Assignment 1: ERM Roadmap
The following material may be useful for the completion of this assignment. You may refer to the documents titled “Embracing Enterprise Risk Management: Practical Approaches for Getting Started” and “Developing Key Risk Indicators to Strengthen Enterprise Risk Management”, located at http://www.coso.org/-ERM.htm.
Imagine you are an Information Technology Manager employed by a business that needs you to develop a plan for an effective Enterprise Risk Management (ERM) program. In the past, ERM has not been a priority for the organization. Failed corporate security audits, data breaches, and recent news stories have convinced the Board of Directors that they must address these weaknesses. As a result, the CEO has tasked you to create a brief overview of ERM and provide recommendations for establishing an effective ERM program that will be used as a basis to address this area moving forward.
Write a three to four (3-4) page paper in which you:
1. Summarize the COSO Risk Management Framework and COSO’s ERM process.
1. Recommend to management the approach that they need to take to implement an effective ERM program. Include the issues and organizational impact they might encounter if they do not implement an effective ERM program.
1. Analyze the methods for establishing key risk indicators (KRIs).
1. Suggest the approach that the organization needs to take in order to link the KRIs with the organization’s strategic initiatives.
1. Use at least three (3) quality resources in this assignment (in addition to and that support the documents from the COSO Website referenced in this assignment). Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
1. Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA format.
The specific course learning outcomes associated with this assignment are:
1. Describe the COSO enterprise risk management framework.
1. Describe the process of performing effective information technology audits and general controls.
1. Use technology and information resources to research issues in information technology audit and control.
1. Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.
Bottom of Form
1.
How would you use the stages of the Systems Development Life Cycle (SDLC) to help Drewmobile Incorporated automate its currently manual “Submit Official Travel Requests & Vouchers Online” business task/activity? (see Chapter 13). Please craft a well-written and fluid essay exam response to address this question. Moreover, please use examples to illustrate your answer.
The automobile industry is always evolving. The modern automotive industry can no longer just rely on the economy demand, political backstops, or experienced markets t ...
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
Assignment 1 ERM RoadmapThe following material may be useful .docx
1. Assignment 1: ERM Roadmap
The following material may be useful for the completion of this
assignment. You may refer to the documents titled “Embracing
Enterprise Risk Management: Practical Approaches for Getting
Started” and “Developing Key Risk Indicators to Strengthen
Enterprise Risk Management”, located at http://www.coso.org/-
ERM.htm.
Imagine you are an Information Technology Manager employed
by a business that needs you to develop a plan for an effective
Enterprise Risk Management (ERM) program. In the past, ERM
has not been a priority for the organization. Failed corporate
security audits, data breaches, and recent news stories have
convinced the Board of Directors that they must address these
weaknesses. As a result, the CEO has tasked you to create a
brief overview of ERM and provide recommendations for
establishing an effective ERM program that will be used as a
basis to address this area moving forward.
Write a three to four (3-4) page paper in which you:
1. Summarize the COSO Risk Management Framework and
COSO’s ERM process.
1. Recommend to management the approach that they need to
take to implement an effective ERM program. Include the issues
and organizational impact they might encounter if they do not
implement an effective ERM program.
1. Analyze the methods for establishing key risk indicators
(KRIs).
1. Suggest the approach that the organization needs to take in
order to link the KRIs with the organization’s strategic
2. initiatives.
1. Use at least three (3) quality resources in this assignment (in
addition to and that support the documents from the COSO
Website referenced in this assignment). Note: Wikipedia and
similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
1. Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and references
must follow APA format.
The specific course learning outcomes associated with this
assignment are:
1. Describe the COSO enterprise risk management framework.
1. Describe the process of performing effective information
technology audits and general controls.
1. Use technology and information resources to research issues
in information technology audit and control.
1. Write clearly and concisely about topics related to
information technology audit and control using proper writing
mechanics and technical style conventions.
Bottom of Form
1.
How would you use the stages of the Systems Development Life
Cycle (SDLC) to help Drewmobile Incorporated automate its
currently manual “Submit Official Travel Requests & Vouchers
Online” business task/activity? (see Chapter 13). Please craft a
well-written and fluid essay exam response to address this
question. Moreover, please use examples to illustrate your
answer.
The automobile industry is always evolving. The modern
automotive industry can no longer just rely on the economy
3. demand, political backstops, or experienced markets to deliver
the desired returns on investments. Incorporating innovative
technology and understanding your organizations culture, time,
ownership and purpose are the building blocks of a successful
business in todays society. The Drewmobile incorporated has
yet assimilated these methods. They are currently still using the
manual way to approve employees travel requests and vouchers
for the company. Thus, the car company is having problems
such as streamlining travel operations, the inability to
continually control travel costs or manage risk, and
inaccessibility to service employees at any time of the day. The
submit official travel requests and vouchers online business task
of Drewmobile incorporated can be improved by an application
implementing the eight phases of the systems development life
cycle. (Turban, Volonino, Wood, n.d. p. 400-412)
Phase one is the systems investigation by defining the project
goal. This is where it all begins. You can’t solve a problem
without gathering all the information possible to strategically
solve a problem. Drewmobile needs to understand how their old
school system is affecting their partners, suppliers, and
customers. The senior management needs to be aware that their
current business process is costing them money and a new
alternative needs to be funded. For example, the drew mobile
current online application needs specific user permissions in the
code that grants “super user” rights to some and not all
employees managing the travel requests of the automotive
company (Turban, Volonino, Wood, n.d. p. 409).
Now that senior management approved the business case,
Drewmobile incorporated can now plan the project which is
phase two. The system analysis stage defines how the project
will be organized and what is the overall scope of the project.
Drewmobile goal is to create an automated online application of
travel requests and vouchers for employees. To fulfill their
goal, they need to sort out who is the project application
developers, stakeholders and managers working on this business
case.
4. Drewmobile figured out what they have to do resolve the
business problem. The next task is how the automotive company
is going to solve their issue. This ties in stage three which is the
companies design, execution and control of the project.
Drewmobile is working on the technical approach of the project
such as the software, databases, telecommunications, and
procedures to properly operate the online application. During
this phase, the application developers of Drewmobile are
working on the physical designing of the online layout and
reporting any issues or needed features to stakeholders.
Drewmobile also is working on the logical design by streamline
travel operations. The company accomplish streamline by widen
their area network by re-routing telephone calls to company’s
plants all over the world.
Phase four is programing. “System developers utilize the design
specifications to tacquire the software needed for the system to
meet its functional objectives and solve the business problem
(Turban, Volonino, Wood, n.d. p. 411).” During this stage
Drewmobile decided to do a custom software in-house. The
automotive company is creating a Drewmobile Agent Desktop
which provides computer-telephony integration features that
enable more efficient service to callers. For example, when
Drewmobile employee calls any of the regional travel centers, a
prompt asks for keypad entry of the employee ID number
(Turban, Volonino, Wood, n.d. p.411)
When there is programming there is always testing. Phase five
is the stage of thorough and continuous testing. In order to
achieve the drewmobile goal they need to know if the goal
works. Drewmobile programmers do a series of testing to clean
out syntax and logic errors of the application. The company did
find errors on their application such as misspelling and travel
costs calculations. Drewmobile resolved previous travel cost
issues by their continuous testing. During testing, errors must
be documented and addressed by the developer, corrected and
regression tested for this process to be effective (Turban,
Volonino, Wood, n.d. p. 411).
5. Drewmobile is now 85% finished with their project. The
company is now converting the old system to the new system
which is phase six, implementation. Business’s use any of the
four major strategies which parallel, direct, pilot, or phased
conversion. Drewmobile incorporated used the least risky
strategy, parallel conversion. The project team monitored the
old system and new system simultaneously for an extended
period of time to compare data outputs. Drewmobile used this
strategy he to make sure all travel requests, vouchers, employee
users are functioning as designed and all requirements are met
(Turban, Volonino, Wood, n.d. p. 410).
Now that everything is developed, tested, and installed for the
automate online application, the company must conform the
final cost and evaluation of the project. The closing of the
project falls into phase seven and eight which is operation and
maintenance. Drewmobile finally launched their automated
travel request and voucher application for employees. The
automotive company will continue operating their new system
until it is no longer useful for their business. In order to keep
anything running smoothly you must keep the maintenance up to
date. Thus the drewmobile will continue upgrading the system
by debugging, updating, and adding any new functionality to the
application. They will also review what worked, didn’t work, or
needed to work with the project manager, team, and third
parties.
Drewmobile finally completed their project! They now can
increase their productivity and deliver effective results by
implementing their new automated travel arrangements. Their
application now has centralized travel operations and 24-hour
service for internal call routing of employees, a software agent
desktop, and travel cost management. The drewmobile
incorporated has gained significant results from its efforts on
redesigning the official submission of travel requests and
vouchers of their employees. By using the SDLC the company
has gained cost savings such as avoiding long distance call
expenses, travel center productivity by requesting employee ID
6. number before transferring the calls and employee satisfaction
by making travel submissions easier and faster.
2. When Tony Stark, CEO of Stark Industries, travels to other
countries, he follows a routine that seems straight from a secret
agent movie. He leaves his smart-phone and laptop at home.
Instead he brings loaner devices, which he erases before he
leaves the U.S. and wipes clean the minute he returns. While
traveling, he disables Bluetooth and Wi- Fi and never lets his
phone out of his sight. While in meetings, he not only turns off
his phone, but also removes the battery for fear his microphone
could be turned on remotely. Mr. Tony Stark connects to the
Internet only through an encrypted, password-protected channel.
He never types in a pass-word directly, but copies and pastes
his password from a USB thumb drive. By not typing his
password, he eliminates the risk of having it stolen if key-
logging software got installed on his device.
Many travelers might consider Tony Stark’s method too
inconvenient. Clearly, his electronically clean methods are time
consuming and expensive. By way of a well written and fluid
essay exam response, please address the below questions:
a) Is there a tradeoff between cybersecurity and convenience?
Explain.
b) Create a list and explain the best cybersecurity practices for
travelers based on Tony Stark’s methods
A. We live in a day and age where time is of the essence.
Modern day technology has made people accustom to
accomplishing anything they want to do in a proficient and more
convenient outlook. People enjoy the advantages of easy
accessibility, liberty, and agility of the web world. However,
the computer guru Tony Stark is way more knowledgeable of
the cyber world then the average user. Mr. Starks carries out
his time consuming and expensive methods because he is aware
7. of the risks of convenience. There is an immeasurable trade off
between cybersecurity and convenience that constitutes the
belief that added convenience means added danger (Turban,
Volonino, Wood, n.d. p. 122).
Technology conveniences that can be cyber risks are usage of
social networks, passwords and web based applications. Social
media is used as the leading communication tool for people
today. People can easily post pictures, share thoughts, and
upload profiles with personal information. In this tool, social
engineering techniques can be used by baiting users to give up
proprietary information by using the information you posted on
your page (Turban, Volonino, Wood, n.d. p. 125).
The accommodation of applications remembering your password
can also be a threat. People today enjoy the luxury of not having
to type in their passwords if they don’t have to. They simply
save their usernames and passwords on their browsers. The
information is then saved in a database on that browser that
retrieves your information when you request it. Hackers can
causally access your information and extract its contents for the
database you saved your passwords (Turban, Volonino, Wood,
n.d. p. 125).
People also use web based applications daily to access
professional and private information such as a Hotmail account.
People simply open their inboxes and check daily every
message sent to them. Hackers use the method of phishing
emails where they send fake email messages to users as a
legitimate organization to steal people information or identity.
Such organizations are banks, PayPal, credit card company, or
any other trusted source (Turban, Volonino, Wood, n.d. p. 409).
In all, society will continue focusing on the prosperity of
convenience instead of the risks that comes with it. The give
and take of security and convenience will forever be imbedded
in the digital world. People are attracted to time, freedom and
8. speed more than anything on the internet. Even though the
unmindfully acceptance of sharing and giving out personal data
numerous times can invoke healthy paranoia to some such as
Mr. Starks. Mr. Starks methods maybe time consuming and
inconvenient but he is protecting himself from cyber attacks
(Turban, Volonino, Wood, n.d. p. 409).
B. Cybersecurity actions should not only be used in your office
or home. It is important to practice online safety when traveling
internally or abroad. The computer guru, Tony Starks uses
effective methods that are considered some of the best practices
for cybersecurity:
1. Tony leaves his smart-phone and laptop at home. Instead he
brings loaner devices, which he erases before he leaves the U.S.
and wipes clean the minute he returns. Tony practice prevents
the risk of data vulnerability by cybercriminals getting access to
his devices. He also eliminated the risk of having his devices
lost through security and customs.
2.While traveling, he disables Bluetooth and Wi- Fi and never
lets his phone out of his sight. This is a great mechanism used
by Mr. Starks because he prevents the risk of connecting to
danger hotspots in public areas such as a hotel, airport, or
restaurant. Cyber Criminals can create a trustful looking Wi-Fi
network and encourage people to connect to steal their
information. They also can steal information by connecting to
your Bluetooth when it is on and accessible.
3.While in meetings, he not only turns off his phone, but also
removes the battery for fear his microphone could be turned on
remotely. Mr. Starks applies this approach because government
spies and hackers can now remotely turn on phones. The
hacking occurs by setting up their own cell network tower,
connect to a cell phone, and use radio waves by commanding
your phone to turn on. Not only can they turn your cell phone
on, but they can also keep your phone on standby and just use
the cellphone microphone. Mr. Starks prevents this scary risk by
turning off phone and taking battery out.
9. 4.Mr. Tony Stark connects to the Internet only through an
encrypted, password-protected channel. He never types in a
pass-word directly, but copies and pastes his password from a
USB thumb drive. By not typing his password, he eliminates the
risk of having it stolen if key-logging software got installed on
his device.
3. You have just been promoted to Chief of IT Security for
Drew-mobile Incorporated. You just learned that our
organization will be merging with another automotive company
which has a history of detrimental breaches due to poor security
management. Please craft a well-written and fluid essay exam
response to address the below four (4) questions:
a. What are the key IT-security areas of focus?
b. What strategies and technologies you would consider in the
transition?
c. Discuss non-technical considerations as well.
d. Please present your answer in the form of a well crafted essay
response.
People, processes and technology are the basic principles of IT
security models. Companies stress the fact of implementing
10. these focuses in an abundant of ways through leadership
commitments, governance, agility, and technical protection.
These focuses are put to the test when the decision of merging
two companies occurs in a proposition. The merging of
companies can always be a difficult challenge. Typical
problems arise when organizations combine such as cultural
differences, employee retention challenges, and communication
challenges. However, accountable flaws that expose
unsatisfactory performance in a company are intolerable.
Consequently, my organization Drewmobile incorporated has
been merged to a business with a history of detrimental
breaches such as poor security management. As Chief of IT
Security, my goal will be to enforce a prosperous transition
through a successful business strategy in our IT security branch.
The essential IT security areas of focus will incorporate
Physical Security strategies, Logical Security strategies, and
Behavioral Security strategies (Turban, Volonino, Wood, n.d. p.
113).
In order to have a successful IT security team, everyone must be
highly committed and must know the comprehensive objective
in defending your organization. A main strategy used is
Physical security which provides protection against natural and
human hazards such as data centers, software, manuals, and
networks. Examples of physical security Physical security
surveillance, sensors, and the use of internet of things. Logical
Security is the next strategy that focuses on accessible control
and verifications. Logical security solutions and services create
intricate barriers that protect access to company’s information.
Such examples include biometrics, encryption, key
management, intrusion detection and forensics. Another IT
security that can be used for the company focuses on a more non
technical approach such as behavioral strategies. These
administrative controls give employees the training on what to
during a challenging situation. Behavior analytics involve
knowing who is in your network, handling errors, increasing
department cooperation, and proactive data maintenance
11. (Turban, Volonino, Wood, n.d. p. 114).
By Drewmobile using these strategies will improve their overall
success with the merging company. Successful IT security is a
subject every company needs to address, executives who are the
point person to ensure that this initiative is successful.
Organizations must Be proactive and develop a security culture
that can detect and address security breaches. Adding physical,
logical, and behavioral analytics will advance the maturity of
the security programs. The overall mission will be better equip
to run a business aligned security program (Turban, Volonino,
Wood, n.d. p. 115).
4. Please explain to me, via a well crafted essay response, why
Drewmobile Incorporated, a medium-size company with 8,000
employees, should or shouldn’t consider out-sourcing and/or
offshoring of our Information Systems Management &
Information Technology Management functions?
a. Such a decision & essay exam response should include:
i. the state of the American economy,
ii. operational challenges associated with both courses of
action,
iii. considerations from a deontological ethics perspective
iv. as well as what’s in the best interest for the corporation from
a sustainability perspective and the greater community
(Stockholder Theory, Stakeholder Theory, and Social Contract
Theory).
The fairly moderate size Drewmobile incorporated is seeking
exapansion and improvement in their company. The automotive
company has identified major obstacles such as the inability to
profit from operating costs, gain world wide capapitilites, and
execute management. The realization of their problems has
made them transfer the day to day execution of an their entire
business function to a n external serivce provider which is
outsouricing. The type of outsourcing strategy they integreated
was offshoring. Factors involing decision making are the
awareness of the challenges associated with both onshore and
12. offshore, the American economy, deotological ethics
perspective and as well as stake holder theory.
As a whole outsourcing can be a risky decision when using to
better your business.
The operational challenges associated with outsourcing are over
looking hidden costs, losing control of your business by third
party and evening losing profit by engaging in rumors. These
deadly sins of outsourcing enhance the general challenges of
global manament such as cultural differences, communication
problems, and security issues when working abroad. These
disadvantages can be overwhelming but to Drewmobile they do
not compare to the American economy. Land of the free and
home of the brave, so they say. American encomony is very
flawed by the high costs of warehouse manuafacturing, taxes,
and employee inequality. America costly society makes it easier
for drewmobile to consider off shoring where going abroad can
captilize economies of scale. This allows an organization to
take advantage of cheap labor by procuring a product or service
from a supplier that operates in another country. Many
companies profit from this method and do not acknowledge the
poor condtions of manufacturers overseas. Employees work
inhumane hours in exchange for minmal wage and unsafe labor
environements. This raises the factor on companies supporting
unethical tactics to make a profit. However, from a deon
5. Please describe to me, via a well crafted essay response, how
13. Business Intelligence, specifically the “Circle of B.I.” as it was
explained in class, affects the SDLC and the levels of Decision
Making (to include information requirements and types of
decisions).
The way Business intelligence is used in modern day
society is crafty and creative. The mythology and knowledge
management approach of taking unstructured data and
transforming it to profitable information for companies is a
competitive yet costly tactic. Business project life cycle
requires a series of processes and measurements that companies
will invest in for better performance. The messy data gathered
administers crucial insights that discloses customer behavior,
such as online commenting, likes or dislikes, and online
shopping. These systematic operations affect the overall
decision making process during a life cycle through a series of
strategic, tactical, and operational stages (Turban, Volonino,
Wood, n.d. p. 9-12)
Strategic decisions take a long time to formulate but are
very vital in a business cycle. These phases conceptualize,
initialize and project charter the overall purpose of the business
case. Another decision making stage is tactical solutions. This
phase executes the logical decision making that can improve
product pricing or reorganizing a department. Thus the data is
remotely used through routine transactions. Operational
decisions use data to formulate procedures and rules of the
organization. An example would be how to answer sales
enquiry, approve quotations or invoices. Once the project is
completed and everything is done A final cost of the project can
be determined through a set a processes by the project manager
(Turban, Volonino, Wood, n.d. p. 387)
Overall, business intelligence has the capability of
leveraging different parts of the life cycle due to its decision
making through data, technology, analytics, and human
knowledge. Business intelligence will constantly track
performance tactics for the now and future of a company to
14. continue appealing consumers, improve user training and
efficiently identify rivilary trends (Turban, Volonino, Wood,
n.d. p. 9-12)