Qestions:
1) a) Using the IT audit report for the Cancer Prevention and Research Institute of Texas (in the
Readings tab), find examples of the items that are supposed to be in IT audit report according to
Standard 1401. Indicate item and page number.
b) Comment on additional items you find in the audit report that are not part of the 1401 standard
for Audit Reporting. Explain what the benefits are of including it.
Information Technology
Internal Audit Report
Report #2013-03
August 9, 2013
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 2
Table of Contents
Page
Executive
Summary............................................................................................................................................
.......3
Background
Information........................................................................................................................................
..4
Background
...........................................................................................................................................................
.4
Audit
Objectives..........................................................................................................................................
..........4
Scope
...........................................................................................................................................................
............5
Testing
Approach............................................................................................................................................
......5
Statement of Auditing Standards
........................................................................................................................6
Findings, Observations, and Recommendations
..................................................................................................6
IT Policies and Procedures
..................................................................................................................................7
IT Risk
Assessment.........................................................................................................................................
......8
Disaster Recovery Plan & Business Continuity
Plan.......................................................................................9
Security Access
Reviews.....................................................................................................................................11
Self-Assessment
Review.....................................................................................................................................12
Additional Recommendations
...............................................................................................................................13
Appendix A – Texas Administrative Code, Subchapter B, Rule
§202.22......................................................
Governance relates to management, policies, procedures, and decisions for a given area of enterprise responsibility.Hence IT related assets should be governed in way that it will of profitability to the company in order to achieve its goals and objectives.
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
This document provides an overview of internal controls and information system auditing. It defines internal controls as processes designed to provide reasonable assurance of achieving objectives related to operations, financial reporting, and compliance. It discusses control objectives, components of internal controls including the control environment, risk assessment, control activities, information and communication, and monitoring. The document also covers the Foreign Corrupt Practices Act, types of financial reporting controls, segregation of duties, accounting systems, limitations of internal controls, and the role of internal controls in financial audits.
The document provides an operational assessment of the Indiana Bureau of Motor Vehicles (BMV) conducted by BKD. Key findings include:
1) Indiana's legislative authority for BMV fees and taxes is overly complex and ambiguous, creating compliance risks.
2) The BMV lacks centralized governance and oversight of ongoing compliance with legislation.
3) The BMV's information system (STARS) does not adequately support business processes and users rely on workarounds.
4) The BMV lacks independent monitoring and oversight of its central office operations.
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docxjeffsrosalyn
Running Head: ZIFFCORP AUDIT PROPOSAL 1
ZiffCorp Audit IT Security Audit Proposal
Brian A. McDougall
Central Washington University
Author Note:
Final Paper – IT 677 – Summer 2018
ZIFFCORP AUDIT PROPOSAL 2
Table of Contents
Title Page .......................................................................................................................................................................... 1
Table of Contents .......................................................................................................................................................... 2
Audit Proposal ................................................................................................................................................................ 3
Entity-Level Controls .................................................................................................................................................. 4
Data Center ...................................................................................................................................................................... 8
Database ......................................................................................................................................................................... 11
Web Server .................................................................................................................................................................... 13
Cloud ................................................................................................................................................................................ 14
Disaster Preparedness Plan .................................................................................................................................. 15
References ..................................................................................................................................................................... 16
ZIFFCORP AUDIT PROPOSAL 3
Audit Proposal
July 26, 2018
Artie Ziff, CEO
ZiffCorp
1066 3rd St
Springfield, VA 22150
Dear Mr. Ziff:
Thank you for the opportunity to present my proposal to perform an informal audit of
certain critical IT security policies and controls at ZiffCorp. Because of recent changes in
privacy regulations, GDPR in particular, I feel it expedient to review certain controls in
preparation for a formal audit that will verify ZiffCorp’s compliance to GDPR across the
organization. This audit is essential to maintaining quality operations and further help in
mitigating organizational risk, which can easily end up in dollars lost (Collins, 2017).
Let me stress that this will be an informal audit to be performed in order to assess our
security footing in certain areas of the company’s IT infrastructure. Our auditors will
review security controls and issue recommendations for.
The document describes the audit process used by the Department of Audit Services at Montefiore Medical Center, including selecting audit areas, notifying the auditee, conducting an entrance conference, performing fieldwork to review processes and transactions, having an exit conference to discuss findings, and issuing an audit report with any recommendations. The goal is to work with management to evaluate controls and processes, identify risks, and recommend improvements through an objective review.
Governance relates to management, policies, procedures, and decisions for a given area of enterprise responsibility.Hence IT related assets should be governed in way that it will of profitability to the company in order to achieve its goals and objectives.
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
This document provides an overview of internal controls and information system auditing. It defines internal controls as processes designed to provide reasonable assurance of achieving objectives related to operations, financial reporting, and compliance. It discusses control objectives, components of internal controls including the control environment, risk assessment, control activities, information and communication, and monitoring. The document also covers the Foreign Corrupt Practices Act, types of financial reporting controls, segregation of duties, accounting systems, limitations of internal controls, and the role of internal controls in financial audits.
The document provides an operational assessment of the Indiana Bureau of Motor Vehicles (BMV) conducted by BKD. Key findings include:
1) Indiana's legislative authority for BMV fees and taxes is overly complex and ambiguous, creating compliance risks.
2) The BMV lacks centralized governance and oversight of ongoing compliance with legislation.
3) The BMV's information system (STARS) does not adequately support business processes and users rely on workarounds.
4) The BMV lacks independent monitoring and oversight of its central office operations.
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docxjeffsrosalyn
Running Head: ZIFFCORP AUDIT PROPOSAL 1
ZiffCorp Audit IT Security Audit Proposal
Brian A. McDougall
Central Washington University
Author Note:
Final Paper – IT 677 – Summer 2018
ZIFFCORP AUDIT PROPOSAL 2
Table of Contents
Title Page .......................................................................................................................................................................... 1
Table of Contents .......................................................................................................................................................... 2
Audit Proposal ................................................................................................................................................................ 3
Entity-Level Controls .................................................................................................................................................. 4
Data Center ...................................................................................................................................................................... 8
Database ......................................................................................................................................................................... 11
Web Server .................................................................................................................................................................... 13
Cloud ................................................................................................................................................................................ 14
Disaster Preparedness Plan .................................................................................................................................. 15
References ..................................................................................................................................................................... 16
ZIFFCORP AUDIT PROPOSAL 3
Audit Proposal
July 26, 2018
Artie Ziff, CEO
ZiffCorp
1066 3rd St
Springfield, VA 22150
Dear Mr. Ziff:
Thank you for the opportunity to present my proposal to perform an informal audit of
certain critical IT security policies and controls at ZiffCorp. Because of recent changes in
privacy regulations, GDPR in particular, I feel it expedient to review certain controls in
preparation for a formal audit that will verify ZiffCorp’s compliance to GDPR across the
organization. This audit is essential to maintaining quality operations and further help in
mitigating organizational risk, which can easily end up in dollars lost (Collins, 2017).
Let me stress that this will be an informal audit to be performed in order to assess our
security footing in certain areas of the company’s IT infrastructure. Our auditors will
review security controls and issue recommendations for.
The document describes the audit process used by the Department of Audit Services at Montefiore Medical Center, including selecting audit areas, notifying the auditee, conducting an entrance conference, performing fieldwork to review processes and transactions, having an exit conference to discuss findings, and issuing an audit report with any recommendations. The goal is to work with management to evaluate controls and processes, identify risks, and recommend improvements through an objective review.
This document provides an overview of asset health indices (AHI), which are used to measure the overall health of assets and enable fact-based decision making. It discusses how utilities can use large amounts of asset data and AHI ratings to determine which assets need repair/replacement, optimize maintenance, and predict future failures. The document also outlines best practices for developing an AHI, including identifying critical asset classes, determining key failure factors, and calculating ratings based on weighted data elements. Implementing AHI is presented as an important part of overall asset management that can improve reliability and reduce costs.
The document discusses how healthcare organizations can leverage ICD-10 codes to improve quality of care and business process efficiency through advanced analytics. It states that while ICD-10 compliance is required, it does not automatically deliver benefits - organizations need to develop analytics capabilities to extract insights from the detailed ICD-10 data. This requires investment in infrastructure, skills, and partnerships to analyze internal and shared data across the healthcare system. When done successfully, analytics can help optimize treatment programs, compare outcomes, automate processes, and detect fraud through the specific ICD-10 codes.
Improvement of IT Governance Case Study Government Institution Region Xijtsrd
The use of information technology in government processes will increase the efficiency, effectiveness, transparency, and accountability of government administration. Utilization of IT within an organization requires a system to manage IT better as well as the required audit of information technology that can be run in accordance as the expected. IT Audit is an important matter that must be carried out within an organization, also including the Government Institution Region X which utilize the technology of information as supporting the process of the public servicing. The audit of information technology is carried out with the purpose of fixing the critical point or problems that often occur in the process within the institution. As the result of study using the framework of COBIT 5, it shows the level of capability of five IT processes selected are at a lower level, namely APO07 at the level 2, EDM04 at the level 1, DSS01 at the level 1, BAI01 at the level 1, and APO08 at the level 1, whereas the expectation of capabilities of the organization’s leader is at the level 4. The results of the audit of information technology that has been made, shows the difference of the level of gap between the current maturity level with the maturity level based on the organization’s leader. In this study, will be getting suggestions and improvement recommendations according to the framework of COBIT 5 and ITIL 2011. Agus Ade Muliyana Krisna | Gusti Made Arya Sasmita | Gusti Agung Ayu Putri "Improvement of IT Governance (Case Study: Government Institution Region X)" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33496.pdf Paper Url: https://www.ijtsrd.com/engineering/information-technology/33496/improvement-of-it-governance-case-study-government-institution-region-x/agus-ade-muliyana-krisna
Give Your Company the Competitive Edge by Means of an IT AuditEES Africa (Pty) Ltd
With increasing technological developments and competition, companies are looking at ways to enhance and optimise their information technology (IT) systems and technical infrastructure. An information technology audit, also referred to as a technical infrastructure audit, is an invaluable process to undertake to accomplish this.
It examines IT governance and how a company’s IT environment performs against best practice and emerging, leading edge technology. It does this by scrutinising information systems, their inputs, outputs and processing, capabilities and performance
Project 1Create an application that displays payroll informatio.docxbriancrawford30935
This document outlines the requirements for a final project to create an information assurance plan for an organization. It provides details on the key elements that must be addressed in the plan, including an introduction assessing the current state of information security, analysis of roles and responsibilities, a risk assessment, and recommendations for policies around incident response, disaster recovery, and access controls. It also describes the milestones that will be submitted throughout the course to receive feedback, including sections on the introduction, roles and responsibilities, risk assessment, and statements of policy. The final information assurance plan is due at the end of the course and must comprehensively address all required elements.
The document outlines an implementation roadmap for initiatives in four priority levels. The highest priority level involves creating a project management office within 1 month to manage the implementation. Level 2 focuses on establishing governance committees and frameworks within 1-6 months. Level 3 involves business process integration and information security within 3-18 months. The lowest priority level includes asset management, standardization, and innovation initiatives within 6-12 months. The roadmap provides timelines and responsibilities for each initiative and sub-initiative.
The document is an overview of the Audit Booklet published in August 2003 by the FFIEC IT Examination Handbook. It summarizes changes made to the booklet, including reorganizing it to follow the examination process flow. New contents were added to address legislation like Sarbanes-Oxley and Gramm-Leach-Bliley Acts. It also specifically addresses outsourcing IT audits and third-party reviews. The booklet is organized into sections on audit roles and responsibilities, independence of internal audits, developing an internal audit program, risk assessment, audit plans, and additional topics like outsourcing. Appendices include examination procedures and resources.
This document contains information about internal auditing basics, including the audit process, terminology, types of audits, and accepting an audit assignment. It discusses the key steps of an audit as plan, perform, report, and follow-up. It defines important terms like auditor, auditee, client, and internal vs external audits. It categorizes audits as product, process, and system audits. Finally, it outlines the questions an auditor should ask when accepting an assignment: availability, conflict of interest, and competence. The overall document provides foundational information and concepts to understand internal auditing.
HCS 533 Week 6 Administrative Structure Power PointJulie Bentley
This document summarizes the administrative structure for clinical documentation and data capture at a healthcare facility. It discusses how the implementation of an electronic system will help capture ICD codes, facilitate reimbursement processing, and support quality improvement efforts. The system will require training staff, ongoing maintenance, and evaluation metrics to ensure it meets objectives of improving care delivery and supporting evidence-based practices.
Chapter 15
Learning Objectives
Elements of a hospital compliance program
High risk areas of hospital operations
Hospital-wide Standards of Conduct
Duties of the hospital Compliance Officer
Conducting compliance training and education
Open lines of communication
Continuously monitor program operations
Responses to possible compliance offenses
Example of a hospital compliance plan
Introduction
The purpose of a compliance program is to promote adherence to Federal and State laws on fraud abuse, and the program requirements of public & private health plans.
The Office of the Inspector General (OIG) in the federal Department of Health and Human Services (DHHS) has issued two guidances on the structure and focus of hospital compliance programs.
Compliance Risks Unique
to Hospitals (I)
Outpatient services rendered in connection with an inpatient stay
Submission of claims for laboratory services
Physicians at teaching hospitals
Cost reports
Recruitment of physicians to medical staff
Attracting patient referrals to the hospital
Admission and discharge policies
Compliance Risks Unique
to Hospitals (II)
Supplemental payments
Tax-exempt standards for non-profit hospitals
Gain-sharing arrangements between a hospital and its physicians
Antitrust implications of hospital decisions to merge with or acquire each other
HIPAA Privacy and Security Rules
Compliance Risks Unique
to Hospitals (III)
Legal implications of trend for hospitals to purchase physician practices, align strategic hospital goals with those of physician practices, and enter into hospital-physician collaborations in support of an accountable care organization (ACO)
Compliance with EMTALA in the operation of hospital Emergency Departments
Benefits of a Hospital
Compliance Program (I)
Identify & prevent criminal & unethical behavior
Ensure false & inaccurate claims not submitted
Facilitate employee reports of possible problems
Facilitate investigations of alleged misconduct
Initiate prompt & appropriate corrective action
Reduce exposure to civil and criminal penalties
7
Benefits of a Hospital
Compliance Program (II)
Central source for information on fraud & abuse
Accurate view of employee misconduct
Identify weaknesses in systems and controls
Improve quality & efficiency of care delivery
Build hospital reputation for lawful & ethical behavior
Elements of an OIG Recommended Hospital Compliance Program
Standards of conduct, policies, and procedures
Designation of compliance officer and committee
Regular education and training programs
Process to receive complains
System to respond to complaints and enforce disciplinary action
Audit and monitor compliance
Investigation and correction of problems
Written Policies and Procedures (I)
The framework of the compliance program consists of written policies and procedures that identify the most critical risk areas in the hospital and prescribe how people should act in those areas.
Standards of Conduct
Claims preparation ...
This document provides guidance for auditors on auditing systems development life cycles (SDLC). It outlines the key steps auditors should take which include: developing an audit plan; identifying audit objectives and scope; collecting background information on the organization's IT systems and SDLC methodology; assessing materiality and risks; identifying controls implemented in each SDLC stage; and confirming the audit approach. The goal is to help auditors structure their review to provide assurance that systems are developed according to the organization's needs in an efficient and controlled manner.
Many internal audit departments are investing in data analytics, but are struggling to fully realize the anticipated benefits. By avoiding common pitfalls and implementing data analytics holistically throughout the department, stalled analytics programs can be restarted, or new programs more successfully implemented.
An IT audit evaluates an organization's IT systems, management, operations, and related processes. It ensures that IT controls are adequate, systems provide reliable information, and data/systems are properly protected from unauthorized access. An IT audit typically establishes objectives and scope, develops an audit plan, evaluates controls through tests and analysis, and reports findings. It provides assurance that IT systems are reliable, secure, and achieving their intended benefits for the organization.
The audit will review UNCCG's enterprise data warehouse platform over several phases:
1) A mobilization phase to develop audit plans and interview lists.
2) An execution phase to conduct interviews, review documents, and test controls.
3) A reporting phase to draft and finalize audit reports with findings and recommendations.
The audit will focus on data warehouse management, operations, and business integration, and assess risks relating to regulatory compliance, privacy, vendor access, and system availability. Regular communication with management will be maintained throughout the engagement.
The WLS value proposition is:
-Extensive IT business experience and capability
-Demonstrated IT risk and compliance delivery
-Proven commercial experience with practical perspectives
-Low overhead compared to larger service providers results in a more competitive service
-Flexibility in service provision to reflect your business budgetary and resource requirements
IT Performance Management - Doug Hubbard Jody Keyser
Information Technology Performance Management
Measuring IT's Contribution to Mission Results
A Case Study of the Applied Information Economics Methodology For an Infrastructure IT Investment
Hanrick Curran Audit Training - Internal Controls - March 2013Matthew Green
Training delivered to assisting audit staff as part of their continuing professional development/education (CPE/CPD). Provided in a 60 minute session with substantial discussion and interaction.
Internal and external audits are important functions for organizations. Internal auditors independently evaluate activities within an organization, while external auditors are outsiders. The audit committee oversees the internal audit function and ensures auditors remain independent. Audits follow standards to verify key aspects of financial statements like existence, completeness, and valuation. Auditors assess risks and design procedures accordingly. Internal controls are also evaluated to safeguard assets and ensure accurate financial reporting. Information systems and IT governance are important parts of the audit and control process.
This Slideshare presentation is a partial preview of the full business document. To view and download the full document, please go here:
http://flevy.com/browse/business-document/audit-report-model-and-sample-268
This document "Audit Report: Model and Sample" contains a model of an audit report and a real sample from an IT Audit assignment (data of client not disclosed for privacy and confidentiality issues).
This has been used effectively in various types of internal and external audit assignments as well as consulting assignments, especially in reviewing internal controls for all types of companies.
Let S = I + TT H rightarrow H, where T is linear and bounded. Show.pdfarihantstoneart
Let S = I + T*T: H rightarrow H, where T is linear and bounded. Show that S^-1: S(H)
rightarrow H exists.
Solution
T is a bounded linear operator. Hence, T*T is also a bounded linear operator as composition of
two bounded linear operator is a bounded linear operator.
I is the identity operator. Hence, it is bounded linear operator. So, S = I + T*T is a bounded
linear operator as sum of two bounded linear operator is a bounded linear operator.
Now, S : H --> H is a bounded linear operator.
The identity operator I : H --> H can be written as S-1S : H --> H as I = S-1S.
Let, h H. Then I(h) = h
This can be written as S-1S(h) = h
Or, S-1(S(h)) = h
As h H and S : H --> H is a bounded linear operator, S(h) S(H). Let S(h) = h1 S(H)
So, S-1(h1) = h where h H and h1 S(H)
As h is arbitrary, we can say that S-1 : S(H) --> H exists. Proved.
It is a nanotechnology question. In which you are able to pick one m.pdfarihantstoneart
It is a nanotechnology question. In which you are able to pick one material for both questions or
one material for question one and another for question two.
Solution
Energy is of great importance in human life because of its benefits as the main resource for
human activity.
The application of nano technology or nano material in the field of energy, which involves
lithium-ion battery, fuel cell, light emitting diode (LED), ultra-capacitor, and solar cell
(including Grätzel cell).
Nanotechnology will bring significant benefits to the energy sector, especially to energy storage
and solar energy. Improved materials efficiency and reduced manufacturing costs are just two of
the real economic benefits that nanotechnology already brings these fields and that’s only the
beginning. Battery storage capacity could be extended, solar cells could be produced cheaper,
and the lifetime of solar cells or batteries for electric cars could be increased, all thanks to
continued development of nanotechnology.
The following nanomaterial technologies will be of particular importance: \"organic and printed
electronics\", \"nano-coatings\", \"nano-composites\", \"nano-fluids\", \"nano-catalysts\",
\"nanocarbons\" and \"nano-electrodes\".
Nanocomposites can be found in nano-structured solar cells and PV (e.g. in polymer-inorganic
PV cells, or as polymer gel electrolytes in dye-sensitized solar cells DSSC or quantum-dot
sensitized solar cells QDSSC) . Nanocomposites are also used for the capture of energy in
silicon-based solar cells, typically in the form of nanowires Nanocomposites can also be found in
antirefl ection coatings and higher solar transmittance coatings on collector glazing (e.g. Ti-Si-O
fi lms via sol-gel-method) In the fi eld of energy storage the advantages of nanocomposites are
needed in thin, fl exible energy storage devices with nanocomposite units, e.g. supercapacitors,
Li-ion batteries and hybrid devices Nanotechnology in the sectors of solar energy and energy
storage Additionally, nanocomposites can be used in the process of semiconductor-assisted
photocatalysis for fuel production in order to obtain solar hydrogen or methanol For example, the
nanocomposites applied here are TiO2 -Gold composite nanoparticles or semiconductor-
semiconductor composites Another fi eld of application lies in the wind energy sector, where
lightweight nanocomposite materials are mainly used for rotor blades.
nanocomposites can be found in nano-structured solar cells and PV (e.g. in polymer-inorganic
PV cells, or as polymer gel electrolytes in dye-sensitized solar cells DSSC or quantum-dot
sensitized solar cells QDSSC) Nanocomposites are also used for the capture of energy in silicon-
based solar cells, typically in the form of nanowires . Nanocomposites can also be found in
antirefl ection coatings and higher solar transmittance coatings on collector glazing (e.g. Ti-Si-O
fi lms via sol-gel-method) . In the fi eld of energy storage the advantages of nanocomposites .
More Related Content
Similar to Qestions1) a) Using the IT audit report for the Cancer Prevention.pdf
This document provides an overview of asset health indices (AHI), which are used to measure the overall health of assets and enable fact-based decision making. It discusses how utilities can use large amounts of asset data and AHI ratings to determine which assets need repair/replacement, optimize maintenance, and predict future failures. The document also outlines best practices for developing an AHI, including identifying critical asset classes, determining key failure factors, and calculating ratings based on weighted data elements. Implementing AHI is presented as an important part of overall asset management that can improve reliability and reduce costs.
The document discusses how healthcare organizations can leverage ICD-10 codes to improve quality of care and business process efficiency through advanced analytics. It states that while ICD-10 compliance is required, it does not automatically deliver benefits - organizations need to develop analytics capabilities to extract insights from the detailed ICD-10 data. This requires investment in infrastructure, skills, and partnerships to analyze internal and shared data across the healthcare system. When done successfully, analytics can help optimize treatment programs, compare outcomes, automate processes, and detect fraud through the specific ICD-10 codes.
Improvement of IT Governance Case Study Government Institution Region Xijtsrd
The use of information technology in government processes will increase the efficiency, effectiveness, transparency, and accountability of government administration. Utilization of IT within an organization requires a system to manage IT better as well as the required audit of information technology that can be run in accordance as the expected. IT Audit is an important matter that must be carried out within an organization, also including the Government Institution Region X which utilize the technology of information as supporting the process of the public servicing. The audit of information technology is carried out with the purpose of fixing the critical point or problems that often occur in the process within the institution. As the result of study using the framework of COBIT 5, it shows the level of capability of five IT processes selected are at a lower level, namely APO07 at the level 2, EDM04 at the level 1, DSS01 at the level 1, BAI01 at the level 1, and APO08 at the level 1, whereas the expectation of capabilities of the organization’s leader is at the level 4. The results of the audit of information technology that has been made, shows the difference of the level of gap between the current maturity level with the maturity level based on the organization’s leader. In this study, will be getting suggestions and improvement recommendations according to the framework of COBIT 5 and ITIL 2011. Agus Ade Muliyana Krisna | Gusti Made Arya Sasmita | Gusti Agung Ayu Putri "Improvement of IT Governance (Case Study: Government Institution Region X)" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd33496.pdf Paper Url: https://www.ijtsrd.com/engineering/information-technology/33496/improvement-of-it-governance-case-study-government-institution-region-x/agus-ade-muliyana-krisna
Give Your Company the Competitive Edge by Means of an IT AuditEES Africa (Pty) Ltd
With increasing technological developments and competition, companies are looking at ways to enhance and optimise their information technology (IT) systems and technical infrastructure. An information technology audit, also referred to as a technical infrastructure audit, is an invaluable process to undertake to accomplish this.
It examines IT governance and how a company’s IT environment performs against best practice and emerging, leading edge technology. It does this by scrutinising information systems, their inputs, outputs and processing, capabilities and performance
Project 1Create an application that displays payroll informatio.docxbriancrawford30935
This document outlines the requirements for a final project to create an information assurance plan for an organization. It provides details on the key elements that must be addressed in the plan, including an introduction assessing the current state of information security, analysis of roles and responsibilities, a risk assessment, and recommendations for policies around incident response, disaster recovery, and access controls. It also describes the milestones that will be submitted throughout the course to receive feedback, including sections on the introduction, roles and responsibilities, risk assessment, and statements of policy. The final information assurance plan is due at the end of the course and must comprehensively address all required elements.
The document outlines an implementation roadmap for initiatives in four priority levels. The highest priority level involves creating a project management office within 1 month to manage the implementation. Level 2 focuses on establishing governance committees and frameworks within 1-6 months. Level 3 involves business process integration and information security within 3-18 months. The lowest priority level includes asset management, standardization, and innovation initiatives within 6-12 months. The roadmap provides timelines and responsibilities for each initiative and sub-initiative.
The document is an overview of the Audit Booklet published in August 2003 by the FFIEC IT Examination Handbook. It summarizes changes made to the booklet, including reorganizing it to follow the examination process flow. New contents were added to address legislation like Sarbanes-Oxley and Gramm-Leach-Bliley Acts. It also specifically addresses outsourcing IT audits and third-party reviews. The booklet is organized into sections on audit roles and responsibilities, independence of internal audits, developing an internal audit program, risk assessment, audit plans, and additional topics like outsourcing. Appendices include examination procedures and resources.
This document contains information about internal auditing basics, including the audit process, terminology, types of audits, and accepting an audit assignment. It discusses the key steps of an audit as plan, perform, report, and follow-up. It defines important terms like auditor, auditee, client, and internal vs external audits. It categorizes audits as product, process, and system audits. Finally, it outlines the questions an auditor should ask when accepting an assignment: availability, conflict of interest, and competence. The overall document provides foundational information and concepts to understand internal auditing.
HCS 533 Week 6 Administrative Structure Power PointJulie Bentley
This document summarizes the administrative structure for clinical documentation and data capture at a healthcare facility. It discusses how the implementation of an electronic system will help capture ICD codes, facilitate reimbursement processing, and support quality improvement efforts. The system will require training staff, ongoing maintenance, and evaluation metrics to ensure it meets objectives of improving care delivery and supporting evidence-based practices.
Chapter 15
Learning Objectives
Elements of a hospital compliance program
High risk areas of hospital operations
Hospital-wide Standards of Conduct
Duties of the hospital Compliance Officer
Conducting compliance training and education
Open lines of communication
Continuously monitor program operations
Responses to possible compliance offenses
Example of a hospital compliance plan
Introduction
The purpose of a compliance program is to promote adherence to Federal and State laws on fraud abuse, and the program requirements of public & private health plans.
The Office of the Inspector General (OIG) in the federal Department of Health and Human Services (DHHS) has issued two guidances on the structure and focus of hospital compliance programs.
Compliance Risks Unique
to Hospitals (I)
Outpatient services rendered in connection with an inpatient stay
Submission of claims for laboratory services
Physicians at teaching hospitals
Cost reports
Recruitment of physicians to medical staff
Attracting patient referrals to the hospital
Admission and discharge policies
Compliance Risks Unique
to Hospitals (II)
Supplemental payments
Tax-exempt standards for non-profit hospitals
Gain-sharing arrangements between a hospital and its physicians
Antitrust implications of hospital decisions to merge with or acquire each other
HIPAA Privacy and Security Rules
Compliance Risks Unique
to Hospitals (III)
Legal implications of trend for hospitals to purchase physician practices, align strategic hospital goals with those of physician practices, and enter into hospital-physician collaborations in support of an accountable care organization (ACO)
Compliance with EMTALA in the operation of hospital Emergency Departments
Benefits of a Hospital
Compliance Program (I)
Identify & prevent criminal & unethical behavior
Ensure false & inaccurate claims not submitted
Facilitate employee reports of possible problems
Facilitate investigations of alleged misconduct
Initiate prompt & appropriate corrective action
Reduce exposure to civil and criminal penalties
7
Benefits of a Hospital
Compliance Program (II)
Central source for information on fraud & abuse
Accurate view of employee misconduct
Identify weaknesses in systems and controls
Improve quality & efficiency of care delivery
Build hospital reputation for lawful & ethical behavior
Elements of an OIG Recommended Hospital Compliance Program
Standards of conduct, policies, and procedures
Designation of compliance officer and committee
Regular education and training programs
Process to receive complains
System to respond to complaints and enforce disciplinary action
Audit and monitor compliance
Investigation and correction of problems
Written Policies and Procedures (I)
The framework of the compliance program consists of written policies and procedures that identify the most critical risk areas in the hospital and prescribe how people should act in those areas.
Standards of Conduct
Claims preparation ...
This document provides guidance for auditors on auditing systems development life cycles (SDLC). It outlines the key steps auditors should take which include: developing an audit plan; identifying audit objectives and scope; collecting background information on the organization's IT systems and SDLC methodology; assessing materiality and risks; identifying controls implemented in each SDLC stage; and confirming the audit approach. The goal is to help auditors structure their review to provide assurance that systems are developed according to the organization's needs in an efficient and controlled manner.
Many internal audit departments are investing in data analytics, but are struggling to fully realize the anticipated benefits. By avoiding common pitfalls and implementing data analytics holistically throughout the department, stalled analytics programs can be restarted, or new programs more successfully implemented.
An IT audit evaluates an organization's IT systems, management, operations, and related processes. It ensures that IT controls are adequate, systems provide reliable information, and data/systems are properly protected from unauthorized access. An IT audit typically establishes objectives and scope, develops an audit plan, evaluates controls through tests and analysis, and reports findings. It provides assurance that IT systems are reliable, secure, and achieving their intended benefits for the organization.
The audit will review UNCCG's enterprise data warehouse platform over several phases:
1) A mobilization phase to develop audit plans and interview lists.
2) An execution phase to conduct interviews, review documents, and test controls.
3) A reporting phase to draft and finalize audit reports with findings and recommendations.
The audit will focus on data warehouse management, operations, and business integration, and assess risks relating to regulatory compliance, privacy, vendor access, and system availability. Regular communication with management will be maintained throughout the engagement.
The WLS value proposition is:
-Extensive IT business experience and capability
-Demonstrated IT risk and compliance delivery
-Proven commercial experience with practical perspectives
-Low overhead compared to larger service providers results in a more competitive service
-Flexibility in service provision to reflect your business budgetary and resource requirements
IT Performance Management - Doug Hubbard Jody Keyser
Information Technology Performance Management
Measuring IT's Contribution to Mission Results
A Case Study of the Applied Information Economics Methodology For an Infrastructure IT Investment
Hanrick Curran Audit Training - Internal Controls - March 2013Matthew Green
Training delivered to assisting audit staff as part of their continuing professional development/education (CPE/CPD). Provided in a 60 minute session with substantial discussion and interaction.
Internal and external audits are important functions for organizations. Internal auditors independently evaluate activities within an organization, while external auditors are outsiders. The audit committee oversees the internal audit function and ensures auditors remain independent. Audits follow standards to verify key aspects of financial statements like existence, completeness, and valuation. Auditors assess risks and design procedures accordingly. Internal controls are also evaluated to safeguard assets and ensure accurate financial reporting. Information systems and IT governance are important parts of the audit and control process.
This Slideshare presentation is a partial preview of the full business document. To view and download the full document, please go here:
http://flevy.com/browse/business-document/audit-report-model-and-sample-268
This document "Audit Report: Model and Sample" contains a model of an audit report and a real sample from an IT Audit assignment (data of client not disclosed for privacy and confidentiality issues).
This has been used effectively in various types of internal and external audit assignments as well as consulting assignments, especially in reviewing internal controls for all types of companies.
Similar to Qestions1) a) Using the IT audit report for the Cancer Prevention.pdf (20)
Let S = I + TT H rightarrow H, where T is linear and bounded. Show.pdfarihantstoneart
Let S = I + T*T: H rightarrow H, where T is linear and bounded. Show that S^-1: S(H)
rightarrow H exists.
Solution
T is a bounded linear operator. Hence, T*T is also a bounded linear operator as composition of
two bounded linear operator is a bounded linear operator.
I is the identity operator. Hence, it is bounded linear operator. So, S = I + T*T is a bounded
linear operator as sum of two bounded linear operator is a bounded linear operator.
Now, S : H --> H is a bounded linear operator.
The identity operator I : H --> H can be written as S-1S : H --> H as I = S-1S.
Let, h H. Then I(h) = h
This can be written as S-1S(h) = h
Or, S-1(S(h)) = h
As h H and S : H --> H is a bounded linear operator, S(h) S(H). Let S(h) = h1 S(H)
So, S-1(h1) = h where h H and h1 S(H)
As h is arbitrary, we can say that S-1 : S(H) --> H exists. Proved.
It is a nanotechnology question. In which you are able to pick one m.pdfarihantstoneart
It is a nanotechnology question. In which you are able to pick one material for both questions or
one material for question one and another for question two.
Solution
Energy is of great importance in human life because of its benefits as the main resource for
human activity.
The application of nano technology or nano material in the field of energy, which involves
lithium-ion battery, fuel cell, light emitting diode (LED), ultra-capacitor, and solar cell
(including Grätzel cell).
Nanotechnology will bring significant benefits to the energy sector, especially to energy storage
and solar energy. Improved materials efficiency and reduced manufacturing costs are just two of
the real economic benefits that nanotechnology already brings these fields and that’s only the
beginning. Battery storage capacity could be extended, solar cells could be produced cheaper,
and the lifetime of solar cells or batteries for electric cars could be increased, all thanks to
continued development of nanotechnology.
The following nanomaterial technologies will be of particular importance: \"organic and printed
electronics\", \"nano-coatings\", \"nano-composites\", \"nano-fluids\", \"nano-catalysts\",
\"nanocarbons\" and \"nano-electrodes\".
Nanocomposites can be found in nano-structured solar cells and PV (e.g. in polymer-inorganic
PV cells, or as polymer gel electrolytes in dye-sensitized solar cells DSSC or quantum-dot
sensitized solar cells QDSSC) . Nanocomposites are also used for the capture of energy in
silicon-based solar cells, typically in the form of nanowires Nanocomposites can also be found in
antirefl ection coatings and higher solar transmittance coatings on collector glazing (e.g. Ti-Si-O
fi lms via sol-gel-method) In the fi eld of energy storage the advantages of nanocomposites are
needed in thin, fl exible energy storage devices with nanocomposite units, e.g. supercapacitors,
Li-ion batteries and hybrid devices Nanotechnology in the sectors of solar energy and energy
storage Additionally, nanocomposites can be used in the process of semiconductor-assisted
photocatalysis for fuel production in order to obtain solar hydrogen or methanol For example, the
nanocomposites applied here are TiO2 -Gold composite nanoparticles or semiconductor-
semiconductor composites Another fi eld of application lies in the wind energy sector, where
lightweight nanocomposite materials are mainly used for rotor blades.
nanocomposites can be found in nano-structured solar cells and PV (e.g. in polymer-inorganic
PV cells, or as polymer gel electrolytes in dye-sensitized solar cells DSSC or quantum-dot
sensitized solar cells QDSSC) Nanocomposites are also used for the capture of energy in silicon-
based solar cells, typically in the form of nanowires . Nanocomposites can also be found in
antirefl ection coatings and higher solar transmittance coatings on collector glazing (e.g. Ti-Si-O
fi lms via sol-gel-method) . In the fi eld of energy storage the advantages of nanocomposites .
I have this problem that I was given in class, but I cant for the .pdfarihantstoneart
I have this problem that I was given in class, but I can\'t for the life of me figure out how to do
part (d). Could someone please do it for me if it\'s possible? If the problem is leaving out some
information, then let me know. I am having a problem finding a way to do this part with the
information given, so I will tell my teacher if this problem can\'t be answered with what is in the
problem statement. 1. During the Apollo program, the U.S. landed 12 men on the Moon and
returned them safely to Earth. It was an amazing feat and an exciting time to be an aerospace
engineer. The last Apollo mission was accomplished in December, 1972. The descent stage (DS)
separated from the command module (CM), which remained in lunar orbit with the CM pilot.
The DS carried two astronauts to a landing on the Moon. When the lunar expedition ended, the
ascent stage (AS) rendezvoused with the CM for the return trip to Earth. Here\'s your chance to
analyze the AS trajectory using actual values. 5.322 ft/sec (acceleration due to gravity on the
Moon) 5,187 lb. (Earth weightas 10,295 lb. (Earth weight including propellant); weight of AS
propellant- w weight). a) What is the mass of the AS including propellant? b) What does the AS
and propellant weigh on the Moon? c) What is the propellant mass? The thrust of the ascent
propulsion system (T-3,617 lb. The thrust duration is called action time (tama teton = 446 sec. Of
course, the mass of the AS varies as propellant is expended. d) Assuming the propellant mass
flow rate is constant, what is the mass flow rate during the motor burn (from t-0 to t-taction)?
Note that the AS mass, m, is a function of time such that m(t)=m() + m (t. t.) where m=-. Also let
t.-0, so that m(t)=m(0)+m t . Note that mc0 Now, the total force acting on the AS in the vertical
direction is T-mt)gThe vertical acceleration (up is positive) is T-m(t)g m(t) a(t) (From F ma). e)
What is the speed of the AS at the end of the motor burn, that is, when t? For a first-order
approximation, assume the AS trajectory is vertical and does not pitch over to rendezvous with
the CM. Further assumegarconstant. dt v()-sal)dt jdb.bm(a + bt) Some useful information: =-ln (a
+ bt
Solution
Autocorrect is almost as old as personal computers. Even some of the earliest word processors
had a spellcheck feature that suggested alternative words if a word you typed did not appear in
its internal dictionary. Certainly, today, autocorrect has come a long way since the Cupertino
effect. What’s the Cupertino effect? Well, in its early days, word processors would replace the
word “cooperation” with “Cupertino” (the city in Northern California where Apple and other
computercompanies are headquartered). This spelling suggestion made its way to many
documents published by the United Nations, NATO, and other official bodies, so the Cupertino
In the beginning autocorrect was primarily a smart spellchecker. If you typed “bfeore,” it
replaced it with “before.” Then in 2007, Microsoft int.
Implement this in Java Method to determine if a particular elemen.pdfarihantstoneart
Implement this in Java
* Method to determine if a particular element is in this set.
* @param target * the element that needs to be found in this set
* @return * true if the target element is in this set, false otherwise
public boolean contains(int target)
{
}
Solution
public boolean contains(int target)
{
boolean flag=false;
for(Integer i:(this))
{
if(target==i.intValue())
{
flag=true;
break;
}
}
return flag;
}.
If an image is represented using 400 x 300 pixels and each pixel is .pdfarihantstoneart
If an image is represented using 400 x 300 pixels and each pixel is represented using 8 bits, what
will be the exact amount of data needed in kilobytes to represent in the image?
Solution
there are 1200 pixels in total.
Each pixel is represented requires 8 bit for its representation which 1 byte of data.
Now for 1200 pixels we require 1200 bytes of data to represent a 400x300 pixel image.
1 byte = 1/1024kb
1200 byte = 1200*(1/1024) = 1.17 kb data is required to present an image..
Implement the unsorted single linked list as we did in the class and .pdfarihantstoneart
Implement the unsorted single linked list as we did in the class and implement the following
operations: 1.DeletelastDuplicat(): For any element in the linked list, if there are multiple copies
(> = 2 copies), delete the last copy. DeleteSecondlastDuplicat(): For any element in the linked
list, if there are multiple copies (> = 2 copies), delete the second last copy Test your program
with the following operations: a)insert 5 b)Insert 7 c)Insert 11 d)Insert 5 e)Insert f) Insert 5 g)
Print out the list h) Delete the last duplicate of 5 i)Print out the list i) Delete the last duplicate
of 11 k) Print out the list I) Insert 11 m) Insert 7 n) Print out the list O) Delete the second last
duplicate of 5 p) Print out the list q) Delete the second last duplicate of 7 r) Print out the list
Solution
#include
#include
#include
using namespace std;
struct node
{
int data;
struct node *next;
}*start;
class LinkedList
{
public:
node* create_node(int);
void insert_begin();
void insert_pos();
void insert_last();
void delete_pos(int);
void delete_lastdup();
void delete_seclast();
int search(int);
void display();
int get_count(int);
LinkedList()
{
start = NULL;
}
};
int main()
{
int choice, pos, value, res=0;
LinkedList sl;
start = NULL;
while (1)
{
cout<>choice;
switch(choice)
{
case 1:
cout<<\"Inserting Node at Beginning: \"<>pos;
sl.delete_pos(pos);
break;
case 5:
cout<<\"Search element in Link List: \"<>value;
res=sl.search(value);
cout<<\"Element \"<data = value;
temp->next = NULL;
return temp;
}
}
//function to insert element at beginning
void LinkedList::insert_begin()
{
int value;
cout<<\"Enter the value to be inserted: \";
cin>>value;
struct node *temp, *p;
temp = create_node(value);
if (start == NULL)
{
start = temp;
start->next = NULL;
}
else
{
p = start;
start = temp;
start->next = p;
}
cout<<\"Element Inserted at beginning\"<next != NULL)
{
if(s->data == value)
count++;
s = s->next;
}
return count;
}
//function to insert node at last
void LinkedList::insert_last()
{
int value;
cout<<\"Enter the value to be inserted: \";
cin>>value;
struct node *temp, *s;
temp = create_node(value);
s = start;
while (s->next != NULL)
{
s = s->next;
}
temp->next = NULL;
s->next = temp;
cout<<\"Element Inserted at last\"<>value;
struct node *temp, *s, *ptr;
temp = create_node(value);
cout<<\"Enter the postion at which node to be inserted: \";
cin>>pos;
int i;
s = start;
while (s != NULL)
{
s = s->next;
counter++;
}
if (pos == 1)
{
if (start == NULL)
{
start = temp;
start->next = NULL;
}
else
{
ptr = start;
start = temp;
start->next = ptr;
}
}
else if (pos > 1 && pos <= counter)
{
s = start;
for (i = 1; i < pos; i++)
{
ptr = s;
s = s->next;
}
ptr->next = temp;
temp->next = s;
}
else
{
cout<<\"Positon out of range\"<>value;
c=get_count(value);
if(c<2)
{
cout<<\"duplicate does not exist\"<>value;
c=get_count(value);
x=c-1;
if(c<2)
{
cout<<\"duplicate does not exist\"<data == value)
{
f++;
res=pos;
if(f==x)
break;
}
s = s->next;
}
delete_pos(res);
}
}
//delete element at p.
Hyposecretion of insulin is referred to as Type I diabetes insipidus.pdfarihantstoneart
Hyposecretion of insulin is referred to as Type I diabetes insipidus. Type II diabetes mellitus
Type I diabetes mellitus sugarbeetes pancreatic dwarfism
Solution
33. Hyposecretion of insulin is referred to as -
C) Type I diabetes mellitus.
Type I diabetes mellitus : It is happened due to deficient amount of insulin production , by
pancreatic beta cells of islets of Langerhans..
How are the forces of diffusion and electrical force responsible for.pdfarihantstoneart
How are the forces of diffusion and electrical force responsible for both the resting potential and
the action potential?
Solution
Ans). In a resting state, diffusion and electrical force balance each other to attain an equilibrium
for potassium and chloride ions. Large number of protein molecules cannot move through the
membrane due to their size because of their negative charge, they contribute to the relative
negativity of the intracellular fluid..
How does each of the differences between prokaryotes and eukaryotes .pdfarihantstoneart
How does each of the differences between prokaryotes and eukaryotes influence bacterial
infection and treatment
Solution
The differences between prokaryotes and eukaryotes such as cell wall, nucleus, flagella,
membrane-bound organelles, genetic makeup, metabolic differences and antigenicity are
responsible for the infection and treatment of bacterial diseases. For example, the bacteria
contains cell wall, which is absence in animal cells. So, cell wall synthesis inhibition is a strategy
in the treatment of bacterial infections..
For MIMO system, (a) Please talk about the advantage and disadvantag.pdfarihantstoneart
For MIMO system, (a) Please talk about the advantage and disadvantage of MIMO technique.
(b) Please explain why we need Cooperative Diversity to replace MIMO in cellular network.
Solution
A)MIMO advantages
• Capacity scales linearly with number of antennas
Channel knowledge/estimation at Rx needed
• MIMO offers potential for
larger data rate
larger spectral efficiency
larger number of users
improved range/coverage
better interference suppression
better quality of service (QoS), lower bit-error rate (BER)
lower Tx power
MIMO disavantages
• Hardware complexity:
Each antenna needs a radio-frequency (RF) unit
Powerful digital signal processing (DSP) unit required
• Software complexity:
Most signal processing algorithms are computationally intensive
Power consumption:
Battery lifetime of mobile devices
Thermal problems
Antennas:
Antenna spacing (electromagnetic mutual coupling-e.g. mobile handsets)
RF interference and antenna correlation
B)
Most of the present researches on cooperative
network in which the user nodes are equipped with a single
antenna or multiple, there have been some new results which
exploit the benefits of multiple antenna deployment.
Cooperative MIMO technology allows a wireless network
system to attain better performance gains than provided by
either usual MIMO or cooperative systems. It promised
significant improvement in spectral efficiency and network
coverage phenomena for different next generation wireless
communication systems. In wireless communication, the path
towards the various techniques that gives high service quality
and data rate has been through the use of the cooperative
network provided by the rich scattering wireless channels.
Due to their great aspects, MIMO and cooperative systems
have found their way into several standards for future
wireless communication systems, especially in cellular
networks and wireless local area networks (LAN) in this
review article we are presenting the comparative analysis..
Explain why and give examples. In OO programming Polymorphism is on.pdfarihantstoneart
Explain why and give examples. \"In OO programming Polymorphism is only possible when
using Interface or Inheritance\".
Solution
Polymorphism is the ability of an object to take on many forms. The most common use of
polymorphism in OOP occurs when a parent class reference is used to refer to a child class
object.
Any Java object that can pass more than one IS-A test is considered to be polymorphic. In Java,
all Java objects are polymorphic since any object will pass the IS-A test for their own type and
for the class Object.
It is important to know that the only possible way to access an object is through a reference
variable. A reference variable can be of only one type. Once declared, the type of a reference
variable cannot be changed.
The reference variable can be reassigned to other objects provided that it is not declared final.
The type of the reference variable would determine the methods that it can invoke on the object.
A reference variable can refer to any object of its declared type or any subtype of its declared
type. A reference variable can be declared as a class or interface type.
Polymorphism using inheritance:
Polymorphism using interface:
class Main
{
}.
Eukaryotic cells modify RNA after transcription What critical RNA pr.pdfarihantstoneart
Eukaryotic cells modify RNA after transcription What critical RNA processing events usually
happen to pre-mRNA\'s before they sent to the cytoplasm for translation? What is a 5\' cap?
What is a poly A tail? What do these end modifications do for the mRNA transcript? What is
RNA splicing? What are introns? What are exons? How are intros spliced out? What is a
spliceosome? What is a \"snurp\" (snRNA)?
Solution
After its synthesis, the eukaryotic mRNA will undergo extensive modification like capping,
polyadenylation and splicing to enter into the process of translation.
(B)
Capping: Here the 5\' end of the mRNA is modified by the addition of 7-methylguanosine (m7G)
and the main function of this cap is to protect the 5\' end of the primary RNA transcript from
attack by ribonucleases and this 5’ cap will be recognized by eukaryotic initiation factors, so that
it can assemble the mature mRNA with the ribosome to start the process of translation.
At the 3\' end of the RNA, we will have polyadenylation signal and during transcription itself
this sequence will be chopped by an enzyme and another enzyme will add about 100100100 -
200200200 adenine (A) nucleotides to the 3’ end and this will form the poly-A tail.
The main function of this poly A tail is proving stability to the transcript and also helping it to
get exported from the nucleus to the cytosol.RNA splicing
(C )Splicing is the third big RNA processing event and the pre-mRNA will have two sequences,
exons and introns.
Introns are the non-coding sequences and exons are the coding sequences, here in this step the
through splicing, the introns will be removed and exons will be attached together.
In RNA splicing, specific parts of the pre-mRNA (introns) will be recognized and removed by a
protein-and-RNA complex called the spliceosome. Mature mRNA will have only exons, but no
introns.
(D)The splicing signal exon/GU-intron-AG/exon will be present in nuclear mRNA precursors
and 5\' and 3\' splice sites always have consensus sequences extending beyond GU and AG
motifs. During splicing, the exon-intron boundaries will be recognized by snRNA and the
consensus sequences within introns will get hybridized and now the proteins other snRNAs will
assemble the spliceosome on the transcript, the unpaired A present at 3\' side of the introns will
attacks the 5\' exon -intron boundary with the help of 2\' OH and this will give rise to lariat
structure. The free 3\' OH of the upstream exon will displace the downstream junctional
nucleotide, like this introns will be removed and exons will be attached together.
(E)A spliceosome is a large complex formed due to the assembly of snRNAs and protein
complexes, and plays an important role in splicing of pre mRNA.
snRNPs (snurps) is the small nuclear ribonucleic proteins and this is a RNA-protein complexes
and they will form a larger complex with the unmodified pre-mRNA and various other proteins
to form the structure called spliceosome.(A)Critical RNA processing events.
Describe a data structure that supports both removeMin() and rem.pdfarihantstoneart
Describe a data structure that supports both removeMin() and removeMax() with O(log(n))
complexity. You need to show the implementation of insert(), removeMin(), and removeMax(),
and prove their complexity. Hint: one can build on top of the heap.
/*IF YOU WRITE CODE, PLEASE PROVIDE COMMENTS*/
I need to understand
Describe a data structure that supports both removeMin() and removeMax() with O(log(n))
complexity. You need to show the implementation of insert(), removeMin(), and removeMax(),
and prove their complexity. Hint: one can build on top of the heap.
/*IF YOU WRITE CODE, PLEASE PROVIDE COMMENTS*/
I need to understand
Describe a data structure that supports both removeMin() and removeMax() with O(log(n))
complexity. You need to show the implementation of insert(), removeMin(), and removeMax(),
and prove their complexity. Hint: one can build on top of the heap.
/*IF YOU WRITE CODE, PLEASE PROVIDE COMMENTS*/
I need to understand
Solution
The idea here is to use the concept of two binary heaps along with the concept of list(doubly
linked list).
The doubly linked list contains all input items and indexes of corresponding min and max heap
nodes. The nodes of min and max heaps store addresses of nodes of doubly linked list. The root
node of min heap stores the address of minimum item in doubly linked list. Similarly, root of
max heap stores address of maximum item in doubly linked list. Following are the details of
operations.
1) findMax(): We get the address of maximum value node from root of Max Heap. So this is a
O(1) operation.
1) findMin(): We get the address of minimum value node from root of Min Heap. So this is a
O(1) operation.
3) removeMin(): We get the address of minimum value node from root of Min Heap. We use this
address to find the node in doubly linked list. From the doubly linked list, we get node of Max
Heap. We delete node from all three. We can delete a node from doubly linked list in O(1) time.
delete() operations for max and min heaps take O(Logn) time.
4) removeMax(): is similar to deleteMin()
5) Insert() We always insert at the beginning of linked list in O(1) time. Inserting the address in
Max and Min Heaps take O(Logn) time. So overall complexity is O(Logn)
#include
#include
#include
// A node of doubly linked list
struct LNode
{
int data;
int minHeapIndex;
int maxHeapIndex;
struct LNode *next, *prev;
};
// Structure for a doubly linked list
struct List
{
struct LNode *head;
};
// Structure for min heap
struct MinHeap
{
int size;
int capacity;
struct LNode* *array;
};
// Structure for max heap
struct MaxHeap
{
int size;
int capacity;
struct LNode* *array;
};
// The required data structure
struct CDS
{
struct MinHeap* minHeap;
struct MaxHeap* maxHeap;
struct List* list;
};
// A utility function to create a new List node
struct LNode* newLNode(int data)
{
struct LNode* node =
(struct LNode*) malloc(sizeof(struct LNode));
node->minHeapIndex = node->maxHeapIndex = -1;
node->data = data;
node->prev = node->next = NULL;
retu.
Columbus Incorporated just paid $4.3 per share dividend yesterday (i.pdfarihantstoneart
Columbus Incorporated just paid $4.3 per share dividend yesterday (i.e.,D0). The dividend is
expected to grow at a constant rate of 6% a year. The required rate of return on the stock, r, is
11%. What is the value per share of the company\'s stock? Round your answer to two decimal
places.
Solution
Recent Dividend, D0 = $4.30
Growth Rate, g = 6%
Required Return, rs = 11%
D1 = D0 * (1 + g)
D1 = $4.30 * 1.06
D1 = $4.558
Value per share = D1 / (rs - g)
Value per share = $4.558 / (0.11 - 0.06)
Value per share = $4.558 / 0.05
Value per share = $91.16.
Anatomy Question Please Answer them all.A. Using a punnett square.pdfarihantstoneart
Anatomy Question: Please Answer them all.
A. Using a punnett square, show the possible genotypes for John and Andrea\'s children? (John
has O blood type and Andrea has A blood type)
B. Based on the blood typing results, could Daryl be John and Andrea\'s Son? How Do you know
this? ( Daryl has O blood type)
Solution
A. Andrea :Mother has A blood type , her genotype will be either AO or AA
John :Father has O blood type ,his genotype will be OO.
O allele is masked by the presence of A allele or B allele.
OO blood group is expressed only in presence of OO alleles.
Father
Father
B. Daryl has O blood type.For O blood froup to be expressed in child, both parents should have
O alleles that together will contribute to make OO blood type of their son.So, yes Daryl is the
son of John and Andrea.MotherOOAAO A blood groupAO A blood groupOOO O blood
groupOO O blood group.
A person is lost in the desert. (S)he has no water and after a coupl.pdfarihantstoneart
A person is lost in the desert. (S)he has no water and after a couple of days loses so much water
through perspiration that his/her body fluids become hypertonic. What happens to his cells?
What happens to his proteins? What happens to his carbohydrates?
Solution
Early sign of dehydration there is no symptom but later on there is dryness of mouth and tongue,
dark yellow urine,dryness of skin cramp in arm and leg. When fluid become hypertonic i.e
sodium is lost from cell this result in cell shrinkage.
After two days of starvation body will first utilize carbohydrate and then glycogen from liver and
muscle for energy. Protein from cell / muscle will be next to be used as source of energy for
body.
2. Describe an advantage and a limitation to tracing ancestry with b.pdfarihantstoneart
Tracing ancestry with mitochondrial DNA and Y-DNA has the advantage of providing information about historical human evolution over thousands of years, but is limited in its ability to unravel full familial relationships. Autosomal DNA provides a more complete picture of ancestral inheritance patterns, but has ethical limitations when used for prenatal ancestral tracing.
Write your thought on the following1. petroski notes that most en.pdfarihantstoneart
Write your thought on the following:
1. petroski notes that most engineering failures are much more involved than simple technical
mis-calculations and involve the failure of the design process or management culture.However,
not all engineering failures involve ethical issue.The infamous collapse of the first Tacoma
Narrow Brodge, and the losses of the Mars polar lander and Mars Climate Orbiter were technical
and design process failures.
Solution
In the face of new technology, how do we balance public welfare and progress? If Moisseiff had
designed a bridge similar to the ones which had already proven their stability, Tacoma Narrows
Bridge would never have collapsed costing thousands of dollars and endangering many lives. It
would also have been significantly more expensive. On the other hand, if engineers had never
tried innovative techniques, suspension bridges may never have been built at all. At the time of
their introduction, no one believed that a suspension bridge could safely accommodate trains.
Roebling, however, took a gamble, pushed the limits of the current technology, and built a
suspension bridge that he believed could safely support rail traffic. Luckily he was correct, and
suspension bridges soon became widely accepted (Petroski. Moisseiff also took a gamble, trying
to create a longer, sleeker, less expensive bridge, by pushing the limits of technology. He,
however, was not as lucky, and what could have been a breakthrough in technology turned into a
catastrophic failure. Every time engineers push the limits of technology they risk a similar loss
like losses of mas polar lander and mass climate orbiter in which there were technical error like
Mass polar lander
1. Inadequate specifications which includes what the software was supposed to do, but no
mention of what it must not to do.
2. Flawed review process: Violation of basic engineering safety pracitices in the digital part of
the system.
Mass Climate Orbiter
1. Units communication and attention to detail failure. The primary cause of this discrepancy
was that one piece of ground software supplied by Lockheed Martin produced results in a United
States customary unit, contrary to its Software Interface Specification (SIS), while a second
system, supplied by NASA, expected those results to be in SI units, in accordance with the SIS.
Specifically, software that calculated the total impulse produced by thruster firings calculated
results in pound-seconds. The trajectory calculation software then used these results - expected to
be in newton-seconds - to update the predicted position of the spacecraft.
sometimes even It can cause a loss of life. How much is too much? When is a possible advance
worth a risk to public safety? What can the engineering profession do to make the
implementation of new technology safer? Do our current peer review and building code
committee processes adequately protect public safety?.
You have two cell lines, a macrophage cell line and a CD4 T-cell lin.pdfarihantstoneart
You have two cell lines, a macrophage cell line and a CD4 T-cell line. The macrophage cell line
is resistant to infection by HIV, whereas the T-cell line is fully susceptible and fully permissive.
Why are macrophage cell line resistant to infection by HIV? Why are T-cell fully susceptible and
fully permissive? Please explain.
Also, A heterokaryon cell made from the fusion of these two cells is able to be infected by HIV.
Explain why? Please explain in detail.
Solution
Macrophages are antigen- presenting cells so they process the viral peptides and present it to
uninfected CD4 T-Cell which is the important transmission process. Also HIV-infected
macrophages release soluble cytotoxic factors which induce apoptosis in CD4 T-Cells.
Macrophages produce certain host restriction factors which inhibits the release of viral progeny
from infected cells. So macrophages are resistant to lysis because of its genetic make up and its
phenotypes (restriction factors).
So when two cell lines are fused to form heterokaryon cell, the genes of macrophages are
suppressed or it is recessive or the T cell genes are dominant to make the heterokaryon
susceptible to infection..
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
How to Add Chatter in the odoo 17 ERP ModuleCeline George
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
हिंदी वर्णमाला पीपीटी, hindi alphabet PPT presentation, hindi varnamala PPT, Hindi Varnamala pdf, हिंदी स्वर, हिंदी व्यंजन, sikhiye hindi varnmala, dr. mulla adam ali, hindi language and literature, hindi alphabet with drawing, hindi alphabet pdf, hindi varnamala for childrens, hindi language, hindi varnamala practice for kids, https://www.drmullaadamali.com
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
The simplified electron and muon model, Oscillating Spacetime: The Foundation...RitikBhardwaj56
Discover the Simplified Electron and Muon Model: A New Wave-Based Approach to Understanding Particles delves into a groundbreaking theory that presents electrons and muons as rotating soliton waves within oscillating spacetime. Geared towards students, researchers, and science buffs, this book breaks down complex ideas into simple explanations. It covers topics such as electron waves, temporal dynamics, and the implications of this model on particle physics. With clear illustrations and easy-to-follow explanations, readers will gain a new outlook on the universe's fundamental nature.
How to Manage Your Lost Opportunities in Odoo 17 CRMCeline George
Odoo 17 CRM allows us to track why we lose sales opportunities with "Lost Reasons." This helps analyze our sales process and identify areas for improvement. Here's how to configure lost reasons in Odoo 17 CRM
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Qestions1) a) Using the IT audit report for the Cancer Prevention.pdf
1. Qestions:
1) a) Using the IT audit report for the Cancer Prevention and Research Institute of Texas (in the
Readings tab), find examples of the items that are supposed to be in IT audit report according to
Standard 1401. Indicate item and page number.
b) Comment on additional items you find in the audit report that are not part of the 1401 standard
for Audit Reporting. Explain what the benefits are of including it.
Information Technology
Internal Audit Report
Report #2013-03
August 9, 2013
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 2
Table of Contents
Page
Executive
Summary............................................................................................................................................
.......3
Background
Information........................................................................................................................................
..4
Background
...........................................................................................................................................................
.4
Audit
Objectives..........................................................................................................................................
..........4
Scope
...........................................................................................................................................................
............5
Testing
Approach............................................................................................................................................
......5
Statement of Auditing Standards
........................................................................................................................6
Findings, Observations, and Recommendations
2. ..................................................................................................6
IT Policies and Procedures
..................................................................................................................................7
IT Risk
Assessment.........................................................................................................................................
......8
Disaster Recovery Plan & Business Continuity
Plan.......................................................................................9
Security Access
Reviews.....................................................................................................................................11
Self-Assessment
Review.....................................................................................................................................12
Additional Recommendations
...............................................................................................................................13
Appendix A – Texas Administrative Code, Subchapter B, Rule
§202.22.......................................................15
Appendix B – Texas Administrative Code, Subchapter B, Rule §202.25 – IT Policies
...............................16
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 3
Executive Summary
In support of the FY2013 Internal Audit Plan, a review of the information technology (IT)
process was
conducted in August 2013. The IT department is responsible for setting up and supporting IT
operations at
the Agency. The CPRIT offices are located in Austin, TX; however, the Chief Scientific Officer
has an
office in downtown Houston, which is also serviced and maintained by the CPRIT IT
department. The
department is also responsible for the Agency’s various websites, cloud services operations,
video
conference system, data closet, and typical back-office IT operations.
This was the third annual IT audit for the Agency. An internal audit of the IT processes was
performed
previously in June 2012 and May 2011. As a result of those audits, Internal Audit provided
CPRIT findings
3. and recommendations to improve overall efficiency and effectiveness within their IT operations.
Although
some steps have been made to remediate these findings, CPRIT needs to place importance on
establishing a
strong IT governance structure.
CPRIT continues to work towards establishing leading practices within the IT operations.
However, during
the FY 2013 IT internal audit, the following improvement opportunities were noted, in
descending priority:
· Outdated IT Policies and Procedures – In efforts to remediate the findings in the FY 2012 IT
internal audit, the CPRIT IT department recently began reviewing and creating IT policies
required
by Texas Administrative Code, Chapter 202, Subchapter B – Security Standards for State
Agencies.
However, many of the developed policies have not yet been reviewed and approved by
management.
· Incomplete IT Risk Assessment – As recommended as part of the FY 2012 IT internal audit
remediation plan, a detailed risk assessment of the IT environment has not been performed.
· Insufficient Disaster Recovery Plan and Business Continuity Plan – As recommended as part
of the FY 2012 IT internal audit remediation plan, a disaster recovery plan and business
continuity
plan has not been developed, implemented, or tested.
· Inadequate Review or Evidence of Third-Party Control Environment – the third party grants
management provider, SRA, has not provided adequate evidence of their internal control
environment to provide assurance that CPRIT’s information is secure and recorded accurately
within the application.
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 4
Background Information
Background
Texas voters approved a constitutional amendment in 2007 establishing the Cancer Prevention
and
Research Institute of Texas (CPRIT) and authorized the state to issue $3 billion in bonds to fund
groundbreaking cancer research and prevention programs and services in Texas. To date, CPRIT
has
funded almost 500 grants totaling $835,820,450.1
4. CPRIT’s goals are to:
· Create and expedite innovation in the area of cancer research, thereby enhancing the potential
for a
medical or scientific breakthrough in the prevention of cancer and cures for cancer;
· Attract, create, or expand research capabilities of public or private institutions of higher
education
and other public or private entities that will promote a substantial increase in cancer research
and in
the creation of high-quality new jobs in this State; and
· Continue to develop and implement the Texas Cancer Plan by promoting the development and
coordination of effective and efficient statewide public and private policies, programs, and
services
related to cancer and by encouraging cooperative, comprehensive, and complementary planning
among the public, private, and volunteer sectors involved in cancer prevention, detection,
treatment, and research.
Audit Objectives
The main objective of the audit was to verify that the IT infrastructure is appropriately
safeguarded and that
data reliability and accuracy are maintained within the environment.
The specific audit objectives were:
· Verify that prior year audit findings had been addressed and corrected
· Validate that the Agency’s IT environment is compliant with the requirements identified in the
Texas Administrative Code, Chapter 202, Subchapter B – Security Standards for State Agencies
· Assess the overall IT function to determine whether sufficient resources and skill sets have
been
appropriated to support the technology requirements
· Evaluate whether appropriate access has been granted to the network and selected applications
· Validate whether databases are sufficiently backed-up and whether back-ups are restorable
· Confirm that the Agency follows IT general computer controls
1 Figures provided by the CPRIT website. http://www.cprit.state.tx.us/
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 5
In order to assess the IT department, Internal Audit reviewed the following:
· Compliance with Texas Administrative Code requirements
· Internal policies and procedures
Scope
5. Although current legislation may potentially change procedural and reporting requirements for
CPRIT, the
audit performed was designed to evaluate and test compliance with established policies and
procedures as of
July 2013. Internal Audit interviewed staff and completed field work in August 2013.
Our procedures included discussions with the following CPRIT personnel:
Name Title
Heidi McConnell Chief Operating Officer
Alfonso Royal Finance Manager
Lisa Nelson Operations Manager
Therry Simien Information Technology Officer
Testing Approach
During the IT audit, Internal Audit performed procedures that included: inquiry, observation,
inspection
and re-performance. See the matrix below for a description listing of each type of test
performed.
Type Description
Inquiry Inquired of appropriate personnel. Inquiries seeking relevant information or
representation from CPRIT personnel were performed to obtain among other things:
· Knowledge and additional information regarding the policy or procedure
· Corroborating evidence of the policy or procedure
In conducting this internal audit, we interviewed:
· Therry Simien, Information Technology Officer
· Alfonso Royal, Finance Manager
· Lisa Nelson, Operations Manager
Observation Observed the application or existence of specific controls as represented.
Inspection Inspected documents and records indicating performance of the controls, including:
· Examination of documents or records for evidence of performance, such as
existence of required documentation and approvals.
· Inspection of CPRIT systems documentation, such as policies and procedures,
network diagrams, flowcharts and job descriptions.
Re-performance Re-performed the control activity performed by CPRIT to gain additional
evidence
regarding the effective operation of the control activity.
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 6
6. Statement of Auditing Standards
This internal audit was conducted in accordance with generally accepted government auditing
standards
(GAGAS). The internal audit also follows the guidelines set forth by the Institute of Internal
Auditors (IIA)
and conforms to the Standards for the Professional Practice of Internal Auditing, the code of
ethics
contained in the Professional Practices Framework as promulgated by the IIA.
Although due professional care in the performance of this audit was exercised, this should not
be construed
to imply that unreported irregularities do not exist. The deterrence of fraud is the responsibility
of
management. Audit procedures alone, even when executed with professional care, do not
guarantee that
fraud will be detected. Specific areas for improvement are addressed later in this report.
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 7
Findings, Observations, and Recommendations
Summary of Findings and Related Recommendations
The section below provides details regarding the audit findings and corresponding reference to
the Texas
Administrative Code rule.
Statement on FY 2012 Information Technology Audit Remediation
Following the fiscal year 2012 internal audit, the remediation of IT findings was significantly
delayed. IT
staff priorities were shifted to support the agency’s 2012 annual conference logistics, electronic
conference
registration system and electronic scientific abstract collection system; to assist legal counsel
with highpriority
data requests related to investigations; to relocate the remote office IT infrastructure from Dallas
to
Houston; and to support communication projects. As a result, longer-term, non-user related
projects (e.g.,
documentation updates) were effectively placed on hold. Management has made completion of
all
outstanding IT infrastructure and operational compliance projects a high priority during the
7. current year
within staffing constraints.
IT Policies and Procedures
Rule §202.25 lists suggested policies that should be created and implemented by the information
security
officer. Per the results of the FY 2012 IT audit, policies and procedures were scheduled to be
completed
and/or up-to-date by March 2013. As of July 2013, all policies and procedures have not been
finalized.
CPRIT has 11 out of 26 recommended IT policies documented. While some policies have been
developed,
none of them have been approved by management. Please see Appendix B for details around
testing of IT
recommended policies.
Recommendation: To ensure CPRIT has established proper IT governance and protocols,
CPRIT needs
to finalize its IT security policies and procedures as recommended by Texas Administrative
Code §202.25.
The agency should update all existing policies to reflect the actual processes taking place. The
policies
should also be approved by the state agency head or another designated representative.
Management’s Response:
During this audit cycle, significant progress has been made in the review, updating and creation
of IT
policies. As shown in Appendix B of the report, nearly half of the recommended policies have
been
submitted to agency senior management for final approval. IT staff is now in the process of
revising those
policies to incorporate management’s recommendations with the expectation to have this
process
completed within the next 30 days. The remaining policies and procedures will continue to be
updated
and/or created over the next several months.
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 8
Person Responsible: Heidi McConnell / Therry Simien / Lisa Nelson
8. Revised Target Date for Implementation: May 31, 2014
Prior Year (FY 2012) Audit Management’s Response:
CPRIT’s policies and procedures are still being updated to reflect the many changes to agency
infrastructure, systems and additional deployed services that have occurred since the new base
IT
infrastructure was deployed. Over the next several months, CPRIT will continue to document
currently
deployed critical agency infrastructure systems and services as well as systems and services that
will be
deployed over this same time span. CPRIT will also develop or update any relevant agency
policy or
procedure.
Person Responsible: Heidi McConnell / Therry Simien / Lisa Nelson
Revised Target Date for Implementation: March 31, 2012
IT Risk Assessment
Rule §202.22 states that a “risk assessment of information resources shall be performed and
documented”
that ranks the risks as high, medium, or low. Per the results of the FY 2012 audit, an IT risk
assessment was
scheduled to be performed by December 2012. As of July 2013, a formal IT risk assessment has
not yet
been performed.
Recommendation: Based on the guidelines set forth in Rule §202.22, it was determined that
CPRIT
appears to be classified as “low-risk” and therefore should consider completing a biennial
assessment. By
completing a risk assessment periodically, CPRIT will be able to reassess changes that affect the
IT
environment. Please see Appendix A, for more detail around the risk classification levels in
Texas
Administrative Code, Subchapter B, Rule §202.22.
Management’s Response:
The tool CPRIT previously used to perform its initial risk assessment (Information Security
Awareness,
Assessment, and Compliance) ISAAC program was discontinued on August 1, 2013. After a
new Chief
9. Compliance Officer is on staff, that person will help define and implement new formal
assessment
guidelines. Once these guidelines have been established, CPRIT IT will work to implement
them as quickly
as possible.
CPRIT has contracted with the Department of Information Resources (DIR) to provide quarterly
controlled penetration testing of infrastructure systems and services. After each testing cycle, a
report will
be created detailing vulnerabilities found and remediation recommendations. Once DIR has
received
confirmation that remediation processes have been established, a new cycle will be implemented
to test
again. An initial penetration test occurred at the end of September 2013. No exploits were found
in the IT
systems but some system vulnerabilities were noted. IT staff is addressing those items. The
remediation of
those items will be tested during the next penetration test DIR conducts.
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 9
Person Responsible: Heidi McConnell / Therry Simien / Lisa Nelson / Chief Compliance Officer
Revised Target Date for Implementation: May 31, 2014
Prior Year (FY 2012) Management’s Response:
While the initial risk assessment was not completed by the time the internal audit field work was
being
conducted as originally anticipated due to resource needs for other IT projects, it was performed
in June
2012 utilizing the ISAAC (Information, Security Awareness, Assessment, and Compliance) tool
created and
maintained by Texas A&M University (TAMU) and licensed by DIR for state agencies. Based
on the results
of the initial assessment, a timeline of required actions to address deficient areas has been
incorporated into
the current IT plan. Assessment results combined with existing agency policies and TAC §202 is
planned to
be used to develop a controls matrix for the necessary testing of procedural processes and
scheduling of
10. identified compliance activities.
CPRIT will ensure newly implemented technical controls comply with existing agency policies
and amend
agency policies to comply with TAC §202. Once compliance in key areas has been addressed, a
follow-up
assessment will be performed in six months and reviewed. Risk assessments will be scheduled
to occur
annually.
Person Responsible: Heidi McConnell / Therry Simien / Lisa Nelson
Revised Target Date for Implementation: December 31, 2012
Disaster Recovery Plan & Business Continuity Plan
Rule §202.24 states "agencies shall maintain written Business Continuity Plans that address
information
resources so that the effects of a disaster will be minimized, and the state agency will be able
either to
maintain or quickly resume mission-critical functions. The state agency head or his or her
designated
representative(s) shall approve the plan."
Per the results of the FY 2012 audit, a Disaster Recovery Plan and Business Continuity Plan
were scheduled
to be updated by December 2013. Additionally, an electronic records retention schedule was
scheduled to
be written and implemented by December 2013. As of July 2013, neither of these documents
had been
finalized.
In response to the FY 2012 internal audit, the DuPont FM 200 fire suppression system in its
server room is
now fully active. The system will alert specified personnel as well as the authorities in the
instance of smoke,
fire, or drastic change in room temperature. These alerts include a phone call and text and email
alerts.
In an effort to decrease the risk of system unavailability and data recovery, the CPRIT IT group
is looking
into cloud services to store all public facing data and limiting data stored on servers to
confidential data.
This transition will protect data in the instance of a disaster as well as increase the available
11. capacity on
CPRIT servers.
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 10
Recommendation: Since IT systems are critical to CPRIT’s operations, Management should
update their
disaster recovery plan to ensure the continued operation of the IT systems, or rapid recovery of
the systems
in case of a natural disaster.
Likewise, CPRIT should also ensure that a business continuity plan is kept updated to guarantee
that all
aspects of a business remain functioning in the midst of a disruptive event. These plans should
include a
business impact analysis, a risk assessment, and evidence of implementation, testing, and
maintenance.
Management’s Response:
CPRIT has worked to reduce overall business impact on agency operations of the most common
disasters
by implementing a server room environmental monitoring and alert system and performing the
relocation
of several agency public facing resources to cloud provider systems that are geographically
separated from
the agency. This work continues and will focus on internal services that can be relocated off-site
for
redundancy or efficiency purposes.
CPRIT will update the agency’s existing business continuity plan to reflect these infrastructure
changes and
will design and implement an effective routine testing schedule.
Person Responsible: Heidi McConnell / Therry Simien / Lisa Nelson
Revised Target Date for Implementation: December 31, 2014
Prior Year (FY2012) Management’s Response:
Assessments have been completed for all key agency public facing resources, such as CPRIT’s
primary
website, to determine if they could be co-located or relocated to off-site service providers. The
implementation of relocating and co-locating these resources off-site is currently underway.
CPRIT is continuing to develop an electronic records retention schedule to be used for planning
12. and testing
to ensure that access to critical electronic information can be maintained in the event of a
primary site
disaster.
CPRIT will update the agency’s existing business continuity plan, establishing current controls-
based testing
protocols for that plan and the scheduling of routine testing.
Person Responsible: Heidi McConnell / Therry Simien / Lisa Nelson / Laurie Baker
Revised Target Date for Implementation: December 31, 2013
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 11
Security Access Reviews
Rule §202.21 states that the agency should "review access lists based on documented risk
management
decisions." Per the results of the FY 2012 audit, CPRIT was scheduled to perform quarterly
reviews of
systems and network access lists, badge access lists, 3rd party agency sponsored system access
(e.g. USAS,
GMS), and user accounts. As of July 2013, a quarterly review has not been performed.
Recommendation: To prevent unauthorized use of proprietary information or programmatic
information
that could result in undesirable financial, reputational, regulatory, or operational impacts, CPRIT
should
consider conducting a semi-annual review of all network users, all badge access holders, and all
users with
access to USAS. Any exceptions should be noted and remediated immediately.
Management’s Response:
While informal security audits have been performed when staffing changes occurred, security
access reviews
have not been performed regularly. CPRIT will complete a second, formal review of user
accounts, thirdparty
agency sponsored accounts and physical access system lists. Final assessment report guidelines
will be
defined and documented, and quarterly reviews will be scheduled.
Person Responsible: Therry Simien / Lisa Nelson
Target Date for Implementation: March 31, 2014
13. Prior Year (FY2012) Management’s Response:
CPRIT completed a review of systems and network access lists in June 2012 after the internal
audit
fieldwork was completed. CPRIT audited system user accounts, including third-party agency
sponsored
accounts (e.g. USAS, GMS), network access, facility system access keys, and badge access lists.
A formal
assessment report will be created and quarterly reviews will be implemented.
Person Responsible: Therry Simien / Lisa Nelson
Target Date for Implementation: June 30, 2012
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 12
Self-Assessment Review
The State Auditor’s Office website provides a self-assessment document to help state agencies
determine
their compliance with TAC §202. Per the results of the FY 2012 audit, a TAC 202 self-
assessment was
scheduled to be completed by June 2013. As of July 2013, CPRIT has not yet performed a TAC
202 selfassessment.
Recommendation: CPRIT management should complete the self-assessment for state agencies
annually.
By performing the self-assessment, the IT department can help ensure compliance with TAC
202.
Management’s Response:
CPRIT is continuing to address areas of noncompliance with requirements in TAC §202 and
working to
establish an annual self-assessment review schedule.
Person Responsible: Heidi McConnell / Therry Simien / Lisa Nelson
Target Date for Implementation: December 31, 2013
Prior Year (FY2012) Management’s Response:
Management agrees that a regular self-assessment be performed. While the self-assessment was
not
completed as originally anticipated due to resource needs for other IT, CPRIT performed an
initial selfassessment
in June 2012 to determine compliance with TAC §202. CPRIT is addressing areas of
noncompliance specified in TAC §202 and will establish an annual assessment schedule.
14. Person Responsible: Heidi McConnell / Therry Simien / Lisa Nelson
Target Date for Implementation: June 30, 2013
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 13
Additional Recommendations
The following was noted in 2011 and 2012 to improve IT operations and to align with leading
practices.
Grants Management System Third Party Provider Review
The grants management application is hosted by a third party service provider, SRA
International, Inc.
CPRIT does not currently require SRA to provide any evidence of review of SRA processes or
control
environment.
Recommendation: Because safeguarding the information contained within the grants
management
application is crucial to CPRIT's reputation, CPRIT should ensure that the information
contained in the
SRA application is appropriately safeguarded from unauthorized external users. If SRA has had
a third-party
perform an independent controls attestation report for the current period, CPRIT should obtain a
copy the
report and review the report to ensure that SRA's controls are operating effectively. One of the
common
reports obtained by service providers is the SOC 2 (Service Organization Controls) Report.
A SOC 2 Report is a report on controls at a service organization relevant to security,
availability, processing
integrity, confidentiality or privacy. This type of report is applicable when an entity outsources a
business
task or function to another entity (usually one that specializes in that task or function). One way
a user
auditor may obtain evidence about the quality and accuracy of the data provided to a user entity
by a service
organization is to obtain a service auditor’s report on controls at the service organization that
affect data
provided to the user entities. The rationale for this approach is that controls are designed to
prevent, or
15. detect and correct, errors or misstatements. If controls at a service organization are operating
effectively,
errors in data provided to the user entities will be prevented, or detected and corrected, and
misstatements
in the user entities’ financial statements will be avoided.
Management’s Response:
SRA has been providing the annual and quarterly SSAE 16 reports, also called Service
Organization
Controls (SOC) 1 Reports for assurance of the suitability of design and operating effectiveness
of controls.
CPRIT will work with SRA to obtain a SOC 2 Report to provide the assurances of security,
availability,
processing integrity, confidentiality and privacy at the service organization.
Person Responsible: Heidi McConnell / Therry Simien / Lisa Nelson
Target Date for Implementation: June 30, 2014
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 14
Prior Year (FY2012) Management’s Response:
Management agrees with the recommendation that CPRIT complete a formal written assessment
of the
SSAE 16 annual and quarterly reports to verify that CPRIT understands the management
controls over
logical controls, physical controls, and change management in place at Savvis, where SRA-
managed systems
for CPRIT are housed. CPRIT will use these assessments to have SRA rectify any findings
identified in
these reports. The SSAE 16 annual report is available in December of each year, so the written
assessment
will be completed by the end of January and assessments of quarterly reports will be completed
within 30
days after they are received by CPRIT.
Person Responsible: Heidi McConnell / Therry Simien / Lisa Nelson
Target Date for Implementation: January 31, 2013
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 15
Appendix A – Texas Administrative Code,
16. Subchapter B, Rule §202.22
(a) A risk assessment of information resources shall be performed and documented. The risk
assessment
shall be updated based on the inherent risk. The inherent risk and frequency of the risk
assessment will be
ranked, at a minimum, as either "High," "Medium," or "Low," based primarily on the
following criteria:
(1) High Risk-annual assessment--Information resources that:
(A) Involve large dollar amounts or significantly important transactions, such that business
or government processes would be hindered or an impact on public health or safety
would occur if the transactions were not processed timely and accurately, or
(B) Contain confidential or other data such that unauthorized disclosure would cause real
damage to the parties involved, or
(C) Impact a large number of people or interconnected systems.
(2) Medium Risk-biennial assessment--Information resources that:
(A) Transact or control a moderate or low dollar value, or
(B) Data items that could potentially embarrass or create problems for the parties involved
if released, or
(C) Impact a moderate proportion of the customer base.
(3) Low Risk-biennial assessment--Information resources that:
(A) Publish generally available public information, or
(B) Result in a relatively small impact on the population.
(b) A system change could cause the overall classification to move to another risk level.
Cancer Prevention and Research Institute of Texas (CPRIT)
Information Technology Internal Audit Report – FINAL Page 16
Appendix B – Texas Administrative Code,
Subchapter B, Rule §202.25 – IT Policies
The following IT policies have been created and/or updated at the Agency:
Rule §202.25 Recommended IT Policy Area Policy Created?
Acceptable Use
Account Management
Administrator/Special Access
Application Security
Backup/Recovery
Change or Configuration Management
Encryption
17. Firewall
Incident Management
Identification/Authentication
Internet/Intranet Use
Intrusion Detection
Network Access
Network Configuration
Physical Access
Portable Computing
Privacy
Security Monitoring
Security Awareness and Training
Platform Management
Authorized Software
System Development and Acquisition
Third Party Access
Malicious Code
Wireless Access
Vulnerability Assessment
Total 11 / 26
Solution
When planning an engagement, the IT auditor should consider:
Objectives should be developed for each engagement and the scope should be sufficient to
satisfy the objectives.
Types of recommendations
The IT auditor can make four types of recommendations: