4550 Montgomery Avenue, Suite 650N • Bethesda, MD 20814
(301) 951-9090 • Fax: (301) 951-3570 • www.grfcpa.com

Personal Attention Will Never Become Obsolete

What an Auditor Does
and Doesn’t Do

In the past, companies often relied on accountants from their audit firms to assist in rec-
onciling accounts, preparing the adjusting journal entries and writing financial statements.

Small companies, in particular, often lacked the level of accounting sophistication neces-
sary to carry out these tasks. Relying on the audit firm often made sense from the perspec-
tive of efficiency and cost containment.

But an increased focus on auditor independence has come about during the last decade in
new requirements by the American Institute of CPAs and a host of related regulatory guid-
ance issued by the Securities and Exchange Commission, the General Accounting Office
and the U.S. Department of Labor.

The standards generally restrict the nonattest services – such as tax or consulting services
– that auditors may perform and the circumstances under which those services may be
allowed. The increased regulations serve to muddy an already often misunderstood set
of expectations.

What auditors do

The outside, independent auditor is engaged to render an opinion on whether a company’s
financial statements are presented fairly, in all material respects, in accordance with finan-
cial reporting framework.

To form the opinion, the auditor gathers appropriate and sufficient evidence and observes,
tests, compares and confirms until gaining reasonable assurance. The auditor then forms
an opinion of whether the financial statements are free of material misstatement, whether
due to fraud or error.

GELMAN, ROSENBERG
& FREEDMAN

CERTIFIED PUBLIC ACCOUNTANTS
What an Auditor Does and Doesn’t Do

Page 2

Some of the more important auditing procedures include:

▶ Inquiring of management and others to gain an understanding of the organization
itself, its operations, financial reporting and known fraud or error
▶ Evaluating and understanding the internal control system
▶ Performing analytical procedures on expected or unexpected variances in account
balances or classes of transactions
▶ Testing documentation supporting account balances or classes of transactions
▶ Observing the physical inventory count
▶ Confirming accounts receivable and other accounts with a third party

At the completion of the audit, the auditor may also offer objective advice for improving fi-
nancial reporting and internal controls to maximize a company’s performance and efficiency.

What auditors don’t do

For a clear picture of the role of external auditors, it helps to understand what you should
not expect auditors to do. The emphasis is on “independent.”

First and foremost, auditors do not take responsibility for the financial statements on which
they form an opinion. The responsibility for financial statement presentation lies squarely
in the hands of the company being audited.

In practical terms, there are a number of tasks you should not expect your auditor to perform.

▶ Analyze or reconcile accounts
▶ “Close the books”
▶ Locate invoices, etc., for testing
▶ Prepare confirmations for mailing
▶ Select accounting policies or procedures
▶ Prepare financial statements or
footnote disclosures
▶ Prepare an entity for audit
▶ Determine restrictions of assets
▶ Implement corrective action plans

▶ Determine estimates included in
financial statements
▶ Establish value of assets and liabilities
▶ Maintain client permanent records,
including loan documents, leases,
contracts and other legal documents
▶ Prepare or maintain minutes of board
of directors meetings
▶ Establish account coding or classifications
▶ Determine retirement plan contributions

GELMAN, ROSENBERG
& FREEDMAN
CERTIFIED PUBLIC ACCOUNTANTS
What an Auditor Does and Doesn’t Do

Page 3

Your external auditor may perform some of these duties under guidelines of the Ameri-
can Institute of CPAs, Department of Labor, Government Accountability Office, Securities
and Exchange Commission or Public Company Accounting Oversight Board. However,

these same guidelines may preclude
the auditor from performing some of
these functions.

Management’s
responsibilities in

an audit

The words, “The financial state-
ments are the responsibility of man-
agement,” appear prominently in an
auditor’s communications, including
the audit report.

Management’s responsibility is the
underlying foundation on which au-
dits are conducted. Simply put, with-
out management having responsibil-
ity for the financial statements, the
demarcation line that determines the
auditor’s independence and objectiv-
ity regarding the client and the audit
engagement would not be as clear.

It is important for a company’s man-
agement to understand exactly what
an audit is – and what an audit does
and does not do. The auditor’s respon-
sibility is to express an independent,
objective opinion on the financial
statements of a company.

Auditors are not a part of management,
which means the auditor will not:

▶ Authorize, execute or consummate
transactions on behalf of a client

▶ Prepare or make changes to source
documents

▶ Assume custody of client assets,
including maintenance of
bank accounts

▶ Establish or maintain internal controls,
including the performance of ongoing
monitoring activities for a client

▶ Supervise client employees performing
normal recurring activities

▶ Report to the board of directors on
behalf of management

▶ Serve as a client’s stock or escrow agent
or general counsel

▶ Sign payroll tax returns on behalf of
a client

▶ Approve vendor invoices for payment
▶ Design a client’s financial management

system or make modifications to source
code underlying that system

▶ Hire or terminate employees

Page 4

Our mission is to provide exceptional financial, tax and consulting
services to clients through knowledge and communication.

GELMAN, ROSENBERG
& FREEDMAN
CERTIFIED PUBLIC ACCOUNTANTS
What an Auditor Does and Doesn’t Do

Phone: (301) 951-9090
Website: www.grfcpa.com

This opinion is given in accordance with auditing standards that require the auditors to plan
certain procedures and report on the results of the audit, while considering the representa-
tions, assertions and responsibility of management for the financial statements.

As one of their required procedures, auditors ask management to communicate manage-
ment’s responsibility for the financial statements to the auditor in a representation letter.
The auditor concludes the engagement by using those same words regarding management’s
responsibility in the first paragraph of the auditor’s report.

Auditors cannot require management to do anything or to make any representation. How-
ever, to conclude the audit with the hope of a “clean” unqualified opinion issued by the
auditor, management has to assume the responsibility for the financial statements.

Auditing standards are very clear that management has the following responsibilities fun-
damental to the conduct of an audit:

1. To prepare and present the financial statements in accordance with an applicable
financial reporting framework including the design, implementation and maintenance of
internal controls relevant to the preparation and presentation of financial statements that
are free from material misstatements, whether from error or fraud

2. To provide the auditor with the following information:

▶ All records, documentation and other matters relevant to the preparation and presenta-
tion of the financial statements
▶ Any additional information the auditor may request from management
▶ Unrestricted access to those within the organization if the auditor determines it neces-
sary to obtain audit evidence objectivity.

It is not uncommon for the auditor to make suggestions about the form and content of the
financial statements or even assist management by drafting them, in whole or in part, based
on information provided by management. In those situations, management’s responsibility
for the financial statements does not diminish or change.

Information System Audit

An Overview Study in E-Government of Nepal

Mr. Abhijit Gupta 1st Affiliation (Author)
Department of Computer Science and Engineering

Singhania University
Rajasthan, India

abhi@abhi.com.np

Prof. Dr. Subarna Shakya 2nd Affiliation (Author)
Department of Electronics and Computer Engineering,

Institute of Engineering, Tribhuvan University,
Kathmandu, Nepal
drss@ioe.edu.np

Abstract— Information and communication technology

(ICT) can cause rapid development in government
processes, especially in developing countries like Nepal.
ICT strategies and ICT plans should be evaluated to align
with organization visions and missions in order to achieve
effective use of ICT in their organizations. The main
purpose of this research study is to evaluate whether the
process of system auditing in e-Government of Nepal is as
par and meet the minimum requirements with respect to
international standards. The goal here will be to check
whether the auditing procedure covers the areas like
internal control design and effectiveness, this includes but
not limited to, efficiency and security protocols,
development processes, data integrity, etc. This paper is
prepared upon exploration and overview study on
information system audit in e-Government and will
conclude its current status in Nepal. The result of this
paper will be to show current status of information system
audit in Nepal in the E-Government of Nepal.

Keywords—Information; System Audit; e-Government; e-

Readiness;

I. INTRODUCTION

ICT is transforming our world, the way we learn, changing
the way we do business, the way we communicate, the way we
entertain ourselves and even the way government executes its
processes and provides service to citizens. Success in any field
of e-Government requires a command of technology which
can only be verified with proper Information System Audit
[1]. This research study will be undertaken with a view to
assess and explore the insight of how Information System
Audit is being executed in e-Government and different
Organizations of Nepal. The terminology “IS Audit” is still a
fresh concept in Nepal so the availability of tools and
technology in conjunction with the required hardware,
software facility to conduct the audit will be taken into
consideration in this research.

E-Government uses digital tools and systems to provide
better public services to citizens and businesses. Effective e-
Government can provide a wide variety of benefits including
more efficiency and savings for governments and businesses,

increased transparency, and greater participation of citizens in
political life [2]. Information System Audit can assure
efffective E-Government.

E-Government has one primary commitment to its
taxpaying citizens. It assures better service delivery at lower
cost. Hence, use of new technologies, digital delivery systems
save money and in the long run produce and thus substantial
savings in public sector operations. Citizens can access
information and services from their homes or offices and do so
in a way that saves the government money [3]. This has
increased importance of Information System Audit in
eGovernment to re-assure that Government is providing better
and reliable public services through ICT.

II. LITERATURE REVIEW

A. E-Government

E-Government can be defined as the use of Information and
Communication Technology (ICT) by the government to
provide information and public services to the citizens [4]. In
other words, E-Government can also be defined as the use and
application of ICT to effectively manage data and information,
enhance public service and communication for the
empowerment of people in public administration to streamline
and integrate work processes [4].

E-Government Development Index (EGDI) is an index that
shows the e-government development index of a country in
the world. UN E-Government Survey 2014 shows percentage
of countries grouped by EGDI as in below graph.

Fig. 1. Percentage of Countries grouped by EGDI

Adapted: UN Economic and Social Affairs, “United Nations E-Government Survey 2014, E-
Government for the future we want”, 2014.

827978-1-4673-7910-6/15/$31.00 c©2015 IEEE

UN E-Government Survey 2014 clearly shows top 25
countries with EGDI and changes in rank in 2012 & 2014 in
the below table. The Republic of Korea has retained its top
spot and Australia and Singapore have improved their rank
when compared to 2012 and are now in top 3. Similarly,
Bahrain shows dramatic improvements with 18� rank jump
from 36th and introducing itself to top 25 in 2014 when
compared to 2012. Similarly, Netherlands has gone down by
3� from 2 to 5. The average EGDI of Top-25 countries,
0.8368 is nearly twice higher than the average EGDI of
World, 0.4712.

TABLE I. WORLD E-GOVERNMENT RANKING 2014

Adapted: UN Economic and Social Affairs, “United Nations E-Government Survey 2014, E-
Government for the future we want”, 2014.

Below table clearly depicts the EGDI status of Nepal which

falls in “less than 0.25” column.

TABLE II. WORLD E-GOVERNMENT RANKING 2014

Very High
EGDI

High EGDI Middle EGDI Low EGDI

More than 0.75
Between

0.50 and 0.75
Between

0.25 and 0.50
Less than 0.25

Australia
Austria
Bahrain
Belgium
Canada
Denmark
Estonia
Finland
France
Germany
Iceland
Ireland

Albania
Andorra
Antigua and
Barbuda
Argentina
Armenia
Azerbaijan
Barbados
Belarus
Brazil
Brunei
Bulgaria

Algeria
Angola
Bahamas
Bangladesh
Belize
Bhutan
Bolivia
Bosnia and
Herzegovina
Botswana
Cambodia
Cameroon

Afghanistan
Benin
Burkina Faso
Burundi
Central
African
Republic
Chad
Comoros
Côte d’Ivoire
Congo
Djibouti

Very High
EGDI
High EGDI Middle EGDI Low EGDI
More than 0.75
Between
0.50 and 0.75
Between
0.25 and 0.50
Less than 0.25

Israel
Italy
Japan
Luxembourg
Netherlands
New Zealand
Norway
Republic of
Korea
Singapore
Spain
Sweden
United
Kingdom
USA

Chile
China
Colombia
Costa Rica
Croatia
Cyprus
Czech
Republic
Ecuador
Egypt
Fiji
Georgia
Greece
Grenada
Hungary
Jordan
Kazakhstan
Kuwait
Latvia
Liechtenstein
Lithuania
Malaysia
Malta
Mauritius
Mexico
Monaco
Mongolia
Montenegro
Morocco
Oman
Panama
Peru
Poland
Portugal
Qatar
Moldova
Romania
Russian
Federation
San Marino
Saudi Arabia
Serbia
Seychelles
Slovakia
Slovenia
Sri Lanka
Switzerland
Tunisia
Turkey
Ukraine
United Arab
Emirates
Uruguay
Venezuela

Cape Verde
Congo
Cuba
DPR of Korea
Dominica
Dominican
Republic
El Salvador
Ethiopia
Gabon
Ghana
Guatemala
Guyana
Honduras
India
Indonesia
Iran
Iraq
Jamaica
Kenya
Kiribati
Kyrgyzstan
Laos
Lebanon
Lesotho
Libya
Madagascar
Maldives
Marshall
Islands
Micronesia
Namibia
Nauru
Nicaragua
Nigeria
Pakistan
Palau
Paraguay
Philippines
Rwanda
Saint Kitts and
Nevis
Saint Lucia
St Vincent and
the Grenadines
Samoa
Senegal
South Africa
Sudan
Suriname
Swaziland
Syria
Tajikistan
Thailand
TFYR of
Macedonia
Timor-Leste
Tonga
Trinidad and
Tobago
Turkmenistan
Tuvalu
Uganda
Tanzania
Uzbekistan
Vanuatu
Viet Nam
Yemen

Equatorial
Guinea
Eritrea
Gambia
Guinea
Guinea-Bissau
Haiti
Liberia
Malawi
Mali
Mauritania
Mozambique
Myanmar
Nepal
Niger
Papua New
Guinea
Sao Tome and
Principe
Sierra Leone
Solomon
Islands
Somalia
South Sudan
Togo
Zambia

828 2015 International Conference on Green Computing and Internet of Things (ICGCIoT)

Very High
EGDI
High EGDI Middle EGDI Low EGDI
More than 0.75
Between
0.50 and 0.75
Between
0.25 and 0.50
Less than 0.25

Zimbabwe

Adapted: UN Economic and Social Affairs, “United Nations E-Government Survey 2014, E-
Government for the future we want”, 2014.

Below Table clearly shows that, Nepal does not fall in

Asian top-20 EGDI as well.

TABLE III. TOP-20 E-GOVERNMENT RANKING IN ASIA 2014

Adapted: UN Economic and Social Affairs, “United Nations E-Government Survey 2014, E-
Government for the future we want”, 2014.

Nepal has an EGDI of 0.2344 and its country ranking has

plummeted from 130th in 2003 to 165th in 2014 [4].

Fig. 2. Comparison of SAARC EGDI

Adapted: UN Economic and Social Affairs, “United Nations E-Government Survey 2014, E-
Government for the future we want”, 2014

EGDI of Nepal, 0.2344 is very low and holds 7th position

when compared with other SAARC region countries.

The Government of Nepal has been working towards the
emphasizing the organic or functional relation between parts
and the whole e-government qualitative change to provide
better services to its citizens, improve transparency and work
towards knowledge based society. There were eight projects
prioritized for the e-government transformation such as
infrastructure, government portal, national ID, enterprise
architecture, e-education, public key infrastructure, integrated
data and training center and groupware.

E-Participation in general is e-information sharing, e-
consultation and e-decision making. E-Participation Index of
Nepal is 0.2941in the world [4]. E-Participation means ICT
used for enabling and strengthening citizen participation in
democratic decision-making processes [5]. Depending on the
aspect of democracy being promoted it can employ different
techniques (Trechsel et al, 2002):

• For increasing the transparency of the political
process;

• For enhancing the direct involvement on participation
of citizen;

• For improving the quality of opinion formation by
opening new spaces of information and deliberation

Fig. 3. Comparison of SAARC EPI

Adapted: UN Economic and Social Affairs, “United Nations E-Government Survey 2014, E-
Government for the future we want”, 2014

EPI of Nepal, 0.2941 is very low and holds 7th position

when compared with other SAARC region countries.

B. IT System Audit

Information can be obtained in no matter of time and at the
same time it opens up the risks of sabotage, fraud, malicious
or mischievous acts. There are several ways of applying
security techniques as per the nature of risks. It becomes
priority to identify the potential risks before techniques are
selected to provide the security for the data or the system or
organizations. Information System Audit helps in auditing
risks and thus improves the organization security system by
evaluating an organization’s systems processes and controls
against a standard or documented process which is set earlier.
Audits are designed to provide an independent assessment and

2015 International Conference on Green Computing and Internet of Things (ICGCIoT) 829

may also provide a gap analysis of the operating effectiveness
of the internal controls [6].

As per Symantec, Organizations must address four main
types of ICT risks and they are security risks, availability
risks, performance risks and compliance risks [7]. The security
risks represent the unauthorized access to information such as
data privacy, data leakage, fraud and forgery, and endpoint
security. The security risks include several external threats,
such as viruses, targeted attacks upon specific applications,
users and information. Some obstacles and challenges in cyber
security of nepal are debilitating disruption of operation of the
information system, Spam mails, Online Frauds, Sniffing of
Passwords [8].

III. RESEARCH METHODOLOGY

Quantitative Research Methodology was used to collect
information and data for the purpose of making business
decisions. The methodology included publication research,
interviews, surveys and other research techniques, and
includes both present and historical information. Primary data
was collected by survey where set of questions were asked to
professionals involved IS projects with/for/in Government.
This survey was initiated to first identify how many of the
respondents actually were involved in IS projects for
Government of Nepal directly or indirectly.

Fig. 4. Sample Relevancy Checking with regards to their experience.

The survey showed 44.26%, 24.59%, 9.84% and 21.31% of
result on the peoples; less than 5, less than 10, less than 20 and
more than 20 respectively, who have worked on IS projects
worked for the government.

Fig. 5. Sample Relevancy Checking with regards to their experience.

The data for the ones involved were taken as relevant
sample for further data manipulation to figure out an overview
study in e-government of Nepal. The validity and relevancy of
data manipulated was thus assured.

IV. RESULTS AND DISCUSSION

Below results shows the 38.81%, 22.39%, 19.40%, 8.96%,
4.48% and 5.97% for 0, 1, 2, 4, 8 and 10+ IS projects that was
dropped in between. The project failure or dropping rate is
relatively lower.

Fig. 6. Sample Relevancy Checking with regards to their experience.

Below results clearly shows IS projects contribution for
better e-Government.

Fig. 7. Sample Relevancy Checking with regards to their experience.

Below results shows awareness on IS Audit. 83.58% of the
relevant and targeted respondents are aware of IS Audit and
remaining 16.42% are only not aware of it. This is a good
result for further survey. It also helped to figure out that the
survey was being done in right segement with right
respondents.

830 2015 International Conference on Green Computing and Internet of Things (ICGCIoT)

Fig. 8. IS Audit Awareness

Below results show experience with IS Audit on
Government projects by 56.72% only.

Fig. 9. Experience with IS Audit

34.33% of the respondents have IS Audit policy in their
organization and 34.33% are yet in planning stage. 31.34% of
them do not have any IS Audit policy yet.

Fig. 10. Presence of IS Audit Policy

Below results show the period user of IS Audit. 46.27% do
not have IS Audit in their organization periodically.
Remaining 17.91%, 17.91%, 13.43% and 4.48% have it on as

needed on project basis, monthly, half-yearly and yearly
respectively.

Fig. 11. Use of IS Audit

The changes seen after IS Audit was relevantly pleasing
and positive. It showed 62.69% of positive changes after IS
Audit was made, thus, IS Audit can be recommended. 100%
of respondents supported the statement that IS Audit is
required for better e-Government and also supported that IS
Audit must be made compulsory in the nation.

V. CONCLUSION

The E-Government Development Index and E-Participation
Index of Nepal are extremely low even when sampled among
8 SAARC Countries and is at the rank of 7 in 8. As long as
this rank does not improve, E-Government of Nepal will not
improve. The increase in dependency on e-Government,
demands IS Audit for the assurance of quality e-service to
citizens. The value of IS Audit is realized by professionals
involved in IS projects for government directly or indirectly.
IS Audit is required for better e-government.

REFERENCES�
[1] ICSI. Information Technology and System Audit. Delhi: The Institute of

Company Secretary in India.

[2] EuropeanCommission. Public Services, EU- http://ec.europa.eu/digital-
agenda/en/public-services

[3] West 2005, Digital Government. Technology and Public Sector
Performance. http://www.jstor.org/stable/j.ctt7rqzx

[4] UN Economic and Social Affairs, “United Nations E-Government
Survey 2014, Eg-Government for the future we want”, 2014.

[5] Purusottam Kharel, S. S. (2012). e-Government Implementation in
Nepal: A Challanges. International Journal of Advanced Research in
Computer Science and Software Engineering.

[6] Craig S Wright MMgt, MNSA, CISSP, CISA, CISM, GCFA, GNSA,
G7799, A Taxonomy of Information Systems Audits, Assessments and
Reviews, SANS Institute, 2007 Page 4.

[7] A. M. Suduc and F. G. Filip, “Riscuri ale utilizarii inadecvate a
sistemelor informatice (Risks of Information Systems Misuse),” Studii si
cercetari economice, No. 72, 2008.

[8] L.K. Shrestha, Nepal Telecom, Cyber Security in context of Nepal.

2015 International Conference on Green Computing and Internet of Things (ICGCIoT) 831

<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles false /AutoRotatePages /None /Binding /Left /CalGrayProfile (Gray Gamma 2.2) /CalRGBProfile (None) /CalCMYKProfile (None) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages true /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.0000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 1048576 /LockDistillerParams true /MaxSubsetPct 100 /Optimize true /OPM 0 /ParseDSCComments false /ParseDSCCommentsForDocInfo false /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo false /PreserveFlatness true /PreserveHalftoneInfo true /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Remove /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages true /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 300 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.50000 /EncodeColorImages false /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.76 /HSamples [2 1 1 2] /VSamples [2 1 1 2] >>
/ColorImageDict << /QFactor 0.76 /HSamples [2 1 1 2] /VSamples [2 1 1 2] >>
/JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 15 >>
/JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 15 >>
/AntiAliasGrayImages false
/CropGrayImages true
/GrayImageMinResolution 200
/GrayImageMinResolutionPolicy /OK
/DownsampleGrayImages false
/GrayImageDownsampleType /Bicubic
/GrayImageResolution 300
/GrayImageDepth -1
/GrayImageMinDownsampleDepth 2
/GrayImageDownsampleThreshold 1.50000
/EncodeGrayImages true
/GrayImageFilter /DCTEncode
/AutoFilterGrayImages false
/GrayImageAutoFilterStrategy /JPEG
/GrayACSImageDict << /QFactor 0.76 /HSamples [2 1 1 2] /VSamples [2 1 1 2] >>
/GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >>
/JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 15 >>
/JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 15 >>
/AntiAliasMonoImages false
/CropMonoImages true
/MonoImageMinResolution 400
/MonoImageMinResolutionPolicy /OK
/DownsampleMonoImages false
/MonoImageDownsampleType /Bicubic
/MonoImageResolution 600
/MonoImageDepth -1
/MonoImageDownsampleThreshold 1.50000
/EncodeMonoImages true
/MonoImageFilter /CCITTFaxEncode
/MonoImageDict << /K -1 >>
/AllowPSXObjects false
/CheckCompliance [
/None
]
/PDFX1aCheck false
/PDFX3Check false
/PDFXCompliantPDFOnly false
/PDFXNoTrimBoxError true
/PDFXTrimBoxToMediaBoxOffset [
0.00000
0.00000
0.00000
0.00000
]
/PDFXSetBleedBoxToMediaBox true
/PDFXBleedBoxToTrimBoxOffset [
0.00000
0.00000
0.00000
0.00000
]
/PDFXOutputIntentProfile (None)
/PDFXOutputConditionIdentifier ()
/PDFXOutputCondition ()
/PDFXRegistryName ()
/PDFXTrapped /False
/CreateJDFFile false
/Description << /ARA
/BGR
/CHS
/CHT
/CZE
/DAN
/DEU
/ESP
/ETI
/FRA
/GRE
/HEB
/HRV
/HUN
/ITA (Utilizzare queste impostazioni per creare documenti Adobe PDF adatti per visualizzare e stampare documenti aziendali in modo affidabile. I documenti PDF creati possono essere aperti con Acrobat e Adobe Reader 6.0 e versioni successive.)
/JPN
/KOR
/LTH
/LVI
/NLD (Gebruik deze instellingen om Adobe PDF-documenten te maken waarmee zakelijke documenten betrouwbaar kunnen worden weergegeven en afgedrukt. De gemaakte PDF-documenten kunnen worden geopend met Acrobat en Adobe Reader 6.0 en hoger.)
/NOR
/POL
/PTB
/RUM
/RUS
/SKY
/SLV
/SUO
/SVE
/TUR
/UKR
/ENU (Use these settings to create Adobe PDF documents suitable for reliable viewing and printing of business documents. Created PDF documents can be opened with Acrobat and Adobe Reader 6.0 and later.)
>>
>> setdistillerparams
<< /HWResolution [600 600] /PageSize [612.000 792.000] >> setpagedevice

Questing 1: Answer all questions:

1. Task 1:
Answer the following question after reading Q.2 .
Suppose you are conducting external audit for a company.
Your client asks for advice to design staff. Would you give
advice or not?
Justify your answer.    
2. Task 2:
The more you know about your organization, the better
prepared you’ll be for conducting an information systems
audit. What can you tell us about the context of the
organization in which you are working?
3. Task 3:
Please read the article “Information System Audit – An
Overview Study in E-Government of Nepal” and critically
evaluate the author’s suggestions related to IS audit for e-
government system. Also explain the importance of IS
audit to executive management of Nepal’s e-government.
 

Questing 2: Answer all questions:

Domain 1 – IS Audit Process
Case Study
The IS auditor has been ask to perform preliminary work that will
assess the readiness of the organization for a review to measure
compliance with new regulatory requirements. These
requirements are designed to that management is taking an active
role in setting up and maintain a well-controlled environment and
accordingly, will assess management’s review and testing of the
general IT control environment. Areas to be assessed including
logical and physical security, change management, production
control and network management, It governance, and end user
computing. The IS auditor has been given six months to perform
this preliminary work, so sufficient time should be available. It
should be noted that in previous years, repeated problems have
been identified in the area of logical security and change
management, so these areas most likely require some degree of
remediation. Logical security deficiencies noted included the
sharing of administrator accounts and failure to enforce adequate
controls over passwords. Change management deficiencies
included improper segregation of incompatible duties and failure
to document all changes. Additionally, the process of deploying
OS updates to servers was found to be only partially effective. In
anticipation of the work to be performed by the IS auditor, the
chief information officer (CIO) requested direct reports to develop

narratives and process flow describing the major activities for
which IT is responsible. These were completed, approved by the
various process owners and the CIO, and then forwarded to the IS
auditor for examination.
Case Study Questions: Select the correct answer and also justify
your answer.
Task1. What should the IS auditor should do FIRST?
A. Perform an IT risk assessment.

B. Perform a survey audit of logical access controls.

C. Revise the audit plan to focus on risk-based auditing.

D. Begin testing controls that the IS auditor feels are most critical.
Task2. When testing program change management, how
should the sample be tested?
A. Change management documents should be selected at random
and examined for appropriateness.

B. Changes to production code should be sampled and traced to
appropriate authorizing documentation.

C. Change management documents should be selected based on
system criticality and examined for appropriateness.

D. Changes to production code should be sampled and traced back
to system-produced logs indicating the data and time of the
change.

Document Requirements

❖ The assignment is submitted electronically through
Blackboard. Each late assignment will be penalized 1
point per late working day.  
❖ The format of document :
✓ Softcopy of report as DOCX file and source code
file.  Name your file as < assignment _ID>. send me it
 By using blackboard
✓ Cover page with the members’ names, ID
✓ Text times roman font 12 or equivalent
✓ Line spacing 1.5 and must include page numbering
✓ Properly bound (Do not submit loose pages in
folders. The instructor will not be responsible if any
of the pages are missing).
✓ Indent  the first line of all   paragraphs
✓ Justify all  paragraphs
✓ At least 5 References  (Harvard Styles)

Questing 1: Answer all questions:

1. Task 1:
Answer the following question after reading Q.2 .
Suppose you are conducting external audit for a company.
Your client asks for advice to design staff. Would you give
advice or not?
Justify your answer.    
2. Task 2:
The more you know about your organization, the better
prepared you’ll be for conducting an information systems
audit. What can you tell us about the context of the
organization in which you are working?
3. Task 3:
Please read the article “Information System Audit – An
Overview Study in E-Government of Nepal” and critically
evaluate the author’s suggestions related to IS audit for e-
government system. Also explain the importance of IS
audit to executive management of Nepal’s e-government.
 

Questing 2: Answer all questions:

Domain 1 – IS Audit Process
Case Study
The IS auditor has been ask to perform preliminary work that will
assess the readiness of the organization for a review to measure
compliance with new regulatory requirements. These
requirements are designed to that management is taking an active
role in setting up and maintain a well-controlled environment and
accordingly, will assess management’s review and testing of the
general IT control environment. Areas to be assessed including
logical and physical security, change management, production
control and network management, It governance, and end user
computing. The IS auditor has been given six months to perform
this preliminary work, so sufficient time should be available. It
should be noted that in previous years, repeated problems have
been identified in the area of logical security and change
management, so these areas most likely require some degree of
remediation. Logical security deficiencies noted included the
sharing of administrator accounts and failure to enforce adequate
controls over passwords. Change management deficiencies
included improper segregation of incompatible duties and failure
to document all changes. Additionally, the process of deploying
OS updates to servers was found to be only partially effective. In
anticipation of the work to be performed by the IS auditor, the
chief information officer (CIO) requested direct reports to develop

narratives and process flow describing the major activities for
which IT is responsible. These were completed, approved by the
various process owners and the CIO, and then forwarded to the IS
auditor for examination.
Case Study Questions: Select the correct answer and also justify
your answer.
Task1. What should the IS auditor should do FIRST?
A. Perform an IT risk assessment.

B. Perform a survey audit of logical access controls.

C. Revise the audit plan to focus on risk-based auditing.

D. Begin testing controls that the IS auditor feels are most critical.
Task2. When testing program change management, how
should the sample be tested?
A. Change management documents should be selected at random
and examined for appropriateness.

B. Changes to production code should be sampled and traced to
appropriate authorizing documentation.

C. Change management documents should be selected based on
system criticality and examined for appropriateness.

D. Changes to production code should be sampled and traced back
to system-produced logs indicating the data and time of the
change.

Document Requirements

❖ The assignment is submitted electronically through
Blackboard. Each late assignment will be penalized 1
point per late working day.  
❖ The format of document :
✓ Softcopy of report as DOCX file and source code
file.  Name your file as < assignment _ID>. send me it
 By using blackboard
✓ Cover page with the members’ names, ID
✓ Text times roman font 12 or equivalent
✓ Line spacing 1.5 and must include page numbering
✓ Properly bound (Do not submit loose pages in
folders. The instructor will not be responsible if any
of the pages are missing).
✓ Indent  the first line of all   paragraphs
✓ Justify all  paragraphs
✓ At least 5 References  (Harvard Styles)