“Audit Findings and Business Processes”

This week focused on:


Don't use plagiarized sources. Get Your Custom Essay on
“Audit Findings and Business Processes”
For $10/Page 0nly
Order Essay

· Chapter 6: Architecture and Infrastructure


· Enterprise Architecture and IT Infrastructure” (19 mins 36s) located at https://www.youtube.com/watch?v=J5uoq7EEk2U

· “Architecting for the Global Enterprise – Large Scale Architectures and Design Patterns” (1 hour 19s) located at https://www.youtube.com/watch?v=35YOahgikF4


CIS 349

PART 1: answer discussion question


Discussion Question:

“Audit Findings and Business Processes”

· Per the text, audit findings focus on four areas: criteria, circumstance, cause, and impact. Determine the area that you believe might be the most difficult to complete. Justify your response. Then, propose a method to address the difficulties you identified. (Basically: In which of the seven domains do you think is it harder to complete auditing? Why?




1. Mohammad


In my experience, the ‘impact’ is the most difficult to complete, since the criteria identifies the desired state the environment needs to be in, circumstances identify the situation within the environment what are the underlying factors for the configurations, cause identifies the direct reason or working point, while the impact ,identifies the effects based on the differences between the circumstances and the desired state. That is often a hard thing to resolve, it could be as simple as a server patch vulnerability that is keeping from the desired state, if patched, it could brake an application. This is where the risk appetite of the organization comes into play, does the remediation cost more than the loss that can be incurred. The usual solution to an issue like this, is a risk acceptance, signed by system owners and higher up management to be reviewed yearly, to insure the issue is understood and is still on the radar.

2. Jeffrey

I’m of the opinion cause would be most difficult of the four elements. Cause is the origin of what is found in the current IT environment (Circumstance). Cause could be anything other than what is defined in the criteria. This is not to say any of the other three elements are easy.

Comparatively, I believe cause is likely the most difficult because it is a wildcard. The gap between criteria and circumstance could be small or large. I imagine gap will vary from organization to organization.

I suspect an auditor over time will become keen to root cause as they gain experience and tenure. This means to me the auditor will be able to zero in quickly on the source of the cause. This doesn’t mean it comparatively becomes less difficult. The importance of quickly finding the root cause that produces the gap between criteria and circumstance, is beginning the remediation process to eliminate negative impact.

3. Marie

The summary of an audit finding is a documented conclusion comprised of the following components; criteria, circumstances, cause, and impact.

· The criteria provide essential information for evaluating and validating evidence (policies, standards, or procedures) collected by the auditor.

· The circumstances identify the IT environment situation

· The cause identifies the gap or gaps between the criteria and circumstances. The cause also provides an initial starting point in which the auditor can make a recommendation for corrective action and remediation

· The impact identifies the potential impact (risks, threats, and vulnerabilities) on the IT landscape contingent between the circumstances and desired state. In other words, the consequences that may occur as a result of the difference.

In a review of the four components listed above and based upon experience, the impact component is the most challenging to complete. Example: Security Misconfiguration

Failure to implement critical security controls for servers and web applications impedes a safe environment. Misconfigurations such as default configuration settings lead to dangerous gaps, risks, exposed applications to remote attacks, unwanted behavior, threats, and vulnerabilities to the organization’s environment.

Maturity models are an excellent tool to use for evaluating and identifying gaps.

4. Shona

Hello Everyone,

The zone of the review discoveries that I accept maybe the hardest to finish. With the advancement of dangers, one can never check the full effect of risk. What appears to have been minor risk first and foremost may change to something genuine later on? This zone of review discoveries may never be utterly exact because the measure of dangers and the sorts are continually evolving. To address the troubles, one would need to get outside and inward hazard factors that could affect the business. When recognized, a system could be concocted to address the present circumstance and distinguish looming issues that may happen later on, not far off.


Calculate the price of your paper

Total price:$26

Need a better grade?
We've got you covered.

Order your paper