Assignment: Risk/Control Analysis
This deliverable is mainly about systematically identifying some risks and internal controls related to a specific business process (application controls) in your organization. The requirement is to include at least four application controls. You will also include at least two each of Entity level and IT general controls.
The purpose is for you to demonstrate a thorough understanding of the various controls that could be applied. Specifically, you will look at risk and control activities from several perspectives - control zones, control types, their implementation and an assessment of their success.
- Write an introductory paragraph highlighting the key IT related risks for the organization and the process being modeled. This paragraph should provide context for the controls to be discussed in the rest of the document.
- Create a control table listing controls in your organization in this format:
|
Control Name
|
Control Zone
Entity-level IT control
Application control
IT general control
|
Type of Control
Preventive
Detective
Corrective
|
Implementation Manual
Automated
Hybrid
|
|
Database Backup
|
IT general control
|
Corrective
|
Manual
|
|
|
|
|
|
|
|
|
|
|
(Don't forget to add an explanatory caption for the table)
Each control zone, type of control, and implementation should be represented by at least one listed control.
- A detailed narrative for each control from the table:
o State the business risk being mitigated/reduced using the control
o Specify the details of the control - who does what, when how, etc.
- A classification section:
o Zone paragraphs: define each control zone (entity-level, application, IT general control), classify each control and explain why each control is classified in a particular zone.
o Type paragraphs: define each control type (preventive, detective, corrective), classify each control and explain why each control is classified as a particular type.
o Implementation paragraphs: define each control implementation category (manual, automated, hybrid), classify each control and explain why each control is classified in a particular category.
o Metric paragraphs: define lag and lead metrics (indicators), describe and explain a metric for each control and explain why they are either lead or lag.
- A compensating control paragraph. Define a compensating control. Describe and explain a compensating control you have in place and what risk is being addressed by this control.
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.