Northwest industries
Jason Scott’s next assignment is to review the internal controls over Northwest Industries’ information systems. Jason obtains a copy of Control Objectives for Information and Related Technology 5 (COBIT 5) and is impressed by its thoroughness. However, he tells his friend that he feels
overwhelmed in trying to use COBIT 5 to plan his audit of Northwest Industries. His friend suggests that he examine the Trust Services Framework developed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) to guide auditors in assessing the reliability of an organization’s information system. After reviewing the framework, Jason concludes that he can use it to guide his audit effort. He decides
that he will begin by focusing on the controls designed to provide reasonable assurance about information security. He writes down the following questions that will guide his investigation:
1. What controls does Northwest Industries employ to prevent unauthorized access to
its accounting system?
2. How can successful and unsuccessful attempts to compromise the company’s accounting system be detected in a timely manner?
3. What procedures are in place to respond to security incidents?