1. Read the Narrative "IT Environment and Change Control Management Process" and complete Appendix 2 Understanding the I

[answerhappygod]

1. Read the Narrative "IT Environment and Change Control
Management Process" and complete Appendix 2 Understanding the IT
Environment.
2. From the Narrative, identify potential findings and list them
using a table format. Column names are: "Description of Potential
Finding", "Area and/or Application Affected", and "Risk Associated
with Finding".
3. Support the rationale (the "why") for each potential finding
identified and documented in the table from #2. This would also be
the risk(s) associated with each finding. IT poses specific risks
to an entity’s internal control, including, for example,
unauthorized disclosure of confidential data; unauthorized
processing of information; inappropriate manual intervention;
system crashes; unauthorized modification of sensitive information;
theft or damage to hardware; and loss/theft of information, among
many others.
4. Prepare formal communication to management in the form of a
Management Letter. Use the format of Exhibit 3.9 - Management
Letter to prepare your communication. Complete the FINDING, IT
RISK, and RECOMMENDATION sections of the Management Letter, but do
not include the MANAGEMENT RESPONSE section. Note: For the
recommendations, consider including potential IT controls you
believe management should implement to address the risk and find.
You may use Appendix 3 - Sample IT Audit Programs for General
Control IT Areas, as a reference, to identify IT controls. Assume
the letter will be submitted to the IT Director and to the Chief
Financial Officer, and that a preliminary meeting with the IT
Director to discuss these findings occurred a month after the
Company's fiscal year ended. Lastly, there are no findings repeated
from prior years to be included in the letter.
Reference: Otero, A., R. (2019). Information Technology
Control and Audit. CRC Press Taylor & Francis Group. (5),
283-289.