country
$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!

Business Information Systems IS Risk

tag 0 Download11 Pages / 2,516 Words tag Add in library Click this icon and make it bookmark in your library to refer it later. GOT IT

Question:

Discuss about the Business Information Systems IS Risk.
 
 

Answer:

Background to the Case

Recently, “Three” faced IS risks as it failed to secure the customers’ information. It is one of the biggest mobile companies in Britain. Due to the major cyber-security breach, it has faced issues in successfully executing IS functions (Swinford and McGoogan, 2017). It is a UK based mobile operator, which provides telecommunication and internet services to the customers. This firm has own network infrastructure to provide internet services. The IS of this organization works to collect, store and manage the customer data. Three customers a facility to purchase mobile phones, SIMs, mobile broadband, accessories, top-ups though online medium. This increases the role of IS in an effective execution of business activities. In order to make online purchase, customers share personal details such as name, mobile number, address and bank details with the firm. In online stores, customer provides these data to shop the firm’s offerings over the internet. Customer database is critical IS of this organization through which Three collects, stores, share and organize customers data. This system is used to share and communicate information among the different departments including sales, production and marketing (Three, 2017). Thus, IS of this firm includes use of digital information through hardware and software.

In 2016, customer database were hacked by using employee login in unauthorized manner. Due to this, private information of over six million customers was at risk. This firm confirmed that customer data such as address, phone number and names were accessed by the hackers (Lomas, 2016). The financial information of customers was not accessed by the hackers.

 

IS Risks

In the selected case study of Threes, different IS risks can be confronted including unauthorized access, software bug, operational mistake, network based virus, device failure and malfunction (Khan, 2012). Below table details the risks, their likelihood, level and implications to the business:

No.

Risks

Risk Likelihood

Risk Level

Implications to the Business 

1

Unauthorized access

.3

High

Loss of customer trust

Loss of market share

Poor performance

Legal issues

Loss of business reputation

2.

Software bug

.5

Medium

Decline in competitiveness

Reduction in sales

3.

Operational mistake

.6

Low

Negative image

Poor employer branding

Decline in ability to attract customers

4.

Network based virus

.7

High

Security breach

Loss of customer data and information

Loss of business reputation

5.

Device failure and malfunction

.2

Low

Operational problems

Increase in employee and customer complaints

The above IS risks could be faced by Three, which would have great implications on the business performance and competitiveness. On the basis of above table, it is determined that unauthorized access and network-based virus are the high level of risk, which may great negative implications on the business (Jouini et al., 2014). These risks have potential to affect the tangible assets such as sales and market share as well as intangible assets including reputation, consumer trust, and organizational image. In this way, the IS risks have potential to destroy the business considerably (Pearson, 2013). The IS risks in Three have causes serious issues of customer complaints and dissatisfaction, which may influence its ability to retain and attract customers and to maintain sales.        

 

Audit Areas, Audit Objectives and Procedures 

The auditing of an information system includes examining the performance of management controls, which are established by an organization within an information technological (IT) infrastructure. Through this, effectiveness of organizational policies, system and practices in terms of protecting corporate identity and ensuring data integrity is analyzed. The audit areas will include management of customer data security, data access and user management at “Three”. Through this, the effectiveness of internal control processes and policies of “Three” in terms of protecting customer data would be analyzed (Moeller, 2010). Below would be the objective and procedure to access audit areas:

No.

Audit Areas

Audit Objectives

Audit Procedures

1

Customer data management including security and access at Three

To determine the practices and system used for managing customer data security and access at Three

To access the practices and system of consumer data protection and privacy of Three

To determine deficiencies of existed system of customer data management at Three and to made informed recommendations  

 

Interview of managers and employees of Three’s IT team as well as its customers  

Review of online and offline documents such as customer complaints, privacy policy, customer reviews and reports of managers, news for privacy concerns at Three

2

User management at Three

To access the practices of managing user experiences with the IS at Three

To determine challenges in managing user experience at Three with IS and to make recommendations  

Interview of IT management and its customers

Review of documents such as customer reviews, news, privacy policy and customer feedback management policy

  

By using the above depicted procedures, required information to audit the selected areas could be obtained in systematic manner. Through interview and survey, questions would be asked to the managers and users of IS including both customers and employees of “Three”. The views and opinions of these participants would be quite useful to determine their real experiences with the policies and systems of data protection and privacy of “Three” (Cascarino, 2012). Review of documents would be the other procedure through which secondary information related to the effectiveness of customer data management system at “Three” would be obtained. Managers of Three’s IT department would be interviewed to determine practices of managing data privacy and protection, whereas customers’ interviews and assessment of secondary sources would be used as audit procedure to access the effectiveness of system critically and to suggest informed changes in the management of IS of this firm (Chong, 2013).

Similarly, interview over the employees and customers of “Three” would also be conducted to determine the access the user experiences over the IS. Employees and customer are used organizational IS to obtain, store and to share information with each other and due to this their opinions could be useful to determine performance of IS in terms of satisfying their information related needs (Gutbrod and Wiele, 2012). Managers would also be interviewed to determine the challenges of firm in establishing systems to provide flawless experiences to the users within the IS infrastructure and to provide recommendations for improvements. Review of documents procedure would also be used to investigate the firm’s IS system effectiveness in terms of providing smooth user experiences through the secondary sources. Journals, books and e-newspaper would be the key sources of collecting secondary information regarding the IS of the organization for the more effective documentation review procedures (Moeller, 2016). Through the above stated audit procedures, it is planned to achieve each objective related to the selected audit areas.

 

Audit Questions and Documents  

In order to achieve each developed objectives, required information would be asked to the customers through the questionnaire. Below table depicts audit questions for each objective and relevant documents:

No.

Audit Objectives

Interview Questions

Audit Evidence

1.

To determine the practices and system used for managing customer data security and access at Three

 

What are the systems and practices used at Three to ensure security on customer data access?

How systems work at Three to protect consumer data from any unauthorized use?

What plans Three has to make the system better in terms of securing consumer data from unauthentic uses?

Blueprint of IS architecture of Three, which would be signed by the top management

 

Video including trials of examine security breaches of Three

 

Blueprint of Three’s IS plan

 

 

2.

To access the practices and system of consumer data protection and privacy of Three

 

Do Three take any security measures when it asks to you for the financial details?

 Have you faced problems due to security breach of Three?

Does Three response adequnetly in case of security breach complaints?

Documentation of interview answers

 

 

 

Customer reviews for Three’s privacy policy

 

 

Copy of Three’s responses

 

3.

To determine deficiencies of existed system of customer data management at Three and to made informed recommendations  

 

What do you think deficiencies in IS system of Three?

Is staff training organized at Three to reduce this risk?

How IS can be improved at Three?  

 

Copy of consumers’ complaints for Three

 

Detail of training programs at Three  

 

 

Detail of Three’s response over the IS improvement

4.

To access the practices of managing user experiences with the IS at Three

 

Does Three has certain policies and system to guide your use of IS?

Does “Three” communicate security measures before information sharing?

Does “Three” provide any OTP, when they asked information to you? 

  

Three’s IS polices for employees

 

 

Three’s IS polices for customers

 

 

Video including trials of making online purchase from Three online stores

 

5.

To determine challenges in managing user experience at Three with IS and to make recommendations 

What challenges do you face in managing user experiences at Three?

 

 

 

 

Is unauthorized access major challenge in improving the user experience with IS at Three

 

Is Three communicate adequnetly regarding any IS fault?

 

Documentation of interview answers including examples of recent IS problems at Three, which are published in authentic newspaper

Examples of security breaches at Three, which are published in authentic newspaper

 

Examples of Three response towards the customers during any IS problem

The above table depicts the questions, which would be asked in interview to the customers, managers and IS staff of “Three” to achieve the purpose of conducting audit. Apart from this, audit evidences are the results, which an auditor obtains by applying the selected audit procedures. The interview and review of documents would be the key audit procedures of conducting IS audit at Three. The validity of obtained results are required to present by auditors with the help of evidences which could be either any authentic document, inquires of the client, observation and result of physical examination (Van Deursen et al., 2013). The above audit question and evidences would be helpful to audit the IS system of Threes and to access their effectiveness.

 

Control Recommendations

This section of control recommendation includes recommended control mechanism for mitigating above identified IS risks effectively including their benefits for “Three”. Below table depicts control recommendations and their benefits:

No.

IS Risks

Control Recommendations

Benefits

1

Unauthorized access

Developing personal firewall at Three

Employ password protected software in systems at Three

Conduct employee training at Three to educate them and to take quick action in case of any early doubts and identification of unauthorized access   

Timely revise polices of consumer data privacy and update of systems at Three

Mitigate risk of unauthorized access at Three

Protect consumer data and to increase trust for Three

Employee education to increase their morale

Increase employee authority at Three to response queries of customer frequently 

2.

Software bug

Implement bug tracking system at Three

Appoint quality control manager at Three

Regalulary access software bug at Three to decreases potential of IS issues and customer problems

Ensuing customers and clients of Three for effective management of software bug

Increase in customer trust and improve image of Three

3.

Operational mistake

Developing culture of professional accountability at Three

Operational quality management program in Three

Ensuring  operational effectiveness of IT department of Three in terms of developing and managing the process to store, collect and to share customer data

Improve quality consistency at Three and increase in consumer satisfaction    

4.

Network based virus

Use updated antivirus

 

Mitigate risk of security breach at Three

Reduce customer complaints and to improve brand image  of Three

Increase ability to attract customers

5.

Device failure and malfunction

Implement highly capable software for data backup at Three

Software to provide early indication of device failure and malfunction at Three  

Ensuring operational consistency at Three and to increase consumer satisfaction

Reduce complaints from customer for error regarding IS functions at Three         

In above table, the ways to mitigate and manage the identified IS risks of “Three” are discussed. These ways would be useful for this firm to reduce or eliminate implication of IS risk on the business. By developing personal firewall, it would be easy for firm to limit or eliminate the unauthentic access over the consumer database, which may increase consumer trust and satisfaction (Khan, 2012). Employee training at “Three” would also be effective to educate IS staff to monitor the performance of software and hardware and to track any potential of unauthorized access, software bug, device malfunction and operational mistake. This may help Three to ensure consistency in the operations of IS systems. The timely revision of polices and system update could be useful for this firm to make required measures for mitigating IS risks effectively and to increase consumer trust (Gibson, 2014). The controlled recommendations would be beneficial to improve consumer satisfaction and to decrease consumer complaints that may influence firm’s sales and profitability in positive manner (Mithas et al., 2011).       

 

References

Cascarino, R.E. (2012) Auditor's Guide to IT Auditing,+ Software Demo (Vol. 583). USA: John Wiley & Sons.

Chong, G. (2013) Detecting Fraud: What Are Auditors’ Responsibilities?. The Journal of Corporate Accounting & Finance, 24(2), pp.47-53.

Gibson, D. (2014) Managing risk in information systems. USA: Jones & Bartlett Publishers.

Gutbrod, R. and Wiele, C. (2012) The Software Dilemma: Balancing Creativity and Control on the Path to Sustainable Software. Germany: Springer Science & Business Media.

Jouini, M., Rabai, L.B.A. and Aissa, A.B. ( 2014) Classification of security threats in information systems. Procedia Computer Science, 32, pp.489-496.

Khan, M.A. ed. (2012) Handbook of Research on Industrial Informatics and Manufacturing Intelligence: Innovations and Solutions: Innovations and Solutions. UK: IGI Global.

Lomas, N. (2016) Three UK suffers major data breach via compromised employee login. [Online]. Available at: https://techcrunch.com/2016/11/18/three-uk-suffers-major-data-breach-via-compromised-employee-login/ (Accessed: 3 April, 2017).

Mithas, S., Ramasubbu, N. and Sambamurthy, V. (2011) How information management capability influences firm performance. MIS quarterly, pp.237-256.

Moeller, R. R. (2016) Brink's Modern Internal Auditing: A Common Body of Knowledge. USA: John Wiley & Sons.

Moeller, R.R. (2010) IT audit, control, and security (Vol. 13). USA: John Wiley & Sons.

Pearson, S. (2013) Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing (pp. 3-42). London: Springer.

Swinford, S. and McGoogan, C. (2016) Three Mobile cyber hack: six million customers' private information at risk after employee login used to access database. [Online]. Available at: https://www.telegraph.co.uk/news/2016/11/17/three-mobile-cyber-hack--six-million-customers-private-data-at-r/ (Accessed: 3 April, 2017).

Three Mobile (2017) About Three [Online]. Available at: https://www.three.co.uk/About_Three (Accessed: 3 April, 2017).

Van Deursen, N., Buchanan, W.J. and Duff, A. (2013) Monitoring information security risks within health care. computers & security, 37, pp.31-45.

 

Download Sample

Get 100% money back after download, simply upload your unique content* of similar no. of pages or more. We verify your content and once successfully verified 100% value credited to your wallet within 7 days.

Upload Unique Document

Document Under Evaluation

Get Credits into Your Wallet

*The content must not be available online or in our existing Database to qualify as unique.

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2018). Business Information Systems IS Risk . Retrieved from https://myassignmenthelp.com/free-samples/business-information-systems-is-risk.

"Business Information Systems IS Risk ." My Assignment Help, 2018, https://myassignmenthelp.com/free-samples/business-information-systems-is-risk.

My Assignment Help (2018) Business Information Systems IS Risk [Online]. Available from: https://myassignmenthelp.com/free-samples/business-information-systems-is-risk
[Accessed 04 July 2020].

My Assignment Help. 'Business Information Systems IS Risk ' (My Assignment Help, 2018) <https://myassignmenthelp.com/free-samples/business-information-systems-is-risk> accessed 04 July 2020.

My Assignment Help. Business Information Systems IS Risk [Internet]. My Assignment Help. 2018 [cited 04 July 2020]. Available from: https://myassignmenthelp.com/free-samples/business-information-systems-is-risk.


For years, MyAssignmenthelp.com has been operating as one of the cheap assignment help providers in the USA. We are one of the best college paper writing services that keep service price minimal. We do not let the affordability of our service to hamper the standard of our work. We have separate teams of experts to provide report writing help . At MyAssigenmnthelp.com, we believe in earning credibility, so students can pay for assignments only after getting satisfied solutions. Tough assignments bother you? Trust us with your project. You will not regret paying us to write assignments for you.

Latest Audit Samples

ACC707 Auditing And Assurance Services 5

Download : 0 | Pages : 12
  • Course Code: ACC707
  • University: Kings Own Institute
  • Country: Australia

Answer: Introduction Over the years, many large corporate collapses and business failures took place in the business sector of Australia such as HIH Insurance, Ansett Australia, OneTel and Harris Scarfe. Therefore, the corporate sector of Australia had to face many adverse long-term impact of these business failures and corporate collapses; and the auditing profession has been majorly affected with the same (Betta, 2016). This report emphasiz...

Read More arrow Tags: Australia Auburn 35 auditing and assurance services Kings own Institute 

BUACC5935 Auditing And Assurance Services

Download : 1 | Pages : 6
  • Course Code: BUACC5935
  • University: Federation University
  • Country: Australia

Answers: 1. The four main major risks of Woodside Petroleum for the process of business are the climate change risk management, risk of overrunning the costs of the business, risk of non-compliance with the legal requirements and the risk of not delivering sufficient returns to the shareholders. As the business is mainly involved in the process of petroleum exploration and oil and gas sector, the pressure from the environmental groups is ever...

Read More arrow Tags: Australia 35 Auditing and Assurance Services Federation University 

HI6026 Audit Assurance And Compliance 6

Download : 0 | Pages : 8

Answer: Week 1: Q1) Type of engagements required and level of assurance needed on Audit of Management accounts for the year ended 30thJune 2017 As an audit manager for OEL, my role is to show whether the management accounts for Local Pty Ltd for the year ended 30th June 2017 reflect a true and fair position of the company. Three major assurances are ordered in the increasing level of rigor. They include compilations, reviews and au...

Read More arrow Tags: Australia 35 audit  assurance and compliance Holmes Institute 

HA3032 Auditing 6

Download : 0 | Pages : 7

Answers: 1. Providing advice on accounting policies and accounting services, is a part of the assurance engagement, as it is the responsibility of the auditor to check whether the books of the company have been prepared based on the standard accounting and auditing practices and in case there are any errors than the auditor should state the same in their audit report and also discuss with management of the company on how they can improve it...

Read More arrow Tags: Australia 35 Auditing Holmes Institute 

HI6026 Audit Assurance And Compliance 5

Download : 0 | Pages : 8

Answers: 1: Auditing is the process of checking and inspecting all the books of accounts in order to find errors and manipulations in them if any and to make an assurance about the true and fair view of the financial statements. There are various types of audit according to its functions and objectives and an individual person having competent knowledge can be appointed for such audit. In the given case study, it can be observed that the Over...

Read More arrow Tags: Australia Randwick 35 Audit Assurance and Compliance Holmes Institute 
Next
watch

Save Time & improve Grade

Just share Requriment and get customize Solution.

question
We will use e-mail only for:

arrow Communication regarding your orders

arrow To send you invoices, and other billing info

arrow To provide you with information of offers and other benefits

1,355,354

Orders

4.9/5

Overall Rating

5,080

Experts

Our Amazing Features

delivery

On Time Delivery

Our writers make sure that all orders are submitted, prior to the deadline.

work

Plagiarism Free Work

Using reliable plagiarism detection software, Turnitin.com.We only provide customized 100 percent original papers.

time

24 X 7 Live Help

Feel free to contact our assignment writing services any time via phone, email or live chat.

subject

Services For All Subjects

Our writers can provide you professional writing assistance on any subject at any level.

price

Best Price Guarantee

Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.

Our Experts

Assignment writing guide
student rating student rating student rating student rating student rating 4/5

248 Order Completed

100% Response Time

Lloyd Bernabe

MSc in Accounting

London, United Kingdom

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

647 Order Completed

98% Response Time

Adlina Han

Masters in Marketing with Specialization in Branding

Singapore, Singapore

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

610 Order Completed

100% Response Time

Cheryl Zhao

PhD in Statistics

Singapore, Singapore

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

134 Order Completed

95% Response Time

Thomas Nelson

MS in Information Systems Technology with Specialization in Database Administration

New Jersey, United States

Hire Me

FREE Tools

plagiarism

Plagiarism Checker

Get all your documents checked for plagiarism or duplicacy with us.

essay

Essay Typer

Get different kinds of essays typed in minutes with clicks.

edit

GPA Calculator

Calculate your semester grades and cumulative GPa with our GPA Calculator.

referencing

Chemical Equation Balancer

Balance any chemical equation in minutes just by entering the formula.

calculator

Word Counter & Page Calculator

Calculate the number of words and number of pages of all your academic documents.

Refer Just 5 Friends to Earn More than $2000

Check your estimated earning as per your ability

1

1

1

Your Approx Earning

Live Review

Our Mission Client Satisfaction

The paper is well organize but is missing information. It has not the address of the schools.

flag

User Id: 169970 - 03 Jul 2020

Australia

student rating student rating student rating student rating student rating

assignment on time, with good and qualitative work. assignment on time, with good and qualitative work. assignment on time, with good and qualitative work. assignment on time, with good and qualitative work. assignment on time, with good and qualitat...

flag

User Id: 256084 - 03 Jul 2020

Australia

student rating student rating student rating student rating student rating

assignment on time, with good and qualitative work. assignment on time, with good and qualitative work. assignment on time, with good and qualitative work. assignment on time, with good and qualitative work. assignment on time, with good and qualitat...

flag

User Id: 256084 - 03 Jul 2020

Australia

student rating student rating student rating student rating student rating

assignment on time, with good and qualitative work. assignment on time, with good and qualitative work. assignment on time, with good and qualitative work. assignment on time, with good and qualitative work. assignment on time, with good and qualitat...

flag

User Id: 256084 - 03 Jul 2020

Australia

student rating student rating student rating student rating student rating
callback request mobile
Have any Query?