1. Exercise for Auditing
Question 1
State four (4) advisory roles of the internal auditors in the SDLC.
Review the project proposal generated during the system planning phases to
ensure issues such as control procedures and governance activities are properly
addressed.
Review the relevant documents generated during system testing to ensure the
output generated meets the requirements needed by the end users.
Review and examine various documents generated at every phase of the
system development life cycle (SDLC) processes to determine the project is run
smoothly.
Using the tools of assessment such as an inquiry and a checklist which this
process will help an internal audit evaluate if project is developed in the best
interest of the organization.
Question 2
Explain briefly four (4) challenges faced by the internal auditors in conducting the
audit for e-commerce.
Knowledge of security exposures and control measures.
Internal auditors should equip themselves with the various security breach
techniques for example hacking, spamming and virus attacks. Inadequate
network access control may increase the possibility of unauthorised access by
an external party into the company’s sensitive and confidential data.
Skills and experience in handling E-commerce security issues
The use of e-commerce as par of a business operation has increased he
function, scope and responsibilities of the IT department. Internal auditors need
to equip themselves especially with better skills and knowledge of latest
developments in IT control procedures.
Question on loss of transaction integrity
Internal auditors should focus on the adequacy of the security control as stated
in the IT policy and procedures as e-commerce transactions does not involve
physical documentation.
Audit on E-commerce
Once a company has operated online, an internal audit has to consider an e-
commerce audit in the annual audit plan which important to help management
in evaluating the existing system of internal control on the current e-commerce
model.