I’m working on a computer science multi-part question and need support to help me understand better.
WK 1, MIS6230
Discuss the following topics:
- What is IT auditing? What functions are involved?
- Explain the Sarbanes-Oxley Act and provide a brief overview. Discuss the relevance to IT auditing, control, and compliance.
- Explain what the Health Insurance Portability and Accountability Act is and provide a brief overview. Discuss the relevance to IT auditing, control, and compliance.
- What basic skills and training are needed to be a professional performing in the area of IT auditing?
Preliminary Review of Enterprise IT
This week, your task for the final project is to research in the South University Online Library and the Internet to identify a case study of your choice with a pertinent IT/IS capability, either as an essential asset in support of your case study’s business mission or as an integral part of your case study’s critical mission.Some examples could be a healthcare organization, such as a healthcare insurance company, a major hospital, or medical laboratory; an academic institution, such as a university or a professional institute; a commerce and transportation center, for example, a major airport or a maritime port; a transportation carrier, such as an airline company, a railroad company, or even a car transportation service; a network service provider, such as a telecommunications service carrier/provider, an Internet and voice digital service provider, or a cloud service provider; a major media organization, such as television network or a multimedia service operator; an industry firm that manufactures products, such as a computer products manufacturer, a car manufacturer, or a hardware manufacturer; a major retailer, for example, a food retailer, a home maintenance retailer, or clothing outlet; an entertainment complex, such as a hotel, a vacation resort, or a large recreation and entertainment complex; and a financial institution, for example, a banking system, a credit card service, or an investment trading service.The above are examples to guide you with your research, but you are not limited to these areas. It is important that you arrive at your own case study, based on your personal interests, and one that is well suited to explore from an IT/IS auditing perspective for this course. Some criteria that you should consider in arriving at your case study are listed below:
- Your case study may be based on an actual company, or organization, using facts from research, or it may be fictional. In either case, you will have to make a number of assumptions about your case study’s organizational system (principles, policies and frameworks, processes, organizational structures, culture, ethics and behavior, information, services, infrastructure and applications, people, skills, and competencies) to complement the facts from your research.
- Your case study must require a nontrivial underlying IT/IS as an essential capability for its operation. The IT/IS capability must be reasonably complex. One way to determine whether an IT/IS capability is reasonably complex is to think in terms of entities and relationships for your case study’s model. A reasonable IS complexity is at least ten entities and ten relationships. You may have to make assumptions to complement your facts.
- For your underlying IT infrastructure, consider the different IT teams. Is there a Chief Information Officer (CIO)? Is there a Chief Technology Officer (CTO)? Is there an IT planning and management team, including a program management office (PMO) and project managers? Is there an R&D team? Is there an IT testing team? Is there an IT operations and deployment team? Is there an IT support and maintenance team? Is there an IT-related customer product or service team? What does the IT infrastructure consist of? Consider hardware, including servers, network elements, and interconnection devices and media; platforms, such as database management systems, and IS/networking security systems; software, including systems software and application software; and the IT needs for engineering services and support. You may have to make assumptions to complement your facts.
- Finally, you must submit your area of study to the professor via e-mail and have your professor’s approval that you may go ahead with your selection.
Once you have selected your study area and case and have received approval from your professor, you may proceed to the next steps described below. Create a report that focuses on the IT/IS used to support the operation of your organization in your case study and answer the following questions.
- Conduct a preliminary review of your case study’s organization. This review should include business mission, organizational structures, culture, IS, products and services, infrastructure and applications, people, skills, and competencies.
- Explain the need for an IT audit of your organization. Support your analysis in IT governance terms. Identify the stakeholders for your case study.
- Identify enterprise goals and IT-related goals for your case study and then create a mapping of the two sets, indicating primary relationships and secondary relationships.
- Start developing an IT audit plan that addresses the following components: Define scope, state objectives, structure approach, provide for measurement of achievement (identify the areas you intend to measure; specific metrics will be addressed later), address how you will assure comprehensiveness, and address how you will provide approach flexibility.
- Create your report in approximately 5–7 pages in a Microsoft Word document and save it as W1_Project_LastName_FirstInitial.