What is Auditing?

Are the financial processes being done in an organization are in accordance with rules
and polices? To check, examine and evaluate these processes is auditing. the
examination or inspection of various books of accounts by an auditor followed by
physical checking of inventory to make sure that all departments are following
documented system of recording transactions.
There are 9 types of audit:
1. Internal audit
2. External audit
3. IRS (Internal Revenue Service) tax audit
4. Financial audit
5. Operational audit
6. Compliance audit
7. Payroll audit
8. Pay audit
9. Information System audit/IT audit.

If organization has an IT environment then this financial data flows through IT network.

IT audit is examining and evaluating the organization’s internal information,

technology infrastructure, policies, regulations, and operational functions. Thorough
examination with the use of IT audit allows assessment of system’s internal controls
and provides assurance that statements are error-free and reliable.
Effective use of IT audit help auditors in determining the business assets, data to be
efficiently aligned with the overall terms and goals of the business in terms of CIA
(confidentiality, integrity, and availability).

For organizations to get ahead with competitors in today’s market, investing in

Information Technology (IT) ensures speedy data availability and confidentiality. But
external and internal threats are increasing every day and IT system can be exposed to
multiple threats, thus the reason for an IT audit. IT audit is a process wherein auditor
evaluates and examines the organization’s IT infrastructure, policies, and operation. It
covers a wide range of software applications, security systems, and operating systems.
An IT audit is essential to ensure that your system is not vulnerable to any attacks, and
if the system is accurate, reliable, and timely.

IT Audit Process
The auditing process involves the following steps:

1. Planning

During this step, preliminary assessment and collecting of information are done to
determine the following:

 Operating environment
 The criticality of the IT system
  Organization’s structure
 Software and Hardware in use

The following information gathered by the IT auditor will be used to identify the
existing and potential issues, formulate a plan and objective, and define the scope of
work.

2. Defining objective and scope

The objective of your IT audit process should cover all aspects of your IT, from
infrastructure, system, development process, and procedure, including all the security
factors such as passwords, firewall, user rights, and physical security.

The scope, however, should include the extent of the assessment, duration of the
audit, the locations, and the different areas to be covered.

3. Collection and evaluation

The collected evidence should be substantial and relevant to support the auditor’s
conclusion regarding the organization, activity, and function under the audit. Before
data collection, auditors should have a good understanding of the process and method
chosen.

Types of Audit Evidence:

 Documentary audit evidence

 Analysis
 Process and existence of physical items

4. Documentation and Reporting

It is essential to document all the audit evidence inclusive of the audit basis, executed
operations, and contain planning and preparation of the audit. The report should be
complete with objectives, scope, findings, conclusions, and recommendations.

Due diligence… due care Microsoft dynamic

Business continuity plan audit

A business continuity plan audit is a formalized method for evaluating how business
continuity processes are being managed. The goal of an audit is to determine whether
the plan is effective and in line with the organization's objectives.

A business continuity plan (BCP) audit can be performed internally or with the
assistance of a third-party audit firm. Audit objectivity is critical to reviewing and
updating the plan, so an outside firm might seem preferable, but an internal audit team
offers a deeper familiarity with the business continuity planning process. It's up to
each organization to determine whether an internal or external audit is the right
choice.

A BCP audit should support corporate resiliency efforts and critical business
functions. An internal BCP audit defines the risks or threats to the success of the plan
and tests the controls in place to determine if those risks are acceptable. An audit
should also quantify the effect of weaknesses of the plan and offer recommendations
for business continuity plan improvements.

Business continuity audits benefit from a structured audit framework such as those
outlined in the British Standards Institution's BS 25999 or the International
Organization of Standardization's ISO 22301. Auditing a business continuity plan and
its documentation against an established benchmark ensures that it's consistent with
industry practices and controls.

BCP audit objectives

The primary objectives of a business continuity plan are to limit downtime during a
business interruption, protect personnel in the event of a disaster, minimize financial
losses due to a disruptive incident and restore critical business functions and
infrastructure following an incident.

With a BCP audit, the main goal is to ensure that the plan is up to completing these
critical tasks. Corporate resiliency efforts vary, based on the organization's objectives
and requirements, so the audit team must take those requirements into account.
However, there are some general goals to aim for with an audit.

A BCP audit should validate an organization's business continuity plan and ensure
that all moving parts are working correctly. An audit should examine the performance
of activities in the plan and ensure that the business continuity and disaster recovery
(BC/DR) processes meet organizational standards. It should also call to attention any
maintenance or updates that should be performed, if there are any clear gaps.

Benefits of a BCP audit

Although an organization can try to mitigate and avoid potential risks, the size and
scope of potential threats such as cyberattacks and natural disasters are often
unpredictable. The more preparation and planning an organization can do, the better.
Business continuity management efforts are bolstered by performing an audit, which
gives feedback as to what is working in the plan and what needs improvement.

A comprehensive BCP audit provides objective feedback that can improve a business
continuity plan with actionable changes and updates. Reviewed against both general
industry best practices and the expectations of management, a business continuity
plan's sufficiency and success can be determined with a thorough audit.

When it comes to BC/DR, a general rule of thumb is the more testing, the better.
Technology and threats are constantly changing and auditing a business continuity
plan is one more step to take to ensure that a plan is up to date and won't flop when
faced with disaster.
Considerations

There are some key elements to consider with a BCP audit:

 Scope: Does your audit cover both business continuity and disaster recovery plans? Are all
mission-critical systems covered in the plan, or are there specific systems that are going to be
checked? Ideally, a business continuity plan involves all aspects of an organization, even its
reputation. However, it's likely that with most organizations, certain areas take precedence
depending on the industry or threats that have the biggest effect. Know what the business
continuity plan encompasses and covers when preparing an audit.
 Management: Along with knowing who is involved in the business continuity plan, ensure
that roles and responsibilities are clearly defined. Who is held accountable for the success or
failure of the plan? Who needs to be involved with developing, training and testing? This is an
area that an organization should periodically revisit, as responsibilities might change over
time.
 Accuracy: When performing an audit, the team should be clear about the requirements of the
business continuity plan. Reports such as a business impact analysis (BIA) and risk
assessment should be up to date and on hand. If the plan must meet any compliance standards,
those parameters must be included in the audit. Along with accuracy, BCP audit objectivity is
critical. The audit must present unbiased results, especially if it's performed internally.
 Maintenance: Business continuity planning isn't a one-and-done procedure, it's an ongoing
process. The business continuity plan and, by association, the BCP audit, must be updated as
frequently as the organization undergoes changes. Annual updating might be the rule of thumb
for some organizations, but frequency can differ. If the company changes hardware or
software, or staffing or location, these can all affect a business continuity plan. To maintain
the integrity of the plan and the audit, they must be updated regularly to reflect changes.
 Confidentiality: Although it's important to keep required personnel informed about BC/DR
planning, company vulnerabilities shouldn't be made readily available outside the
organization. As cyberattacks increase and information security becomes a critical concern,
the results of a BCP audit should be adequately protected.

A successful BC plan audit includes five key elements.

Creating a BCP audit

A business continuity audit can be as simple or as complex as an organization wants it

to be. One organization might just be interested in reviewing and testing a BC/DR
plan and checking in with the team involved to see if the plan has any notable flaws or
needs updates. The following 10 steps can serve as a solid starting point for building a
business continuity plan audit suited to a specific organization:

1. Prepare the audit plan. This includes outlining the scope, approach and schedule of the BCP
audit.
2. Review and summarize documentation information for the audit, such as BC/DR plans, BIAs,
risk assessments and emergency communications plans. If gaps in this documentation exist,
update the information as needed.
3. Review and apply relevant standards, regulations, legislation and good practice documents to
validate preliminary findings and prepare audit paperwork.
4. Identify audit controls and prepare work papers that reflect established business continuity
metrics defined by standards groups, regulators and legislators.
5. Conduct business continuity audit interviews with relevant personnel across the organization.
6. Following audit interviews and discovery, prepare a draft audit opinion report for discussion
with interested parties in your organization.
7. Complete a final audit report and communicate the findings to relevant personnel. These
findings can include interview results, documentation notes and recommended actions to
improve the business continuity plan.
8. Complete an action plan and time frame to remediate the BCP according to your audit
findings.
9. Ensure that the action plan is implemented in the set time frame.
10. Schedule the next BCP audit.

A comprehensive BCP audit provides objective feedback that can improve a business continuity
plan with actionable changes and updates. Reviewed against both general industry best practices and
the expectations of management, a business continuity plan's sufficiency and success can be
determined with a thorough audit.

1. Use a web browser to view the My Oracle Support website:

https://support.oracle.com

2. Log in to My Oracle Support website.

Note:

If you are not a My Oracle Support registered user, then click Register for My Oracle Support
and register.

3. On the main My Oracle Support page, click Patches & Updates.

4. In the Patch Search region, select Product or Family (Advanced).
5. On the Product or Family (Advanced) display, provide information about the product, release,
and platform for which you want to obtain patches, and click Search.

The Patch Search pane opens, displaying the results of your search.

6. Select the patch number and click ReadMe.

The README page is displayed. It contains information about the patch and
how to apply the patches to your installation.
 7. Uncompress the Oracle patch updates that you downloaded from My Oracle Support.

RHEL 9 boots into emergency mode with error: "Failed to switch

root : Specified switch root path '/sysroot' does not seem to be
an OS tree. os-release file is missing."
Solution Verified - Updated August 9 2022 at 7:21 PM -

English

Issue
 When RHEL 9 is upgraded to latest kernel version after provisioned with kickstart file, it
boots into emergency mode displaying below message:

Raw
Failed to switch root : Specified switch root path '/sysroot' does
not seem to be an OS tree. os-release file is missing.
initrd-switch-root.service: Main process exited, code=exited,
status=1/FAILURE
initrd-switch-root.service: Failed with result 'exit-code'.
Failed to start Switch Root.