EY (Spring 2025)

Planning an Audit
Access Management and IT General Controls

Depending on your experience with consulting on IT audits, you may want to familiarize yourself with the basic procedures in the IT audit process. There are a number of books and consulting practitioners which may give you some insight into the challenges you may face when conducting on audit to assess on-boarding a new technology.

To gain some background and potentially helpful starting sources, be sure to take a look at the official EY website in order to better establish your context to place yourselves in the shoes of an IT audit team. Their site provides access to insights on a variety of auditing processes as well as recorded webcasts that may be of benefit to this assignment.

Recommended Resources

Lincke, S. (2015). Security planning : an applied approach. Springer.
- Performing an Audit or Security Test Chapter
Tanner, N. H. (2019). Cybersecurity blue team toolkit. Wiley.
Stephen D. Gantz. (2014). The Basics of IT Audit : Purposes, Processes, and Practical Information. Syngress.

Center for Audit Quality (CAQ)
Professional association with resources centered around training future auditors. Includes resources specifically on the topic of audits in relation to cybersecurity. Case studies and classroom resources may also be of particular interest.
ISACA Journal Archives
Journal issues dating 2019 and before are accessible for free. More current issues are not freely available. Research journal of the ISACA, a professional organization specializing in cybersecurity credentialing. Many articles clearly articulate the benefits of IT security audits.
- Importance of auditor involvement in cybersecurity article.
Global Technology Audit Guide - Developing the IT Audit Plan
General overview of planning an IT audit from the Institute of Internal Auditors.

A major component of the EY case concerns assessing the risk and issues associated with authentication in onboarding a mid-process service. Information surrounding this topic generally falls within more industry specific IT resources. The library provides access to a few platforms that specialize in this area where you are likely to find much of the information you would need on this aspect of the case.

Recommended Resources

Faulkner's Advisory for IT Studies (FAITS)
Licensed for 2 simultaneous users.
Provides access to academic technology reports, on topics including information technology infrastructure, telecom, data networking, wireless communications, security, enterprise systems, and technology vendors. Searching authentication may be an appropriate way to get to some good information here!
Gartner
To access sign into okta.nd.edu and click the Gartner icon.
This IT centric market research database has documented trends in authentication methodologies. This resource will be particularly helpful in that it has some coverage concerning authentication methods as they impact employees of a business environment.
Google Scholar
Searches across a wide range of scholarly literature including articles, books, conference papers, technical reports, theses, etc., from various academic sources. A search for "IT General Controls" may pull an array of interesting results relevant to the case. There are also subsets of literature surrounding access policies, and there may even be case studies aligned with your task.
ABI/INFORM Global (ProQuest)
Provides access to articles from global business and management publications covering topics such as advertising, marketing, human resources, finance, and taxation. Provides some coverage of various IT auditing topics related to the business environment. A search for "IT General Controls" may be a good starting point to get a sense of what type of materials are available.
EY Tech Insights
EY self publishes numerous insight posts and case studies concerning IT audits and technology surrounding general IT access management solutions.
Accenture Insights
Accenture provides similar self published insight articles and case studies concerning IT audits parallel to this case. Try filter by categories such as cybersecurity to narrow results down to more relevant areas.

MGTO 30300 — Business Problem Solving (Harms/Balko)

Need help? Ask a Business Librarian!

Librarians

EY (Spring 2025)

Recommended Resources

Recommended Resources