Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Data Management

Information Technology Risk Warning Signs ()

advertisement 
Information Technology Risk Warning Signs
This tool gives some examples of warning signs to look for when considering
business risks, particularly information technology related risks. Since
information technology has become an integral part of most businesses, its
risks are not simply those that relate to technology. They are broader
business issues that demand more complete consideration and more
complete business solutions. This tool provides an easy, quick reference of
eight warning signs in a business that may point to areas of significant risk.
INSTRUCTIONS
1. Read through the warning signs to determine if any affect the
business being analyzed.
2. Read the more detailed description of the warning signs for those
that might apply.
3. Document any of these warning signs that may be applicable in
your business risk documentation, either by using this template or
noting elsewhere.
Warning Signs
To Look For
Description of Warning Signs
Major Changes in
Information Systems
or Technologies
Conversions to new information systems, migration to a new
technology platform (e.g., change in primary computer or
network vendor, moving to client-server systems, or
distributing programs and data to portable computers), or even
changes in key information systems personnel all entail some
level of risk to the business. The importance of continuity of
critical business processes, the challenge of overcoming the
learning curve for new technologies, or the potential loss of
individuals with unique knowledge of the organization's
systems require careful planning for change and continuing
education and communication for all whose jobs are affected.
Significantly
Changing Business
Entering into new markets, adding new service lines, acquiring
other businesses, partnering, adapting to changing market
demands (e.g., implementing EDI to preserve a customer
relationship), or simply rapid growth of the business can put a
severe strain on existing hardware and software capacity.
Changes to systems to meet the new business demands
increase the likelihood of errors that may not be detected until
critical limits are reached. Continuing capacity planning,
change control and performance monitoring may not get the
priority and management attention they need until damage has
been done to the business.
Reengineering/
Recent reengineering and right sizing may have reduced or
Right Sizing
eliminated some internal controls such as segregation of
duties, supervision and review. The changes to information
systems that were an essential part of the reengineering could
exacerbate the weakening of internal control, allowing material
errors to slip through or opening opportunities for fraudulent
misuse of the systems.
Open Access to
Systems and Data
Allowing unauthorized employees access to critical data or not
restricting employees' access to data that they do not need
reduces data integrity. The risk is twofold. First, there is the
risk that unauthorized employees can read and make copies of
proprietary or confidential data and knowingly or accidentally
disclose this data to customers or competitors. Second, there
is the risk that unauthorized employees can initiate
transactions or make direct changes to data which could result
in incomplete and inaccurate data. At best, this affects the
integrity and reliability of information; at worst it may be done
for purposes of fraud. Risk examples include unauthorized
transactions or alterations to pricing, discounts, payment
authorizations, vendor addresses, inventory quantities and cost
information
Physical Security of
Computer Hardware and
Software
Data integrity cannot exist without physical security over
computer hardware and software. Access to file servers and
other sensitive systems components must be restricted.
Significant Ad hoc
Reporting for Critical
Data
Data integrity is vital for the decision making process and the
continued survival of the business. Ad hoc reporting requires
human intervention or processing which may lead to
intentional or unintentional errors in the data. Therefore, a
significant amount of ad hoc reporting for critical data may
result in lower levels of data integrity.
Excessive Systems
Errors, Crashes, or
Similar Problems
Excessive systems errors or systems crashes and downtime
typically are signs that a system has been implemented
without adequate capacity planning, systems testing, or
ongoing monitoring. The business impact may be felt in a loss
of information integrity or the unavailability of information and
processing to support critical business activities.
General System
Complaints by Users
General complaints by users about the system can be warning
signs that the system is not working well and, therefore may
mean that the data may not be reliable. Examples may be
complaints that users cannot get the information they need out
of the system, the reports they are getting are incorrect, or the
system is not doing what they expected.
Source
http://www.knowledgeleader.com/iafreewebsite.nsf/content/TechnologyAuditITRiskWar
ningSigns!OpenDocument
Related documents
U.S. USDA Form usda-fs-famweb-logon-id-request
U.S. USDA Form usda-fs-famweb-logon-id-request
C2| Notice of written warning or final written warning
C2| Notice of written warning or final written warning
pbl Group Contract
pbl Group Contract
Group Contract - New Tech Network
Group Contract - New Tech Network
Counseling Form
Counseling Form
DEALING WITH PROBLEMS
DEALING WITH PROBLEMS
Installing Red Hat Enterprise Linux 5
Installing Red Hat Enterprise Linux 5
Q2P1-TAI-1_ifcondition
Q2P1-TAI-1_ifcondition
LETTER OF WARNING
LETTER OF WARNING
File - Mrs. Abney`s English Class
File - Mrs. Abney`s English Class
Project Post Mortem Questions
Project Post Mortem Questions
Slide 1
Slide 1
Download
advertisement