Fill This Form To Receive Instant Help

Help in Homework
trustpilot ratings
google ratings


Homework answers / question archive / Create a 800- to 1,100-word risk assessment process for IT functions

Create a 800- to 1,100-word risk assessment process for IT functions

Writing

Create a 800- to 1,100-word risk assessment process for IT functions.

Describe the objectives of governance of Information Technology and the general controls in an IT system. (40% of grading criteria)

Include a teste of control activity in each of the following five categories: (each represents 10% of grading criteria)

  1. Authentication
  2. Network security
  3. Physical security
  4. Organizational structure
  5. Business continuity

Review grading rubric for detailed criteria.

Robatelli's Pizzeria Case Study Introduction On the morning of October 31st, Elaine Black, Chief Information Officer at Robatelli's Pizzeria, was waiting for both Jim Saxton, database administrator, and Peter Greyton, operations manager, to come to her office for a meeting. While waiting, Elaine was thinking about the surge of telephone and Internet orders expected to be received through the company's customer order center within the next 12 hours. Halloween had always been the most popular day of the year for people in the greater Pittsburgh area to order pizza from Robatelli's. There were 53 restaurant locations to serve these customers, but only one location to receive all of the orders and forward them to the right restaurant. Elaine's thoughts were interrupted as Jim and Peter entered her office. The following conversation took place: ELAINE Well, guys, it's here again, our biggest day of the year. Not only is Halloween a busy day, but we have the upcoming day after Thanksgiving, the week before Christmas, and Super Bowl Sunday. Can our current computer system's infrastructure and people keep pace with the orders we expect? JIM I think our systems are all running at peak performance. We shouldn't have any computer concerns for today or those other busy days. PETER Everyone in the customer order center is focused on making sure that our customers get their pizzas as ordered. We have plenty of people scheduled to work tonight, so we're good to go. ELAINE Terrific. But every time we face one of these peak sales days, I start wondering about the long-term capacity and effectiveness of our computer systems. Jim, we need to think long term about our computer system. I was just reading an article that I'd like you to take a look at. It's about Anheuser-Busch Companies and their use of data mining. JIM I do agree with you, Elaine; we should always be thinking about how newer IT systems can help us. Could you e-mail me the link to the article? ELAINE Sure, and I would like you to think about how we might use the same approach in our business. Peter, your order center people are doing a great job, but again there's something I'd like us to think about in the long run. As you know, we now have to manually enter all customer order center sales and store sales into our general ledger (GL). I think we could improve a lot of things if those sales are automatically fed into our GL software. Why don't you think about any advantages you see for an automatic interface, and we'll look at the costs compared to those advantages. How's that sound? PETER I'll do that. I'll give it some thought and work on a report about an automatic interface between our GL software and the point of sale systems in our restaurants as well as the phone and Internet sales. How soon do you want to meet again to look at these issues? ELAINE Let's say, in two weeks at the same time. As Jim and Peter left her office, Elaine continued to think about the features of the company's accounting information systems and whether or not data extracted from these systems could facilitate the multiple needs of the company. The focus had always been on providing accurate financial accounting information from the various locations; however, the company's aggressive growth strategies meant increased emphasis on the system's ability to analyze detailed customer information that could be translated into increased sales opportunities. Elaine knew the challenges they faced could very well affect the company's ability to maintain its competitive advantage. She realized that her department must continually improve the company's information systems to help it achieve growth strategies. Operating state-of-the-art systems was imperative to position the company to execute those growth plans. However, she was concerned about the possibility that restrictions of the current information systems could actually prevent the company from doing what it wanted to do. Allowing restrictive systems to prevent them from achieving business strategies was a risk that Elaine would not tolerate! Background Robatelli's Pizzeria is a great American success story. Started by Dino Robatelli in the 1960s, the business impetus was a family pizza recipe. Introduced to the public at a church festival in Pittsburgh's Little Italy, Robatelli's pizzas are now a recognized tradition in the Greater Pittsburgh area. A full menu and local expansion have led to its growing popularity over the years and have helped it achieve nearly 50 percent of the area market share. Annual sales now exceed $100 million. Following is a timeline of milestones in the company's history: 1962 Dino and Gloria Robatelli contributed $500 and the family pizza recipe to a partnership that opened the first Robatelli's Pizzeria. 1965 The Robatellis bought out their business partners. 1967 The first Robatelli's franchise opened. 1971– 77 Dozens of new Robatelli's franchises opened throughout the surrounding region. 1983 Home delivery service began. 1992 A central, one-number calling system for all restaurants was launched. 2003 Internet ordering began. The first “prototype pizzeria” opened. Today A total of 53 locations are in operation. The company has been known for its ability to get ahead of national trends. For instance, in the early 1980s, Robatelli's began offering delivery service; however, while the competitors were merely delivering pizzas, Robatelli's delivered many additional items from its extensive menu. The company was also on the cutting edge when it launched its one-number telephone ordering system whereby a single telephone number was used to service sales orders for the entire region. Additional conveniences became available about 10 years later when Robatelli's introduced online ordering. Recently, it has expanded its menu offerings and opened prototype restaurants specially designed with new features (such as a full-service bar and a retail counter) that appeal to various customer groups. Each of these advancements has propelled Robatelli's growth over the past four decades. Dino Robatelli's name is also well known for its tradition of supporting neighborhood organizations. Robatelli's promotes schools, amateur athletics, and other community groups. Interestingly, some local student athletes were a tremendous help to Robatelli's in 1971 when the business was in trouble. A fire had destroyed much of the building containing Robatelli's original pizzeria and commissary. The commissary made menu ingredients for all of the Robatelli's pizzerias, so the entire business was in jeopardy when this facility became inoperable. Area students and coaches helped with the clean-up and rebuilding efforts that made it possible for the facility to be reopened in a fraction of the anticipated time. Dino Robatelli thanked them by establishing a hall of fame that has become a fixture of Greater Pittsburgh high school athletics. Robatelli's reputation for great Italian food and innovations in both customer service and community service have contributed to the company's ability to grow into the most popular pizzeria in the Greater Pittsburgh region. Robatelli's sales include an average of 110,000 pizzas per week. It has managed to stay ahead of the national competitors, which is an unusual feat. In fact, many people in and around Pittsburgh believe that pizza can only be Robatelli's! Multiple Systems, Multiple Functions, Multiple Uses of Information There are three ways to place an order at Robatelli's: in-store, via telephone, or online. The order processing systems are illustrated in Figure 1.1. Here's how they work: Figure 1.1 Robatelli's Order Processing Systems In-Store Orders In-store orders are taken by restaurant staff serving patrons dining in one of Robatelli's restaurants or walking in to place an order. Servers manually complete an order ticket at the tableside and input the information into the company's point of sales system through computer terminals located in the food preparation stations. Walk-in orders are typically entered directly into the system by staff using the computer terminal located at the counter. Telephone Orders Approximately two-thirds of the company's business is processed via the telephone. Robatelli's phone ordering system is called a one-number system, referring to the convenience of ordering through a single phone number, regardless of the restaurant location nearest the customer. Most phone orders are received by an operator, who enters the order directly into a computer terminal while speaking with the customer. Customer phone numbers are used to present the customer with a choice of the nearest pizzeria for preparation and carry-out or delivery. The software in the system references a street database to verify that the street address exists. Credit card numbers are obtained from customers paying by credit card. The customer service representative verifies the order and credit card number before ending the call. Upon confirmation of an order, the order is sent directly to the restaurant, where it is processed through the company's transaction processing system and printed at the appropriate food preparation station(s). Credit card numbers are included in the transmission, and all credit card transactions are processed at the restaurants at the time the order is received. There are several advantages of handling phone orders through a customer order center rather than at individual restaurant locations. Above all, the reduction in background noise improves the accuracy of the order-taking process. In addition, the customer's wait time is greatly reduced. Before Robatelli's implemented its one-number system, customers' wait time at peak could be up to 15 minutes. The order center's average wait time goal is now one minute or less. Internet Orders To place an online order, a customer must be registered. Registration is a simple process that can occur anytime during business hours. Customers are asked to provide identifying information that will be retained in the system. Repeat customers will not have to go through the registration process again. Web-based ordering is tied to the company's one-number system. When a customer enters an order online, customer information is pulled from the onenumber system. Identifying data such as phone number and address do not have to be entered. Menu offerings are presented on the screen in various drop-down boxes so that any combination of items can be ordered with many different choices of toppings or accompaniments. A customer must answer a series of questions regarding the order, similar to the questions that would be asked if the customer had been speaking with a telephone operator. Online orders also require confirmation of the menu items and restaurant location before the call is ended. Credit card information may be entered online, and the transaction will be processed at the restaurant filling the order (as is done for telephone orders). Two firewalls protect the security of customer information submitted online. Customer Service Up to 135 customer service representatives may be on hand at the customer order center to process orders coming in to the business at peak times. In addition, Robatelli's employs approximately 10 home-based agents to handle incoming orders. Home-based agents may perform any of the customer service functions from a computer terminal located within their homes. All operators are required to undergo a one-week training program before they begin serving customers. After the training program, operators are subject to one week of supervised on-the-job training, followed by ongoing performance evaluations. Supervisors at the customer order center perform order scanning, whereby orders are randomly reviewed for reasonableness. Order scanning is performed more frequently for orders taken by new operators. Supervisors also follow up on errors and customer complaints, and may listen in on calls to review the operator's performance. If customers are in need of customer service, they may call or e-mail the company. Supervisors handle these types of calls and e-mail messages, and will respond either via telephone or reply e-mail. Restaurant managers can also print customer complaints at their respective locations. Accounting Functions Robatelli's ordering systems and transaction processing systems are the source of all sales information sent to the accounting department. Restaurant managers prepare daily sales summaries and submit them to the company's administrative offices on the following day. These summaries are transmitted electronically via the intranet and are received in the accounting department. Accounting staff prepare general ledger entries based upon these sales summaries and key the information into the company's accounting software. The transaction processing system provides sales by restaurant for call-in and Internet orders, which are reconciled to the restaurant summaries on a daily basis. Once the accounting system is updated and the daily reconciliations are performed, the data are stored in an on-site server. Although a lot of accounting information comes from many different locations, the capacity of the system is nearly 25 times its current load. Information Technology The information technology staff at Robatelli's is continuously engaged in system maintenance activities. Because the business changes so frequently, systems maintenance is an ongoing process. Every time a new coupon is offered, a price is changed, or a new menu item becomes available, the related information must be integrated into the transaction processing system. Each menu addition has its own level of complexity, and many of the items include options to customize to individual tastes in a plethora of combinations. This poses a challenge in ordering; however, the menu presentation continues to be improved to eliminate chances of an incomplete or incorrect order. The options are available online and to customer service representatives via dropdown boxes on their computer screens. Most screens require an entry, even if it is “none,” in order to ensure that no part of the order is forgotten. Describes the objectives of governance of Information Technology and the general controls in an IT system. 40% of total grade - Describes the objectives of governance of Information Technology and the general controls in an IT system. Discussion is in-depth. Authentication: Includes a related test of control activity 10% of total grade - Test of control activity included; discussion is in-depth. Network Security: Includes a related test of control activity 10% of total grade - Test of control activity included; discussion is in-depth. Physical Security: Includes a related test of control activity 10% of total grade - Test of control activity included; discussion is in-depth. Organizational Structure: Includes a related test of control activity 10% of total grade - Test of control activity included; discussion is in-depth. Business Continuity: Includes a related test of control activity 10% of total grade - Test of control activity included; discussion is in-depth Mechanics: The author uses correct grammar and spelling. Format and citations are consistent with APA rules. 10% of total grade - No errors in grammar and spelling; all format and citations consistent with APA rules. SafeAssign Originality Report ACC/544: Internal Control Systems • Wk 5 - Apply: Asset Governance [due Mon] View Originality Report - Old Design Andrea Roberts Total Score: Medium risk 40 % Submission UUID: b00493c7-1541-3258-b5c9-f190ad654c67 Total Number of Reports Highest Match Average Match Submitted on Average Word Count 1 40 % 40 % 05/10/21 924 02:39 PM EDT Highest: ACC544_Week5_AndreaRoberts_… ACC544_Week5_AndreaRoberts_AssetGo… Additional content 40 Word Count: 924 ACC544_Week5_AndreaRoberts_AssetGovernance.docx % 29 % Institutional database (7) 3 Student paper 6 User paper 2 My paper 11 Student paper 5 Student paper 4 Student paper 1 Student paper 11 % Global database (4) 7 Student paper 10 Student paper 8 Student paper 9 Student paper 7 Student paper 8 Student paper Top sources (3) 3 Student paper Excluded sources (0) Asset Governance Andrea Roberts 1 University of Phoenix ACC/544 May 10, 2021 2 Judith Courtney McCollum Asset Governance Introduction In the current business environment, organizations rely heavily on Information Technology to operate and achieve success. However, organizations must implement durable IT governance and controls to bene?t from Information Technology. IT governance refers to a framework that o?ers IT systems to support business objectives. It requires IT controls to perform e?ectively. 3 The IT controls are divided into ?ve parts which are network security, authentication, organizational structure, physical security, and business continuity. IT governance requires understanding the organization's goals and objectives to ensure they are aligned with the IT systems incorporated in its structure. 4 This paper will develop a risk assessment process for Robatelli's Pizzeria IT functions. Authentication Authentication is an internal system control that is used to control access to the IT systems. It ensures that only authorized persons are allowed to access the IT systems of an organization. Authentication controls can take di?erent forms depending on the need of an organization. The most popular form of authentication control is the use of a unique user name and password for accessing an IT system (Walkowski, 2019). In strict scenarios, Robatelli's Pizzeria can require the employees to use a security card and their user names and passwords The second form of authentication control the organizations can implement is the use of biometric devices It in a security card and their user names and passwords. The second form of authentication control the organizations can implement is the use of biometric devices. It involves the use of the physical features of a person to obtain access to the IT systems. The last authentication control the organization can use is keeping track of user logs to display the details of all authorized users. This control serves to establish non-repudiation and display log-in policy weaknesses (Walkowski, 2019). 3 Net- work Security The organization's IT systems are networked to the internet or internal networks, which are subject to unauthorized access. Di?erent controls have to be implemented to ensure unauthorized users do not access Robatelli's Pizzeria IT systems through the network loopholes. The ?rst control is the use of ?rewalls that can either be in the form of software, hardware, or a combination of both. The second control is encryption of data making it hard for attackers to break it into an understandable format. 3 Other controls that can be used for network security are the use of virtual private networks, antivirus software, unique service set identi?- ers, secure socket layers, intrusion detection, vulnerability assessment, and penetration testing (Walkowski, 2019). Physical Security Physical security is another critical aspect of IT governance and is used to control access to the IT system's physical environment. 5 It refers to the location, backup, and operating environment of the IT systems. In terms of location, the IT system should be installed in a place secure from damages such as natural disasters. The location should have the lowest vulnerability possible. In terms of the operating environment, the IT systems should be installed in a place where it is free from 3 humidity, dust, and uncontrolled temperatures. Finally, in terms of backup, the IT system should be connected to a reliable power supply to ensure access to its resources is consistent (Walkowski, 2019). Organization Structure It is critical to control the development and operation of IT systems within the organization's structure. The governance committee implements this. 3 The commit- tees are made up of top-level executives such as CIO, CEO, CFO, and top managers. Its responsibility is to align the organization's investment with the budget, strategy, and personnel to achieve the best results out of IT systems. 6 The committee prioritizes and oversees the changes of IT systems. Finally, it monitors and reviews the developed IT systems before they can be implemented and integrated into the organization's structure (Turner et al., 2019). Business Continuity Business continuity is fundamental for the survival of an organization in case a disaster strikes. 3 The development of a business continuity plan is the process that involves the creation of IT system failure prevention and recovery if potential threats face an organization. The implementation of the plan ensures that business assets and personnel recover quickly if a disaster happens. The plan incorporates two major parts that guarantee business continuity. The ?rst part is implementing a strategy for backing up the IT system resources for a restoration point. The strategy includes redundant data storage, redundant servers, o?-site storage, and regular backup storage. The second part is back up resources to implement the backup strategy in the IT system breaks down (Lainhart et al., 2016). The reliance on Information Technology by organizations is useful, but business continuity can be cut within a brink if the right backup and recovery strategy is not implemented. Conclusion Implementation of IT governance in Robatelli's Pizzeria is crucial as it lowers the organization's vulnerability to risks associated with IT systems security. Without the necessary control, the organizations cannot reap the bene?ts of Information Technology, which o?ers rich resources in the current market environment. Therefore, organizations can apply the security controls in this paper to assess their processes for IT functions. References Lainhart, J. 7 W., Fu, Z., & Ballister, C. M. (2016). tinuous Improvement. ISACA. 7 Holistic IT Governance, Risk Management, Security and Privacy: Needed for E?ective Implementation and Con- 8 https://www.isaca.org/resources/isaca-journal/issues/2016/volume-5/holistic-it-governance-risk-management-security-and-pri- vacy-needed-for-e?ective-implementation-and. 2 Robatelli's Pizzeria Case Study (nd) Turner, L., Weickgenannt, A., & Copeland, M. K. (2017). formation Systems Controls and Processes (3rd Ed.). 3 https://bibliu.com/ Walkowski, D. (2019). 10 What Are Security Controls? F5 Labs. 9 Accounting In- 11 https://www.f5.com/labs/articles/education/what-are-security-controls. Source Matches (19) 1 100% Student paper 3 93% Student paper Student paper Student paper University of Phoenix The IT controls are divided into ?ve parts which are network security, authentication, organizational structure, physical security, and business continuity. Original source [University of Phoenix] Original source 2 100% My paper Student paper Judith Courtney McCollum Original source Judith Courtney McCollum The IT controls are divided into ?ve categories which are authentication, network security, physical security, organizational structure, and business continuity 4 71% Student paper 3 65% Student paper Student paper Student paper This paper will develop a risk assessment In terms of the operating environment, process for Robatelli's Pizzeria IT functions. the IT systems should be installed in a place where it is free from humidity, dust, and uncontrolled temperatures. Original source Original source Robatelli’s IT Risk Assessment Process for IT Functions For the operating environment aspect, IT systems should be located where it is free of dust, humidity, and is temperature controlled 3 78% Student paper Student paper 3 Network Security The organization's IT systems are networked to the internet or internal networks, which are subject to 64% Student paper Student paper unauthorized access. The committees are made up of top-level executives such as CIO, CEO, CFO, and top managers. Original source In IT systems, they are often networked to either internal networks or the internet which are often subject to unauthorized access Original source This committee is usually made up of top executives such as the CEO, CFO, CIO, and heads of business units 3 70% Student paper 6 Student paper 65% User paper Student paper Other controls that can be used for network security are the use of virtual The committee prioritizes and oversees private networks, antivirus software, unique service set identi?ers, secure socket layers, intrusion detection, vulnerability assessment, and penetration test- the changes of IT systems. Original source ing (Walkowski, 2019). The committee oversees and prioritizes changes to the IT systems by designing, developing, and implementing the necessary changes Original source Other security features that should be implemented are a unique service set identi?er (SSID), a virtual private network, secure sockets layer (SSL), antivirus software, vulnerability assessment, intrusion detection, and penetration testing 3 65% Student paper Student paper The development of a business continuity plan is the process that involves the 5 71% Student paper Student paper creation of IT system failure prevention and recovery if potential threats face an organization. It refers to the location, backup, and operating environment of the IT systems. Original source Business continuity planning or BCP is the process involved in creating a system Original source of prevention and recovery from potential threats to an organization That includes location, operating environment, and backup systems 7 73% Student paper Student paper W., Fu, Z., & Ballister, C. Original source Lainhart, J., Fu, Z., & Ballister, C 8 100% Student paper 9 100% Student paper Student paper Student paper Holistic IT Governance, Risk Manage- Accounting Information Systems Controls ment, Security and Privacy: Needed for E?ective Implementation and Continu- and Processes (3rd Ed.). ous Improvement. Original source Accounting information systems controls Original source and processes(3rd ed.) Holistic IT Governance, Risk Management, Security and Privacy Needed for E?ective Implementation and Continuous Improvement 3 74% Student paper Student paper 7 96% Student paper https://bibliu.com/ Walkowski, D. Student paper Original source https://www.isaca.org/resources/isacajournal/issues/2016/volume-5/holistic-it- https://bibliu.com/ governance-risk-management-securityand-privacy-needed-for-e?ective-implementation-and. 10 100% Student paper Original source Student paper Retrieved from https://www.Isaca.Org/resources/isaca- What Are Security Controls? journal/issues/2016/volume-5/holistic-itgovernance-risk- management-security- Original source and-privacy-needed-for-e?ective-imple- What Are Security Controls mentation-and 11 2 100% Student paper 82% My paper Student paper Student paper https://www.f5.com/labs/articles/educati on/what-are-security-controls. Robatelli's Pizzeria Case Study (nd) Turner, L., Weickgenannt, A., & Copeland, M. Original source Original source Robatelli's Pizzeria Case Study Turner, L., Weickgenannt, A https://www.f5.com/labs/articles/educati on/what-are-security-controls

Option 1

Low Cost Option
Download this past answer in few clicks

18.89 USD

PURCHASE SOLUTION

Already member?


Option 2

Custom new solution created by our subject matter experts

GET A QUOTE