Assessment 2: Report
Due date: Week 5
Group/individual: Individual
Word count / Time provided: 2500
Weighting: 30%
Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6, ULO-7
Course Learning Outcomes: CLO-1, CLO-6, CLO-8, CLO-9
Assessment Details:
This assessment is designed to assess students’ ability to apply theoretical learning to practical, real world situations. In this assessment students are given an IT audit report conducted by the office of the New South Wales Auditor General and asked to do the followings:
• Identify the audit focus and scope
• Describe high risk IT issues in the NSW city councils
• Describe audit findings related to IT governance in the NSW city councils
• Describe audit findings related to IT general controls in the NSW city councils
• Describe audit findings related to cyber security management in the NSW city councils
• Highlight the professional, legal, and ethical responsibilities of an IT auditor.
In completing this assessment successfully, you will be able to learn how to analyse an IT audit report, learn relevant legislation, generally accepted auditing standards and ISACA’s CORBIT framework, which will help in achieving ULO1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6, and ULO-7.
Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 30% of the total unit mark
Marking Criteria Not satisfactory
(0-49%) of the criterion mark) Satisfactory
(50-64%) of the criterion mark Good
(65-74%) of the criterion mark Very Good
(75-84%) of the criterion mark Excellent
(85-100%) of the criterion mark
Identify the audit focus and scope of the given audit report
(10 marks)
Inadequate identification of audit focus and scope from the report Basic level identification of audit focus and scope from the report Moderate level identification of audit focus and scope from the report Accurate and detailed identification of audit focus and
scope Displays exceptional level identification of audit focus and
scope
Describe high risk
IT issues in the
NSW city councils
(20 marks)
Inadequate description of the high risk IT issues Basic description of the high risk IT issues Moderate level description of the high risk IT issues Accurate and detailed description of the high risk IT issues Displays exceptional level description of the high risk IT issues
Describe audit findings related to IT governance in the NSW city councils (20 marks)
Inadequate description of the findings related to
IT governance Basic description of the findings related to IT governance Moderate level description of the findings related to
IT governance Accurate and detailed description of the findings related to
IT governance Displays exceptional level description of the findings related to
IT governance
Describe audit findings related to IT general controls in the NSW city councils
(20 marks)
Inadequate description of the findings related to IT general controls Basic description of the findings related to IT general controls Moderate level description of the findings related to IT general controls Accurate and detailed description of the findings related to IT general controls Displays exceptional level description of the findings related to IT general controls
Describe audit findings related to cyber security management in the NSW city councils (20 marks)
Inadequate description of the findings related to
cyber security management Basic description of the findings related to cyber security
management Moderate level description of the findings related to
cyber security management Accurate and detailed description of the findings related to
cyber security management Displays exceptional level description of the findings related to
cyber security management
Describe and discuss the professional, legal, and ethical responsibilities of an IT Auditor
(10 marks)
Inadequate understanding of the professional, legal, and ethical responsibilities of an IT Auditor; cannot discuss concepts in own words. Basic knowledge of the professional, legal, and ethical responsibilities of an IT Auditor. Exhibits breadth and depth of understanding of the professional, legal, and ethical responsibilities of an IT Auditor. Exhibits accurate and detailed breadth and depth of understanding professional, legal, and ethical responsibilities of an IT Auditor. Displays exceptional understanding of concepts and their practical application of the professional, legal, and ethical responsibilities of an IT Audito