
• Number of change options presented

3. • Feasibility and benefits of the change
• Risks and impact to the organization
• Complexity and/or difficulty of the change options requested
• Scale of the change solutions proposed
If the Project Manager determines the change is feasible, he/she
will log the CRF in the change
log by number, and track its status. The Project Manager then
submits the CRF to the Change
Control Board. On the other hand, if the CRF is not deemed
feasible, the Project Manager will
close the CRF.
ROLE: CHANGE CONTROL BOARD
Upon receipt, the Change Control Board reviews the CRF and
any supporting documentation
provided by the Project Manager. The Change Control Board
represents an authorized body
who is ultimately responsible for approving or rejecting CRFs
based on relevant analyses (i.e.,
feasibility).
After a formal review, the Change Control Board may:
• Reject the change (the reasons for the rejection are notified
back to the Change
Requester)
• Request more information related to the change
• Approve the change as requested or subject to specified
conditions
Once approved, the Change Control Board forwards the change
and any related supporting
documentation to the Implementation Team.

4. ROLE: IMPLEMENTATION TEAM
The Implementation Team schedules and tests the approved
change. If test results are not
successful, the change and all related supporting documentation
are sent back for re-testing. If
results are successful, the Implementation Team formally
implements the change, and notifies
the Change Requester.
PROJECT TASK: Prepare a flowchart depicting the change
control management process just
described. Make sure you segregate the roles (i.e., Change
Requester, Project Manager,
Change Control Board, and Implementation Team) in vertical
columns when creating the
flowchart to illustrate the procedures performed in the process.
This representation is useful
for auditors to evaluate segregation of duties and identify
incompatible functions within the
process.
HINT : Use Exhibit 4.3 from your textbook as a guide for the
structure of your flowchart. See
how the different roles and functions are delineated and
represented. Your flowchart should
have a similar structure.