Executive Summary 3
Issues identified 5
Appendix A 7
As a part of my summer course on Auditing Information Systems Security and Assurance, I was in charge of several tasks along with my internship on Data Assurance with one of the Big Four firms. This report is a collection of all the issues that were identified by me during my summer tasks and my internship experience.
My main tasks included working on my internship, tagging news for company’s adverse news, validating the activity of companies in social media and identifying the corporate social responsibility initiatives of Fortune 500 companies.
The goal of this exercise was to utilize the concepts learnt during the course Information systems security and assurance for my tasks during my summer internship, tag corporate news, and work with current fortune 500 companies to validate their security and assurance arrangements
Internship: During my internship as a Data Assurance Intern with one of the Big Four Accounting firms, I was responsible for auditing and verifying data that is used by auditors for detailed checks and verification. My job was to extract data and turn it into useful information that the auditors could use for their checks. I used tools like ACL and Data optimization to do my tasks
News Tagging: Most companies are frequently in the news for issues in security and assurance. They sometimes publish these events in their websites citing the reason and the remedy for these issues. Almost all the time however these uneventful incidents seek light in news articles. I was responsible for tagging around 300 news articles.
Account validations: All companies utilize social media for most of their publicity and social events. The main avenues that are used are Facebook, Twitter, etc., for their social needs. I was responsible for verifying the accounts of various companies and creating a few Facebook accounts for a few trial companies for validation of their account activity.
CSR reports: All companies have a separate report for their corporate social responsibility initiatives. All the companies do not necessarily account for their budgets in the annual report. But they account for all their initiatives in their CSR report. A few companies call it Social responsibility or Citizenship responsibility report. I was responsible for downloading the CSR reports for the first 100 Fortune 500 companies published for the year 2014.
The main focus of my summer tasks was on my internship as a Data Assurance Intern with one of the Big Four auditing firms where I spent 40 hours a week for around 8 weeks identifying issues with information security and converting data into information that can be utilized by the auditors of the firm to identify potential issues.
During the course of my internship I tested and extracted a lot of data from an ERP (Enterprise Resource Planning) called SAP (Systems Applications and Products). I was given a few clients whose back end was designed in SAP and I had to work with their system to extract data and convert the data into information using ACL Analytics and present it in QlikView using Data optimization and Data Visualization techniques.
With one of the clients assigned to me, there was an issue where the auditor was not able to distinguish manual entries from automatic entries. This was causing an issue during the audit as it was impossible to tell which entries were manual and which ones were automatic and hence they could not resolve the conflict between what was authentic and what could have been a potential fraud. This issue was caused because of the negligence of the fact that a few security personnel had overlooked at the client end. They had mistakenly used the keyword “TESTUSER” for