Page | 1
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111
PRV12007; CRICOS 03048D
Approved: 13/02/2019, Version 1
Unit Code and Title: SBM4302 IT Audit and Controls
Assessment Information
| Assessment Task | Weighting | Due | Length | ULO |
| Assessment 1: Quiz Quiz covering delivery material week 1 – week 3 to identify further support needs. |
10% | Week 4 | 30 mins | ULO-1 ULO-3 |
| Assessment 2: Case Study An individual work pertaining to real world case study |
20% | Week 7 | 2000 words | ULO-1 ULO-2 ULO-3 ULO-4 ULO-5 |
| Assessment 3: Report-1 An individual report based on an IT audit report |
30% | Week 9 | 2500 words | ULO-1 ULO-2 ULO-3 ULO-4 ULO-5 ULO-6 ULO-7 |
| Assessment 4: Tutorial Participation and Submission Weekly exercises assess students’ ability to understand theoretical materials. |
10% | Week 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 |
N/A | ULO-1 ULO-2 ULO-3 ULO-4 ULO-5 ULO-6 ULO-7 |
| Assessment 5: Report-2 An individual report based on an IT audit report |
30% | Week 12 | 2500 words | ULO-3 ULO-4 ULO-5 ULO-6 ULO-7 |
Assessment Details
Page | 2
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111
PRV12007; CRICOS 03048D
Approved: 13/02/2019, Version 1
Assessment 1: Quiz
| Due date: | Week 4 |
| Group/individual: | Individual |
| Word count / Time provided: | 30 minutes |
| Weighting: | 10% |
| Unit Learning Outcomes: | ULO-1, ULO-3 |
Assessment Details:
This test will assess your knowledge of key content areas (Week 1, 2 and 3 contents) and to identify
further support needs. For successful completion of the quiz, you are required to study the material
provided (lecture slides, tutorials, and reading materials), engage in the unit’s activities, and in the
discussion forums. The prescribed textbook is the main reference along with the recommended
reading material. By completing this assessment successfully, you will be able to identify key aspects
of IT Audit and controls.
Marking Information: The quiz will be marked out of 100 and will be weighted 10% of the total
unit mark.
Assessment 2: Case Study
| Due date: | Week 7 |
| Group/individual: | Individual |
| Word count / Time provided: | 2000 words |
| Weighting: | 20% |
| Unit Learning Outcomes: | ULO1, ULO2, ULO3, ULO4, ULO5 |
Assessment Details:
This assessment is designed to assess students’ ability to apply theoretical learning to practical, real
world situations. In this assessment students are given a sample case study and asked to comment
upon it. In particular, emphasis on the reason(s) behind the situation that unfolded and actions that
could have been taken to prevent such incidents from occurring.
Case Study: NAB Data Breach
On the 26th July 2019, National Australia Bank (NAB) which is the 4th largest bank in Australia,
contacted approximately 13,000 customers to advise that some personal information provided when
their account was set up was uploaded, without authorisation, to the servers of two data service
companies. NAB’s security teams have contacted the companies, who advise that all information
provided to them is deleted within two hours.
NAB Chief Data Officer, Glenda Crisp, said the compromised data included customer name, date of
birth, contact details and in some cases, a government-issued identification number, such as a driver’s
licence number. “We take the privacy and the protection of customer information extremely seriously
and I sincerely apologise to affected customers. We take full responsibility,” she said. “The issue was
human error and in breach of NAB’s data security policies.” Ms Crisp said it was not a cyber-security
issue. No NAB log-in details or passwords have been compromised – and NAB’s systems remain secure.
Page | 3
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111
PRV12007; CRICOS 03048D
Approved: 13/02/2019, Version 1
“Our number one priority is to support our customers. We are moving quickly to proactively contact
every person affected.”
NAB called, emailed or written to each impacted customer individually. A dedicated, specialist support
team was in place, available to them 24/7. If government identification documents need to be
reissued, NAB would cover the cost. NAB would also cover the cost of independent, enhanced fraud
detection identification services for affected customers. Importantly there is no evidence to indicate
that any of the information has been copied or further disclosed.
NAB is advising impacted customers that they do not need to take any action with their account. “We
have reviewed these customers’ accounts, over and above our rigorous normal checks, and have not
identified any unusual activity. We will continue to monitor 24/7 to protect our customers’ accounts,”
Ms Crisp said. NAB also notified and was working with industry regulators, including the Office of the
Australian Information Commissioner. Ms Crisp said: “We take full responsibility. We can assure you
that we understand how this happened and we are making changes to ensure this does not happen
again.”
On further development, NAB CEO admitted that it is difficult to invest huge amount of money in
information security compared to the industry leaders like Microsoft, Google, Amazon. His opinion
was to leverage on the infrastructure created by these companies i.e. through cloud computing.
Marking Information: The case study will be marked out of 100 and will be weighted 20% of the
total unit mark
| Marking Criteria | Not satisfactory (0-49%) of the criterion mark) |
Satisfactory (50-64%) of the criterion mark |
Good (65-74%) of the criterion mark |
Very Good (75-84%) of the criterion mark |
Excellent (85-100%) of the criterion mark |
| Overview of the addressed problem (20 marks) |
Inadequate overview of the addressed problem |
Basic level overview of the addressed problem |
Moderate level overview of the addressed problem |
Accurate and detailed overview of the addressed problem |
Displays exceptional level overview of the addressed problem |
| Describe common security issues that an auditor needs to investigate (30 marks) |
Inadequate description of common security issues |
Basic description of the common security issues |
Moderate level description of the common security issues |
Accurate and detailed description of the common security issues |
Displays exceptional level description of the common security issues |
| Describe NAB’s response to the data breach (10 marks) |
Inadequate description of the NAB’s response to the data breach |
Basic description of the NAB’s response to the data breach |
Moderate level description of the NAB’s response to the data breach |
Accurate and detailed description of the NAB’s response to the data breach |
Displays exceptional level description of the NAB’s response to the data breach |
Page | 4
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111
PRV12007; CRICOS 03048D
Approved: 13/02/2019, Version 1
| Propose information security measures NAB should adopt (30 marks) |
Inadequate description of the information security measures |
Basic description of the information security measures |
Moderate level description of the information security measures |
Accurate and detailed description of the information security measures |
Displays exceptional level description of the information security measures |
| Describe the role of cloud computing in information security (10 marks) |
Inadequate description of the role of cloud computing in security |
Basic description of the role of cloud computing in security |
Moderate level description of the role of cloud computing in security |
Accurate and detailed description of the role of cloud computing in security |
Displays exceptional level description of the role of cloud computing in security |
Assessment 3: Report-1
| Due date: | Week 9 |
| Group/individual: | Individual |
| Word count / Time provided: | 2500 |
| Weighting: | 30% |
| Unit Learning Outcomes: | ULO-1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6, ULO-7 |
| Course Learning Outcomes: | CLO-1, CLO-6, CLO-8, CLO-9 |
Assessment Details:
This assessment is designed to assess students’ ability to apply theoretical learning to practical, real
world situations. In this assessment students are given a sample IT audit report and asked to comment
upon it. Students are expected to identify and discuss any irregularities found in the report, for
example, securing and preserving evidence. They should discuss possible audit strategies used to
produce the report and what actions, recommendations, or sanctions might be included in the report
as a result of the identification of irregularities. In completing this assessment successfully, you will be
able to learn how to analyse an IT audit report, learn relevant legislation, generally accepted auditing
standards and ISACA’s CORBIT framework, which will help in achieving ULO1, ULO-2, ULO-3, ULO-4,
ULO-5, ULO-6, and ULO-7.
Page | 5
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111
PRV12007; CRICOS 03048D
Approved: 13/02/2019, Version 1
Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 30%
of the total unit mark
| Marking Criteria | Not satisfactory (0-49%) of the criterion mark) |
Satisfactory (50-64%) of the criterion mark |
Good (65-74%) of the criterion mark |
Very Good (75-84%) of the criterion mark |
Excellent (85-100%) of the criterion mark |
| Identify the audit focus and scope of the given audit report (10 marks) |
Inadequate identification of audit focus and scope from the report |
Basic level identification of audit focus and scope from the report |
Moderate level identification of audit focus and scope from the report |
Accurate and detailed identification of audit focus and scope |
Displays exceptional level identification of audit focus and scope |
| Describe audit findings in the RAMS (20 marks) |
Inadequate description of the findings inside RAMS |
Basic description of the findings within RAMS |
Moderate level description of the findings within RAMS |
Accurate and detailed description of the findings in RAMS |
Displays exceptional level description of the findings in RAMS |
| Describe audit findings in the Horizon Power (20 marks) |
Inadequate description of the findings inside Horizon Power |
Basic description of the findings within Horizon Power |
Moderate level description of the findings within Horizon Power |
Accurate and detailed description of the findings in Horizon Power |
Displays exceptional level description of the findings in Horizon Power |
| Describe audit findings in the PRS and PRX (20 marks) |
Inadequate description of the findings inside PRS and PRX |
Basic description of the findings within PRS and PRX |
Moderate level description of the findings within PRS and PRX |
Accurate and detailed description of the findings in PRS and PRX |
Displays exceptional level description of the findings in PRS and PRX |
| Describe audit findings in the NRL-T (20 marks) |
Inadequate description of the findings inside NRL-T |
Basic description of the findings within NRL-T |
Moderate level description of the findings within NRL-T |
Accurate and detailed description of the findings in NRL-T |
Displays exceptional level description of the findings in NRL-T |
| Describe and discuss the professional, legal, and ethical responsibilities of an IT Auditor (10 marks) |
Inadequate understanding of the professional, legal, and ethical responsibilities of an IT Auditor; cannot discuss concepts in own words. |
Basic knowledge of the professional, legal, and ethical responsibilities of an IT Auditor. |
Exhibits breadth and depth of understanding of the professional, legal, and ethical responsibilities of an IT Auditor. |
Exhibits accurate and detailed breadth and depth of understanding professional, legal, and ethical responsibilities of an IT Auditor. |
Displays exceptional understanding of concepts and their practical application of the professional, legal, and ethical responsibilities of an IT Auditor |
Page | 6
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111
PRV12007; CRICOS 03048D
Approved: 13/02/2019, Version 1
Assessment 4: Tutorial Participation and Submission
| Due date: | Week 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 |
| Group/individual: | Individual |
| Word count / Time provided: | N/A |
| Weighting: | 10% |
| Unit Learning Outcomes: | ULO-1, ULO-2, ULO-3, ULO-4, ULO-5, ULO-6, ULO-7 |
| Course Learning Outcomes: | CLO-1, CLO-2, CLO-3, CLO-4, CLO-5, CLO-7 |
Assessment Details:
Different exercises assess students’ ability to understand theoretical materials on a weekly basis.
Students will be given simple activities each week and will be required to provide answers and
achieve identified outcomes.
Students will not be assessed on work that the tutor has not seen them produce in class so that
attendance is required as part of this assessment. Students are required to submit the work that
they have completed during the tutorial session. The details of the tutorial work and requirements
are provided on the online learning system.
Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 10%
of the total unit mark
| Marking Criteria | Not satisfactory (0-4) mark |
Satisfactory (5-8) mark |
Excellent (9-10) mark |
| Week-1 (marked 0 – 10) (10%) |
Attendance and no submission |
Attendance and satisfactory submission |
Attendance and excellent submission |
| Week-2 (marked 0 – 10) (10%) |
Attendance and no submission |
Attendance and satisfactory submission |
Attendance and excellent submission |
| Week-3 (marked 0 – 10) (10%) |
Attendance and no submission |
Attendance and satisfactory submission |
Attendance and excellent submission |
| Week-4 (marked 0 – 10) (10%) |
submission | satisfactory submission |
excellent submission |
| Week-5 (marked 0 – 10) (10%) |
Attendance and no submission |
Attendance and satisfactory submission |
Attendance and excellent submission |
| Week-6 (marked 0 – 10) (10%) |
Attendance and no submission |
Attendance and satisfactory submission |
Attendance and excellent submission |
| Week-7 (marked 0 – 10) (10%) |
Attendance and no submission |
Attendance and satisfactory submission |
Attendance and excellent submission |
Page | 7
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111
PRV12007; CRICOS 03048D
Approved: 13/02/2019, Version 1
| Week-8 (marked 0 – 10) (10%) |
Attendance and no submission |
Attendance and satisfactory submission |
Attendance and excellent submission |
| Week-9 (marked 0 – 10) (10%) |
Attendance and no submission |
Attendance and satisfactory submission |
Attendance and excellent submission |
| Week-10 (marked 0 – 10) (10%) |
Attendance and no submission |
Attendance and satisfactory submission |
Attendance and excellent submission |
Assessment 5: Report-2
| Due date: | Week 12 |
| Group/individual: | Individual |
| Word count / Time provided: | 2500 words |
| Weighting: | 30% |
| Unit Learning Outcomes: | ULO3, ULO4, ULO5, ULO6, ULO7 |
Assessment Details:
This assessment is designed to assess students’ ability to apply theoretical learning to practical, real
world situations. In this assessment students are given a sample IT audit report and asked to comment
upon it. Students are expected to identify and discuss any irregularities found in the report, for
example, securing and preserving evidence. They should discuss possible audit strategies used to
produce the report and what actions, recommendations, or sanctions might be included in the report
as a result of the identification of irregularities. In completing this assessment successfully, you will be
able to learn how to analyse an IT audit report, learn relevant legislation, generally accepted auditing
standards and ISACA’s CORBIT framework, which will help in achieving ULO-3, ULO-4, ULO-5, ULO-6,
and ULO-7.
Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 30%
of the total unit mark
| Marking Criteria | Not satisfactory (0-49%) of the criterion mark) |
Satisfactory (50-64%) of the criterion mark |
Good (65-74%) of the criterion mark |
Very Good (75-84%) of the criterion mark |
Excellent (85-100%) of the criterion mark |
| Identify the audit focus and scope of the given audit report (10 marks) |
Inadequate identification of audit focus and scope from the report |
Basic level identification of audit focus and scope from the report |
Moderate level identification of audit focus and scope from the report |
Accurate and detailed identification of audit focus and scope |
Displays exceptional level identification of audit focus and scope |
| Describe high risk IT issues in the NSW city councils (20 marks) |
Inadequate description of the high risk IT issues |
Basic description of the high risk IT issues |
Moderate level description of the high risk IT issues |
Accurate and detailed description of the high risk IT issues |
Displays exceptional level description of the high risk IT issues |
Page | 8
Asia Pacific International College Pty Ltd. Trading as Asia Pacific International College
55 Regent Street, Chippendale, Sydney 2008: 02-9318 8111
PRV12007; CRICOS 03048D
Approved: 13/02/2019, Version 1
| Describe audit findings related to IT governance in the NSW city councils (20 marks) |
Inadequate description of the findings related to IT governance |
Basic description of the findings related to IT governance |
Moderate level description of the findings related to IT governance |
Accurate and detailed description of the findings related to IT governance |
Displays exceptional level description of the findings related to IT governance |
| Describe audit findings related to IT general controls in the NSW city councils (30 marks) |
Inadequate description of the findings related to IT general controls |
Basic description of the findings related to IT general controls |
Moderate level description of the findings related to IT general controls |
Accurate and detailed description of the findings related to IT general controls |
Displays exceptional level description of the findings related to IT general controls |
| Describe audit findings related to cyber security management in the NSW city councils (20 marks) |
Inadequate description of the findings related to cyber security management |
Basic description of the findings related to cyber security management |
Moderate level description of the findings related to cyber security management |
Accurate and detailed description of the findings related to cyber security management |
Displays exceptional level description of the findings related to cyber security management |
The post SBM4302 IT Audit and Controls appeared first on My Assignment Online.