Auditing Issues and Implication:
Engagement Risk: Since Pentagon is government organizations, normal business risk does not apply to this engagement. The engagement risk is mainly derived from the legal consequence of our audit approaches. For example, testing the individual application controls like back up, the most effective way is to pretend a real attack, and examine the reaction of that specific control. However, such pretended attack may cause serious legal issues due to the client’s nature of organization.
Legal issues: also likely to arise when the engagement team is overwhelmed by confidential information they can access during the engagement. Keeping the client’s information confidential should be the top priority for this engagement. Therefore the firm must pre-negotiate with the client to determine what security procedures the client expects the engagement team members to follow.
Staffing issue: Due the special nature of the client and it’s control systems are complicated more experienced and competent seniors are preferred. In addition, IT specialists are required to join the audit team to assist the team about IT environment.
Reporting issue: The format of the engagement report needs to be discussed and agreed with the client prior engagement. Since the client is government organization, the reporting format should follow audit standards for government. And the distribution of the reported needs special attention to ensure confidentiality is protected.
General Control: General control issues as discussed above are moderately pervasive. The auditing on general control should be emphasized on assessing controls over data network and access security. This is especially important because the organization unusual no ...