SBM4304 IS Security and Risk Management Assignment Sample
Here’s the best sample of SBM4304 IS Security and Risk Management Assignment, written by the expert.
Introduction
The report aims is to evaluate the IS (Information System) system of the company and identify the benefits of system in regards to manage and control the risk. In order to implement this study, the Australia well-known company called Woolworth is selected. In this report, the Woolworth IS system such as CRM, SCM and ERP are studied and evaluate how this system helps the company to improve customer services and provides clear communication level at workplace (Dos Santos et al., 2013). Besides that, report also address that how the IS system such as General Management control and Application Control system etc helps in risk managing and controlling. Therefore, the study provides the detail understanding related to the Woolworth Information system and its advantage to the company.
Discussion on Woolworth Product & Service or IS system of the company
Woolworth is Australia based company which deals in supermarket/grocery store chain. It is specialises in selling groceries including vegetables, fruit, meat, packaged foods etc (IBISWorld, 2017). At the same time, it also expands its market in multiple activities such as DVD’s, health & beauty products, baby and household products and stationery items etc. However, company operates its products more than 1000 stores across Australia. In recent times, company starts to functions the product & services in the digital platform by launching its site (Woolworths.com.au). Through this platform, it sells products across the region in Australia.
IS system of the Woolworth
The advancement of technology pushes the Woolworth to focus on the digital platform and installation of IS systems (Dos Santos, 2011). Likewise, CRM (Customer Relationship Management) is the system that company uses to increase the satisfaction level of the customer. The CRM system helps the company to provide the information related to the customer changing needs and demands. At the same time, the customer complaints are also addressed with the use of CRM system. Therefore, CRM system assist in bring improvement in customer service. The Woolworth installs the CRM system through supplies 890 iPads to their store managers with the aim to make clear focus on the customers (Sharma, 2012). This way store manager accesses the customer requirements. Moreover, company through use of CRM address the customer complaints. For instance, store manager of Woolworth get the complaints of customer about the delay in payment due to large line and less staff to attend the customer. So, in this regards, company install the self-check out system in order to quick payment. Other than that, Woolworth also uses the SCM (supply chain management) system in order to timely availability of resources. This system helps the company to maintain the proper flow of communication among the departments. Thus, these system provide large support to the business of Woolworth in the form of operate the business successfully in Australia market.
General Management Control of the Woolworth
Woolworth has greatly emphasis on the General management control system as it is an aid to achieve the strategic objectives and competitive advantage. This system is used by the company with the aim to evaluate different organizational resources like human, physical, and financial etc (Rababah et al., 2011). However, Woolworth use different actions in general management control system for managing the issues.
- Direct Supervision: Woolworth in its every store hires the supervisor so that they guide the group of workers. In this, the supervisor issues order and directions and monitor the work performances of staff.
- Standardisation of work process: This approach proves to be effective for the company as store manager allocate the activity as per the skills or expertise of individual. This practice helps in achieving the standardisation of work.
- Team Work Spirit: Woolworth always promotes the workers to work co-ordinately with each other and this is done through provide responsibility with authority.
Other than that, the Woolworth also adopts the advancement of security with the aim to control the risk related to hacking a computer or accessing the company information.
Thus, these are the practices that management of Woolworth follows to control the issues and risk related to poor performances and security risk
Application Controls
The application controls are the concept that focused on exposures within the specific systems (Pondeville et al., 2013). This system helps the company to operate the function effectively without any mismanagement. Likewise, application controls system ensures that each employee gets receive only one pay check per pay period. The controls are to ensure that each invoice gets paid only once. Other than that, companies use different types of application controls practice for controlling the unauthorized applications. Likewise, now-a-days companies face high problems related to the security and privacy (Fayol, 2016). For this the application control are well suited to handle such problems and issues.
Application control includes various actions to control the risk such as identification, authentication, input controls and forensic controls etc (Bajdor and Grabara, 2014). Besides that, application control system performs various steps:-
- Completeness checks: – This control system ensures the records processing from initiation to completion.
- Validity checks: – It ensures that only relevant and valid data tend to be input.
- Identifications: – It controls the unquestionable identification of all users.
- Authentication: – This control system provides an application system authentication mechanism (Singh et al., 2012).
- Authorization: – This control system ensures that application system is only used by the authorized business users.
- Input controls: – The controls ensure that right data to be stored into the system.
- Forensic controls: – The control system ensures that scientifically and mathematically data needs to be correct so that right inputs and outputs can be obtained.
These are the elements of the control system and due to this practices, company perform its business operations effectively and efficiently.
Comparison of General management controls and Application controls for IS.
There are huge differences occurs between the general management controls and application controls especially in regards to information system (Harrison and Lock, 2017). However, the main difference is in the form of speed. The application control system manages the data and issues much more quickly as compare to the general management control. This is because general management control system involves several steps and human activity is also involved which makes the speed slow.
Other than that, general control mainly deals with the access of the main data storage of the systems while application control system focuses on the process and operational part of the system.
Furthermore, general management controls the data centre and network operations while application control system emphasis on the development and maintenance of system. At the same time, General Management Control the human, physical and technical resource. Likewise, it controls the situation of non-availability of resources on time, improper human resources and insufficient technology adaptation etc. Thus, this type of information is control by the General management control system (Li et al., 2012). On the other hand, the application control system manages the big data. It means the recording of information of the company. Likewise, this system protects the data files and computer programs from the unauthorised access. That’s why the application system focuses on the input, processing and output control. In regards to this, the system ensures that the relevant data are recorded and then processed the input data in such a way that valid result or output to be obtained (Guerrero et al., 2011). Thus, these are the major differences between both the terminologies.
In context to information system, both the control system is important in their respective manner. Likewise, general management control helps the IS system in regards to take right actions such as decision making, develop plan and strategies. Thus, in these areas general control manages the functions of the organisation.
The application control ensures the continued proper operation of information systems. Likewise, it involves the control over the data centre and network operations. It means that it protect the IS system from the unauthorized access.
In the case of Woolworth, the application control is the best one to control the information system. This is because currently company is facing the problem related to security issues. So, at that time, the application control helps the company in terms to protect the organisation private information from the false activity. Therefore, the application control system is the most suited control system for the companies like Woolworth.
Risk management techniques adopted by the Woolworth
Woolworth in the day to day activities faces huge risk related to financial, strategic, operational and technical etc. But, company manages such risk through use of several techniques (Tummala and Schoenherr, 2011). However, Woolworth risk manager general use ranking method for controlling or managing the risk. In this, manager rank the risk as per the occurrences and effects. The risk which has more consequences is addressed first by the risk manager. Through this manner, company manage the risk.
The Woolworth in the practical manner faces the risk related to the confidentiality of information and availability of resources on time. In such type of risk, company tend to use the risk management process (Tohidi, 2011). These are as follows:-
- Identify the Risk: This step includes the risk manager action in the form of recognise, describe risk that might affect the company operations. In this step, the manager start prepares the Project Risk Register.
- Analyse the Risk: Once the risk are identified then the risk manager determine the likelihood occurrences and consequences. In this phase, manager collects the facts related to selected risk.
- Evaluate the Risk: The risk is evaluated on the basis of providing rank and then determine its magnitude (Sodhi et al, 2012). Afterwards, the decision is made in regards to whether the risk is acceptable or it can ignore. Thus, these risk ranking are also added into the project risk register.
- Treat the Risk: In this step, the risk manager accepts the risk which has high consequences and tries to minimise the impact of risk through implement prevention plans. This way risk can be minimised.
- Monitor and review the Risk: This step includes the project risk register and monitor, track and reviews the risk.
Thus, through use of these steps, risk manager of Woolworth manages the risk. However, the risk related to confidentiality and availability of resources on time. The company manages the risk of confidentiality through connect the business operations with the centralised system. Moreover, the installation of ERP and MIS system helps in reducing the risk related to timely non-availability of resources. This manner company control the occurrence of risk.
Importance’s of IS auditing for the Woolworth
The auditing of IS proves to be effective for the company in regards to identify the errors or mistakes in the system performance (Poolsappasit et al., 2012). It means that company with conduct audit of IS can determine the area where company is lacking or making mistake. For instance, if company does not gain customer base then the audit of IS can give a hint to the company about the area where there is need to bring improvement.
Audit Plan: Before conduct the auditing, the company needs to develop the audit plan. Here are the steps that help to prepare the audit plan:-
- Scheduling the open meeting
- Conducting the fieldwork
- Prepare the report
- Send to the management (Chapman, 2011)
Thus, these are the actions need to undertake in the audit planning.
Audit Process: The audit process of Information system in Woolworth is contains many steps which provides it evaluation and suggestion on that measures which need improvement in Woolworth. The audit process can be used in the Woolworth as an effective tool or technique for measuring the information system and maintain control within the organizational computer abuse. Its main four steps are as following:
Step1. Measuring weakness of IS
Step2. Identify the source of threat
Step3. Identify the point of high risk
Step4. Check computer abuse.
Conclusion & Recommendations
From the above study, it is concluded that Woolworth has properly implemented the CRM, SCM system into its business operations. This system also contributes huge benefits in the form of improvise the customer service and maintain the communication flow between the departments. Moreover, company also used general management and application control for managing the company resources and personal data. Besides that, Woolworth to minimise the risk related to confidentiality through use of centralised system. In regards to risk mitigation, it is recommended that company should develop the risk management policy as it guides the employees about the areas which can affect adversely. Other than that, Woolworth needs to evaluate the external business environment so that company can identify the risk and challenges which are present in the market. Therefore, this way, Woolworth can control the risk or issues more significantly.
References
Bajdor, P. and Grabara, I., 2014. The Role of Information System Flows in Fulfilling Customers’ Individual Orders. Journal of Studies in Social Sciences, 7(2).
Chapman, R.J., 2011. Simple tools and techniques for enterprise risk management (Vol. 553). USA: John Wiley & Sons.
Dos Santos, M.A., 2011. Minimizing the business impact on the natural environment: a case study of Woolworths South Africa. European Business Review, 23(4), pp.384-391.
Dos Santos, M.A., Svensson, G. and Padin, C., 2013. Indicators of sustainable business practices: Woolworths in South Africa. Supply Chain Management: An International Journal, 18(1), pp.104-108.
Fayol, H., 2016. General and industrial management. UK: Ravenio Books.
Guerrero, J.M., Vasquez, J.C., Matas, J., De Vicuña, L.G. and Castilla, M., 2011. Hierarchical control of droop-controlled AC and DC microgrids—A general approach toward standardization. IEEE Transactions on industrial electronics, 58(1), pp.158-172.
Harrison, F. and Lock, D., 2017. Advanced project management: a structured approach. USA: Routledge.
IBISWorld, 2017. Woolworths Ltd – Premium Company Report Australia. [Online] Available at: https://www.ibisworld.com.au/australian-company-research-reports/retail-trade/woolworths-ltd-company.html. (Assessed at: 04 April, 2018).
Li, H., Lai, L. and Poor, H.V., 2012. Multicast routing for decentralized control of cyber physical systems with an application in smart grid. IEEE Journal on Selected Areas in Communications, 30(6), pp.1097-1107.
Pondeville, S., Swaen, V. and De Rongé, Y., 2013. Environmental management control systems: The role of contextual and strategic factors. Management accounting research, 24(4), pp.317-332.
Poolsappasit, N., Dewri, R. and Ray, I., 2012. Dynamic security risk management using bayesian attack graphs. IEEE Transactions on Dependable and Secure Computing, 9(1), pp.61-74.
Rababah, K., Mohd, H. and Ibrahim, H., 2011. A unified definition of CRM towards the successful adoption and implementation. Academic Research International, 1(1), p.220.
Sharma, S., Oracle International Corp, 2012. CRM system for enhanced retention of customers. U.S. Patent 8,285,596.
Singh, M., Bardsley, J.S. and Horner, R.M., Armstrong Quinton Co LLC, 2012. Methods, systems, and computer program products for transmission control of sensitive application-layer data. U.S. Patent 8,301,771.
Sodhi, M.S., Son, B.G. and Tang, C.S., 2012. Researchers’ perspectives on supply chain risk management. Production and operations management, 21(1), pp.1-13.
Tohidi, H., 2011. The Role of Risk Management in IT systems of organizations. Procedia Computer Science, 3, pp.881-887.
Tummala, R. and Schoenherr, T., 2011. Assessing and managing risks using the supply chain risk management process (SCRMP). Supply Chain Management: An International Journal, 16(6), pp.474-483.
________________________________________________________________________________
Know more about UniqueSubmission’s other writing services: