{br} STUCK with your assignment? {br} When is it due? {br} Get FREE assistance. Page Title: {title}{br} Page URL: {url}
UK: +44 748 007-0908, USA: +1 917 810-5386 [email protected]
    1. QUESTION

    PLEASE SEE ATTACHED PRIOR PROJECT CASE STUDIES
    MASTER LEVEL PLEASE

    IT Assurance Findings and Recommendations
    This week, you will complete your final project. You will narrow down your IT audit to a targeted scope. You will use the three-phase model of IT assurance to synthesize your IT audit for your selected case study. This week, to conclude your final project, use the three-phase model of the IT assurance initiative and build an IT assurance initiative by performing the following tasks:

    Identify potential IT-related issues based on documented assumptions and your evaluation of your case study in Week 1 through Week 4.
    Scope the IT assurance initiative based on the subset of the organizational system that should be targeted.
    State relevant enablers and suitable assessment criteria to perform the assessment of pertinent domains, processes, and controls.
    Integrate the totality of your work from Week 1 through Week 4 and report the results of your assessment, including your findings and recommendations.
    Submission Details:
    Create your report in approximately 10 pages in a Microsoft Word document and save it as W5_A3_LastName_FirstInitial.

 

Subject Computer Technology Pages 20 Style APA

Answer

     IT/IS Audit Report on the Findings and Recommendations Given

IT Assurance involves acts of protecting and managing Information Systems against risks related to the use, storage and transmission of data and information systems. These systems have various components that make them functional (Class, 2015). There are several functions that are assured for data and the IT systems: data integrity – which ensures authorized access and modification of system data, availability – that ensures that information is made ready for those authorized to read it and at correct authorization levels, authentication – which ensures that users are correctly identified before accessing the system, confidentiality – which limits access and plan restrictions on information and finally non repudiation which ensures that someone can mot deny action they have done in an IT system. IT systems are prone to security violations and failures that are caused by errors and vulnerabilities. These are caused by rapidly changing technologies, human errors, poor and incorrect specifications of requirements among others. This brings about the need for IT Assurance which is determined by the evidence that is produced by the assessment process of an entity. This report summarizes the findings and recommendations of the report results from week 1 through week 4. This will be done in sections using a three phase model of IT assurance.

Potential IT-Related Issues Based on Documented Assumptions

Several issues have been brought out which relate to IT basing on the provided documentation. Massachusetts Institute of Technology (MIT) has a comprehensive Information Systems and Technology (IS&T) which forms the basis for all its operation and business strategies. This enables the IS&T to support and align itself to the enterprise goal because it plays a pillar role in the creation of value. It is through IS&T that the stakeholders can Cascade the enterprise goals (Gardner & Dana, 2012). MIT maps the university goals. Despite this, there are several IT related issues that may require more improvement. IT auditing being one of the critical areas, it works to identify weaknesses and loopholes in technology identification and acquisition, implementation and operation (Worstell, 2013). From the sample results of the survey of IS&T audit, there are some partial-adherent and non-adherent findings which will require improvement to ensure high quality. These issues include reputation, believability, relevancy, and completeness, amount of information, concise representation and understandability. The last two have very low adherence in all the audit processes. There also arises the issue of restricted access which should not be an issue during auditing. (Antonio & Manotti, 2016).

Another issue arises when it comes to IS&T Lifecycle. There are areas that require more attention including brand awareness and service satisfaction, system process improvement, quality optimization, and capacity utilization and revenue sources. These are the areas that require more attention to ensure there is consistency throughout the IS&T lifecycle.

Internal controls involves evaluation of an internal control of system management, therefore, focuses on certain and specific operation and control measures tendered on service management (Pathak, 2005). In terms of internal controls evaluation, there are several issues that can be improved as seen from the evaluation of internal control for service management. Considering the internal controls, integrity commitment, competence, auditing committees, organizational structures and human resource management are all better. There are some areas that may require improvement which include client management and auditor risk assessments. Control activities including physical control over assets and records and independent checks on performance should be improved. Maintenance of internal audits independence, and high level reporting to higher authority are also areas that require improvement.

The Scope of IT Assurance Initiative Based on the Targeted Organizational System

The three targeted systems as from the previous section above are IT Auditing, IT&S lifecycle and the internal controls evaluation areas.

With regard to the scope of IT auditing, there are various key stakeholders that can be identified including the chief information officer who directly collaborates with chief technology officer, then we have the IS&T planning and management team. There are several objectives of IT auditing which include extracting and analyzing data regarding various plans which are preliminary, implementation and current project operation plans. Revision of financial reports that include development and acquisition of equipment is also a key objective. Current budget analysis and report of any over expenditures are checked. The software licenses and privacy issues are also addressed during the auditing process among other objectives (John, 2015). They may include security features of the IS&T system like restriction on access, and the availability of the information or data (Lorsch et al., 2019). 

Focusing on IS&T lifecycle processes, there are various stakeholders involved. They include: the vice president IS&T, senior director, director, enabling services director, business operations director and the purchasing agent for the project. This process has various objectives which are achieved through five main phases. These phases include development of the project charter. The project charter outlines the function of the project, the organizational structure of the current project and the strategies put in place to make a successful implementation of the project. It thus describes the project vision, mission scope, objectives and deliverables. All stakeholders are also listed in the project charter with their roles (Massachusetts Institute of Technology, 2013). The second phase (planning) has three main objectives which include project scope statement, work breakdown structure, and Gantt chart. It also involves the use of Key Performance indicators (KPIs) to determine if the project is on the right trajectory (Mohammed, 2009).  The third phase objective includes making forecasts on the project, taking project status, and making project tracking. The fourth phase involves three main objectives which are activity tracking, goal tracking and budget tracking. The final phase covers project analysis and project reports (Berman, 2014).

The last organizational system is the internal controls evaluation. This area has three main objectives that include service management, system management and operations management. Additionally, it is also focused at the achievement of objectives in one or more separate but related domains of organizational operations. Service management involves adoption of a process approach towards management and focuses on the needs and expectations of the customers. It relies on the policies and procedures of the organization whereby it is characterized by the adoption of a process approach towards management of IS&T and thus focusing on customer needs, expectation and IS&T services for customers rather than IS&T systems, and stressing consistent and progressive improvement. System management deals with running of IT systems in an organization’s database which should be effective. It is also useful in hybrid environment where overseeing of the design and day-to-day operations of the data base, as well as the integration of third-party cloud services are key. It is, therefore, an enterprise-wide administration of disseminated systems including IS&T systems (Worstell, 2013). Operations management involves dispensation of practices which create the highest possible levels of efficiency (Changchit & Holsapple, 2004).

 

 

Relevant Enablers and Suitable Assessment Criteria to Perform the Assessment of Pertinent Domains, Processes, and Controls.

IS&T auditing has the following enablers: objectivity, believability, reputation, relevancy, completeness, and currency, amount of information, concise representation, consistent representation, interoperability, understandability, manipulation, availability and restricted access. All these have different relevancy levels as shown in the figure 1 below. They are grouped in to sub dimension and goals.

Figure 1: Sample of a result from a survey of IS&T audit, (Antonio & Manotti, 2016)

IS&T lifecycle processes enablers can be obtained from the various phases which include but not limited to: The balanced score card – which shows the clarified strategy for MIT and thus communicating the businesses top strategic priorities is shown in table 1 below. Principally, the strategic framework is divided into 4 perspectives that are key to business. They are financial, customer, internal process and growth and learning.

Table 1. Balanced Scorecard of MIT

Balanced Scorecard Metrics

Relevancy

Score

Financial Perspective

Cost Saving

High

 

Profit Margin/Sustainability

Average

 

Revenue Sources

High

Customer Perspective

Service and Satisfaction

High

 

Market Share

Very High

 

Brand Awareness

Very High

Internal Process perspective

Process improvements

High

 

Quality optimization

High

 

Capacity utilization

High

Learning and Growth perspective

Human Capital

Very High

 

Information Capital

Very High

 

Organizational Capital

Very High

 

We also have the process RACI Matrix which gives a visual representation of all the key people who were involved in a process and their role in the process. The Responsible Accountable, Consulted and Informed (Fagan, 2018) is shown in the table 2 below.

Table 2: RACI Chart for MIT IS&T System Lifecycle process

Maintenance Planning RACI Model

 

 

Process

Vice President IS&T

Sr. Director

Director

Enabling Services Director

Business Operations Director

Purchasing Agent

Development of Project Template

Development of project plan

Development of Library of info for planning

Keeping of Prints Updated and secure

Stage Kitted Parts

Order Parts

 

 

               Responsible,               Accountable                 Informed                 Consulted

 

 

Internal controls have enablers categorized as issues under table 3 below details the evaluation of the internal control in MIT. It covers both of the three dimensions mentioned earlier. The enablers include Software inventory and Installation, Hardware inventories, Sever Availability and accessibility, User Activity Monitoring, Capacity Monitoring, Security, anti-manipulation management, Storage management and Anti-Virus and Malware Management.

Table 3: Evaluation Results of Internal Control for Service Management Results as from Previous Report (Week 4)

 

Evaluation of operation of service management like Processes of event management, Incident management, Request fulfilment, Problem management, and Access management

Scores of Evaluation on a scale of 6 -10 where

10 = Excellent, 9 = Very Good

 8 = Good  7=  Averagely good

Components of Internal Control

 

Legend

Internal Environment

 

·         High integrity and ethical values

·         Commitment & Competence

·         Board of directors and audit Committees in place

·         Management philosophy, and operating style

·         Organizational Structure,

·         Assignment of authority and responsibility

·         Human resource policies and practices

 

                       Excellent

 

 

 

                        Very Good

 

 

 

                         Good

 

 

 

 

                          Average

Risk Assessment

  • Client Management’s Risk Assessment
  • Auditor Risk Assessment

 

Information & Communication

·         Complex system that includes carefully defined responsibilities and written procedures. 

 

 

Control Activities

·         Adequate segregation of duties

·         Proper authorization of transactions and activities

·         Adequate documents and records

·         Physical control over assets and records

·         Independent checks on performance

Monitoring

·         An internal audit department is essential for effective monitoring.

·         Maintenance internal audit independence, and high level reporting to higher authority.

 

 

 

Table 4: Evaluation Results of Internal Control of Systems Management from Week 4 Work

 

Overall Rating

 

Issues under focus

Reasonable/ Effective Controls Exits

Opportunity for improvements

Critical Lack of Control

Comments

Software inventory and Installation

 

 

Need to be matched to technological advancements

Hardware inventories

 

 

 

Sever Availability and accessibility

 

Speed need to be improved in all areas

User Activity Monitoring

 

 

Need to be established immediately

Capacity Monitoring

 

Should be balanced with demand

Security, anti-manipulation management

 

Need to be optimized and cyber crime

Storage management

 

 

Need to optimized

Anti-Virus and Malware Management

 

Need a lot of care and precaution.

 

 

 

Table 5: Evaluation Results of Internal Control of Operations Management as from Week 4 Work.

Capacity Monitoring

 

Should be balanced with demand

Innovation and Creativity

 

Need to be optimized and cyber crime

Platforms and systems Integration

 

 

Need to optimized

Services and Process coordination

 

Need a lot of care and precaution.

Community Partnership

 

A larger scale collaboration with the community should be established

Infrastructure Operation

 

 

Further improvement is needed

Business Operation

 

MIT should focus on a wider scope of service provision to its community

The general conclusion that from this report is that most of the internal control met their efficiency and effectiveness.

A Balanced Scorecard Metrics was produced from these findings which is represented in table 6 below.

Table 6. Balanced Scorecard Metrics from Week 4 Work.

Balanced Scorecard Metrics

Relevancy

Score

Evaluation of Internal Controls for Services Management

 

Internal Environment

High

Risk Assessment

Average

Information and Communication

High

Control Activities

High

Monitoring

Very High

Evaluation of Internal Controls for Systems Management

 

Software inventory and Installation

Very High

Hardware inventories

High

Sever Availability and accessibility

High

User Activity Monitoring

Average

Capacity Monitoring

Very High

Security, anti-manipulation management

Very High

 

Overall Rating

 

Issues under focus

Reasonable/ Effective Controls Exits

Opportunity for improvements

Critical Lack of Control

Recommendation

Capacity Management

 

 

Need to be matched to technological advancements

Quality Management

 

 

Maximum attention should be given to value of service

Demand Management

 

Speed need to be improved in all areas

Community Need Management

 

 

Need to be established immediately

down

 

Storage management

Very High

Evaluation of Internal Controls for Operations Management

 

Capacity Management

Very High

Quality Management

High

Demand Management

High

Community Need Management

Very High

sides,

 

Capacity Monitoring

Average

Innovation and Creativity

Very High

Platforms and systems Integration

High

Services and Process coordination

High

hen

 

Community Partnership

Average

Infrastructure Operation

Very High

Business Operation

Average

 

Results and Conclusion

Through this summary, potential IT-related issues collected throughout the case study of week 1 to week 4 were identified. The Scope of the IT assurance initiative based on the areas selected was covered. These areas are IS&T auditing, IS&T lifecycle processes and issues and internal controls issues. We then defined the various enablers of each of the mentioned processes and highlighted some of the suitable criteria that were used to assess these areas. This provided the summary of the work from week 1 to week 4 briefly.

From the results, a few things can be concluded. Evaluation of internal controls is very essential to management of IS&T in that it ensures that laid down procedures, regulations and laws are observed. This has also revealed that the internal controls of MIT organization are under good performance. Despite this, there is small improvement work that is needed in a few areas of service management, system management and operation management.

With regard to the IS&T lifecycle processes, it can be concluded that it does not vary from other products except for its domain. The domain differs on the size of the organization, the degree of atomization and the adoption of information technology. By rolling out the project in all the stages (initial process, planning, execution, performance monitoring and closure) the project implementation becomes efficient and effective.

IS&T audit is essential in this period of rapidly advancing technological improvements. Most of the functions performed by the management and administration have been moved to Decision Management Systems and Management Information Systems that are computerized. This makes most of the business information to be controlled by IS&T. Vulnerability of these systems to cyber-attacks is one of the major reasons that calls for regular audit checks and security optimization. Therefore, IS&T auditing is an essential and intrinsic requirement to IS&T (Information System and Technologies) system.ce facilitating an effective engagement process.

References

Antonio Felipe da Silva, and Alessandro Manotti. (2016). Using COBIT 5: Enabling Information to Perform an Information Quality Assessment. ICASA. Retrieved from http://www.isaca.org/COBIT/focus/Pages/using-cobit-5-enabling-information-to-perform-an-information-quality-assessment.aspx

Berman, P. K. (2014). Successful Business Process Management: What You Need to Know to Get Results. New York: AMACOM

Changchit, C., & Holsapple, C. W. (2004). The development of an expert system for managerial evaluation of internal controls. Intelligent Systems in Accounting, Finance & Management12(2), 103–120. 

Class Notes. (2015). MIT Technology Review118(3), 26–58.

Fagan Brad. (2018). Using a RACI Matrix Template for Business Process Improvement. Triaster 02/05/18 13:17. Accessed April 10, 2019, from https://blog.triaster.co.uk/blog/raci-matrix-template-for-business-process-improvement

Fundamental Concepts of IT Security Assurance. (2012). ISACA: Haris Hamidovic

Gardner, Dana. (2012) “Enterprise Architecture and Transformation at the Crossroads”. E-Commerce News. ECT News Network, Inc.

Graham, L. (2008). Internal Controls: Guidance for Private, Government, and Nonprofit Entities. Hoboken, N.J.: Wiley.

Gupta, P. P. (2008). Management’s evaluation of internal controls under Section 404(a) using the COSO 1992 control framework: Evidence from practice. International Journal of Disclosure & Governance5(1), 48–68.

Information Systems & Technology. (2014). Ipswich, Massachusetts: Salem Press.

Li, C., Peters, G. F., Richardson, V. J., & Weidenmier Watson, M. (2012). The Consequences of Information Technology Control Weaknesses on Management Information Systems: The Case of Sarbanes-Oxley Internal Control Reports. MIS Quarterly36(1), 179–204.

John, S. P. (2015). The integration of information technology in higher education: A study of faculty’s attitude towards IT adoption in the teaching process. Contaduría y Administración60(Supplement 1), 230–252.

Lorsch, J. W., Howard, J., & Kim, A. (2019). Shaping Your Board for Cybersecurity. Corporate Board, (234), 7

Massachusetts Institute of Technology Reports to the President. (2013). Information Services and Technology, Accessed April 10, 2019 from http://web.mit.edu/annualreports/pres13/2013.22.04.pdf

Massachusetts Institute of Technology. (2012). MIT Faculty News Letter. MIT. Vol. XXIV No. 5 May/June 2012.

Mohammed, T. A. (2009). A critical investigation of the implementation of an information technology service management project in a UK higher education institution

Pathak, J. (2005). Risk management, internal controls and organizational vulnerabilities. Managerial Auditing Journal, (6), 569

What is information assurance? – Definition from WhatIs.com. (n.d.). Retrieved April 27, 2019, from https://searchcompliance.techtarget.com/definition/information-assurance

Worstell, K. F. (2013). Governance and Internal Controls for Cutting Edge IT. Ely: IT Governance Publishing

 

 

 

 

 

Appendix

Appendix A:

Communication Plan for an Inpatient Unit to Evaluate the Impact of Transformational Leadership Style Compared to Other Leader Styles such as Bureaucratic and Laissez-Faire Leadership in Nurse Engagement, Retention, and Team Member Satisfaction Over the Course of One Year

Related Samples

WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, how can I help?