$20 Bonus + 25% OFF
Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!

Business Information Systems IS Risk

tag 0 Download11 Pages 2,516 Words tag Add in library Click this icon and make it bookmark in your library to refer it later. GOT IT


Discuss about the Business Information Systems IS Risk.


Background to the Case

Recently, “Three” faced IS risks as it failed to secure the customers’ information. It is one of the biggest mobile companies in Britain. Due to the major cyber-security breach, it has faced issues in successfully executing IS functions (Swinford and McGoogan, 2017). It is a UK based mobile operator, which provides telecommunication and internet services to the customers. This firm has own network infrastructure to provide internet services. The IS of this organization works to collect, store and manage the customer data. Three customers a facility to purchase mobile phones, SIMs, mobile broadband, accessories, top-ups though online medium. This increases the role of IS in an effective execution of business activities. In order to make online purchase, customers share personal details such as name, mobile number, address and bank details with the firm. In online stores, customer provides these data to shop the firm’s offerings over the internet. Customer database is critical IS of this organization through which Three collects, stores, share and organize customers data. This system is used to share and communicate information among the different departments including sales, production and marketing (Three, 2017). Thus, IS of this firm includes use of digital information through hardware and software.

In 2016, customer database were hacked by using employee login in unauthorized manner. Due to this, private information of over six million customers was at risk. This firm confirmed that customer data such as address, phone number and names were accessed by the hackers (Lomas, 2016). The financial information of customers was not accessed by the hackers.


IS Risks

In the selected case study of Threes, different IS risks can be confronted including unauthorized access, software bug, operational mistake, network based virus, device failure and malfunction (Khan, 2012). Below table details the risks, their likelihood, level and implications to the business:



Risk Likelihood

Risk Level

Implications to the Business 


Unauthorized access



Loss of customer trust

Loss of market share

Poor performance

Legal issues

Loss of business reputation


Software bug



Decline in competitiveness

Reduction in sales


Operational mistake



Negative image

Poor employer branding

Decline in ability to attract customers


Network based virus



Security breach

Loss of customer data and information

Loss of business reputation


Device failure and malfunction



Operational problems

Increase in employee and customer complaints

The above IS risks could be faced by Three, which would have great implications on the business performance and competitiveness. On the basis of above table, it is determined that unauthorized access and network-based virus are the high level of risk, which may great negative implications on the business (Jouini et al., 2014). These risks have potential to affect the tangible assets such as sales and market share as well as intangible assets including reputation, consumer trust, and organizational image. In this way, the IS risks have potential to destroy the business considerably (Pearson, 2013). The IS risks in Three have causes serious issues of customer complaints and dissatisfaction, which may influence its ability to retain and attract customers and to maintain sales.        


Audit Areas, Audit Objectives and Procedures 

The auditing of an information system includes examining the performance of management controls, which are established by an organization within an information technological (IT) infrastructure. Through this, effectiveness of organizational policies, system and practices in terms of protecting corporate identity and ensuring data integrity is analyzed. The audit areas will include management of customer data security, data access and user management at “Three”. Through this, the effectiveness of internal control processes and policies of “Three” in terms of protecting customer data would be analyzed (Moeller, 2010). Below would be the objective and procedure to access audit areas:


Audit Areas

Audit Objectives

Audit Procedures


Customer data management including security and access at Three

To determine the practices and system used for managing customer data security and access at Three

To access the practices and system of consumer data protection and privacy of Three

To determine deficiencies of existed system of customer data management at Three and to made informed recommendations  


Interview of managers and employees of Three’s IT team as well as its customers  

Review of online and offline documents such as customer complaints, privacy policy, customer reviews and reports of managers, news for privacy concerns at Three


User management at Three

To access the practices of managing user experiences with the IS at Three

To determine challenges in managing user experience at Three with IS and to make recommendations  

Interview of IT management and its customers

Review of documents such as customer reviews, news, privacy policy and customer feedback management policy


By using the above depicted procedures, required information to audit the selected areas could be obtained in systematic manner. Through interview and survey, questions would be asked to the managers and users of IS including both customers and employees of “Three”. The views and opinions of these participants would be quite useful to determine their real experiences with the policies and systems of data protection and privacy of “Three” (Cascarino, 2012). Review of documents would be the other procedure through which secondary information related to the effectiveness of customer data management system at “Three” would be obtained. Managers of Three’s IT department would be interviewed to determine practices of managing data privacy and protection, whereas customers’ interviews and assessment of secondary sources would be used as audit procedure to access the effectiveness of system critically and to suggest informed changes in the management of IS of this firm (Chong, 2013).

Similarly, interview over the employees and customers of “Three” would also be conducted to determine the access the user experiences over the IS. Employees and customer are used organizational IS to obtain, store and to share information with each other and due to this their opinions could be useful to determine performance of IS in terms of satisfying their information related needs (Gutbrod and Wiele, 2012). Managers would also be interviewed to determine the challenges of firm in establishing systems to provide flawless experiences to the users within the IS infrastructure and to provide recommendations for improvements. Review of documents procedure would also be used to investigate the firm’s IS system effectiveness in terms of providing smooth user experiences through the secondary sources. Journals, books and e-newspaper would be the key sources of collecting secondary information regarding the IS of the organization for the more effective documentation review procedures (Moeller, 2016). Through the above stated audit procedures, it is planned to achieve each objective related to the selected audit areas.


Audit Questions and Documents  

In order to achieve each developed objectives, required information would be asked to the customers through the questionnaire. Below table depicts audit questions for each objective and relevant documents:


Audit Objectives

Interview Questions

Audit Evidence


To determine the practices and system used for managing customer data security and access at Three


What are the systems and practices used at Three to ensure security on customer data access?

How systems work at Three to protect consumer data from any unauthorized use?

What plans Three has to make the system better in terms of securing consumer data from unauthentic uses?

Blueprint of IS architecture of Three, which would be signed by the top management


Video including trials of examine security breaches of Three


Blueprint of Three’s IS plan




To access the practices and system of consumer data protection and privacy of Three


Do Three take any security measures when it asks to you for the financial details?

 Have you faced problems due to security breach of Three?

Does Three response adequnetly in case of security breach complaints?

Documentation of interview answers




Customer reviews for Three’s privacy policy



Copy of Three’s responses



To determine deficiencies of existed system of customer data management at Three and to made informed recommendations  


What do you think deficiencies in IS system of Three?

Is staff training organized at Three to reduce this risk?

How IS can be improved at Three?  


Copy of consumers’ complaints for Three


Detail of training programs at Three  



Detail of Three’s response over the IS improvement


To access the practices of managing user experiences with the IS at Three


Does Three has certain policies and system to guide your use of IS?

Does “Three” communicate security measures before information sharing?

Does “Three” provide any OTP, when they asked information to you? 


Three’s IS polices for employees



Three’s IS polices for customers



Video including trials of making online purchase from Three online stores



To determine challenges in managing user experience at Three with IS and to make recommendations 

What challenges do you face in managing user experiences at Three?





Is unauthorized access major challenge in improving the user experience with IS at Three


Is Three communicate adequnetly regarding any IS fault?


Documentation of interview answers including examples of recent IS problems at Three, which are published in authentic newspaper

Examples of security breaches at Three, which are published in authentic newspaper


Examples of Three response towards the customers during any IS problem

The above table depicts the questions, which would be asked in interview to the customers, managers and IS staff of “Three” to achieve the purpose of conducting audit. Apart from this, audit evidences are the results, which an auditor obtains by applying the selected audit procedures. The interview and review of documents would be the key audit procedures of conducting IS audit at Three. The validity of obtained results are required to present by auditors with the help of evidences which could be either any authentic document, inquires of the client, observation and result of physical examination (Van Deursen et al., 2013). The above audit question and evidences would be helpful to audit the IS system of Threes and to access their effectiveness.


Control Recommendations

This section of control recommendation includes recommended control mechanism for mitigating above identified IS risks effectively including their benefits for “Three”. Below table depicts control recommendations and their benefits:


IS Risks

Control Recommendations



Unauthorized access

Developing personal firewall at Three

Employ password protected software in systems at Three

Conduct employee training at Three to educate them and to take quick action in case of any early doubts and identification of unauthorized access   

Timely revise polices of consumer data privacy and update of systems at Three

Mitigate risk of unauthorized access at Three

Protect consumer data and to increase trust for Three

Employee education to increase their morale

Increase employee authority at Three to response queries of customer frequently 


Software bug

Implement bug tracking system at Three

Appoint quality control manager at Three

Regalulary access software bug at Three to decreases potential of IS issues and customer problems

Ensuing customers and clients of Three for effective management of software bug

Increase in customer trust and improve image of Three


Operational mistake

Developing culture of professional accountability at Three

Operational quality management program in Three

Ensuring  operational effectiveness of IT department of Three in terms of developing and managing the process to store, collect and to share customer data

Improve quality consistency at Three and increase in consumer satisfaction    


Network based virus

Use updated antivirus


Mitigate risk of security breach at Three

Reduce customer complaints and to improve brand image  of Three

Increase ability to attract customers


Device failure and malfunction

Implement highly capable software for data backup at Three

Software to provide early indication of device failure and malfunction at Three  

Ensuring operational consistency at Three and to increase consumer satisfaction

Reduce complaints from customer for error regarding IS functions at Three         

In above table, the ways to mitigate and manage the identified IS risks of “Three” are discussed. These ways would be useful for this firm to reduce or eliminate implication of IS risk on the business. By developing personal firewall, it would be easy for firm to limit or eliminate the unauthentic access over the consumer database, which may increase consumer trust and satisfaction (Khan, 2012). Employee training at “Three” would also be effective to educate IS staff to monitor the performance of software and hardware and to track any potential of unauthorized access, software bug, device malfunction and operational mistake. This may help Three to ensure consistency in the operations of IS systems. The timely revision of polices and system update could be useful for this firm to make required measures for mitigating IS risks effectively and to increase consumer trust (Gibson, 2014). The controlled recommendations would be beneficial to improve consumer satisfaction and to decrease consumer complaints that may influence firm’s sales and profitability in positive manner (Mithas et al., 2011).       



Cascarino, R.E. (2012) Auditor's Guide to IT Auditing,+ Software Demo (Vol. 583). USA: John Wiley & Sons.

Chong, G. (2013) Detecting Fraud: What Are Auditors’ Responsibilities?. The Journal of Corporate Accounting & Finance, 24(2), pp.47-53.

Gibson, D. (2014) Managing risk in information systems. USA: Jones & Bartlett Publishers.

Gutbrod, R. and Wiele, C. (2012) The Software Dilemma: Balancing Creativity and Control on the Path to Sustainable Software. Germany: Springer Science & Business Media.

Jouini, M., Rabai, L.B.A. and Aissa, A.B. ( 2014) Classification of security threats in information systems. Procedia Computer Science, 32, pp.489-496.

Khan, M.A. ed. (2012) Handbook of Research on Industrial Informatics and Manufacturing Intelligence: Innovations and Solutions: Innovations and Solutions. UK: IGI Global.

Lomas, N. (2016) Three UK suffers major data breach via compromised employee login. [Online]. Available at: (Accessed: 3 April, 2017).

Mithas, S., Ramasubbu, N. and Sambamurthy, V. (2011) How information management capability influences firm performance. MIS quarterly, pp.237-256.

Moeller, R. R. (2016) Brink's Modern Internal Auditing: A Common Body of Knowledge. USA: John Wiley & Sons.

Moeller, R.R. (2010) IT audit, control, and security (Vol. 13). USA: John Wiley & Sons.

Pearson, S. (2013) Privacy, security and trust in cloud computing. In Privacy and Security for Cloud Computing (pp. 3-42). London: Springer.

Swinford, S. and McGoogan, C. (2016) Three Mobile cyber hack: six million customers' private information at risk after employee login used to access database. [Online]. Available at: (Accessed: 3 April, 2017).

Three Mobile (2017) About Three [Online]. Available at: (Accessed: 3 April, 2017).

Van Deursen, N., Buchanan, W.J. and Duff, A. (2013) Monitoring information security risks within health care. computers & security, 37, pp.31-45.



Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2018). Business Information Systems IS Risk . Retrieved from

"Business Information Systems IS Risk ." My Assignment Help, 2018,

My Assignment Help (2018) Business Information Systems IS Risk [Online]. Available from:
[Accessed 05 April 2020].

My Assignment Help. 'Business Information Systems IS Risk ' (My Assignment Help, 2018) <> accessed 05 April 2020.

My Assignment Help. Business Information Systems IS Risk [Internet]. My Assignment Help. 2018 [cited 05 April 2020]. Available from:

For years, has been operating as one of the cheap assignment help providers in the USA. We are one of the best college paper writing services that keep service price minimal. We do not let the affordability of our service to hamper the standard of our work. We have separate teams of experts to provide report writing help . At, we believe in earning credibility, so students can pay for assignments only after getting satisfied solutions. Tough assignments bother you? Trust us with your project. You will not regret paying us to write assignments for you.

Latest Audit Samples

HI6026 Audit Assurance And Compliance 20

Download : 0 | Pages : 14

Answer: Introduction After applying the applicable sub-standards of audit for concluding their performance on uncertainty in getting the assurance. It was analyse that the major stakeholders are open to risk. This includes the auditor as well. The base of the report is stakeholder analysis. The report provides the evaluation of the impact as the material misstatement is not identified. In the second part of the report concepts of APES 110 is ...

Read More arrow

ACC707 Auditing And Assurance 7

Download : 0 | Pages : 11

Answer: Introduction  Material misstatement risk is the risk that financial statement of the organization had been misstated to the material level. The risk of material misstatement is analysed by the auditors at 2 levels – assertion level and financial statement level. Risk at the assertion level is segregated into control risk and inherent risk. Inherent risk is the risk that the susceptibility of assertion to misstatement owing ...

Read More arrow

ACC707 Auditing And Assurance Services12

Download : 0 | Pages : 12

Answer: Introduction Auditing can be defined as independent examination of the financial records which is prepared by the management of the company for establishing whether the reporting framework which is used by the management of the company is appropriate and showing true and fair view. Auditing is mandatorily required to be done by public ltd companies as per the regulations which is applicable in the country. The management needs to supp...

Read More arrow

3102AFE Client Analysis Case Study Trimester 3

Download : 0 | Pages : 7
  • Course Code: 3102AFE
  • University: Griffith University
  • Country: Australia

Answer: Introduction The analysis of the Top Fashion Warehouse was conducted by analysing the company and taking various accounts and factors into consideration for the company. The ratio analysis for the company was evaluated by incorporating the various liquidity ratio, activity ratio, profitability ratio and solvency ratio of the company. The inherent risk of the company are the several factor that affects the company were analysed for the...

Read More arrow

ACC707 Auditing And Assurance Services1

Download : 0 | Pages : 12

Answer: Introduction: Audit is defined as the method where the auditors are liable in applying analytical processes on the financial reports of the organisations so that there could be identification and reporting of material misstatements. In this method, the auditors have to take into account different aspects like assertions used by the management of an organisation for preparing and depicting the financial statements (Arens et al. 2015). ...

Read More arrow

Save Time & improve Grades

Just share your requirements and get customized solutions on time.

We will use e-mail only for:

arrow Communication regarding your orders

arrow To send you invoices, and other billing info

arrow To provide you with information of offers and other benefits




Overall Rating



Our Amazing Features


On Time Delivery

Our writers make sure that all orders are submitted, prior to the deadline.


Plagiarism Free Work

Using reliable plagiarism detection software, only provide customized 100 percent original papers.


24 X 7 Live Help

Feel free to contact our assignment writing services any time via phone, email or live chat.


Services For All Subjects

Our writers can provide you professional writing assistance on any subject at any level.


Best Price Guarantee

Our best price guarantee ensures that the features we offer cannot be matched by any of the competitors.

Our Experts

Assignment writing guide
student rating student rating student rating student rating student rating 5/5

184 Order Completed

96% Response Time

Arapera Billing

Masters in Management, MMgt

Wellington, New Zealand

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

610 Order Completed

100% Response Time

Cheryl Zhao

PhD in Statistics

Singapore, Singapore

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 5/5

416 Order Completed

95% Response Time

Tyler Moore

MBA in Accounting

Washington, United States

Hire Me
Assignment writing guide
student rating student rating student rating student rating student rating 4/5

2594 Order Completed

95% Response Time

Michael Johnson

Masters of MSc in Economics

Washington, United States

Hire Me

FREE Tools


Plagiarism Checker

Get all your documents checked for plagiarism or duplicacy with us.


Essay Typer

Get different kinds of essays typed in minutes with clicks.


GPA Calculator

Calculate your semester grades and cumulative GPa with our GPA Calculator.


Chemical Equation Balancer

Balance any chemical equation in minutes just by entering the formula.


Word Counter & Page Calculator

Calculate the number of words and number of pages of all your academic documents.

Refer Just 5 Friends to Earn More than $2000

Check your estimated earning as per your ability




Your Approx Earning

Live Review

Our Mission Client Satisfaction

Excellent head start for a larger paper that I need to do. Thank you very much for your assistance.


User Id: 378357 - 04 Apr 2020


student rating student rating student rating student rating student rating

The writeup was good. i would definitely use this my assignment and recommend it to my friends


User Id: 312602 - 04 Apr 2020


student rating student rating student rating student rating student rating

very good, help me get a great grade, very quick response and detailed answers! I would highly recommended to another student


User Id: 379221 - 04 Apr 2020


student rating student rating student rating student rating student rating

Absolutely awesome !!! You guys are great !!! I will be using your services for the rest of my semester and will recommend to my friends!!


User Id: 397789 - 04 Apr 2020


student rating student rating student rating student rating student rating
callback request mobile
Have any Query?