Audit and Control of Information Technology (Research Paper Sample)

Audit Project
Student Name:
Institution;
Instructor:
Date:
Information Technology is a computer application program used to store, recover, convey and manipulate data of an organization or a business enterprise. It involves the use of computerized materials such as television and telephones. Many companies use information technology to gather and compile the information of all activities done by an institution. To exhibit full control over the information, there is a need for a significant agency to adopt IT auditing of the system about the organization (Bott, 2005). IT auditing is an activity that involves the assessment of the administration control within an information system. The process of IT auditing entails the assessment of the level of security of the organization’s information, sustaining records’ reliability and the usefulness of performing duties to realize the targets and objectives of the organization. IT auditing involves the competence and the security practice, expansion process and the IT governance of an institution.
St. Vicent Medical Group is a group of physicians that provide health care facilities to the customers in all places that they are needed. The group has enough number of physicians that provide services to sick people during emergencies. St Vicent Medical Group is one of the organizations affected by an apparent upswing in phishing attacks that targets the employees. On December 3, 2014, this group encountered an information system security breach where the username and the password of their employees were affected as a result of e-mail phishing. The company developed audit plan that would protect their information from cyber-attacks. The company reacted to this issue by shutting down the affected accounts and made an investigation on the issue.
As a result, St Vicent Medical Group should come up with an information control measures would help solve such problems. IT auditing is among the control action that will enable this company cope with similar attacks by safeguarding the financial statements of the organization. The management should collect, evaluate and analyze pieces of evidence from the information system of the organization to determine the effectiveness of other control measures put in place by the company to enhance growth. Control Objectives for Information and Related Technology (COBIT) is an important IT control program that was created by the (ISACA) to achieve full control over its Information Technology System. Similar activities allow the managers of the organization to establish the control requirements, technical issues and the shortcomings that they encounter in the development of the mission statement of the organization.
How IT-audit could have prevented the breach at St Vicent Medical Group
IT-audit helps the management team in St Vicent Medical Group to solve the issue of Information Security. IT-auditing enables the organization to conduct a risk assessment. The process allows the organization to ensure that all the assets of the organization including servers, computers and mobile devices are under control. It ensures that the information of the institution is accessible by only authorized members of the group. IT-auditing could help St Vicent Medical Group to prevent the breach through documentation of all the facilities of the company. IT auditing ensures that the company keeps full records of information security measures and procedures. It would enable St Vicent Medical Group by outlining different response plans upon such cases of information security. IT enables an organization to identify its business associates. Through this identification, St Vicent Medical Group would monitor all possible threats to their information. Through IT auditing, St Vicent Medical Group would provide vocational training that enables the team of the organization to stay up-to-date. It creates awareness of the employees of the whole institution on how to respond to phishing, social engineering, malware and other attacks.
Impact of ISACA on IT auditing profession
ISACA is a significant body that influences the process of IT auditing. Through the COBIT framework, ISACA provides a governance framework setting and maintenance. ISACA provides a reliable approach that determines the management strategy of St Vicent Medical Group. As a result, the group can effectively foresee all IT-related processes and objectives. Another impact of ISACA on IT auditing of an organization is enabling the organization to optimize on risks that may affect the storage of information in the database of the company. Organizations that adopt ISACA can manage the risks as well as balancing the costs and benefits of managing IT-related enterprise risk. The team can monitor, evaluate and assess the internal control of the system.
ISACA enables a company to obtain transparency for all the stakeholders on the adequacy of the system of internal control. It provides trust in operations, confidence in the achievement of enterprise objectives and adequate understanding of the residual risks of information technology of the whole business. Under this approach, the company can comply with all applicable external requirements for a controlled information technology of an organization.
The COBIT framework targets carrying a research, making events, informing the public about the conducted research as well as setting an internationally accepted information technology controls measure of an organization.
COBIT framework helps the management in designing, implementing and maintaining the information technology controls through the monetary cost of implementing a set controls and determining the value of the controls. A large company like St Vicent Medical Group should be capable of adopting the COBIT framework on IT auditing to reduce losses that may take place in case its system attacks.
An Initial COBIT framework
Many companies tend to encounter a lot of difficulties when selecting the best framework to adopt in IT controls. COBIT provides the best type of framework that suits the structure of information technology of most companies. The structures adopted by COBIT helped many countries that faced similar problems from 1996 up-to-date. Through the use of COBIT framework, St Vicent Medical Group can recognize all its IT related control methods. It can analyze all the documents concerning IT controls, access the effectiveness of the IT control design and evaluate the techniques used. It enables the institution to identify all the problems in the information Technology System of the whole company. Despite the disadvantage of the high installation cost of this method, COBIT framework is the most effective method of identifying and fixing IT controls. St Vicent Medical Group will, therefore, realize a high level of it control under this framework.
The manager of this medical institution will be able to bridge the gap between the control requirements, technical issues, and the threats that the whole system encounters. COBIT framework is found relevant for both small scale business institutions and the large scale business organizations. For maximum IT control, St Vicent Medical Group should adopt the five principles of the COBIT framework. The major principles of COBIT are meeting the needs of stakeholders, full control of the whole enterprise, and application of the single integrated framework. It involves whole system approach and creating a distinguishing factor between the governance of the system and the management. There are seven supporters of these five principles. They are mainly the principles, policies and frameworks, processes, organizational structures, culture, ethics, and behavior.
The principles of COBIT address on the key areas of management of the institution that needs extra concentration in terms of development. Regarding St Vicent Medical Group, the management should ensure that there is a full control of the stakeholder’s databases to minimize issues of attacks by online threats. Other areas include the flow of information with the hospital, the type of services provided to the customers, the infrastructure as well as the manpower of the institution and individual skills and competencies. These are the essential features that enable the organization achieves the above requirements of the COBIT framework.
COBIT framework adopts an IT governance procedure that integrates and institutionalizes good practices to ensure that the Information Technology of an enterprise gives a strong support to the business objectives. The frameworks adopted by COBIT will enable St Vicent Medical Group provides quality services to its customers as well as minimizing the risks of attack by external threats of online services. COBIT framework provides a type of governance strategy that ensures all members of the institution performs their duties to achieve the target of the organization. It is, therefore, an initiative of the executives and the board of directors of the organization to implement IT governance.
The executive and the board of directors of the St Vicent Medical Group will incorporate the top management and organizational criteria. These activities ensure that IT of the hospital will sustain and extend the strategies and the objectives of the whole institution. St Vicent Medical Group will take an overall advantage of its information that will facilitate the maximization of the benefits and capitalizing on opportunities. This plan will acquire characteristics that will enable the institution encounter the competition with other institutions offering similar services in the world. To achieve these outcomes, St Vicent Medical Group should apply the framework acquired under the COBIT framework. These structures will help St Vicent Medical Group meets the quality, fiduciary and the sec...