I like the way you outline the key processes and milestones involved in the security assessment and testing exercise. From determining the goals, inclusion of the right business unit leaders, scope determination, choosing of the audit team, planning of the audit, conducting, documenting to communication of the results has been articulate. My contribution entails the part in which you select the audit team. In my view, using of the external auditors is more essential as compared to the internal auditors (Al-Dalabih, 2018). The use of fresh eyes creates a better chance to get to the core of the issue at hand and eliminates any biases. It is vital for the security assessment and testing audit team to be thorough and effective in diagnosing the problem (Endava, 2014). Therefore, the external audit teams present a better chance to identify the root cause and strengthen the systems’ security.
Al-Dalabih, A. N. (2018). The Role of External Auditor in Protecting the Financial Information Listed in the Financial Statements in the Jordanian Industrial Companies. Journal of Modern Accounting and Auditing, 14(1), 1-16.
Endaya, K. A. (2014). Coordination and cooperation between internal and external auditors. Research Journal of Finance and Accounting, 5(9), 76-80.
I enjoyed reading through your analysis of the audit process and key specifications that are vital to its success. However, I find it to be lacking in further discussion and elaboration of the key processes and milestones that are vital to the success of the audit process. For instance, it is vital to select an efficient audit team from a variety of consultants, agencies, and internal auditors. Also, plan for the audit is vital to state clear objectives, budget estimates, and timeline schedule (Hut-Mossel, Welker, Ahaus & Gans, 2017). This helps the auditors to remain in course of executing their mandates. Also, the documentation of the results and communication of the same results creates an informative workforce ascertaining productivity in the future. Furthermore, it is more efficient to diagnose the problems by following a systematic process as compared to random procedures.