Management

IT4683Exercise5AuditingITControls

IT 4683 Management of ITExercise 5- Auditing IT Controls Your name:                                                       Policies:• Submissions made through a means other than the GeorgiaView (D2L) Dropbox will be ignored and earn a 0.• Submissions without your name stated above earn a 0.• Submissions not in an docxor pdf file or with the original questions and/or formatting removed from the file earn a 0.• Submissions without adequate references or acknowledgements will earn a discounted grade, potentially a 0.• Submissions that I cannot open or require a password will earn a 0.• Second chances might be requested at any time through GeorgiaView email, and are awarded at the sole discretion of the instructor.Review, Evaluate and Adopt Approaches to IT Management through Auditing IT ControlsBeing successful in this course requires you to review, evaluate, adapt and adopt methods that might be incorporated into your approach to managing IT through auditing IT controls.  This exercise intends to aid you in doing so.Readings for this assignment:• Selected readings on the web • Course Textbook [1]- Preface through Chapter 5 (Pages 1-31)Actions/Deliverables for this assignment:• Read as per above• Research what you read• Respond to this assignment within the docx file (leaving all questions and formatting intact)• Deliverable: Upload your response using the dropbox tool in GeorgiaView• Deliverable: Make entries on the Module 5 Discussion• Deliverable: Cite all references and indicate which method used at the end of the file.Q1 – 25 points From the textbook’s [1] use of concepts and terminology in Chapters 3 to 5, pick the top 10 to 20 of the terms and concepts useful for managing IT risks, providing IT assurance, and utilizing sound Human Computer Interaction (HCI) principles in IT operations. Tell why you have made each choice. (Example terms and concepts include risk, controls, assurance, users, operations, access, etc.) Q2- 25 points You have been promoted to Call Center Director [2] and your organization follows CobiT [1]. Part of your promotion was to recognize your abilities in working in the HCI part of IT that is, working with users, including human factors, ergonomics and user-centered computing. In awarding the promotion, the CIO specifically mentioned that you took better care of the call center reps so they could take better care of the callers. Since user experience is the key to your call center’s success, you want to incorporate that user-centric flavor into the Call Center IT. You see this can be incorporated into the auditing of IT controls that is ongoing within your organization.Once again you turn to a web search and discover that heuristic evaluation [3, 4] is an approach to user-centered evaluation that will work nicely within the Call Center to evaluate operational effectiveness [1, page 29]. You conclude that through a small (n=6) panel of expert users (expert call center reps), the usability effectiveness of the Call Center’s password policies and procedures can be regularly assessed, and thereby contribute coverage of HCI to IT Assurance. Write a 1 to 2 page plan to complete regular heuristic evaluations of the IT within the Call Center that will contribute to evaluating IT’s operating effectiveness.Q3 25 points Complete Caselet 5 Software Programs Inc. for the Caselets [5, pages 16-17]. Write at most 4 pages on the 4 questions at the end.Q4 15 points Have you ever had a major incident with your own IT (virus, attack, loss of data, etc.)?  If so, describe it.  State whether you implemented any of the advice listed in the textbook [1] and whether it helped you.  If you have not had a major IT incident, review and comment on the helpfulness of the advice in the textbook [1] for detecting and/or dealing with an IT incident. Write at most 2 pages.Required: Complete GeorgiaView Discussion Posting: 10 points• Using your answers to the questions above, review and summarize your ideas about auditing IT controls and the role of HCI in doing so.• Record your answers here.• Also, enter your answers on the Module 5 Discussion. Sources and works used in completing this exercise:a. Textbook: IT Governance Institute. IT Governance Using COBIT and ValIT: Student Book, 2ndEdition. 2007.b. http://en.wikipedia.org/wiki/Call_centre does a good job of describing what a call center is all about and was retrieved on 28 April 2013.c. http://en.wikipedia.org/wiki/Heuristic_evaluationdescribes heuristic evaluation and has many good links.  It was retrieved on 29 April 2013.d. http://www.usability.gov/methods/test_refine/heuristic.htmldescribes heuristic evaluation and has many good links.  It was retrieved on 29 April 2013.e. 5Caselets: IT Governance Institute. IT Governance Using CobiT® and ValIT™, 3rd Edition. 2010.Required: Please add your list of sources.Required: Please complete the following:___ I did not use any method of citation (maximum B on the assignment).___ I used the ACM approach and have cited my references as I went in the text and also listed them at the end. ___ I used the APA approach and have cited my references as I went in the text and also listed them at the end.___ I used the MLA approach and have cited my references as I went in the text and also listed them at the end.Required: Acknowledgements of people and discussions used in completing this exercise:

Back To Top