ISA 3.0 Project Report

Auditing the Business Continuity Plan for a Manufacturing System

A. Details of Case Study/Project (Problem):

The manufacturing system is an essential part of any business that deals with production. In the event of a disaster, the business must have a plan in place to ensure that production continues as usual. The goal of this project is to audit the business continuity plan of a manufacturing system to ensure that it is comprehensive, effective, and can provide the business with a roadmap for resuming normal operations in the event of an unexpected disruption.

ISA 3.0 Video Lectures & Question Bank

₹6,165.00


Limited Time Offer get 40% discount

Coupon “rajat40”


Courses Included


✔ ISA 3.0 Video Lecture

✔ ISA 3.0 Module Wise and Topic Wise Quiz

✔ Complete course in 1 Week

✔ Course Duration 6 Months


 

Information Systems Audit (ISA 3.0) – Video Lectures & Question Bank

B. Project Report (Solution)

 1. Introduction:

The auditee is a manufacturing company that produces goods for the retail industry. The company has a hierarchical organizational structure and has implemented an ERP system to manage its production operations. The company has a business continuity plan that covers all the essential elements required to maintain its operations in the event of a disruption. The audit firm, ABC Auditors, is a well-known auditing firm with expertise in auditing manufacturing systems. The team comprises of three auditors with the necessary skill sets and experience to conduct this audit. John Doe, a Certified Information Systems Auditor (CISA) with ten years of experience in the field, is the team leader.

2. Auditee Environment:

The auditee is a manufacturing company that produces goods for the retail industry. The company has a hierarchical organizational structure and has implemented an ERP system to manage its production operations. The technology infrastructure comprises of servers, desktops, laptops, printers, and other peripherals. The company’s business continuity plan covers all the essential elements required to maintain its operations in the event of a disruption. The plan includes details of critical business functions, key personnel, recovery strategies, communication plans, and testing procedures. The auditee’s internal policies and procedures include an information security policy, a disaster recovery policy, and an incident response policy. The regulatory requirements include the Payment Card Industry Data Security Standard (PCI-DSS) and the General Data Protection Regulation (GDPR).

3. Background:

The manufacturing company’s management team has realized the importance of having a robust business continuity plan in place to ensure that the business can continue its operations in the event of a disruption. The company’s production operations are critical to its success, and any disruption can result in significant financial losses. The management team has engaged ABC Auditors to audit the business continuity plan and ensure that it is comprehensive, effective, and can provide the business with a roadmap for resuming normal operations in the event of an unexpected disruption.

4. Situation:

The audit team has reviewed the current business continuity plan and identified areas for improvement. The auditee’s plan is not comprehensive enough to cover all possible scenarios that may arise, and some of the recovery strategies need to be updated. Additionally, the communication plan needs to be improved, and the testing procedures need to be more rigorous.

5. Terms and Scope of assignment:

The audit team will review the auditee’s business continuity plan to ensure that it is comprehensive, effective, and can provide the business with a roadmap for resuming normal operations in the event of an unexpected disruption. The audit team will focus on critical business functions, key personnel, recovery strategies, communication plans, and testing procedures.

6. Logistic arrangements required:

The audit team will require access to the auditee’s business continuity plan, system software, database, application software, and documentation. The audit team will use Computer-Assisted Audit Techniques (CAATs) to review the plan and identify areas for improvement.

7. Methodology and Strategy adapted for execution of assignment

The audit team followed a structured methodology that was adapted from the Institute of Internal Auditors (IIA) and Information Systems Audit and Control Association (ISACA) guidelines, as well as industry best practices. The methodology included the following steps:
• Planning: This involved understanding the business operations, identifying critical manufacturing processes and systems, reviewing the BCP and identifying potential risks and vulnerabilities.
• Testing: This involved reviewing the BCP documentation, interviewing key stakeholders, and testing the effectiveness of the BCP through simulations and tabletop exercises.
• Reporting: This involved documenting the findings, conclusions and recommendations based on the audit team’s observations and testing.

8. Documents reviewed

The audit team reviewed the following documents during the audit:
• Business Continuity Plan (BCP)
• Disaster Recovery Plan (DRP)
• Information Security Policy
• Manufacturing Process Flow Diagrams
• System Architecture Diagrams
• SLAs with critical vendors and service providers
• Incident Management and Escalation Procedures
• System Logs and Monitoring Reports

9. References

The audit team referenced the following standards and guidelines during the audit:
• Institute of Internal Auditors (IIA) Practice Guide on Business Continuity Management
• ISACA’s Business Continuity Management Guide
• NIST SP 800-34 Rev. 1 – Contingency Planning Guide for Federal Information Systems

10. Deliverables

The audit team delivered the following documents as part of the audit:
• Draft Audit Report
• Final Audit Report
• Executive Summary
• Detailed Findings and Recommendations

11. Format of Report/ Findings and Recommendations

The audit report was presented in a standard format that included the following sections:
• Executive Summary
• Introduction
• Scope of the Audit
• Methodology
• Findings and Recommendations
• Conclusion
The findings and recommendations were presented in a tabular format, which included a description of the issue, the risk associated with it, the potential impact, and the recommended actions to mitigate the risk.

12. Summary/Conclusion

Overall, the audit team found that the business continuity plan for the manufacturing system was comprehensive and well-documented. However, the team identified a few areas for improvement, including the need for more frequent testing and validation of the plan, improved communication and coordination between departments, and enhanced training for employees on their roles and responsibilities during an incident. The audit team provided detailed recommendations to address these issues, which were accepted by the auditee.

DISA 3.0 Project Report on:

1IS Audit of Banking Application

2. Migrating to cloud based ERP solution

3. Security control review of railway reservation system

4. Review of Cyber Security Policies and Procedures Disa ICAI Project Report ISA 3.0 

5. Disa Project Report on Security and Control Risk assessment of Toll Bridge operations

6. System audit of a hospital automation system

7. Review of vendor proposal for SaaS services

8. Information Systems audit of a mutual fund systems

9. Audit of outsourced software development

10. Network security audit of remote operations including WFH

11. Infrastructure audit of a Bank data Centre

12. Conducting vulnerability assessment and penetration testing

13. Assessing risk and formulating policy for mobile computing

14. Auditing robotic process automation system

15. Implementation of adequate governance in hotel management system

16. Outsourced migration audit of merger of Banks

17. Audit of an E-Commerce web site

18. Audit of Online booking system for a hotel chain

19. Audit of Business Continuity Planning of a financial institution

20. Audit of online brokerage firm

21. Audit of Security Operation Centre of a Bank

22. Audit of Cyber Security Framework of a PSB

23. EVALUATION OF OUTSOURCING IT OPERATIONS

24. Auditing SWIFT operations in a Bank

25. Project Report Template and Guidelines on Project Report Submission

26. Information Systems Audit of ERP Software

27 .Implementing Grc As Per Clause 49 Listing Requirements

28. Review of IT Security Policies and Procedures in audit

29. Evaluation Of Software Development Project

30. Auditing Business Continuity Plan

ISA 3.0 Video Lectures & Question Bank


₹6,165.00


Limited Time Offer get 40% discount
Coupon “rajat40”


Courses Included


✔ ISA 3.0 Video Lecture

✔ ISA 3.0 Module Wise and Topic Wise Quiz

✔ Complete course in 1 Week

✔ Course Duration 6 Months


 

Information Systems Audit (ISA 3.0) – Video Lectures & Question Bank