IT Audit Case: J&J Company

Required

  1. For this case study, students will individually repeat the assignments from the ACL case study using the IDEA Software as noted below. Repeating the work from the ACL case study using the IDEA software will give students a perspective for the differences between ACL and IDEA and enable them to determine their own preferences.
  2. Compile all answers in a Word document using the format provided on page 2 below. Note this format is designed for your benefit so that, when you are finished, you will have a detailed reference for future study.
    1. Use a separate table for each step or question instead of one table for the entire assignment.
    2. Describe all the steps you performed to get the answer in detail including the IDEA command or function used.
    3. Describe your final results and note any conclusions reached from analysis of the resulting data in the Results/Answer column of the table. Remember, the objective of data analytics is not simply to produce data. Rather, the objective is to derive information for decision making from a critical analysis of the results of the analytics performed. Accordingly, leaving this cell blank or simply stating “See results below” is not an acceptable answer.
  3. Refer to the document attached to this assignment in eLearning for an example of how to complete the table.
  4. VERY IMPORTANT: To ensure your work is identifiable to you:
    1. As with the ACL assignment, logon with your Windows account named equal to your UTD User ID when performing all case studies for this class.
    2. Create a new IDEA project for each case study assigned. Note this will create a project folder under the “Documents\My IDEA Documents\IDEA Projects” folder on your C: drive (or USB drive if using a lab computer)
    3. Download the SOURCE FILES_SU22.ZIP file from the eLearning assignment and extract to the SOURCE FILES.ILB folder for the project you created in step 4b above.
    4. Import the files to create IDEA tables (*.IMD) naming them with a similarly meaningful name and ending with your UTD User ID. Example: An IDEA table named All files you create subsequent to these initial files (*.IMD, *.DOC, *.PDF, etc.) MUST also be named ending with your UTD User ID.
  5. Read all instructions at the beginning of the case study for any initial data preparation commands. Also, be sure to read any special notes provided for the assigned question in the table below.

 

 

Get Your Custom Essay Written From Scratch
Are You Overwhelmed With Writing Assignments?
Give yourself a break and turn to our top writers. They’ll follow all the requirements to compose a premium-quality piece for you.
Order Now
  1. If the question asks you to print a listing, use the FILE à PRINT à CREATE REPORT command
    1. Ensure you are only including the columns required for the report if specified in the question.
    2. Input a report title in the HEADER box of the Header/Footer form that provides a meaningful report name and includes the question number
    3. Ensure all data fits on the paper. If not, try changing the paper size, orientation, or adjust the column widths. Note: IDEA may prompt you to use the automatic fit function, which is often useful for these situations.
    4. Save the output to PDF format using the “Microsoft Print to PDF” printer.
    5. Insert the file object in the table below (INSERTà OBJECT à CREATE FROM FILE, then BROWSE for file and be sure to check the box “Display As Icon”))
  2. Before joining tables with the JOIN command or relating tables with the VISUAL CONNECTOR command, be sure to use the FIELD MANIPULATION command first on both tables to verify the join fields meet the criteria described in the reference book.
  3. Submit your Word document to the IDEA TurnitIn assignment on eLearning by 11:59PM on the due date.
  4. Compress the project folders created in step 4b above for each case in one compressed (ZIP) file using a product like WinZIP, 7-ZIP or WinRAR. Ensure these folders include the following types of files:
    1. IDEA data files (*.IMD)
    2. All subfolders automatically created by IDEA (*.ILB) and their file contents
    3. PDF files for reports/printouts, if required (*.PDF)

Note:  A single compressed file is required to facilitate easily uploading and downloading the numerous files in eLearning.  Otherwise, it is a very tedious operation for both the instructor and student.

  1. Submit your compressed file produced in step 7 above (ZIP, RAR, etc.) to the “IDEA Files Submission” assignment in eLearning by 11:59PM on the due date.

 

Answer Format

USE THIS FORMAT TO DOCUMENT EACH STEP IN YOUR WORD DOCUMENT:

 

Question

Step

Command Used

Description of Procedures

Results/Answer

 

1

Screen print of answer or insert Adobe PDF object for printed output:

 

 

 

 

 

Grading

  1. The entire project is worth 200 points.
  2. Each of the cases below is worth 100 points.
  3. Generally, each question is worth 20 points.
  4. 50 points will be deducted for not meeting the requirements explained above, particularly the naming convention for all files as specified in requirement #4.

 

Case Assignments

 

Chapter Case Questions Data Files to Import
9 #2 – Jaysberg Electric: Using ACL in the Audit of Accounts Receivable Transactions 9-2b, 9-2d, 9-2e, 9-2f Jaysberg_Auth_Prices.xlsx

Jaysberg_Sales_Returns.xlsx

Jaysberg_Sales_Trans.xlsx

ITA (See IT Audit case below) J&J Company: Identifying Terminated Employees with Continued Network Access (see description below) 1, 2, 3, 4, 5 JnJ_All_Employees_SU22.xlsx

JnJ_Network_Users_SU22.xlsx

 

IT Audit Case: J&J Company

You are to assume the role of an IT auditor employed by J&J Company. Among your many work-related responsibilities, you are responsible for helping determine the effectiveness of security over J&J’s network. In particular, you are concerned in this case with unusual logins, dormant users, and terminated employees continuing to have access to the network, including accessing the network after the date of termination. The risk involved with the theft and/or destruction of sensitive data and programs by a terminated employee (likely disgruntled) can be adverse to an organization. Terminated employees identified as still having network access should have their access immediately disabled and their account activity studied, especially if accessing their account after being terminated.

 

 

 

Files provided are as of 6/30/2021 as follows:

 

All Employees File

This file lists all employees and their termination dates, if applicable. Assume you have obtained this file from J&J’s Human Resource function.  The file has the following fields of data:

  • EMP_NO (i.e., employee number)
  • LAST_NAME
  • FIRST_NAME
  • TERM_DATE (employee termination date, if applicable)

 

Network Users File

This file lists all network users, both current and former. Assume you have obtained this file from J&J’s Network Administrator. The file has the following fields of data:

  • USER_ID (a user’s ID is the same as his/her employee number)
  • LAST_NAME
  • FIRST_NAME
  • DISABLED (a value of TRUE in this field means the user does not currently have network access, while a value of FALSE means the user does have network access, such as a terminated employee)
  • LAST_LOGIN_DATE

 

Required:

  1. The company policy is to disable user IDs for active (not terminated) employees who have not logged on in 90 days file. Using the as of date of the file, identify any of these dormant users who have not been disabled and print a report to give to the System Administrator. Include an appropriate title in the Header field when printing the report. HINT: Use one of the ACL date functions to calculate the 90-day old logins.

 

  1. J&J is closed on Sundays. Identify any users who logged on to the system on Sundays and print a report for further investigation, including an appropriate title in the header field. HINT: Use one of the ACL date functions to find the day of the week for a date.

 

  1. Identify any terminated employees with network access that have not been disabled and save the results with only those identified employees to a new file.  These are clear violations of network security.  Network access should always be immediately disabled for terminated employees. HINT: ACL interprets blank dates as 1/1/1900. Print a report listing only the users identified. Include the TERM_DATE field from the JnJ_All_Employees file and an appropriate report title in the Header field.

 

  1. Identify terminated employees who continued to access the network after their termination date and save the results with only those identified employees to a new file. Findings of this nature may indicate that current employees are using these accounts, which violates user accountability principles. Print a report listing only the users identified and include an appropriate report title in the Header field.

 

  1. Export the final result files created in requirements (3) and (4) to Excel format.