- 10 Marks
Question
a) Abbey Ltd is a medium-sized manufacturing company that produces various products for consumers. The company has a large amount of confidential data, including financial records, trade secrets, and personal information of employees and customers. The company has recently become concerned about cyber security risks and has hired an external auditor to conduct an audit of their data security controls.
Required:
Explain FIVE (5) procedures the External Auditor would need to perform to obtain evidence to evaluate the effectiveness of Abbey Ltd’s data security controls.
(10 marks)
Answer
a) Procedures the External Auditor would need to perform to evaluate the effectiveness of Abbey Ltd’s data security controls:
- Review of Policies and Procedures: Examine the company’s policies and procedures related to data security, including access control and incident response policies, to ensure they are up-to-date and aligned with industry standards.
- Interviews with Management and Staff: Conduct interviews with key personnel to understand roles and responsibilities regarding data security and inquire about any past breaches or incidents.
- Review of System Logs: Examine system logs to assess whether the company’s systems are functioning as intended and to identify any vulnerabilities or unusual activity.
- Testing of Controls: Perform tests on the data security controls, such as penetration testing, to determine if the company’s network and applications are adequately protected.
- Review of Third-Party Contracts: Inspect contracts with third-party vendors to ensure that appropriate data security provisions are in place for any data shared or accessed by external parties.
- Tags: Audit Procedures, Cybersecurity, Data security, External Auditor
- Level: Level 2
- Uploader: Dotse