The Use of Vulnerability Assessments and Penetration Testing by the Major Audit Firms in Malta

A Dissertation in the Faculty of Economics, Management and Accountancy

Submitted in partial fulfilment of the requirements for the Degree of Bachelor of Accountancy (Hons) at the University of Malta

Today’s Information Technology environment exposes an immeasurable challenge to society as a whole due to the continuous changes it brings about. Notwithstanding the benefits reaped from Information Technology, organizations are faced with numerous risks and threats targeting their assets which could possibly even lead them to bankruptcy. Hence, this study is directed towards identifying organizations` weaknesses and preventing such illegalities from occurring by means of implementing specific techniques.

This dissertation analyses the local use of vulnerability assessments and penetration testing in conducting the statutory audit, as well as when such techniques are offered as part of the major local audit firms` advisory services portfolio. The objective of this study is achieved through a series of semi-structured interviews with the major audit firms in Malta, based on a thorough literature review, in order to find out how and to what extent such tools are implemented, and reveal the ways in which the various parties involved respond to such services.

The study shows that although local audit firms implement such assessments and tests for their IT-dominated clients, some organizations do not fully appreciate the benefits they would achieve had they to make better use of such tools, thus they are reluctant in implementing them to their full potential. Hence, this study draws attention to certain matters and provides recommendations in order to overcome any hindrance in the implementation of such techniques.

Full dissertation available upon request