Highlight AllMatch CaseMatch DiacriticsWhole WordsPhrase not… Highlight AllMatch CaseMatch DiacriticsWhole WordsPhrase not foundof 3View as TextDownloa

Highlight AllMatch CaseMatch DiacriticsWhole WordsPhrase not… Highlight AllMatch CaseMatch DiacriticsWhole WordsPhrase not foundof 3View as TextDownload Automatic Zoom Actual Size Page Fit Page Width  50% 75% 100% 125% 150% 200% 300% 400% © 2011 ISACATampa Bay Office Furniture Inc.: A Case StudyCompany DescriptionTampa Bay Office Furniture Inc. (TBOF) is a publicly held company that manufactures office furniture.The company has two sales offices and a manufacturing plant in the Tampa Bay area. The company hasan IBM AS/400-based accounting system that was implemented three years ago. The system wasdeveloped in-house. Internally, the company has installed a Novell network that connects all employeedesktop computers to the AS/400 system.As part of the recent audit, various personnel in TBOF’s computer department have been interviewed,beginning with Mr. David Smith who is the manager of the IT department at TBOF. The auditors havealso observed personnel performing their regularly assigned duties and reviewed systemsdocumentation and logs. Based on those interviews, observations, and review of documentation, theaudit team has compiled a set of ‘audit notes’.Audit Notes1. Observed that the AS/400 system is housed in a secure area on the third floor of TBOF’s corporateoffice. Access to the computer room is controlled by an electronic card-key system. All entries to andexits from the computer room are logged. There is a Halon gas system installed that is automaticallytriggered in the event of smoke or fire.2. In the initial interview with Mr. Smith, he indicated that the IT department was organized in thefollowing sub-areas: systems administration, security, programming, testing, and operations. There are11 employees within the IT department.3. After inquiring about TBOF’s security policy, Mr. Smith indicated that he had created a policy twoyears ago. He had downloaded a model security policy off the Internet and rewrote it to suit TBOF’sneeds. Mr. Smith believes strongly that employees are aware of the company’s security policies, but hemakes the security policy document available to any employee upon request. Per Mr. Smith, the personin the IT department who is responsible for security issues is Ms. Jill Brown.4. Noted that the human resources manager has approved the security policy document.5. Mr. Smith indicated that TBOF has an IT strategic plan that is reviewed and evaluated every year by asteering committee comprised of members from every functional department in the company. Ms.Brown indicated that IT security planning is not performed on an annual basis, but there are elements ofIT security is addressed in the IT strategic plan.6. Per Ms. Brown, TBOF requires all users to have a username to log on to the AS/400 system. Passwordsmust be eight characters in length and must contain a combination of letters and numbers. Employeesmust change their passwords every six months.7. Noted that TBOF management has a policy of purchasing only Hewlett-Packard (HP) products.Consequently, all desktop computers are from the HP Pavilion series.© 2011 ISACA8. Ms. Brown indicates that user sessions automatically time out after 10 minutes of inactivity. Many(but not all) users have enabled screen savers on their computers that engage after five minutes ofinactivity. A username and password are required to log back on to a machine when the screen saver isrunning.9. Per the organization chart accounts payable(AP) is a separate division.10. Four employees in the AP department process vendor invoices, match invoices to purchase orders,receiving reports and purchase requisitions. Purchase requisition information is stored in a folder on ashared drive in the AS/400 system. Since the four AP employees often trade-off duties, Mr. Smithdecided to allow them to share the same user profile so that they can all access the shared foldercontaining purchase requisition information. This procedure has allowed AP transaction processing toproceed smoothly even if only one of the four AP staff is available.11. Ms. Brown confirmed that when an employee is terminated, the user’s account is immediatelydisabled and deleted from the system.12. Mr. Steven Green, the manager of the accounting department, has been given ‘super-user’ status toenable him to grant appropriate user rights to accounting department employees involved with makingperiod-ending adjusting entries. Mr. Smith approved Mr. Green’s super-user status as necessary due tothe high turnover in the accounting department that was making it difficult for Ms. Brown to keep upwith the requests for assigning user rights.13. Ms. Brown indicated that once a month she reviews the access rights of all employees, includingemployees in the accounting department. She writes up a report of exceptions and sends the report toMr. Green. Ms. Brown is unsure of the follow-up done by Mr. Green if any.14. Per Mr. Smith, the company has implemented a sophisticated firewall and intrusion detectionsystem (IDS) to protect the AS/400 system from hacking attempts. These systems have been subjectedto rigorous testing by Mr. Gary Varner and Mr. William Nesbitt, the two employees in the IT departmentwho are Novell Certified Engineersâ„¢.15. Documentation provided by Ms. Brown included printouts of system logs from the AS/400 system. Asection of the logs provides details of user logins, including the date/time of logon and the module withinthe system that was accessed. Failed logins and ‘access denied’ entries are in a separate section of thelogs. When asked, Ms. Brown indicated that although she reviews the logs occasionally, she does nothave time to review them every week.16. When observing an AP employee working at her machine, noted that the antivirus program flashedan alert on the screen and automatically deleted an infected file.17. Ms. Brown indicated that she is the individual in the IT department responsible for assigning userrights to employees, which define the functions that each employee can perform within TBOF’s AS/400system. All requests for changes in user rights, except for super-user accounts, come to Ms. Brown.18. Mr. Smith said that management plans to invest in an enterprise resource planning (ERP) system(such as SAP® or Oracle®) that will integrate accounting with the marketing, production andmanagement business functions in the near future.© 2011 ISACA19. Asked about the process of handling program changes, Mr. Smith indicated that all program changerequests are first sent via e-mail to Ms. Vicky Mitchell, who is the person in the IT departmentresponsible for handling program changes. Ms. Mitchell then forwards the e-mail to Mr. Smith, whoreplies by either approving or denying the change request. As documentation of the program changerequests and approval/denial, Ms. Mitchell saves a copy of each of these e-mails in a separate folder inher e-mail Inbox. This process works well for the most part, except that users occasionally have’emergency’ change requests that Ms. Mitchell sometimes has to process without Mr. Smith’s approvalwhen he is absent.20. Ms. Mitchell indicated that she assigns approved program change requests to Mr. Jack Solomon, theprogrammer in the IT department who is responsible for program changes. Mr. Solomon makes thesechanges on an ‘off-line’ duplicate version of the live operational system running on the AS/400 system.Testing of the changed versions of programs is done by a second programmer, Mr. Tony Yeager, whoseonly job is to test program changes. Once Mr. Yeager is satisfied with the change, Mr. Solomon transfersthe changed program over to the production (life) system.21. Regarding the routine running of programs on the AS/400 system, Mr. Smith provided a detailedschedule that shows when jobs are routinely run on the system. For example, all payroll jobs are run onFriday at 10 a.m. Sales and purchasing systems are ‘real-time’—these transactions are processed fromremote terminals in the sales and purchasing departments. The accounting, marketing, and productiondepartments of TBOF submit jobs, per the approved schedule, for routine reports they require.22. Mr. Smith indicates that there is one daytime operator of the system and one nighttime operator,with a backup operator from the network administration department who can perform the duties asnecessary in case of sickness or absence.23. In touring the computer room, noted that the operator clicked on a prompt on the main computerconsole to close a window. Upon inquiry, the operator indicated that the prompt was a notification of anupdate to the AS/400 operating system; he indicated that all such ‘patches’ are installed together on thelast Saturday of every month to avoid operational disruption. During the tour, the operator received aphone call from the marketing manager to run a report on an ’emergency basis. The operatorcomplained about the request but acquiesced. The operator wrote anentry in the operator’s log next to the main console to record the unscheduled job.24. Observed that the printer in the computer room prints a one-page report of every job run on theAS/400 system. These job reports are filed within the computer room.25. Upon inquiry, the operator indicated that scheduled jobs stop running very rarely due to systemerrors. When such situations occur, the operator calls one of the systems administrators in the ITdepartment, who provides instructions on how the aborted job should be re-run. Identifying IT ControlsFrom the above case study Develop the following based on the required reading and the methodology presented in class: 1. Select 6 deficiencies (audit notes) from Tampa Bay Office Furniture Inc.docx2. The goal is to identify COBIT 5 processes and sub-processes from the COBIT5_and_Assurance_Toolkit.pdf document. To achieve this goal you may have to start from the respective Enterprise Goal(s) or IT Goal(s) and then use the mapping provided in the COBIT5_and_Assurance_Toolkit.pdf document to identify candidate COBIT 5 process and sub-processes.3. Obviously, by following the above process you can end up with a large number of Goals and Processes. You will need to prioritize and select the ones that will provide the largest benefit. Explain your rationale. How the selected sub-activities would address the selected deficiencies.  Create a report of 500 words                           Engineering & Technology Industrial Engineering Operations Management INFO INFO531 Share QuestionEmailCopy link Comments (0)

Writing an essay outline is an important step in the writing process. An outline helps you organize your thoughts and ideas, and it makes it easier to write a well-structured essay. Here are the steps to help you write an essay outline like writers do:

Choose a topic: The first step in writing an essay outline is to choose a topic for your essay. It’s important to choose a topic that you are interested in and one that you have enough information on.

Brainstorm ideas: Once you have a topic, brainstorm ideas and jot down notes on what you want to write about. Think about your thesis statement, main points, and supporting evidence.

Create a thesis statement: Your thesis statement is the main point of your essay. It should be clear and concise, and it should express the main idea that you want to convey in your essay.

Organize your main points: Organize your main points into a logical order. Each main point should be a topic sentence that supports your thesis statement. Use bullet points or numbers to organize your main points.

Gather supporting evidence: Gather supporting evidence for each of your main points. This may include facts, statistics, or examples.

Write an introduction: In the introduction, introduce your topic and provide some background information on it. End the introduction with your thesis statement.

Write the body paragraphs: The body paragraphs should each focus on a specific main point. Start each paragraph with a topic sentence that relates to your thesis statement. Provide evidence to support your main point and use examples and personal experience to illustrate your points.

Write a conclusion: In the conclusion, summarize your main points and restate your thesis statement. Provide a final thought or call to action.

Edit and revise: Once you have completed your essay outline, take some time to edit and revise it. Check for grammar and spelling errors, and make sure your ideas flow logically.

Remember, an essay outline is a roadmap for your essay. It helps you organize your thoughts and ideas, and it makes it easier to write a well-structured essay. With these steps, you can write an essay outline like writers do.

Highlight AllMatch CaseMatch DiacriticsWhole WordsPhrase not…          Highlight AllMatch CaseMatch DiacriticsWhole WordsPhrase not foundof 3View as TextDownload Automatic Zoom Actual Size Page Fit Page Width  50% 75% 100% 125% 150% 200% 300% 400% © 2011 ISACATampa Bay Office Furniture Inc.: A Case StudyCompany DescriptionTampa Bay Office Furniture Inc. (TBOF) is a publicly held company that manufactures office furniture.The company has two sales offices and a manufacturing plant in the Tampa Bay area. The company hasan IBM AS/400-based accounting system that was implemented three years ago. The system wasdeveloped in-house. Internally, the company has installed a Novell network that connects all employeedesktop computers to the AS/400 system.As part of the recent audit, various personnel in TBOF’s computer department have been interviewed,beginning with Mr. David Smith who is the manager of the IT department at TBOF. The auditors havealso observed personnel performing their regularly assigned duties and reviewed systemsdocumentation and logs. Based on those interviews, observations, and review of documentation, theaudit team has compiled a set of ‘audit notes’.Audit Notes1. Observed that the AS/400 system is housed in a secure area on the third floor of TBOF’s corporateoffice. Access to the computer room is controlled by an electronic card-key system. All entries to andexits from the computer room are logged. There is a Halon gas system installed that is automaticallytriggered in the event of smoke or fire.2. In the initial interview with Mr. Smith, he indicated that the IT department was organized in thefollowing sub-areas: systems administration, security, programming, testing, and operations. There are11 employees within the IT department.3. After inquiring about TBOF’s security policy, Mr. Smith indicated that he had created a policy twoyears ago. He had downloaded a model security policy off the Internet and rewrote it to suit TBOF’sneeds. Mr. Smith believes strongly that employees are aware of the company’s security policies, but hemakes the security policy document available to any employee upon request. Per Mr. Smith, the personin the IT department who is responsible for security issues is Ms. Jill Brown.4. Noted that the human resources manager has approved the security policy document.5. Mr. Smith indicated that TBOF has an IT strategic plan that is reviewed and evaluated every year by asteering committee comprised of members from every functional department in the company. Ms.Brown indicated that IT security planning is not performed on an annual basis, but there are elements ofIT security is addressed in the IT strategic plan.6. Per Ms. Brown, TBOF requires all users to have a username to log on to the AS/400 system. Passwordsmust be eight characters in length and must contain a combination of letters and numbers. Employeesmust change their passwords every six months.7. Noted that TBOF management has a policy of purchasing only Hewlett-Packard (HP) products.Consequently, all desktop computers are from the HP Pavilion series.© 2011 ISACA8. Ms. Brown indicates that user sessions automatically time out after 10 minutes of inactivity. Many(but not all) users have enabled screen savers on their computers that engage after five minutes ofinactivity. A username and password are required to log back on to a machine when the screen saver isrunning.9. Per the organization chart accounts payable(AP) is a separate division.10. Four employees in the AP department process vendor invoices, match invoices to purchase orders,receiving reports and purchase requisitions. Purchase requisition information is stored in a folder on ashared drive in the AS/400 system. Since the four AP employees often trade-off duties, Mr. Smithdecided to allow them to share the same user profile so that they can all access the shared foldercontaining purchase requisition information. This procedure has allowed AP transaction processing toproceed smoothly even if only one of the four AP staff is available.11. Ms. Brown confirmed that when an employee is terminated, the user’s account is immediatelydisabled and deleted from the system.12. Mr. Steven Green, the manager of the accounting department, has been given ‘super-user’ status toenable him to grant appropriate user rights to accounting department employees involved with makingperiod-ending adjusting entries. Mr. Smith approved Mr. Green’s super-user status as necessary due tothe high turnover in the accounting department that was making it difficult for Ms. Brown to keep upwith the requests for assigning user rights.13. Ms. Brown indicated that once a month she reviews the access rights of all employees, includingemployees in the accounting department. She writes up a report of exceptions and sends the report toMr. Green. Ms. Brown is unsure of the follow-up done by Mr. Green if any.14. Per Mr. Smith, the company has implemented a sophisticated firewall and intrusion detectionsystem (IDS) to protect the AS/400 system from hacking attempts. These systems have been subjectedto rigorous testing by Mr. Gary Varner and Mr. William Nesbitt, the two employees in the IT departmentwho are Novell Certified Engineersâ„¢.15. Documentation provided by Ms. Brown included printouts of system logs from the AS/400 system. Asection of the logs provides details of user logins, including the date/time of logon and the module withinthe system that was accessed. Failed logins and ‘access denied’ entries are in a separate section of thelogs. When asked, Ms. Brown indicated that although she reviews the logs occasionally, she does nothave time to review them every week.16. When observing an AP employee working at her machine, noted that the antivirus program flashedan alert on the screen and automatically deleted an infected file.17. Ms. Brown indicated that she is the individual in the IT department responsible for assigning userrights to employees, which define the functions that each employee can perform within TBOF’s AS/400system. All requests for changes in user rights, except for super-user accounts, come to Ms. Brown.18. Mr. Smith said that management plans to invest in an enterprise resource planning (ERP) system(such as SAP® or Oracle®) that will integrate accounting with the marketing, production andmanagement business functions in the near future.© 2011 ISACA19. Asked about the process of handling program changes, Mr. Smith indicated that all program changerequests are first sent via e-mail to Ms. Vicky Mitchell, who is the person in the IT departmentresponsible for handling program changes. Ms. Mitchell then forwards the e-mail to Mr. Smith, whoreplies by either approving or denying the change request. As documentation of the program changerequests and approval/denial, Ms. Mitchell saves a copy of each of these e-mails in a separate folder inher e-mail Inbox. This process works well for the most part, except that users occasionally have’emergency’ change requests that Ms. Mitchell sometimes has to process without Mr. Smith’s approvalwhen he is absent.20. Ms. Mitchell indicated that she assigns approved program change requests to Mr. Jack Solomon, theprogrammer in the IT department who is responsible for program changes. Mr. Solomon makes thesechanges on an ‘off-line’ duplicate version of the live operational system running on the AS/400 system.Testing of the changed versions of programs is done by a second programmer, Mr. Tony Yeager, whoseonly job is to test program changes. Once Mr. Yeager is satisfied with the change, Mr. Solomon transfersthe changed program over to the production (life) system.21. Regarding the routine running of programs on the AS/400 system, Mr. Smith provided a detailedschedule that shows when jobs are routinely run on the system. For example, all payroll jobs are run onFriday at 10 a.m. Sales and purchasing systems are ‘real-time’—these transactions are processed fromremote terminals in the sales and purchasing departments. The accounting, marketing, and productiondepartments of TBOF submit jobs, per the approved schedule, for routine reports they require.22. Mr. Smith indicates that there is one daytime operator of the system and one nighttime operator,with a backup operator from the network administration department who can perform the duties asnecessary in case of sickness or absence.23. In touring the computer room, noted that the operator clicked on a prompt on the main computerconsole to close a window. Upon inquiry, the operator indicated that the prompt was a notification of anupdate to the AS/400 operating system; he indicated that all such ‘patches’ are installed together on thelast Saturday of every month to avoid operational disruption. During the tour, the operator received aphone call from the marketing manager to run a report on an ’emergency basis. The operatorcomplained about the request but acquiesced. The operator wrote anentry in the operator’s log next to the main console to record the unscheduled job.24. Observed that the printer in the computer room prints a one-page report of every job run on theAS/400 system. These job reports are filed within the computer room.25. Upon inquiry, the operator indicated that scheduled jobs stop running very rarely due to systemerrors. When such situations occur, the operator calls one of the systems administrators in the ITdepartment, who provides instructions on how the aborted job should be re-run. Identifying IT ControlsFrom the above case study Develop the following based on the required reading and the methodology presented in class: 1. Select 6 deficiencies (audit notes) from Tampa Bay Office Furniture Inc.docx2. The goal is to identify COBIT 5 processes and sub-processes from the COBIT5_and_Assurance_Toolkit.pdf document. To achieve this goal you may have to start from the respective Enterprise Goal(s) or IT Goal(s) and then use the mapping provided in the COBIT5_and_Assurance_Toolkit.pdf document to identify candidate COBIT 5 process and sub-processes.3. Obviously, by following the above process you can end up with a large number of Goals and Processes. You will need to prioritize and select the ones that will provide the largest benefit. Explain your rationale. How the selected sub-activities would address the selected deficiencies.  Create a report of 500 words                                                                                      Engineering & Technology                                                Industrial Engineering                                                Operations Management                            INFO INFO531                                                                      Share QuestionEmailCopy link                              Comments (0)

Why Choose Us

  • 100% non-plagiarized Papers
  • 24/7 /365 Service Available
  • Affordable Prices
  • Any Paper, Urgency, and Subject
  • Will complete your papers in 6 hours
  • On-time Delivery
  • Money-back and Privacy guarantees
  • Unlimited Amendments upon request
  • Satisfaction guarantee

How it Works

  • Click on the “Place Your Order” tab at the top menu or “Order Now” icon at the bottom and a new page will appear with an order form to be filled.
  • Fill in your paper’s requirements in the "PAPER DETAILS" section.
  • Fill in your paper’s academic level, deadline, and the required number of pages from the drop-down menus.
  • Click “CREATE ACCOUNT & SIGN IN” to enter your registration details and get an account with us for record-keeping and then, click on “PROCEED TO CHECKOUT” at the bottom of the page.
  • From there, the payment sections will show, follow the guided payment process and your order will be available for our writing team to work on it.