Describe the audit process you have just competed for LSS.
The audit process completed for LSS was a security audit of the system. The security audit carried out involved determining the different vulnerabilities such as authentication, data corruption, and unauthorized access to the system, data encryption that face the system. The audit also involved determining the most appropriate control policies and structures that can be used in eliminating the vulnerabilities identified. Lastly, the audit involved recommending how the different safeguards can be implemented on the system in order to eliminate all the vulnerabilities.
Discuss what went well and what did not.
All the steps in the audit process went well. The audit process was able to determining the different vulnerabilities facing the system. The audit process was successful in identifying the different control policies that can be used to secure the system. Lastly, the audit process provided excellent recommendations on how the introduction of safeguards can enhance system security. All the objectives of the audit process were met.
Talk about what changes you would implement in the future to ensure the success of an audit.
In order to improve the success of the audit process, the first step that would be implemented is creating a security benchmark for the system before the audit is carried out. This is important, as it will help to help in guiding the audit process. The reason for this observation is that the set security threshold that should be expected from the system being audited (Moeller, 2010).
Secondly, clear goals and objectives would be created for the security audit. Similarly, the goals and objectives will help guide the audit process. This will ensure that the audit carried out is conclusive and correctly identifies the system’s vulnerabilities (IT Governance Institute, 2006).
IT Governance Institute. (2006). Security, audit and control features PeopleSoft: A technical and risk management reference guide. Rolling Meadows, IL: IT Governance Institute.
Moeller, R. R. (2010). IT audit, control, and security. Hoboken, N.J: Wiley.