Telstra Corporation Limited is the largest company in Australia which provides telecommunication and mobile network service throughout Australia. Telstra has long history of providing the service in the field of telecommunication and mobile network (Van Dijk, Morneau & Duane,2017). In order to maintain the good will of the service, Telstra is concerned about providing better information system security to the users of their service. The main objective of this paper is to understand the significance of the information security in the communication system and possible risks associated with the process. Proper risk management controls have been discussed in this context. In order to gather the relevant information regarding this subject, the discussion is done in the context of Telstra. The identification of risks has been done on the basis of the operation of Telstra (Keogh, Gordon & Marinovic,2018). The discussion about general management control and application control has been discussed as the tools for the identification of the risks. The risk management techniques adopted by Telstra has been discussed along with its significance and effectiveness in the real business situation. The recommendations for the modification and improvisation of the existing system have been developed on the basis of the discussion.
Discussion
Telstra is one of the largest organizations in Australia providing the telecommunication services to the users. Currently Telstra is providing 17.6 million retail mobile services, and 3.5 million fixed broadband services. Telstra is spread over 20 countries. The main aim of Telstra is to provide good network connection to the users through digital connection as well as maintaining the standard of digital content. Currently Telstra is providing different kinds of network services for the different fields like overseas telecommunication, nationalized banks, private sectors and customer services.
The need of using communication network is growing and it is used in almost every sectors of working. The kind of services Telstra is providing mainly based on maintaining the good communication service for the organizations, companies and individuals. The data sharing through the communication are confidential and sensitive. It can be said that the information and the system security are important to be maintained as the security of the transmitted data is concerned. In this context, maintain the system that will help the users to communicate over the mobile or communication network in a safe and secured way is important for Telstra.
General Management Control System of Telstra:
The general management control system of any company uses the information related to the company in order to evaluate the performance of the company. Telstra is a telecommunication service providing company whose aim is to provide effective digital service to the users in a secured way.
The general management control system for the companies like Telstra has four objectives. The proper management control plan will help to achieve these four adjective in order to improvise the business of the organization.
The four objectives for the proper running of the business for a telecommunication organization:
- Continuity in the resource.
- Managing the energy used in the company in an efficient way.
- Managing of the internal risks.
- Managing the system
The main objective of the management control system is to manage the internal operational functions along with mitigation of the threats from the possible risks.
In case of Telstra, the management control and risk mitigation techniques of the organization can be discussed with respect to these four objectives.
Continuity in managing the resource: The business of Telstra is in good shape. Currently the organization is using the latest technology and tools for providing the telecommunication service. Research and development is being conducted by the company so that in future it can adopt more advanced technology for giving the service (Slocombe, 2017). The company is doing well and thus running in profit. It can be said that the company has enough financial resources to carry out the research for the advancement of the service. Apart from that the employees in the organization are well versed and knowledgeable about different practices in the telecommunication industry. It can be said that the Telstra has both financial resource and human resource for the expansion and development of the business.
Managing of the energy: The conservation of the energy in different ways are current trend for various business sectors. The conservation of the energy will help the organization to use and manage the resource energy in a proper way. Telstra is aware about this trend and is developing the technology which will provide better service to the consumers along with the conservation of the energy.
Managing internal risk: The management of the internal risks in proper way will help to mitigate certain threats. Some of the internal risks those can be face by Telstra are- risks from the damaging of equipments, bad service, lack of managerial decisions (Cherry & Bendick,2018). However, Telstra is concerned about these chances of the risks. The equipments in the organization are handled by the efficient employees. The management and the business team takes proper decisions for making the next step in the business.
Managing the system: Currently Telstra can be regarded as the largest network service provider Company all over Australia. It is currently operating over 20 other countries. These factors indicate that the company is providing good service and maintaining goodwill in the industry. This indicates that the system which is operated by the organization is operating in proper way. However, there are chances for the improvisation and modification.
Application Control and its usage in Telstra:
Application control is defined by the control used for managing the access of the devices and computers used in the organization. The implementation of the application control is important as it helps to prevent the unauthorized access in the system (Mkoba & Marnewick,2016). The application control in Telstra is effective as it is applicable to control the access of different system (Sabillon, Cavaller & Cano,2016). The application control at Telstra is implemented in payroll system, online learning system and other business oriented applications (Li, 2014). Some of the functions of application control system include the checking of the completeness of the system, checking the validity of the application and checking of authentication.
There are various kinds of application control system. Some types of application control systems are-
Input control: Input control checks the integrity of the data which has been entered into the business application.
Processing control: The function of the processing control ensures that the process is complete and accurate.
Output control: the main function of the output control is to compare the output result with the expected output.
Management trial: This is also known as audit trail. The main function of management trial is to check the effectiveness of the system and identify the existing errors in the system.
Comparison between general management control and application control:
Both general management control and application management control help the organization in managing of the business. However, there are basic differences between these two types of control. Application control is specifically focused on managing and controlling the operation of different systems running in the organization (Calic et al.,2016). On the other hand the general management system control is focused on managing overall operations of the organization. In this context it can be said that general management control is super set of application control. The function general management control includes the proper management of application control.
Risk management technique used in Telstra:
Management of the risk starts with the identification of the risks, assessment of the risk and control of the risks. The proper management of the risk helps to mitigate the possible threats in the organization. In Telstra, the risk management plan has been developed in a proper way which includes risk identification and risk assessment plan.
Identified risks: The risk management plan of Telstra has identified certain risks. Those risks can be categorized into two different parts (Jia, Munro & Buckby, 2016). The internal risks denotes the risks in the organization such as the damaging of the equipments, miscommunication between the employees, lack of maintenance (Wilcox & Bhattacharya,2015). The internal risks can damage the service provided by the Telstra. The external risks are classified as the risk associated with business situation, market condition and political problems.
Risk assessment: The assessment of the risk can be presented through various techniques. One of such technique is risk matrix. The risk management technique denotes the priority of the risks. The significance or priority of different risks is classified based on the consequences of the risks for the organizations. It can be said that the internal risks can be managed in a proper way as it can be controlled by the organization management (Shu et al.,2018). On the other hand the external risks cannot easily be managed by the organization. On that case, external risks are more complicated.
Risk control: The controlling of the risk indicates the mitigation of impact of certain threats in the organization (Byrnes et al.,2018). In this case, Telstra has taken certain steps to mitigate the risks in the organization. The organization is providing proper training to its employees so that they can handle the equipments and the systems in a proper way (Layton & Watters, 2014). The application control has implemented so that the data breaching from the organization can be prevented (Tanimoto et al.,2015). On the other hand Telstra is operating over 20 countries. Before entering into the business in a country, the legal team of the organization evaluates the business rules and regulations of that country so that the external risks can be mitigated.
Importance of auditing Information System:
The IT auditing ensures the integrity, confidentiality and security of the business process in the organization (McShane, Gregory & Wilson, 2016). IT audit includes web services, application software and client server network along with the security system. The main objective of IT security is to ensure that there is no security threats in the system used in the organization.
Telstra uses IS audit in order to ensure the integrity within the organization.
Audit planning:
The audit planning is the blueprint which indicates the plans those needed to be executed in order complete the information system audit in a proper way. The planning of the audit plan of Telstra includes-
- To meet with IT management team in order to focus on the concerned areas for auditing.
- To review the organizational chart of current information technology .
- To make the discussion with the data employees in order to review the operating system and the software application used in the organization.
- After this review the evaluation of the policies and procedures are evaluated along with the budget and planning of the policies in the organization.
- The recovery plan is made on the basis of the evaluation.
Audit process:
The audit process includes the execution of the tasks mentioned in the planning process. One of the main tasks of Telstra IS auditing in this phase is establishment of the audit objectives. The audit objectives includes-
- Establishing the procedures and responsibilities which covers system and cross functional training.
- The modification of the management process through implementation of IT.
- Minimizing the downtime and mitigate the loss of information from the system.
- Providing adequate physical security in order to prevent unauthorized access in the systems of the organization.
The review is done on the basis of the collected data. The review covers equipments, policies and procedures maintained in the organization and physical security for environmental control used in Telstra.
Recommendations
The safety and security of the information in Telstra is better compared to other telecommunication companies (Aqlan, 2016). However, the company is inventing new technologies in order to improve the services. In that case, Telstra has to invent new security policies in order to prevent information loss. The training about the implementation of the new technologies is needed to be provided to the employees.
Conclusion
The discussion focuses on the risk management and security of Telstra company. In order to discuss these different aspects of the risk management has been discussed. The identification of the risks at Telstra and the assessment of the risks along with the management control have been done in this context. The importance of the IS auditing has been discussed along with the planning and the procedure of the auditing process at Telstra. Based on the discussion certain recommendations have been made. In the conclusion it can be said that the proper implementation of risk management planning and the auditing of the IS can make proper improvement of operation of Telstra.
References
Aqlan, F. (2016). A software application for rapid risk assessment in integrated supply chains. Expert Systems with Applications, 43, 109-116.
Byrnes, P. E., Al-Awadhi, A., Gullvist, B., Brown-Liburd, H., Teeter, R., Warren Jr, J. D., & Vasarhelyi, M. (2018). Evolution of Auditing: From the Traditional Approach to the Future Audit 1. In Continuous Auditing: Theory and Application (pp. 285-297). Emerald Publishing Limited.
Calic, D., Pattinson, M. R., Parsons, K., Butavicius, M. A., & McCormac, A. (2016). Naïve and Accidental Behaviours that Compromise Information Security: What the Experts Think. In HAISA (pp. 12-21).
Cherry, F., & Bendick, M. (2018). Making It Count: Discrimination Auditing and the Activist Scholar Tradition. In Audit Studies: Behind the Scenes with Theory, Method, and Nuance (pp. 45-62). Springer, Cham.
Jia, J., Munro, L., & Buckby, S. (2016). A finer-grained approach to assessing the “quality”(“quantity” and “richness”) of risk management disclosures. Managerial Auditing Journal, 31(8/9), 770-803.
Keogh, K., Gordon, C., & Marinovic, P. (2018). Cyber security: Global developments in cyber security law: is Australia keeping pace?. LSJ: Law Society of NSW Journal, (42), 82.
Layton, R., & Watters, P. A. (2014). A methodology for estimating the tangible cost of data breaches. Journal of Information Security and Applications, 19(6), 321-330.
Li, W. (2014). Risk assessment of power systems: models, methods, and applications. John Wiley & Sons.
McShane, I., Gregory, M., & Wilson, C. (2016). Practicing Safe Public Wi-Fi: Assessing and Managing Data-Security Risks.
Mkoba, E., & Marnewick, C. (2016, September). IT project success: A conceptual framework for IT project auditing assurance. In Proceedings of the Annual Conference of the South African Institute of Computer Scientists and Information Technologists (p. 26). ACM.
Sabillon, R., Cavaller, V., & Cano, J. (2016). National Cyber Security Strategies: Global Trends in Cyberspace. International Journal of Computer Science and Software Engineering, 5(5), 67.
Shu, J., M. Rosenberg, J., Upadhyaya, S., & Rao, H. R. (2018). The Internet of Things and IT Auditing. Internet of Things A to Z: Technologies and Applications, 275-292.
Slocombe, G. (2017). Defence's cyber security benefits from industry support. Asia-Pacific Defence Reporter (2002), 43(6), 54.
Tanimoto, S., Ohata, K., Yoneda, S., Iwashita, M., Sato, H., Seki, Y., & Kanai, A. (2015, June). Risk assessment of social-media utilization in an enterprise. In Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), 2015 16th IEEE/ACIS International Conference on (pp. 1-4). IEEE.
Van Dijk, M. E., Morneau, T. A., & Duane, W. M. (2017). U.S. Patent No. 9,774,446. Washington, DC: U.S. Patent and Trademark Office.
Wilcox, H., & Bhattacharya, M. (2015). Countering social engineering through social media: an enterprise security perspective. In Computational Collective Intelligence (pp. 54-64). Springer, Cham.
