case study on audit

Famous Audit Case Studies: Lessons Learned from Noteworthy Audit Failures and Successes

Audit case studies provide valuable insights into the world of auditing, offering lessons that can shape the profession and help auditors navigate complex challenges. In this blog, we delve into some famous audit case studies that have impacted the auditing profession. These case studies demonstrate the importance of thoroughness, professional scepticism, and adherence to auditing standards.

1. The Lehman Brothers Collapse

The collapse of Lehman Brothers in 2008 is a prominent example of an audit failure that had far-reaching consequences. The case highlighted the need for auditors to exercise professional scepticism and thoroughly evaluate companies’ financial statements and disclosures. The failure to identify the risks and irregularities ultimately led to the global financial crisis.

2. The Satyam Scandal

The Satyam scandal in 2009 shook the Indian corporate world. Auditors failed to detect a massive accounting fraud that involved inflating revenues, creating fictitious assets, and manipulating financial statements. This case emphasised the importance of auditors’ independence, scepticism, and the need for robust internal controls within organisations.

3. The WorldCom Fraud

The WorldCom scandal in 2002 revealed one of the largest accounting frauds in history. Auditors failed to identify the manipulation of  financial statements  through improper accounting practices. This case highlighted the significance of auditors’ responsibility to assess and verify financial information and exercise professional judgment diligently.

4. The Olympus Corporation Scandal

The Olympus Corporation scandal in 2011 involved a massive cover-up of losses through fraudulent accounting practices. This case underscored the importance of auditors conducting thorough assessments of an organization’s financial controls, risk management processes, and corporate governance structures.

5. The Waste Management, Inc. Case

In the 1990s, Waste Management, Inc. was involved in a significant accounting scandal. The case brought attention to the manipulation of financial statements and the role auditors play in ensuring accurate financial reporting. It highlighted the need for auditors to challenge management when faced with questionable practices.

Famous audit case studies serve as cautionary tales, illustrating the impact of audit failures and the importance of maintaining the highest professional standards in auditing. These cases remind auditors of the significance of independence, skepticism, and diligence in their work. By learning from these case studies, auditors can enhance their skills, sharpen their professional judgement, and contribute to the integrity and reliability of financial reporting. Continuous education, adherence to auditing standards, and a commitment to ethical conduct are essential for auditors to navigate complex audit environments and safeguard stakeholders’ interests.

Book your free demo with us for a better understanding.

You can see how this popup was set up in our step-by-step guide: https://wppopupmaker.com/guides/auto-opening-announcement-popups/

Register and Pay (Accunting)

" * " indicates required fields

[honeypot honeypot-226]

[honeypot honeypot-583]

[honeypot honeypot-836]

Corporate Training for Software + Auditing

Corporate training for auditing, corporate training for software, register and pay.

Case Studies

Login to favorite

A collaborative effort of the Anti-Fraud Collaboration, these case studies are educational tools for all members of the financial reporting supply chain, as well as students. Participants in case study teachings start with a hypothetical scenario about a fictional company dealing with a fraud. Guided by an instructor, they then discuss what could have been done to address the situation.

Browse Resources

Comment Letter

Meeting Highlights

Publications

More Collections

Access to audit personnel grant program, audit committee, audit committee insights, audit committees, audit quality, audit quality indicators, auditor reporting.

Auditors & ESG Information

Audits of Brokers and Dealers

Caq symposium, classroom and training resources, collective action in the fight against fraud, connecting auditors and academics, cybersecurity, diversity and inclusion.

Effective Disclosure

Emerging Technologies

Ensuring reliability, quality, and independence in public company audits, fair value accounting, future talent, independent standard setting, international practices task force inflation discussion documents, international practices task force meeting highlights, mandatory firm rotation, policymakers, public policy & technical alert, research advisory board grant program, risk assessment panel discussion, role of the auditor, sarbanes-oxley, sec regulations committee highlights, snapshot alert, the caq at aaa, the future of corporate reporting, the value of auditor independence, transparency of audits, video vignettes.

The CAQ, in connection with the Auditing Section of the AAA, established a program designed to facilitate accounting and auditing academics’ ability to obtain access to audit firm personnel to participate in their research projects.

EXPLORE MORE

Publications 04.05.21

Fraud and Emerging Tech: Artificial Intelligence and Machine Learning

Comment Letter 02.01.21

IAASB: Discussion Paper, Fraud and Going Concern in an Audit of Financial Statements

Publications 01.12.21

Mitigating the Risk of Common Fraud Schemes

Policymakers across the globe increasingly recognize the vital role of audit committees and their importance to audit quality. In close collaboration with partner organizations, the CAQ is actively engaged in policy developments related to audit committees.

Newsletter 03.24.23

Audit Committee Insights | March 2023

Publications 03.22.23

Audit Quality Reports Analysis: A Year in Review

Video 02.28.23

Audit Committee Effectiveness: A Webinar Series

Audit Committee members are an essential component to the health of our financial reporting ecosystem and capital markets. While our economy is constantly evolving, so is the role of audit committee members. Policymakers, investors, and other leaders across the globe increasingly recognize the vital role of audit committees and their importance to audit quality. In close collaboration with partner organizations, the CAQ is actively engaged in developments that impact audit committees and provides valuable resources, current policy information, and tools to support audit committees with their responsibilities.

Auditors are highly skilled at adapting and problem solving, without sacrificing the audit quality on which our capital markets and investors depend. It is no surprise that under unprecedented circumstances, long-term investments in training and technology enabled the profession to quickly transition to remote work. Many factors lead to a quality audit, but a combination of auditor expertise and independence coupled with constant innovation and technology bolsters the level of trust and confidence in company financial statements and forms the basis of audit quality—and, therefore, value to capital markets.

2021 Audit Committee Transparency Barometer

Auditor Independence: A Cornerstone of Audit Quality

How Audits Support Capital Markets

The CAQ has been at the forefront of the movement to develop quantitative and qualitative metrics regarding the audit—commonly referred to as audit quality indicators (AQIs)—that could be used to better inform audit committees about key matters that may contribute to the quality of an audit.

Publications 11.30.22

2022 Audit Committee Transparency Barometer

Engaging constructively with policymakers and key stakeholders, the CAQ and its members have made substantial and practical contributions to ongoing efforts to enhance information presented in the auditor’s report to investors and other users.

Newsletter 01.07.21

Public Policy and Technical Alert, December 2020

Alert 12.07.20

Public Policy and Technical Alert, November 2020

Auditors play a key role as independent gatekeepers in the financial reporting ecosystem that underpins confidence in capital markets. Auditors build trust and confidence in information through the assurance services they provide. The auditing profession has steadily developed, systemized, and strengthened this trust and confidence-building role in providing assurance related to company financial statements and internal control over financial reporting. While auditors will continue the essential work of auditing historical financial statements, they can also bring their ability to enhance trust and confidence in other types of data and information issued by companies.

The Role of Auditors in Company-Prepared ESG Information: A Deeper Dive on Assurance

The Role of Auditors in Company-Prepared Cybersecurity Information: Present and Future

The Role of Auditors in Non-GAAP Financial Measures and Key Performance Indicators: Present and Future

Lending trust and credibility to ESG information.

Comment Letter 06.17.22

SEC Proposed Rule: The Enhancement and Standardization of Climate-Related Disclosures for Investors

Video 03.07.22

ESG Reporting 101: What is ESG assurance and why does it matter?

CAQ Commentary on SEC Climate-Related Disclosure Proposal

Alert 12.07.21

Audit Planning Alert for Auditors of Brokers and Dealers

Alert 08.27.19

CAQ ALERT #2019-01 – PCAOB REPORT ON 2018 INSPECTIONS OF BROKERS AND DEALERS

Alert 08.22.18

CAQ Alert #2018-04 – Broker’s and Dealer’s Use of a Service Organization

The Annual CAQ Symposium brings together practice leaders and audit research scholars for a discussion of important issues and an exploration of how research can inform those issues. On the pages for each event, find videos, summaries, and panel participants.

CAQ Symposium 2022

Video 10.28.21

What’s happening in ESG reporting & assurance today? Top 5 Takeaways from CAQ Symposium 2021

CAQ Symposium 2021

The CAQ creates educational videos that can be used in the classroom or as training resources. Available videos include a “Video Vignettes” series that provides a view into the types of conversations that take place during an audit. Videos also include classroom-ready excerpts derived from an expert panel at a CAQ event.

Publications 01.17.23

2023 Profession Outlook

Publications 03.07.22

Demonstrating the Value of Public Company Auditors

Statement 11.03.21

Statement of Support for the International Sustainability Standards Board (ISSB)

Strong fraud deterrence and detection requires all participants in the financial reporting ecosystem to exercise extreme vigilance. In a heightened risk environment regulators, internal and external auditors, audit committees, and public company management must work together to effectively detect and deter fraud.

Since its inception, the CAQ has sought to improve audit quality by increasing engagement between auditors and the academic community by fostering independent research related to the public company auditing profession.

Audit firms, standard-setters, regulators and the CAQ are developing a growing number of resources to help auditors, investors, management and audit committees understand the impact of the COVID-19 pandemic on financial reporting and oversight, and the CAQ is working to curate and distill that information for you.

COVID-19 11.09.20

Anti-Fraud Resources

COVID-19 10.06.20

Auditing Profession Resources

COVID-19 06.19.20

Audit Committee Resources

Cybersecurity threats are complex and an evolving issue with serious implications for public companies, their boards, investors, and other stakeholders, making it critical that the public company auditing profession does their part to support companies, boards, and others in addressing such threats.

Publications 06.27.22

Audit Partner Pulse Survey, Q2 2022

Comment Letter 05.09.22

SEC: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure

Bold Ambition

Accounting+

Video 10.19.21

Profession in Focus: Diversity in Focus with Elena Richards

The CAQ is a prominent voice in the discussion about effective financial disclosures. Convening key investor and financial groups, the CAQ has developed concrete recommendations on ways to facilitate investors’ access to meaningful information.

Comment Letter 11.25.19

SEC: Update of Statistical Disclosures for Bank and Savings and Loan Registrants

Comment Letter 07.29.19

SEC: Amendments to Financial Disclosures about Acquired and Disposed Businesses

Video 11.20.18

Audit Committee Reporting – Leslie Murphy

Emerging technologies are altering the financial reporting environment substantially, and this change is accelerating. For auditors and others in financial reporting, the CAQ provides insights on the benefits and risks of technology developments.

Publications 05.16.19

Emerging Technologies, Risk, and the Auditor’s Focus: A Resource for Auditors, Audit Committees, and Management

Publications 01.12.20

Fraud and Emerging Tech: Robotic Process Automation

Video 04.09.19

Evolution in Auditing

The CAQ is dedicated to enhancing investor confidence by supporting the public company auditing profession every day to improve audit quality and enhance auditor independence, creating a solid foundation of financial reporting that benefits investors in the United States.

2020 Audit Committee Transparency Barometer

Audit In Action

The CAQ has engaged on the issue of fair value (or mark-to-market) accounting, regarding both its usage broadly in the markets and in the context of auditing fair value measurements.

Alert 03.02.18

Public Policy and Technical Alert, February 2018

Publications 03.12.09

CAQ Testimony: “Mark-to-Market Accounting: Practices and Implications”

Meeting Highlights 06.12.97

June 1997 IPTF Joint Meeting Highlights

Are you purpose-driven? Are you a natural problem solver with an unquenchable curiosity? Are you fascinated by the inner workings of companies and financial markets? Then a career in audit may be right for you.

Video 10.05.20

Profession in Focus: A Conversation with EY’s Ken Bouyer on Inclusiveness Recruiting

Making It Balance

Robust internal control over financial reporting (ICFR) is a keystone of investor confidence. The CAQ has advanced the discussion around ICFR and produced a range of resources on the issue.

Perspectives on Management Review Controls: Challenges and Solutions

Alert 05.01.20

Public Policy and Technical Alert, April 2020

Alert 02.07.20

PUBLIC POLICY AND TECHNICAL ALERT, JANUARY 2020

In an increasingly interconnected global economy, market participants are considering whether it is possible or desirable to move toward a more uniform global “language” for financial reporting. As the discussion has taken place around International Financial Reporting Standards (IFRS), the CAQ has been an active voice.

The CAQ has been outspoken against policy provisions that would interfere with the independence of the accounting and auditing standard-setting processes.

The CAQ works to increase investor trust in the capital markets by promoting and developing high-quality performance from the public company auditing profession. A cornerstone of our strong U.S. capital markets is the trust investors place on audited financial statements when making critical decisions. Our resources provide information for investors on developments in the auditing profession, oversight and governance of public companies, and leading practices in the field of audit.

Publications 12.08.21

Value of the Audit

The CAQ has been a leading voice on the issue of mandatory audit firm rotation, which has significant implications for investors, audit committees, public company auditors, and the markets.

Comment Letter 12.14.11

PCAOB: Concept Release on Auditor Independence and Audit Firm Rotation

Comment Letter 02.14.14

ISS: Consultation Document on Auditor Ratification

Keeping CAQ members and stakeholders informed on significant public policy and accounting matters.

The CAQ and the public company auditing profession are dedicated to supporting valuable independent academic research that can have important, real-world impact on audit quality and the future of auditing.

The panel discussion videos are short excerpts from a CAQ event where practitioners and a leading academic provide perspectives on various issues related to the auditors’ risk assessment of a company. Included are the panelist bios and free short descriptions of each video excerpt.

Video 01.09.18

How Auditors Approach Risk Assessments

Video 01.08.18

How Materiality Impacts the Auditor’s Risk Assessment

Video 01.07.18

Consideration of Risks in Multilocation Audits

The CAQ has been at the forefront of the discussion around the role of the public company auditor and whether it should evolve to meet the changing information needs of investors.

Publications 03.09.23

The Role of the Auditor in Climate-Related Information

Publications 11.16.22

Audit Partner Pulse Survey, Fall 2022

The enactment of the Sarbanes-Oxley Act (SOX) of 2002, a law aimed at fostering more reliable financial reporting and enhancing audit quality, was a watershed moment for investors, public company auditors, and the markets. The CAQ has worked to create understanding of the impact of this important law. It has opposed efforts to weaken SOX section 404(b), which provides investors with important assurance by the independent auditor regarding management’s representations about the effectiveness of their company’s internal control over financial reporting (ICFR).

Video 08.01.19

Profession in Focus: Accelerated Filers, ICFR Audits, and Investor Protection

SEC: Amendments to the Accelerated Filer and Large Accelerated Filer Definitions

Publications 05.09.19

Guide to Internal Control Over Financial Reporting

Stay updated on the latest CAQ news.

Since 2008, the CAQ has organized and participated in panel discussions at the Annual Meeting of the American Accounting Association (AAA).

Video 10.09.20

CAQ at the AAA – August 2020

CAQ Panel at the 2020 AAA Auditing Section Midyear Meeting: Leveraging New and Old Media to Promote Degrees in Accounting

Video 08.12.19

CAQ Panel at The 2019 AAA Annual Meeting: Sustaining a Strong System of Quality Control to Enhance Audit Quality

The Sarbanes-Oxley Act of 2002 (SOX) was a watershed moment for investors, public company auditors, and capital markets. It established more reliable corporate reporting and auditor independence rules that enable stakeholders to trust the information provided by public companies. Two decades later, the U.S. is now widely recognized as the gold standard for auditor independence and thousands of high-quality audits are completed each year.

Video 08.08.22

Pop-Up Conversation with Rep. Brad Sherman (D-Calif.) and Mark Baer of Crowe

Video 07.27.22

SOX: The Evolution of Corporate Reporting

Our capital markets are an important engine for driving and maintaining our economic and societal well-being. These markets operate on information, and audited financial statements have long been a critical element of this information dynamic for their accuracy, transparency, and reliability. As investors make decisions, they depend on the information they receive from public company management. As a result, investors need—and in fact have long sought—an independent third party to provide assurance on the information provided by company management. Independence underpins the very credibility of the audit and, ultimately, its value to capital markets. It is also one reason why audit quality in the US has never been higher.

Publications 10.20.22

Auditor Independence

How Do Auditors Maintain Independence?

Audit in Action: The Role of the Audit Committee

The CAQ has engaged on the issue of effectively enhancing transparency in the audit, endeavoring to facilitate access to meaningful information for financial statement users and other constituencies.

Video 02.05.19

Critical Audit Matters: Audit Committee Perspectives

Video 02.13.18

Key Updates on Audit Committee Transparency and Investor Confidence

Alert 10.11.17

CAQ Alert #2017-04 – Select Auditing Considerations for the 2017 Audit Cycle

The vignettes provide insights into the types of conversations that occur between audit team members, as well as between auditors and preparers. The discussions captured in the videos can also be used in other teaching situations, as they highlight communications and interviewing techniques, professional skepticism, and how to navigate conversations on difficult and sensitive issues.

Video 04.13.17

Vignette 3: Auditing Is a People Business

Video 02.17.17

Vignette 2: Evaluating Root Cause and Severity of a Control Deficiency

Video 08.16.16

Vignette 1: Evaluating Management Review Controls over a Goodwill Impairment Estimate

The latest news and resources from the CAQ.

Stay Connected.

• Browse All Articles
• Newsletter Sign-Up

AccountingAudits →

No results found in working knowledge.

• Were any results found in one of the other content buckets on the left?
• Try removing some search filters.
• Use different search filters.

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our  privacy policy  to learn more.

Auditing Classroom Materials

Auditing is an important part of the accounting curriculum. The skills students learn in your classroom will not only prepare them for more advanced courses, but to one day succeed in a career.  The below are supplemental curriculum resources that the AICPA Academics team has reviewed and can be used in the classroom.

Award-Winning Curricula

The Academics team is proud to offer award-winning curricula designed to encourage faculty and expand the knowledge of accounting students. The curricula below is from the  Accounting Professors Curriculum Resource tool  and has been recognized for excellence with the  Bea Sanders/AICPA Innovation and Teaching Award , the  George Krull/Grant Thornton AAA Innovation in Junior and Senior-Level Teaching Award,  or the  Mark Chain/FSA Innovation in Graduate Teaching Award . 

• Engaging Students in Accounting and Auditing Aspects Related to the Dixon Illinois 53 Million Dollar Fraud  This resource highlights a case adaptable to auditing, fraud and governmental accounting courses. Classroom materials include legal documents, financial reports, budgets, and news articles that are free of charge and relevant to several courses.
• Jurassic Accounting and Stellar Steel This resource outlines a project where students prepare a presentation proposing audit services to a fictitious client. Accounting professionals visit the class twice during the semester once to present concepts behind proposing audit services to a client and the second includes a debriefing of the students regarding their proposal.
• Simulating an Audit in a Graduate Auditing Class   This project outlines the integration of an audit simulation game, a simulated audit, statistical sampling procedures and tests using generalized audit software in a graduate auditing class.
• Student Engagement in Auditing Class - Audit Skits and Humor   This project entails student groups in an auditing class creating skits or 'mini-movies' about auditing concepts and/or situations. This document discusses strategies for using this project in any accounting class, displays excerpts of some of the skits and provides rubrics.
• Use Technology to Enhance Auditing Classes   This resource addresses several technologies to incorporate into auditing classes that can aid students' comprehension of concepts and equip students with skills they will use repeatedly after graduation

Related AICPA Resources

Below are the related resources related to auditing.

Center for Audit Quality   – Established to serve its members and to enhance investor confidence, the CAQ engages in a wide range of activities in the United States and across the globe. Represented below are several of the resources available to faculty and students.

• Center for Audit Quality (CAQ)
• CAQ Classroom Resources on Public Company Auditing Topics: A Guide for Academics
• CAQ Videos: Classroom and Training Resources
• Anti-Fraud Collaboration Case Studies
• Discover Audit resources that house an abundance of items for all types of audiences

We are the American Institute of CPAs, the world’s largest member association representing the accounting profession. Our history of serving the public interest stretches back to 1887. Today, you'll find our 431,000+ members in 130 countries and territories, representing many areas of practice, including business and industry, public practice, government, education and consulting.

About AICPA

• Mission and History
• Annual Reports
• AICPA Media Center
• AICPA Research
• Jobs at AICPA
• Order questions
• Forgot Password
• Store policies

Association of International Certified Professional Accountants. All rights reserved.

• Terms & Conditions

The New Equation

Executive leadership hub - What’s important to the C-suite?

Tech Effect

Shared success benefits

Loading Results

No Match Found

PwC case studies

Examples of how a community of solvers brings together the strengths of people and technology to build trust and deliver sustainable outcomes — bringing The New Equation to life.

Featured - 3 items

Reinventing wyndham’s loyalty program technology.

Redesigning the cloud-based ecosystem powering Wyndham Rewards.

Helping the YMCA of GNY meet new community needs

Responding to change and expanding their reach and ability to support.

Baker Hughes is working toward net zero at scale

Learn how PwC helped Baker Hughes accelerate their net zero strategy.

A brighter future for medicine with healthcare technology

A collaboration between OSIC, PwC and Microsoft is helping patients, providers and researchers fight a rare disease.

{{filterContent.facetedTitle}}

• {{v.tagsTitle}}

{{item.title}}

• {{filterContent.dataService.numberHits}} {{filterContent.dataService.numberHits == 1 ? 'result' : 'results'}}
• {{vf.elipsedTagsTitle}}
• 0" ng-click="filterContent.reset()" class="reset-filters"> {{filterContent.resetFiltersLabel}}

{{item.publishDate}}

{{item.text}}

Explore further

Thank you for your interest in PwC

We have received your information. Should you need to refer back to this submission in the future, please use reference number "refID" .

Required fields are marked with an asterisk( * )

Please correct the errors and send your information again.

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

• Data Privacy Framework
• Cookie info
• Terms and conditions
• Site provider
• Your Privacy Choices

Accounting and Business Consultants, LLC | 800-930-2923

Case Studies

Case study #1, sox compliance – auditing expertise and resources provided to a pharmaceutical company.

An SEC-registered pharmaceutical public company and large accelerated filer with revenue increases from approximately $150 million to $600 million in 3 years required additional internal auditing expertise and resources to meet new and changing compliance and internal control requirements. READ FULL STUDY >>

Case Study #2

Merger and sap implementation – accounting expertise, resources and an interim controller required by an electronic material manufacturer in the electronics industry.

A manufacturing company with significant revenue growth over several years and approximately $500 million in revenue was implementing an SAP system and required additional accounting resources and an interim controller during the implementation project and after.  READ FULL STUDY >>

Case Study #3

Sap implementation – accounting resource and project management leadership for a medical imaging products manufacturer .

A privately held US manufacturing company of medical imaging products with approximately $1 billion in revenue with offices in Delaware, Europe, Australia and Japan was implementing SAP and required an interim management resource to assist with the FI module configuration and testing and with project management of the implementation and training efforts in Sydney, Australia.  READ FULL STUDY >>

Case Study #4

Internal controls expertise, training and project planning for an oil company.

An African oil company with approximately $12 billion in revenue and multiple subsidiaries wanted to provide in-house training to approximately 50 key accounting and audit executives and managers. The Company also required assistance developing a Company-wide internal control project implementation plan.  READ FULL STUDY >>

Case Study #5

Outsourced sox compliance and internal audit expertise for a real estate management company.

An SEC-registered real estate public company with approximately $15 million in revenue required outsourced internal auditing expertise to handle all compliance and internal control requirements. The company had limited accounting personnel and required best practices in implementing COSO and control monitoring solutions.  READ FULL STUDY >>

Case Study #6

Implementation of it policies, procedures, and controls for a pharmaceutical manufacturing company.

A public company in the pharmaceutical industry experienced significant growth over several years and required enhanced IT policies and procedures and adoption of a security and availability controls framework.  READ FULL STUDY >>

Case Study #7

Soc 2 audit for an it managed services provider.

A large customer of an IT service organization providing outsourced managed services required an SOC 2 audit. READ FULL STUDY >>

Case Study #8

It sox controls documentation for european pharmaceutical company.

A large privately owned European pharmaceutical company with over $3 billion in revenue and limited experience with SOX compliance in the USA required audit expertise to document IT controls relative to IT operations for a division being purchased by a US company. READ FULL STUDY

Case Study #9

Reconciliation project leadership, expertise and resources provided to a nationwide bank.

A large public company financial institution with over $11 billion in assets and approximately $800 million in revenue had a breakdown in reconciliation procedures for automated processing of transactions by an outsourced processor. The Bank required expertise and resources to resolve control weaknesses and investigate unreconciled prior year processing errors and irregularities.  READ FULL STUDY

Case Study #10

Sox and internal control project management leadership and resources provided to an energy company.

A large public energy company with $6 billion in revenue and multiple subsidiaries was required to document and implement internal controls throughout the company and at various locations for Sarbanes Oxley (SOX) requirements.  READ FULL STUDY

Case Study #11

Audit expertise and resource for a regional water company.

A local public water company, with $77 million in revenue and $431 million in assets, acquired property and certain equipment pursuant to an acquisition agreement with a local municipality. Management required an independent auditor to perform steps to ensure certain aspects of the agreement were adhered to and reports provided were reliable.  READ FULL STUDY

Case Study #12

Compliance assistance and resource provided to a world wide bank operating in delaware.

A worldwide bank with operations in Delaware required assistance with strategic planning and research efforts relating to compliance with the Community Reinvestment Act (CRA). The Delaware bank has assets approximating $28 billion and interest and other revenue of $2.8 million.  READ FULL STUDY

Case Study #13

Outsourced sox services provided to an sec public company.

An SEC-registered public company on the verge of bankruptcy required outsourced internal auditing expertise to handle all compliance and internal control requirements. The company had limited resources and accounting personnel and required an efficient approach to ongoing Sarbanes Oxley (SOX) Compliance efforts.  READ FULL STUDY

Case Study #14

Document procedures, risks and controls for a manufacturing division of a large public company. assist with accounting for carve out transaction.

A large public company helicopter manufacturing division with limited accounting and compliance personnel was required by its corporate headquarters to document procedures for business processes and to identify financial reporting risks and controls in those processes. At the same time, management required assistance in carving out a line of business for a sale transaction.  READ FULL STUDY

Case Study #15

Special projects and reconciliation specialist for a nationwide bank.

A large public company financial institution required an audit and reconciliation specialist to lead various special projects and reconciliation efforts throughout the bank.  READ FULL STUDY

Case Study #16

Provided internal controls expertise, leadership, and resources to a full solution security services company.

A public company and nationwide provider of full solution security services and revenue approximating $140 million required expertise, leadership and resources to implement the May 2013 COSO Framework, assist the company in documenting its risk assessment, enhance business process documentation and controls, including IT and entity level controls, and to assist in developing ongoing monitoring plans and separate evaluations. READ FULL STUDY

Contact Us Now

Send a message through our website and we'll be in touch soon.

Contact Us »

SEND US A FILE

Use our secure file sharing system to safely send us your files

Send File »

CLIENT CASE STUDIES

We've helped many businesses just like yours with controls and compliance.

Learn More »

The global body for professional accountants

• Search jobs
• Find an accountant
• Technical activities
• Help & support

Can't find your location/region listed? Please visit our global website instead

• Middle East
• Cayman Islands
• Trinidad & Tobago
• Virgin Islands (British)
• United Kingdom
• Czech Republic
• United Arab Emirates
• Saudi Arabia
• State of Palestine
• Syrian Arab Republic
• South Africa
• Africa (other)
• Hong Kong SAR of China
• New Zealand
• Our qualifications
• Getting started
• Your career
• Apply to become an ACCA student
• Why choose to study ACCA?
• ACCA accountancy qualifications
• Getting started with ACCA
• ACCA Learning
• Register your interest in ACCA
• Learn why you should hire ACCA members
• Why train your staff with ACCA?
• Recruit finance staff
• Train and develop finance talent
• Approved Employer programme
• Employer support
• Resources to help your organisation stay one step ahead
• Support for Approved Learning Partners
• Becoming an ACCA Approved Learning Partner
• Tutor support
• Computer-Based Exam (CBE) centres
• Content providers
• Registered Learning Partner
• Exemption accreditation
• University partnerships
• Find tuition
• Virtual classroom support for learning partners
• Find CPD resources
• Your membership
• Member networks
• AB magazine
• Sectors and industries
• Regulation and standards
• Advocacy and mentoring
• Council, elections and AGM
• Tuition and study options
• Study support resources
• Practical experience
• Our ethics modules
• Student Accountant
• Regulation and standards for students
• Your 2024 subscription
• Completing your EPSM
• Completing your PER
• Apply for membership
• Skills webinars
• Finding a great supervisor
• Choosing the right objectives for you
• Regularly recording your PER
• The next phase of your journey
• Your future once qualified
• Mentoring and networks
• Advance e-magazine
• Affiliate video support
• An introduction to professional insights
• Meet the team
• Global economics
• Professional accountants - the future
• Supporting the global profession
• Download the insights app

Can't find your location listed? Please visit our global website instead

• How to tackle audit and assurance case study questions
• Study resources
• Advanced Audit and Assurance (AAA)
• Technical articles and topic explainers
• Back to Advanced Audit and Assurance (AAA)
• How to approach Advanced Audit and Assurance

This article provides an insight into the recommended approach for Section A questions in Paper P7, Advanced Audit and Assurance . Paper P7 is one of the final options papers, and, as such, will be a demanding and challenging exam, aiming to test whether candidates have the necessary knowledge, application, skills, and judgement to complete their professional qualification. Using good exam technique and having a sensible approach to questions will do much to help secure a clear pass mark. This is the first of a two-part series on approaching Section A questions. The next article – which will be published in the September 2007 issue of student accountant – will include elements of a typical question and illustrate how these should be approached.

The exam will include two questions in Section A, with a combined mark allocation of between 50 and 70 marks. It is likely that the combined total of the two questions will be towards the higher end of this range.

Both Section A questions will be case studies. Detailed information will be provided about a business for which the candidate’s firm is providing an audit or assurance service. The aim of the case study question is to place the candidate in a real-world situation, facing the real-world requirements that an audit or assurance provider would have to deal with. The questions will therefore be practical in nature.

Case study requirements

Each case study question will include several separate requirements taken from separate syllabus areas. This mirrors what happens in the real world when, for example, an audit manager planning an assignment needs to consider not only how to plan the work, but also assess the implications of any ethical, practice management, quality control, or current professional issues raised from information provided by the client. At least one of the requirements could be to provide a response to a specific enquiry raised by the client or potential client in the scenario.

The first stage, when attempting a case study question, is to carefully read the requirements and understand exactly what is being asked for. By the time a candidate reaches this final stage in their professional studies it is hoped that they are familiar with the general style of question requirements. However, the wording used is such an important issue that it is worth repeating for the sake of clarity. At the Professional level, requirements are at the highest intellectual level and it is imperative that candidates understand exactly what is being asked.

Generally, requirements ask the candidate to perform an action, as follows:

Candidates should familiarise themselves with exam terminology and tailor their answers accordingly. Taking time to consider the exact wording of the requirement will result in a focused answer which satisfies the question set.

Note that very few marks will be available in Paper P7 for rote-learning and the listing of facts, rules, or pieces of information. Instead, the application of knowledge to the specific scenario provided will score well. For example, a requirement may ask for the  identification and explanation of matters (such as business or financial statement risks). As a general rule, a maximum of one-third of the available marks would be available for identification; the remaining two-thirds would be for the explanation of the matter. It is therefore not possible to pass the question requirement without application to the question scenario.

Professional marks

The ACCA Qualification features a core theme of ‘ethics and professionalism’, and all Professional level exams will contain some marks on this topic. In Paper P7, the professional marks will be allocated between the two Section A questions, with a maximum of five marks being available across the two questions. The requirements will clearly state how many marks are available and which question requirement they relate to.

It is likely that Section A requirements containing professional marks will ask for the answer in a particular format, such as a report or briefing notes. The professional marks will be awarded for the following:

• structure and presentation
• clarity of explanation
• use of language appropriate to the addressee
• use of professional judgement
• discussion of both sides of a debate
• appreciation of relevant current professional issues.

Case study information

Having read the requirements and understood exactly what has been asked for, the next step is to carefully read through the information provided, all the time bearing in mind the specific instructions given in the requirements.

The information provided in the scenario is likely to be both numeric and narrative, and could come from many different sources, such as:

• extracts from financial statements
• information from management systems
• details taken from working papers
• verbal representations from the client or members of the audit/assurance team
• statements from third parties.

The information in the question will need to be carefully read and it is important that sufficient time is spent digesting and understanding the information provided. Candidates who skim read the information and do not take time to stop and think about the issues raised in the scenario are likely to produce a poorly focused answer which fails to identify the main points.

When reading the case study scenario it is important, therefore, to identify the following:

• What is your role? For example, are you the manager responsible for the audit, or responsible for company-wide matters such as ethics or quality control?
• What is the time scale? Are you planning an assignment prior to the client’s year end, or reviewing working papers at the conclusion of the audit?
• What does the company do? Is it involved in manufacturing, a service industry, or financial services? Does the company operate in a highly-regulated industry?
• What is the key relationship in the scenario? Is the company a long standing or potential client? Is this a one-off or a recurring engagement?

Understanding these basic facts will ensure that candidates approach the question requirements from the correct viewpoint.

When reading through the scenario it is useful to highlight or underline important pieces of information. A lot of time can be wasted by continually re-reading the scenario, so thoroughly reading and annotating the question paper should improve time management. Remember, with reading and planning time now being given at the start of the exam, there should be plenty of time to read the entire scenario carefully.

Planning and time allocation

The case study questions will contain at least three discrete requirements. Time must be allocated between the requirements to ensure that each is addressed in sufficient depth. Failing to deal with a requirement obviously reduces the overall mark available for a question, but it also detracts from the quality of the answer as a whole. Remember, within each requirement there will be some relatively easy marks to gain, so by not attempting a requirement these marks are lost.

Is it worthwhile planning the answer? The simple answer is yes, as long as the plan is not too detailed and is then followed. A brief plan of the main points to be covered will keep the focus on the key elements of the requirements, and should avoid digressions into irrelevant matters. A good plan should prioritise the most significant issues. This is important, because if time runs short, key issues will still have been covered. A good plan will also draw out links between different pieces of information provided in the scenario. However, a plan is only worth doing if it enhances the answer. Spending too long on a very detailed plan, resulting in a lack of time to deal with the question requirements in detail, is not a good use of time in the exam. Plans should be very brief, no more than bullet points, and clearly labelled so they can not be confused with the actual answer.

A general comment on time allocation: a common error is to spend too long on the first two questions, leaving very little time for the remaining questions. It is imperative that each question is properly attempted, and that sufficient time is left towards the end of the exam to attempt the final question. Candidates are advised that the quality of the overall script will be reviewed, and students are reminded to attempt the correct number of questions.

Take time to think

This may sound obvious, but it is important to take time to think about the requirements, the scenario, and how to answer the question. Rushing to put pen to paper without sitting back to think an answer through is a frequent mistake in exams. The following are common examples of errors caused by not thinking about the facts in the scenario or the question requirement.

Failing to properly read and understand the question requirements could result in:

• not thinking properly about the actual question requirement and then proceeding to answer the requirement inappropriately. Not answering the question set is a major reason for failure. Linked to this, it is apparent that a question requirement is often only read briefly, and that the candidate then goes on to assume that the requirement is identical to requirements from previous exam questions. This will mean failing to answer the specific question set.
• making comments that belong to a different question requirement is a mistake which comes from not looking at the question requirements in their entirety. It is important to look at how the requirements relate to each other to ensure that an answer is logical and comments made do not refer to the wrong answer requirement.

Failing to read the scenario carefully, or failing to think it through, could result in:

• making inappropriate suggestions, as a result of not thinking clearly and professionally about the relationship between the audit/assurance provider and the client. It is imperative that candidates appreciate that Paper P7 examines not just technical concepts, but also the ability to make commercial and professional comments and recommendations. This is one area where stopping and thinking about the relationships between individuals within the scenario is crucial. For example, if the candidate is given the role of an audit manager or partner, it is important not to defer to more junior members of the team. Equally, inappropriate comments to the client must be avoided. For example, the management of the client company should not be ‘asked if they are corrupt’ or ‘asked to prove their technical ability to prepare accounts’. Clearly, such comments detract heavily from the quality of any answer, but can be avoided by thinking carefully about relationships and how they should be managed.
• making wholly inappropriate practical suggestions. For example, asking, as part of audit evidence, to physically verify an asset that has been sold, or requesting sight of a purchase invoice for an item bought many years ago. Think carefully about requests or recommendations and ask whether the request could actually be carried out.
• seeing a word and assuming it means something, when really it means something entirely different – this is a common mistake and results purely from not thinking before writing an answer. For example, if a scenario includes information about fines or penalties, it is important to think about whether the amount has been paid before the year end, and not to automatically assume, without taking time to think about the facts from the scenario, that a provision would be necessary.
• when performing calculations, it is crucial to think about the figures provided in the scenario and to use the correct figure in the right way. For example, when calculating materiality, make sure that the correct benchmark is used. If calculating the materiality of an asset, the materiality calculation should be based on the balance sheet, rather than on revenue as this is totally inappropriate.

Presenting the answer

It should go without saying that answers should be clearly presented, as this makes marking much easier. In particular, the following points should be noted:

• Use headings and sub-headings to give the answer a logical flow.
• Bullet points are only appropriate when listing facts which require little explanation, which will be rare in Paper P7.
• Illegible handwriting is a major problem for markers. If handwriting is a particular area of concern, leave a blank line between each line of writing, and write more slowly.
• Start each answer on a new page of the answer booklet.

Remember that some requirements contain professional marks, as discussed earlier, and in these requirements the presentation and layout of the answer is particularly important.

This article has focused on the case study questions which will appear in Section A of the Paper P7 exam, but many of the points made could equally apply to the Section B questions. It is hoped that candidates will have already developed good exam technique in order to reach this final stage in their professional exams. However, in every sitting, many relatively easy marks are not gained because of a poor approach to answering questions. It is recommended that candidates practise as many questions as possible in preparation for the exam; bearing in mind the points made in this article while practising questions should improve performance significantly.

Written by a member of the Paper P7 examining team

Related Links

• Student Accountant hub page

Advertisement

• ACCA Careers
• ACCA Career Navigator
• ACCA Learning Community

Useful links

• Make a payment
• ACCA-X online courses
• ACCA Rulebook
• Work for us

Most popular

• Professional insights
• ACCA Qualification
• Member events and CPD
• Supporting Ukraine
• Past exam papers

Connect with us

Planned system updates.

• Accessibility
• Legal policies
• Data protection & cookies
• Advertising

• Global (EN)
• Albania (en)
• Algeria (fr)
• Argentina (es)
• Armenia (en)
• Australia (en)
• Austria (de)
• Austria (en)
• Azerbaijan (en)
• Bahamas (en)
• Bahrain (en)
• Bangladesh (en)
• Barbados (en)
• Belgium (en)
• Belgium (nl)
• Bermuda (en)
• Bosnia and Herzegovina (en)
• Brasil (pt)
• Brazil (en)
• British Virgin Islands (en)
• Bulgaria (en)
• Cambodia (en)
• Cameroon (fr)
• Canada (en)
• Canada (fr)
• Cayman Islands (en)
• Channel Islands (en)
• Colombia (es)
• Costa Rica (es)
• Croatia (en)
• Cyprus (en)
• Czech Republic (cs)
• Czech Republic (en)
• DR Congo (fr)
• Denmark (da)
• Denmark (en)
• Ecuador (es)
• Estonia (en)
• Estonia (et)
• Finland (fi)
• France (fr)
• Georgia (en)
• Germany (de)
• Germany (en)
• Gibraltar (en)
• Greece (el)
• Greece (en)
• Hong Kong SAR (en)
• Hungary (en)
• Hungary (hu)
• Iceland (is)
• Indonesia (en)
• Ireland (en)
• Isle of Man (en)
• Israel (en)
• Ivory Coast (fr)
• Jamaica (en)
• Jordan (en)
• Kazakhstan (en)
• Kazakhstan (kk)
• Kazakhstan (ru)
• Kuwait (en)
• Latvia (en)
• Latvia (lv)
• Lebanon (en)
• Lithuania (en)
• Lithuania (lt)
• Luxembourg (en)
• Macau SAR (en)
• Malaysia (en)
• Mauritius (en)
• Mexico (es)
• Moldova (en)
• Monaco (en)
• Monaco (fr)
• Mongolia (en)
• Montenegro (en)
• Mozambique (en)
• Myanmar (en)
• Namibia (en)
• Netherlands (en)
• Netherlands (nl)
• New Zealand (en)
• Nigeria (en)
• North Macedonia (en)
• Norway (nb)
• Pakistan (en)
• Panama (es)
• Philippines (en)
• Poland (en)
• Poland (pl)
• Portugal (en)
• Portugal (pt)
• Romania (en)
• Romania (ro)
• Saudi Arabia (en)
• Serbia (en)
• Singapore (en)
• Slovakia (en)
• Slovakia (sk)
• Slovenia (en)
• South Africa (en)
• Sri Lanka (en)
• Sweden (sv)
• Switzerland (de)
• Switzerland (en)
• Switzerland (fr)
• Taiwan (en)
• Taiwan (zh)
• Thailand (en)
• Trinidad and Tobago (en)
• Tunisia (en)
• Tunisia (fr)
• Turkey (en)
• Turkey (tr)
• Ukraine (en)
• Ukraine (ru)
• Ukraine (uk)
• United Arab Emirates (en)
• United Kingdom (en)
• United States (en)
• Uruguay (es)
• Uzbekistan (en)
• Uzbekistan (ru)
• Venezuela (es)
• Vietnam (en)
• Vietnam (vi)
• Zambia (en)
• Zimbabwe (en)
• Financial Reporting View
• Women's Leadership
• Corporate Finance
• Board Leadership
• Executive Education

Fresh thinking and actionable insights that address critical issues your organization faces.

• Insights by Industry
• Insights by Topic

KPMG's multi-disciplinary approach and deep, practical industry knowledge help clients meet challenges and respond to opportunities.

• Advisory Services
• Audit Services
• Tax Services

Services to meet your business goals

Technology Alliances

KPMG has market-leading alliances with many of the world's leading software and services vendors.

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

• Our Industries

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

• What sets us apart

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Relevant Results

Sorry, there are no results matching your search., case studies.

See how KPMG has helped organizations transform themselves to compete more effectively.

• Innovation insights
• Enterprise-wide Innovation

Explore client stories

Redefining what’s possible in the pursuit of health equity

Helping Morehouse School of Medicine globalize its impact and modernize its capabilities

An innovative workshop session plants the seeds for change and growth

KPMG Ignition helps the Crop Science division of Bayer make the changes that matter for finance transformation

Uber rethinks the rules of the road. Again.

KPMG’s flexible, listen-to-design approach extends a legacy of tax technology innovation.

More stories

Read about how we help clients enhance their customer experience, improve business performance, and drive new revenue streams—then let us do the same for you. ​

Meet our team

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement .

Job seekers

Visit our careers section or search our jobs database.

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Case Studies: IT Audits, IT Security Audits, and Network Security Audits

It security audit company with certified auditors provides it audit and compliance audit services., selected case studies and industry experience, every engagement is unique. we are happy to customize our audit services to your specific needs.

Network Security Audit

A mid-size telephone company with many entities was concerned about network security risks., client situation.

A mid-size telephone company with many entities was concerned about network security. Management wanted an internal and external network security audit of each entity.

Altius IT Solution

Altius IT provided a 50 point, 360 degree view of risks. Our services included an evaluation of:

• Risk assessment, risk analysis, and risk treatment
• Policies, procedures, plans, and related documents
• Use of service providers
• Security of servers, firewalls, and network infrastructure
• Protection against malicious software (viruses, spyware, etc.)
• Security mechanisms and practices
• Controls over removable media and USB devices
• Incident response and business continuity

Altius IT's analysis included a comparison of the organization with security best practices to identify gaps. Altius IT provided a report of findings as well as recommendations, costs, and a prioritized risk response executive summary Action Plan.

Client Benefit

Altius IT’s network security audit documented several areas that placed the organization at risk to both internal and external threats. The prioritized Action Plan helped the telephone company increase security and protect its information assets

Cyber Security Audit

A large county needed assurance that its sensitive information was protected against hackers and other threats..

A county needed assurance that its sensitive information was protected against hackers and other Internet threats. County management was concerned about compliance related issues and wanted assurance its systems were protected against external threats.

Altius IT provided an External Network Security Audit. Our services included a variety of hacker type tools and techniques that identified and evaluated the county’s external risks:

• Firewall – reviewed and analyzed configuration
• External penetration – evaluated vulnerabilities
• Social engineering – determined employee risks
• Phishing – used fake e-mails and USB devices
• False web sites – determined risks
• Policies – evaluated security related policies

Altius IT compared the county with industry benchmarks and determined the type of security infrastructure in place. We tailored our attacks to take advantage of gaps.

Altius IT’s provided an External Network Security Audit Report, a Risk Assessment Report, and a prioritized Action Plan Report of security related recommendations.

Altius IT’s external network security audit documented several areas that placed the organization at risk to external threats. The prioritized Action Plan helped the organization increase security while increasing protection of its information assets.

Web Application Security

A software developer was notified it's application was not secure. a client of the software developer requested a web application security audit..

A software developer provided on-line marketing solutions including web design, content management, and e-commerce solutions. The software developer was notified by a third party that it’s software was not secure. When negative publicity appeared in the media, clients and prospects became concerned and revenue declined. The software developer’s President wanted assurance that its code, with interfaces to internal database systems, was secure and protected from threats.

Emulating the approach used by hackers, Altius IT used a variety of manual and automated tools to perform a controlled real-life attack on the organization's web application and web server for vulnerabilities. Altius IT evaluated the application for over 35,000 types of risks including SQL injection, cross site scripting, buffer overflow, authentication, encryption, JavaScript, and many others. Altius IT provided a Web Application Security Audit Report with our findings, an analysis of vulnerabilities, and solutions to enhance security.

Altius IT’s web application security audit identified several areas that placed the organization at risk to hackers and other external threats. With Altius IT’s report, the organization eliminated software bugs and enhanced security by implementing changes to their code and procedures. As a Certified Information Systems Auditor, Altius IT provided a follow-up web application security audit and verified that the security issues identified in the first audit had been addressed. Altius IT provided the software developer with our Auditor Opinion Letter that the client distributed to their prospects and clients. The organization’s enhanced image and reputation helped it increase revenue both by retaining current customers and by converting new prospects into clients.

Compliance Audit

A large regional hospital needed assurance that health information was protected against unauthorized access. meet hipaa and hitech compliance requirements..

A large regional hospital needed assurance that health information was protected against unauthorized access. The hospital needed to meet HIPAA and HITECH compliance requirements.

Altius IT provided a HIPAA / HITECH Compliance and Security Audit. Altius IT evaluated the hospital's security controls including:

• Administrative Safeguards - policies, procedures, plans, forms, security training, incident response, business continuity
• Physical Safeguards - controls over access to data centers, cameras, EPHI
• Technical Safeguards - firewalls, server configurations, network segmentation, anti-malware, logging, backups

Altius IT’s reports documented several areas that placed the organization at risk to compliance and network related threats. Altius IT's Action Plan Report provided a prioritized risk response plan for the hospital with ways to enhance security, ensure protection of its information assets, and meet compliance requirements.

Altius IT's compliance audit enhanced the hospital's security controls. Management has assurance that systems and data are secure. EPHI is protected from unauthorized access and alteration.

Risk Assessment

A mid-size medical product manufacturer was concerned about the security of a new device. a risk assessment was needed to address concerns about patient confidentiality and the integrity of the product..

A mid-size medical product manufacturer was concerned about the security of a new device. The organization was concerned about patient confidentiality and the integrity of the product.

Altius IT's Risk Assessment inventoried relevant assets and organized the assets into asset categories. We identified specific threats and threat categories and documented vulnerabilities that existed as a result of the threats. Our Risk Analysis evaluated risks and the likelihood of various threat exploits. We identified security gaps that could be exploited by insider and outsider attacks. Altius IT’s Risk Treatment Plan analyzed and documented risk reduction and risk treatment safeguards and controls for each vulnerability. Altius IT's Risk Task List identified preventive, detective, and corrective controls that eliminated or reduced risks to acceptable levels. Residual risks, risks that existed after controls were implemented, were identified, and prioritized so they could be monitored.

Altius IT’s risk assessment documented several product related threats that placed the organization at risk to both internal and external threats. The medical device manufacturer achieved the following benefits:

• Security – security assurance knowing that the product had effective security safeguards and controls.
• Continuity – ability to continue functioning even if the product had been compromised.
• Alerts – remote notifications to appropriate personnel so they could take appropriate actions if the product was compromised.
• Redundancy – ability of the product to continue operating in the event of normal failures.
• Sociability – ability of the product to not interfere with existing systems and devices.

Mobile application security audit

A marketing company needed assurance that a newly developed mobile application was secure. a mobile application security audit was needed to address concerns about the security of the software application..

A marketing company developed a mobile software application for a large international client. Management at the marketing company was concerned about the security of the mobile application.

Altius IT provided a "hand on" security audit of the mobile application. We evaluated security risks related to:

• User use of the device
• Mobile software coding issues
• Interfaces to servers and databases
• Configurations of servers, firewalls, and network segmentation
• Authentication issues
• Backups and recovery

Altius IT's Mobile Application Security Audit Report documented security risks and provided recommendations to enhance security.

Altius IT's mobile application security audit documented recommended changes to enhance security of the mobile application and server environment. The marketing company and the large international client had the peace of mind knowing that the mobile application kept information secure from intruders.

Social Engineering Audit

A mid-size bank was worried about social engineering attacks on its staff. Management was concerned about maintaining customer confidence and meeting compliance requirements.

Altius IT provided a social engineering security assessment. Emulating the approach used by hackers, we manually perform a controlled real-life attack on the bank's staff and measured their response and actions to fake e-mail messages and false web sites. We benchmarked the bank against industry averages and provided the bank with ten recommendations to reduce their risks to social engineering attacks. Altius IT’s social engineering security assessment documented weaknesses in the bank's security education training and awareness programs.

Altius IT's social engineering security assessment helped the bank formalized its security education and awareness training program and supplemented it with frequent reminders to employees, temporary staff, and contractors. Customer satisfaction was increased as a result of the increase in security awareness.

Case Studies

It audits, it security audits, and network security audits.

Unlike a security consultant, Altius IT is certified as a Certified Information Systems Auditor to perform a security audit of your environment and issue reports and recommendations to secure your systems. After your audit, Altius IT's Auditor Opinion Letter and Secure Seal let your clients and prospects know you meet security best practice/compliance requirements.

See our In the News page for video clips of our experts on national television as well as over 40 publications featuring Altius IT. In addition to our auditor certifications we hold many security, technical, and project management credentials. More information is available on our About Us page.

Our comprehensive audit service uncovers gaps in your existing defenses so that you can better:

• Fortify your information systems, applications, and network infrastructure
• Comply with regulatory requirements
• Protect your valuable assets
• In the news
• Success Stories
• (714) 794-5210
• [email protected]

Altius IT's services are provided throughout the United States and in selected international countries. Our corporate HQ is located in Orange County California between Los Angeles and San Diego. Contact us and we will help you choose the right audit for your organization.

Java licensing

Oracle Java Audit Checklist – 8 Steps For Success

May 16, 2024

Oracle Java Audit Check List

• Treat the initial email as the start of a soft audit
• Compile an inventory of Java distributions.
• Contact us for expert help.
• Analyze which deployments need licenses.
• Optimize and remove unnecessary Java.
• Craft strategic responses to Oracle emails
• Dispute retroactive usage claims

Oracle’s Soft Audit Process

Receiving an email from Oracle about Java usage can be a prelude to a soft audit . Here’s how it usually unfolds:

• Initial Email : Oracle sends an email requesting a meeting to discuss Java usage rights and licensing.
• Meeting Commencement : The soft audit process begins if you attend the meeting.
• Inventory Request : Oracle will request a detailed inventory of your Java deployments.
• Refusal to Share : If you refuse to share, Oracle will point out your history of downloading licensable Java over the past five years.
• Escalation : Oracle’s continued refusal to purchase licenses led to the involvement of its legal and business practices teams, including threats of legal action.
• Long-Term Proposals : Oracle’s proposals often span 5-10 years, factoring in retroactive payments from 2019 to the present.
• Upper Management Involvement : Escalations will reach your CFO, CIO, and CEO.

Your Oracle Java Audit Checklist

• Initial Email Response : Treat the first email as the start of a soft audit.
• Inventory Preparation : Begin compiling an inventory of all your Java distributions immediately.
• Contact Experts : Given the high costs of Java, which include purchasing a license for every employee regardless of usage and a mandatory five-year subscription, we recommend you contact us.
• Deployment Analysis : We can help you understand which deployments trigger a license.
• Optimization : We’ll assist you in optimizing and removing unnecessary Java deployments.
• Email Response Strategy : We will help you craft responses to each Oracle email.
• Dispute Strategy : We have proven strategies to dispute all retroactive usage claims.
• Licensing Decision : Decide whether to purchase licenses moving forward. If not, we’ll help you develop a strategy to avoid paying Oracle anything.

Oracle Java Audit Case Study

An organization with 600 employees on the United States East Coast faced a soft audit from Oracle. They had removed all Java installations and didn’t need any further licenses.

However, Oracle claimed that the organization owed $108,000 per year for the past four years due to past Java usage.

The total demand was $432,000. Oracle’s evidence included records of security downloads indicating past Java use.

The Challenge

The organization reached out to Redress for assistance. They wanted to know if there was a way to challenge Oracle’s claims or if they had to pay the demanded fees.

The Process

• Initial Contact : The organization contacted Redress. Within two days, Redress began reviewing the situation.
• Review : Redress reviewed the communications and evidence. To understand the organization’s past and present use of Java.
• Negotiation Strategy : Redress crafted a negotiation strategy. They aimed to counter Oracle’s claims with a well-supported argument.
• Resolution : After negotiations, Oracle offered to settle for less than $15,000 for the backdated usage. The organization accepted this offer, eager to resolve the issue and move on.

This case illustrates how Redress can assist organizations in negotiating and reducing unexpected software audit claims. If you need help with similar issues, we have many references from organizations we have supported.

Please contact us if you need help with your Oracle Java soft audit.

Fredrik Filipsson brings two decades of Oracle license management experience, including a nine-year tenure at Oracle and 11 years in Oracle license consulting. His expertise extends across leading IT corporations like IBM, enriching his profile with a broad spectrum of software and cloud projects. Filipsson's proficiency encompasses IBM, SAP, Microsoft, and Salesforce platforms, alongside significant involvement in Microsoft Copilot and AI initiatives, enhancing organizational efficiency.

View all posts

• Investigates
• Houston Life
• Newsletters

WEATHER ALERT

11 warnings in effect for 14 counties in the area

Study says houston has one of the lowest inflation problems, but do our pockets beg to differ.

Ahmed Humble , Digital Content Producer

HOUSTON – High prices due to inflation seem to have been going on forever and a new study suggests Houston is not experiencing as much of a difference compared to other major metropolitan cities. My wallet and bank statements suggest otherwise.

RELATED: Texas ranks 2nd in US for collections debt: report

Recommended Videos

The report was conducted by WalletHub, where researchers compared 23 major metropolitan cities.

By examining the Consumer Price Index, which measures inflation, for the latest month, the findings suggest Houston had the fourth-lowest inflation problem.

Now, I’m no economist but something about that just doesn’t seem right. (I’m also not good with money - but that’s neither here, nor there.)

SUGGESTED: Have financial stress due to eating out too much? Here are 5 tips to help

And experts tell WalletHub I might not be the only one who thinks that either.

“Inflation is coming down but not as fast as one would want,” Professor Kjetil Storesletten at the University of Minnesota said. “Increasing the interest rates and reducing government spending would both contribute to lower expectations of future inflation and, hence, lower the current inflation rate.” Earlier this week, I wrote an article on how much money people in Houston needed to earn to “live comfortably” and there was a gap between how much the median income is and how much was needed to make ends meet.

MORE: Some Americans have become saddled with credit card debt as rent and everyday prices remain high

Combine that with the fact that Texas’ minimum wage has remained unchanged since 2009 at $7.25 per hour.

It’s difficult then, to see how Houston has a silver lining when it comes to inflation.

And experts like Scott Kolman at San Diego State University tell WalletHub it’s near impossible to see any type of light at the end of this very dark (and very expensive) tunnel.

“High inflation hurts today and the future,” he said. “I have never heard of, or read, anyone putting a positive spin on the future due to the current high inflation. You will hear politicians spinning the current inflation problem as it is a sign of a strong economy.

“This is true of the current situation,” Kolman continued. “However, the economy is overheated because of deficit spending. The cost of inflation caused by deficit spending will be far beyond the dollars we have to pay back and the interest from the extreme borrowing.”

Read the full report by WalletHub by clicking here.

Copyright 2024 by KPRC Click2Houston - All rights reserved.

About the Author

Ahmed humble.

Historian, educator, writer, expert on "The Simpsons," amateur photographer, essayist, film & tv reviewer and race/religious identity scholar. Joined KPRC 2 in Spring 2024 but has been featured in various online newspapers and in the Journal of South Texas' Fall 2019 issue.