ISA 3.0 Project Report

Auditing the Business Continuity Plan for a Manufacturing System

A. Details of Case Study/Project (Problem)

The manufacturing system is an essential part of any business that deals with production. In the event of a disaster, the business must have a plan in place to ensure that production continues as usual. The goal of this project is to audit the business continuity plan of a manufacturing system to ensure that it is comprehensive, effective, and can provide the business with a roadmap for resuming normal operations in the event of an unexpected disruption.

ISA 3.0 Video Lectures & Question Bank

 

₹6,165.00

 

Limited Time Offer get 40% discount
Coupon “rajat40”

Courses Included

 

✔ ISA 3.0 Video Lecture

✔ ISA 3.0 Module Wise and Topic Wise Quiz

✔ Complete course in 1 Week

✔ Course Duration 6 Months

Project Report (Solution)

Introduction: 

The auditee is a manufacturing company that produces goods for the retail industry. The company has a hierarchical organizational structure and has implemented an ERP system to manage its production operations. The company has a business continuity plan that covers all the essential elements required to maintain its operations in the event of a disruption. The audit firm, ABC Auditors, is a well-known auditing firm with expertise in auditing manufacturing systems. The team comprises of three auditors with the necessary skill sets and experience to conduct this audit. John Doe, a Certified Information Systems Auditor (CISA) with ten years of experience in the field, is the team leader.

 

Auditee Environment: 

The auditee is a manufacturing company that produces goods for the retail industry. The company has a hierarchical organizational structure and has implemented an ERP system to manage its production operations. The technology infrastructure comprises of servers, desktops, laptops, printers, and other peripherals. The company’s business continuity plan covers all the essential elements required to maintain its operations in the event of a disruption. The plan includes details of critical business functions, key personnel, recovery strategies, communication plans, and testing procedures. The auditee’s internal policies and procedures include an information security policy, a disaster recovery policy, and an incident response policy. The regulatory requirements include the Payment Card Industry Data Security Standard (PCI-DSS) and the General Data Protection Regulation (GDPR).

 

Background: 

The manufacturing company’s management team has realized the importance of having a robust business continuity plan in place to ensure that the business can continue its operations in the event of a disruption. The company’s production operations are critical to its success, and any disruption can result in significant financial losses. The management team has engaged ABC Auditors to audit the business continuity plan and ensure that it is comprehensive, effective, and can provide the business with a roadmap for resuming normal operations in the event of an unexpected disruption.

 

Situation: 

The audit team has reviewed the current business continuity plan and identified areas for improvement. The auditee’s plan is not comprehensive enough to cover all possible scenarios that may arise, and some of the recovery strategies need to be updated. Additionally, the communication plan needs to be improved, and the testing procedures need to be more rigorous.

Terms and Scope of assignment:

The audit team will review the auditee’s business continuity plan to ensure that it is comprehensive, effective, and can provide the business with a roadmap for resuming normal operations in the event of an unexpected disruption. The audit team will focus on critical business functions, key personnel, recovery strategies, communication plans, and testing procedures.

Logistic arrangements required:

The audit team will require access to the auditee’s business continuity plan, system software, database, application software, and documentation. The audit team will use Computer-Assisted Audit Techniques (CAATs) to review the plan and identify areas for improvement.

 

Methodology and Strategy adapted for execution of assignment:

The audit team followed a structured methodology that was adapted from the Institute of Internal Auditors (IIA) and Information Systems Audit and Control Association (ISACA) guidelines, as well as industry best practices. The methodology included the following steps:

 

Planning: 

This involved understanding the business operations, identifying critical manufacturing processes and systems, reviewing the BCP and identifying potential risks and vulnerabilities.

 

Testing:

This involved reviewing the BCP documentation, interviewing key stakeholders, and testing the effectiveness of the BCP through simulations and tabletop exercises.

Reporting:

This involved documenting the findings, conclusions and recommendations based on the audit team’s observations and testing.

 

Documents reviewed

The audit team reviewed the following documents during the audit:

Business Continuity Plan (BCP)

Disaster Recovery Plan (DRP)

Information Security Policy

Manufacturing Process Flow Diagrams

System Architecture Diagrams

SLAs with critical vendors and service providers

Incident Management and Escalation Procedures

System Logs and Monitoring Reports

 

References

The audit team referenced the following standards and guidelines during the audit:

Institute of Internal Auditors (IIA) Practice Guide on Business Continuity Management

ISACA’s Business Continuity Management Guide

NIST SP 800-34 Rev. 1 – Contingency Planning Guide for Federal Information Systems

 

Deliverables

The audit team delivered the following documents as part of the audit:

Draft Audit Report

Final Audit Report

Executive Summary

Detailed Findings and Recommendations

Format of Report/ Findings and Recommendations

The audit report was presented in a standard format that included the following sections:

Executive Summary

Introduction

 

Scope of the Audit

Methodology

Findings and Recommendations

Conclusion

The findings and recommendations were presented in a tabular format, which included a description of the issue, the risk associated with it, the potential impact, and the recommended actions to mitigate the risk.

 

Summary/Conclusion

Overall, the audit team found that the business continuity plan for the manufacturing system was comprehensive and well-documented. However, the team identified a few areas for improvement, including the need for more frequent testing and validation of the plan, improved communication and coordination between departments, and enhanced training for employees on their roles and responsibilities during an incident. The audit team provided detailed recommendations to address these issues, which were accepted by the auditee.

DISA 3.0 Project Report on:

1.       IS Audit of Banking Application
2.       Migrating to cloud based ERP solution
3.       Security control review of railway reservation system
4.       Review of cyber security policies and procedure
5.       Security and control risk assessment of toll bridge operations
6.       System audit of a hospital automation system
7.       Review of vendor proposal for SaaS services
8.       Information Systems audit of a mutual fund systems
9.       Audit of outsourced software development
10.   Network security audit of remote operations including WFH
11.   Infrastructure audit of a Bank data Centre
12.   Conducting vulnerability assessment and penetration testing
13.   Auditing Business continuity plan for Manufacturing system
14.   Assessing risk and formulating policy for mobile computing
15.   Auditing robotic process automation system
16.   Implementation of adequate governance in hotel management system
17.   Outsourced migration audit of merger of Banks
18.   Audit of an E-Commerce web site
19.   Audit of Online booking system for a hotel chain
20.   Audit of Business Continuity Planning of a financial institution
21.   Audit of online brokerage firm
22.   Audit of Security Operation Centre of a Bank
23.   Audit of Cyber Security Framework of a PSB
24.   EVALUATION OF OUTSOURCING IT OPERATIONS
25.   Auditing SWIFT operations in a Bank
26.   Project Report Template and Guidelines on Project Report Submission
27.   Information Systems Audit of ERP Software
28.   Implementing Grc As Per Clause 49 Listing Requirements
29.   Review of IT Security Policies and Procedures in audit
30.   Evaluation Of Software Development Project
31.   Auditing Business Continuity Plan

ISA 3.0 Video Lectures & Question Bank

 

₹6,165.00

 

Limited Time Offer get 40% discount
Coupon “rajat40”

 

Courses Included

 

✔ ISA 3.0 Video Lecture

✔ ISA 3.0 Module Wise and Topic Wise Quiz

✔ Complete course in 1 Week

✔ Course Duration 6 Months

 

 

Information Systems Audit (ISA 3.0) – Video Lectures & Question Bank

Â