CIS_558_Week_10_Term_Paper_Managing_an_IT_Infrastructure_Audit.docx
docx
keyboard_arrow_up
School
University of Nairobi *
*We aren’t endorsed by this school
Course
1085
Subject
Computer Science
Date
Nov 24, 2024
Type
docx
Pages
19
Uploaded by AdmiralSardineMaster445
Running Head: CIS 558 Week 10 Term Paper Managing an IT Infrastructure Audit
1
[CIS 558 Week 10 Term Paper Managing an IT Infrastructure
Audit] [Student’s Name]
[Instructor’s Name]
[Course Code]
[Date]
2
CIS 558 Week 10 Term Paper Managing an IT Infrastructure Audit
Managing an IT Infrastructure
Audit Section 1: Internal IT Audit
Policy
Mission Statement
The target of internal audit policy of Bochum market place is to provide objective and
independent reviews over the business activities, its operations, financial arena and internal
accounting control of the national retailer with 268 stores nationwide. As a result of risk
identification and assessment process the internal audit policy will accomplish its target by the
functioning of operational financial and performance audit. As a result the schedule of audit is
reviewed and accepted by board of director and CEO of Bochum market place.
Scope
The scope of internal audit will revolve around the examination and analyzing the
adequacy and effectiveness of organization’s internal control and ensuring quality performance
in carrying out the given task. While carrying this mission the internal audit team will be using
orderly and restrained methodology to assess and improve their reliability of internal records.
Developing and maintaining an exhaustive internal audit plan is positively related to book
keeping strategies and systems which will in the end lead to organization’s goal (Norman Marks,
2007). The most important priority is to develop and keep an eye on the quality confirmation
systems to analyze the performance of internal audit team and its operations. Such projects need
to incorporate a number of themes that are: work paper arrangement audit testing work paper
survey report readiness and audit report correspondence and issuance and maintaining record.
Goals and objectives
•
Perform audit and file the finding to CEO to help organization the highest effectiveness
and effectively with respect.
•
Promote compliance and laws, policies, regulation, rules and procedures through review
and deep analyzing of the company’s activities and services.
The overall mission of this internal audit is to help all the members of the management in
the effective discharge of their responsibilities and moreover with objective analysis,
appraisals, recommendations and few comments as per the activities reviewed (Ahmad
Feizizadeh, 2012). The internal audit department will conduct independent surveys and
concluding organization’s method and work in the following areas:
•
Promote the use of internal control system
•
Enhance operational effectiveness
•
Advance contract compliance
•
Optimize values received from various sources
•
Increase knowledge and abilities of the staff
•
Keep an eye on current affairs and trends affecting government
Compliance with applicable laws and regulations
Every audit done by Albeit is remarkable, the audit policy is very competitive and
revolve around nine stages. Through these stages our internal audit team will make sure to
minimize risk and build efficient zones. Customers and suppliers will be dealt in one of the nine
stages. The audit will see how to manage time and decide measures to reinvest time from
region’s work force ordinary schedule. One of the key target to achieve is reducing and
abstaining from time wasting on going activities (Marc Ackerman, 2009).
Management oversight and responsibility
The internal audit capacity was created at the say of board of directors and they are to
determine their powers officially to the CEO. Official reporting of internal audit department is to
CEO and practically to the audit committee. The extent of internal audit is up to the limit that is
given by the CEO. The board of directors provide advice guide and analyze the senior
management. The board of directors should include in their activities:
1.
Periodic meeting to discuss the effectiveness of internal audit team
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
2.
Often reviews and evaluation of internal audit control should be done which is provided
by management, internal auditors and external auditors.
3.
Periodic actions to make sure that management has correctly followed up on advices and
concerns shown by auditors and supervisory teams on internal control weaknesses.
Areas covered in the IT audits
The main task of internal audit team will support organisation achieve its objectives is by
consistent audits of operations as shown below. Nevertheless internal audit also incorporate a
number of ventures that are unusual and interviews conducted by CEO and myself that actually
lies in the scope of internal audit working capacity.
Frequency of the audits
The New ISOC 9001:2015 clause 9.2 stated that “Internal audits must still be conducted
at planned intervals to see if the quality management system conforms to the organization’s own
requirements and those of the ISO 9001 standard”
(
Ray Tricker, 2016) when establishing an
audit program a frequency will be chosen for this organization, it will be based on what projects
we will be doing and the requirements of the said projects.
Reference
Marks, N. (2007). Internal audits of governance: assessing organizational governance can be
complicated and may involve political risk, but it should still be given strong
consideration in the audit plan.
Internal Auditor
,
64
(6), 31-33. Retrieved from:
http://go.galegroup.com/ps/anonymous?id=GALE%7CA172637270&sid=googleSchola
&v=2.1&it=r&linkaccess=fulltext&issn=00205745&p=AONE&sw=w&authCount=1&i
AnonymousEntry=true
Feizizadeh, A. (2012). Strengthening internal audit effectiveness.
Indian Journal of Science and
Technology
,
5
(5), 2777-2778. Retrieved from:
http://www.indjst.org/index.php/indjst/article/view/30462
Ackerman, M., Rucker, B., Wells, A., Wilson, J., & Wittmann, R. (2009). IT Strategic Audit
Plan.
Journal of Technology Research
,
1
, 1. Retrieved from:
http://www.aabri.com/manuscripts/09163.pdf
Tricker, R. (2016).
ISO 9001: 2015 Audit Procedures
. Routledge. Retrieved from:
https://books.google.com.pk/books?hl=en&lr=&id=fE6TDAAAQBAJ&oi=fnd&pg=PP
&dq=The+New+ISO+9001:2015+clause+9.2+stated+that+%E2%80%9CInternal+audit
+must+still+be+conducted+at+planned+intervals+to+see+if+the+quality+management+
ystem+conforms+to+the+organization%E2%80%99s+own+requirements+and+those+o
+the+ISO+9001+standard&ots=2jO_mULsmq&sig=Bm99jdwySn_Tzu3FIxJMt
nPDi8#v=onepage&q&f=false
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Section 2: Management Plan
Introduction
IT Governance and Strategy is very important to a successful Venture. Bochum
Marketplace seniors must apply governance plans and tactics, as well as accompanying rules and
procedures, to enable the company to capture its strategic vision, support audit requirements,
manage risk, and practically show responsible financial management (Fred R. David, 2011).
Keeping in mind that Audits are opportunities for companies to enhance and grow, based on
auditor’s judgment and advice.
Risk management
Over the past few years, the increasing need for corporate administration to correctly
measure the risk their organization faced has been widely known and acknowledged. Program
Managers are under the consistent weight to analyze their key business risks and to deal with
those dangers at a comforting level. As organizations are moving to unite the major risks
assessments into a heavily loaded, companywide practice called enterprise risk management
(ERM). In spite of the fact that ERM is necessary to agreeability with Sarbanes- Oxley (SOX)
and Basel II, the administrative order for strong danger administration polishes goes past
budgetary administration acts. Creating protection and making security as priority among the
customers, organizations, media, and chose authorities, have shown the joining of danger
administration best practices into new rules and regulations that projects higher working,
security, protection, and information administration models for associations. Industry best
practices of late are one by one supported with lawful requests to guarantee that associations'
administration, internal controls, system base, business methods, and operations are save, sound,
and secure. Furthermore new laws and regulations direct (like never before) organization’s
representation, and safely face the outer world for example raw material suppliers, merchants
and agents.
System Software and Applications
In order to ensure efficiency and cost effectiveness it’s important to implement ERP
systems or upgrade the as it will lead to automation of key business processes. The internal audit
team will assure that system applications which are in use provide wide range of functions that
will fulfill our business requirements across all the stores around the country. These difficulties,
as well as the difficulties that will arouse by implementing and integrating these applications into
company’s existing work environment will require capabilities, skills, abilities , management ,
resources and leadership from business ensuring much more halts to achieve success. In order to
achieve division of responsibilities it’s better to keep the control and maintenance of system
software separate with that of application (John R. Kuhn, 2010).
Wireless networking
In order to achieve objectives of internal audit it’s better to conduct reviews of wireless
networking. After analyzing the security procedures I will than use my primary findings to get a
detailed analysis and testing the whole network The bottom-line here is that conducting Wireless
network surveys, or audits, are essentially similar to their "fixed network" equivalent in their
goal: it will revolve around two aspects marking out issues and setting up a bench mark for any
future to be held and measured.
Cloud Computing
The implementation of cloud computing will surely have its impact on the infrastructure
of Bochum market place IT but surely it does not stop over there. Beyond IT implication this will
affect the important business operational areas such as security privacy vendors and suppliers’
management as well as tax compliance. The directors must extend their vision through CEO and
must watch beyond the existing IT risk in order to develop tactics to minimize risk such as
virtualization and many other that will be coming by the implementation of cloud computing.
Cyber Security and Privacy Services
Cybercrimes and privacy services has emerged greatly and a sense of eagerness is found
by the companies they fought through globalization and economic ups and downs. Thus in order
to achieve this our organization must come forward and find better ways to tackle the existing
and any new threats that can surely be achieved by innovating the current methods used by the
company to face cyber issues. This will be achieved by ignoring traditional ways and
implementing the new and innovative systems which will assure that every information of the
company is secured (Jing Liu, 2012). Furthermore the IT department must assure that they keep
an eye on existing threats and workout to minimize them as well as take measures to analyze the
performance and measures used to minimize risk and dangers to the organization’s work.
Business Continuity Plan versus Disaster Recovery Plan
Disaster recovery and business continuity planning are processes that help organizations
prepare for disruptive events (Gavin P. Smith, 2007). BCP can be defined as the steps taken to
ensure the operation of key business areas in the state of disaster or after. In order to keep
business flowing disaster recovery plans are made which are tactical plans for certain areas of the
business to allow them to recover from a certain business application. It’s better to plan in two
ways one to ensure full business flow and other to deal with incidents to ensure full capacity
production at all levels this will not increase productivity but will surely help.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Network security
System security coordinator or network security administrator is the one who handles all
that comes under network security. These are the people who implement security policies,
network software and hardware to assure that unauthorized networks are not getting into the
network and also to make sure that every employee has adequate reach to information and
resources at work (William Stallings, 2014).
Two broad categories of information will be looked in here. The first is the static data
which will look over password rules, encryptions as well as protocol and firewall definitions and
all the aspects alongside. The second category will look into all the past activities that have taken
place. Initially using a checklist and with the help of your IT, HR and legal team you will be able
to work out a plan which will suit your specific environment.
References
David, F. R. (2011).
Strategic management: Concepts and cases
. Peaeson/Prentice Hall.
Retrieved from:
http://dspace.elib.ntt.edu.vn/dspace/bitstream/123456789/7604/1/Fred%20R.
%20David
Strategic%20Management,%2013th%20Edition%20%20%20%20
Prentice%20Hall
%20(2010).pdf
Kuhn Jr, J. R., & Sutton, S. G. (2010). Continuous auditing in ERP system environments: The
current state and future directions.
Journal of Information Systems
,
24
(1), 91-112.
Retrieved from:
http://www.aaajournals.org/doi/abs/10.2308/jis.2010.24.1.91?
code=aaan-site
Smith, G. P., & Wenger, D. (2007). Sustainable disaster recovery: Operationalizing an
existing agenda.
Handbook of disaster research
, 234-257. Retrieved from:
https://link.springer.com/chapter/10.1007%2F978-0-387-32353-4_14?LI=true
Stallings, W., & Tahiliani, M. P. (2014).
Cryptography and network security: principles and
practice
(Vol. 6). London: Pearson. Retrieved from:
http://bucket.daz.cat/9780133354690.pdf
Liu, J., Xiao, Y., Li, S., Liang, W., & Chen, C. P. (2012). Cyber security and privacy issues in
smart grids.
IEEE Communications Surveys & Tutorials
,
14
(4), 981-997. Retrieved from:
http://ieeexplore.ieee.org/abstract/document/6129371/
Section 3: Project Plan
Introduction
Corporations around the world have lost millions on worthless projects and then they are
hid from investors and management hence it’s another function which internal audit team will
undertake to reverse these losses to show a clear picture of company’s bottom line without being
unfair with anyone. Our project plan as listed below will guide both project execution as well as
project control for the various projects the organization will undertake.
Risk management
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Section 4: Disaster Recovery Plan
Introduction
Bochum market place is a national retailer in USA with a total of 268 branches across the
country with corporate office , management , employees , suppliers , vendors and customers who
are directly connected to Information technology infrastructure in order to complete their work in
the given time as well as it’s an important part of learning environment. Information technology
is considered as an integral part for the functioning of Bochum market place which require a
DRP that is a disaster recovery plan in order to assure quick and efficient recovery of operations
in the event of any form of disaster of any magnitude. Emergency council members handle all
the recovery work in case of disaster in Bochum national retailer as it is mentioned in its
emergency preparedness plan section 2. Their actions are watched by the emergency planning
team.
At this time Bochum Marketplace does not work on heavy servers which would decrease
potential business halt in the event of a disaster, nor does the organization run a redundant
“warm-site” or “hot-site” for urgent recovery of the Data Center. When more resources become
available this plan will be analyzed again and updated as per need. Program managers need to
demonstrate the organization’s readiness, build management confidence as well as trust, and,
most importantly, strengthen the organization’s disaster recovery capabilities (Khalid Saleem,
2008).
This disaster response and recovery plan is based on the following assumptions
:
•
Once the event is declared as disaster all the measures will be taken which are required to
be taken as per the disaster recovery plan for IT
•
The safety of employees and customers are prior to that of the safety and recovery of
software, hardware and all other recovery.
•
As per the magnitude of the disaster other stores are required to adjust their operations to
accommodate any change in system, computer availability or physical location until a full
recovery is assured (Wing S. Chow, 2009).
The content of this plan may be changed and substantial deviation may be required in the event
of unusual or unforeseen circumstances. These situations are to be determined by the specific
Disaster Recovery Teams under the guidance and approval of the CEO and Incident Command
Team.
Emergency Management Plan
A DRP should be updated and regulated consistently as organizations changes very often
these days.
The internal audit team will assure that a continuous change is done in the DRP and is
effective enough to be implemented in case of disaster (Claire B. Rubin, 2009). The crisis
management plan should be sound enough to assure that key business processes will be kept
running if a disaster happens in our corporate office or another stores. . On the other hand,
Executives and Senior Management will utilize the methods within this arrangement should a
crisis circumstance happen. Business resumption plan is also written as a side plan. The business
resumption plan consists of two important parts. The main part is for engineering in case of
disaster affecting the information preparing center (s). The second part is the business recovery
plan that will be implemented in case of down turn of business operations and special units in
case of disaster event. After the end of a disaster, the Crisis Management Team will perform an
evaluation of the circumstances and figure out whether there is a need to announce a crisis or
emergency and initiate the Crisis Management Plan. At that point when the arrangement is
enhanced, doled out administration faculty will be alarmed and steered to actuate their strategies.
Disaster Recovery Scenario
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
The disaster recovery scenario that will be deeply addressed and encompasses and loss of
access to computing system or data processing ability of network and systems (Suresh Kumar,
2009). Although loss of our stores has high probability, well this disaster recovery plan will only
address recovery of important systems and urgent communications. For the record I must say that
I foresee an event in which nothing is in its original form in the computer room and no
telecommunication resources are available. In the event of disaster key personnel will
immediately report to disaster recovery team or its center.
Recovery Strategy
Our recovery strategy will go as per disaster recovery plan, the goal will be relocate all
the critical information system to alternative processing systems. This will be collected from
disaster recovery provider name and location at the hot site. The disaster recovery provider will
be responsible to make sure that system requirements and configurations are accurate and match
the current requirements or not (Montri Wiboonrat, 2008). Hence, holding by-yearly check will
be a part of the alternate processing tactic at each of our store and also our corporate office. The
linked network connectivity will be recovered, within the disaster recovery circumstances, using
the alternate processing strategy.
Prepare your Employees for Disaster Recovery
It is very important that we include all stake holders in the disaster recovery plan as well
as efforts from employees to customers and suppliers; this will help us and assure that recovery
procedures are well planned and executed based on the organization’s need to provide a faultless
recovery process as possible. We must also look out typical processes and times that our
customers and suppliers have come to expect and plan how the organization will plan recovery
efforts. The main thing is to create awareness among all employees that in case of an emergency
they know what steps to follow. For our cloud and other outsourcing services, a well-balanced
management staff will be designated, his/her job will be to contact the services to initialize
recovery efforts (Arjen Boin, 2007).
Conclusion
Well it is said about organizations like Bochum market place that risks can be minimized
but they cannot be removed completely as it faces disasters of various magnitude. For the
company to sustain any case of emergency it is important to have a well-developed and
adequately planned contingency plans. The last corporate emergency arrangement is the soul of
corporate survival. Once the plan is accepted and authorized by both admin as well as working
staff the development of emergency plan is initialize. A major reason of high possibility
arranging is that plans are created by the individuals who should really should complete them in
the occasion of a real catastrophe.
References
Saleem, K., Luis, S., Deng, Y., Chen, S. C., Hristidis, V., & Li, T. (2008). Towards a business
continuity information network for rapid disaster recovery. In
Proceedings of the 2008
international conference on Digital government research
(pp. 107-116). Digital
Government Society of North America. Retrieved from:
https://dl.acm.org/citation.cfm?
id=1367852
Chow, W. S., & On Ha, W. (2009). Determinants of the critical success factor of disaster
recovery planning for information systems.
Information Management & Computer
Security
,
17
(3), 248-275. Retrieved from:
http://www.emeraldinsight.com/doi/abs/10.1108/09685220910978103
Rubin, C. B. (2009). Long term recovery from disasters--The neglected component of emergency
management.
Journal of Homeland Security and Emergency Management
,
6
(1).
Retrieved from:
https://www.degruyter.com/view/j/jhsem.2009.6.1/jhsem.2009.6.1.1616/jhsem.2009.6.1
1616.xml
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Kumar, S., Rathy, R. K., & Pandey, D. (2009). Design of an ad-hoc network model for disaster
recovery scenario using various routing protocols. In
Proceedings of the International
Conference on Advances in Computing, Communication and Control
(pp. 100-105).
ACM. Retrieved from:
https://dl.acm.org/citation.cfm?id=1523125
Wiboonrat, M. (2008). An empirical IT contingency planning model for disaster recovery
strategy selection. In
Engineering Management Conference, 2008. IEMC Europe 2008.
IEEE International
(pp. 1-5). IEEE. Retrieved from:
http://ieeexplore.ieee.org/abstract/document/4617953/
Boin, A., & McConnell, A. (2007). Preparing for critical infrastructure breakdowns: the limits
of crisis management and the need for resilience.
Journal of Contingencies and Crisis
Management
,
15
(1), 50-59. Retrieved from:
http://onlinelibrary.wiley.com/doi/10.1111/j.1468-5973.2007.00504.x/full
Recommended textbooks for you
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Information Technology Project Management
Computer Science
ISBN:9781337101356
Author:Kathy Schwalbe
Publisher:Cengage Learning
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781285867168Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
- Fundamentals of Information SystemsComputer ScienceISBN:9781337097536Author:Ralph Stair, George ReynoldsPublisher:Cengage LearningPrinciples of Information Systems (MindTap Course...Computer ScienceISBN:9781305971776Author:Ralph Stair, George ReynoldsPublisher:Cengage LearningInformation Technology Project ManagementComputer ScienceISBN:9781337101356Author:Kathy SchwalbePublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Information Technology Project Management
Computer Science
ISBN:9781337101356
Author:Kathy Schwalbe
Publisher:Cengage Learning