Audit Findings and Business Processes

The four areas of an audit finding consist of criteria, circumstance, cause and impact and they are all key components. According to our text, the audit finding “involves deficiencies, abuse, fraud, or other illegal acts”. (Weiss 154). The one that I believe would be most difficult to complete is impact. Reasoning behind this selecting impact is that it is difficult to pin point where and when an incident will occur. Standard security and procedures can be implemented; however, nothing is unhackable. Furthermore, the impact can have a crippling effect on the business such as loss of confidentiality, integrity and availability (CIA). Loss of confidentiality could result in loss of public confidence, embarrassment or legal action against the organization. Loss of integrity can lead to continued use of the contaminated system or corrupted data that could result in inaccuracy, fraud or flawed decisions. Last but not least, loss of availability. This may result in loss of productivity and prevent the end users’ from performing their functions, which support the organization’s mission. And, impact can lead to fmancialloss. With that said, impact would be the most difficult to complete due to the numerous areas that can be impacted. The best way an organization can address these difficulties is to adhere to a framework such as Control Objectives for Information and related Technology (COBIT). This will provide an IT governance model, an understanding of managing risk and will make certain that systems are protected.


Read more from CIS 349 Information Technology Audit and Control