INFORMATION SYSTEM AUDIT; USIU STUDENT PORTAL, CXIntroductionApplications are software programs that facilitate an organization’s key business processes includingfinance, human resources, case management, licensing and billing.Each year we review a selection of important applications that organizations rely on to deliver services.We focus on the key controls that ensure data is completely and accurately captured, processed andmaintained. Failings or weaknesses in these controls have the potential to affect the organization and thepublic. Impacts range from delays in service and loss of information, to possible fraudulent activity andfinancial loss.Audit objectivesOur objectives for carrying out this audit are specific. The purpose of conducting this audit is to ascertainthat:Check that there is adequate system security i.e CX is secureImplications of system down time are clearly outlined and plans to bring up the system in the shortest time possible are in place.System maintenance is performed on a regular basisThe performance of the Network is monitored, and attack vectors and the frequency of attacks are well documented.The hardware used for hosting, storing, processing and transmission of data has met the specifications and security features.Audit scopeThe scope of this audit centered on the information systems used by United States InternationalUniversity to process and/or store students’ data. The CX is an inhouse developed application tailormade to meet the business processes and requirements of the university. CX can run in most systems ifnot all windows, macOS, android, iOS, operating systems but to mention a few with devices ranging fromcomputers to mobile phones.The application is housed in servers in the library and a backup one remotely. This backup server is usedto facilitate continued normal business operations. The downside of this is that the network becomesoverloaded with requests leading to untimely responses. The security design of the system is somewhatquestionable, noticing no further than one factor authentication during login. This leaves the systemvulnerable to shoulder surfing, man in the middle, phishing and other cyber-attacks. Two factorauthentication and more is recommended.The application is hosted in a secure web server which is a positive factor in combating phishing andmaking it recognizable as secure and legitimate. The application implication to the network is that itcould get slow with the many incoming requests. The application can be accessed remotely, this muchtraffic
activity in the network makes in a bit slower and sometimes crushes due to these many requests. This isexperienced during registration of classes and posting of end-semester examinations.