Rewrite the following case study in your own words...

Do Not Plagiarize 

ONCE AGAIN READ THE ATTACHED AND WRITE IN OWN WORDS 

Dalton.docx 

Dalton, Walton, & Carlton, Inc. Project Plan: Audit

     This document describes the IT audit project undertaken by auditors at Dalton, Walton, & Carlton (DWC).  It will define the project in phases with actions in both generic and specific terms.

 

Phase 1. Initiation

1.1 Formation and selection of audit team.  Audit team members will be tentatively selected based upon the type and expected goals of the audit.  Strengths and weaknesses will be balanced and targeted towards the type of audit.  The goal is to pair one auditor to each functional area and a single contact for that area, whether it is a manager or experienced employee.

1.2 Initial meeting with DWC executive managers.  The audit team will meet initially with DWC management to introduce themselves and inform the management how the process works and the overall goals of the audit.  Auditors will lay out the audit plan project and discuss any anticipated challenges and potential focus areas.

1.3 Business orientation.  DWC managers will give an overview presentation to orient auditors to the business and its operating environment.  The overview will focus on general methods and processes.

1.4 Determine audit objectives.  Audit objectives will be established to help guide and focus audit events.  Audit objectives will be refined in the planning phase when details and additional risks become more evident.

 

Phase 2. Planning

2.1 High-Level (Strategic) Review.  Review risk assessments, previous audit results, and strategic policies/documents.  These documents will reveal strengths and weaknesses along with risks.  Once risks are understood, the next review step will help reveal whether risks are mitigated or reduced by established controls.

2.2 Tactical Review.  Review procedures and process documents. Review tactical planning documents.  These reviews focus on processes and procedures in order to identify risks that remain and pose the greatest potential for problems.  Both internal and external control requirements and regulatory requirements are reviewed.  These are focus areas for auditors.

2.3 Determine review areas.  These focus areas determine the nature and order of audit review actions.  This is the point where the audit plan is refined to become a plan of action.  Both the audit team and the management team will agree on the audit execution plan before beginning the execution phase.

 

 

 

 

 

 

Phase 3. Execution

3.1 Process orientation.  Assessors focus on how processes function and analyze systems, data flow, security, operating procedures, and metrics. This review is likely to uncover controls also and may be combined with the next step simultaneously.  However, the next step focuses on controls and risks.

3.2 Control orientation.  Assessors focus on controls during control orientation, whether they are procedural, regulatory, or technical.  They will use the review areas determined in Phase 2 and guide their efforts towards risk-based issues.  Auditors will try and identify weaknesses and problems with existing controls.  They will also review logs, checklists, and records as necessary.

3.2.1  Auditors will focus on the following areas which present increased risk:

- Software patching and updating

- Wireless network security

- Antivirus/malware protection

- Log in security, both at workstation and remote. Password reset processes

- Physical asset security

- File security, permissions, and access rules

- Non-company (vendor) site access

- Security training, initial and refresher

- While these focus areas are high priority, other areas will be reviewed as discoveries are made during the audit.  Random sampling will also be conducted on areas deemed low risk, primarily to ensure they remain low risk.

3.3 Issue Discovery & Validation.  Potential issues will be listed and described.  Auditors will seek to validate issues and determine issue severity in conjunction with DWC.  This phase may involve testing, detailed analysis, interviews, or simple sampling of tested materials.  Once the issue is validated, the audit team will seek to determine risks and risk residuals.

3.4 Solution Development.  The audit team and DWC personnel will develop potential resolutions to the discovered issues.  Potential solutions will be narrowed to a course of action for each actionable finding in the monitor/control phase since this is an overarching effort.  Solutions will focus on the risks, especially the net effect of each solution and potential residual risk.  Each identified action and its corresponding resolution will generate an action plan.

3.5 Report Drafting.  The audit team generates the first draft report.  The solutions are drafted into the report also and the team will seek management coordination before moving on to the last phase.

 

 

 

 

 

Phase 4. Monitor/control

4.1 Solution Development (conclusion).    The final results will be compiled with the action plans to include milestone-based timetables.  The solution plan will be coordinated among stakeholders and management.  Final approval will be sought before producing the final audit report.

4.2 Final Audit Report Issuance.  The final audit report will be generated and include signatures of audit leaders and the Dalton, Walton, & Carlton managers.

4.3 Effect Solutions.  DWC will work towards solutions and resolution of each item on the audit report according to the established action plans.  Progress will be mapped against milestones and follow-up reporting will be conducted in the next phase.  Progress of each action plan will be summarized in a semi-annual audit follow-up report in the next phase also.

4.4 Issue Tracking.  Auditors will provide assistance as needed and verify the corrective actions follow established timelines and meet milestones.  Any changes will be coordinated with the audit team.  Progress will be annotated and reported along with the semi-annual audit follow-up report.  This report will be coordinated and signed by DWC management and audit managers.  Follow-up audit checks will be conducted as necessary when fixes are completed or before the audit is closed.

 

Phase 5. Closure

5.1 Solution Completion.  When all solutions are complete, mitigated, or risks accepted or transferred, a final audit check of identified items will be conducted.  This check is a simple review of actions necessary to ensure compliance and closure of the problem.

5.2 Closure Report.  When all solutions have been finalized in the previous step, a final closure addendum report will be compiled summarizing all actions taken, the expectation of the residual risk, and the concurrence of auditors and managers.  The next tentative audit will be scheduled based upon DWC’s need and established timelines after completion of identified items.  The final report will be issued and include concurrence by the audit manager, DWC management, and will project the expected next audit date.