COBIT V4.1 Framework

1) IT Infrastructure and Support Systems. (chapter 2) In this chapter, it will explain about types of information system and data process, types of IS used to support business operation and decision makers, how it support supply chains and business process and understand about the attributes, benefits, and risk of services-based and cloud computing infrastructure. Types of Information system and support will be divided into two pat which is Management support system and Operation support system. Management support system also will divided into two which is Management information system(MIS) and Decision support system (DSS) same goes to Oeration support system, there is another two part which is Transaction processing data (TPS) and Process control system. Geely automotive company use this system to enchant their sales order, payroll, accounting, financial, marketing, purchasing and inventory

Information technology audits determine whether IT controls protect corporate assets, ensure data integrity and are aligned with the business's overall goals. 1.2.2 Objectives IT audit objectives concentrate on substantiating that the internal controls exist and are functioning as expected to minimize business risk. These audit objectives include assuring compliance with legal and regulatory requirements, as well as the confidentiality, integrity, and availability. 1.2.3 Strategies • Review IT organizational structure • Review IT policies and

Internal auditors Internal auditors provide operational, strategic, and tactical value to the business. They inform the Change Advisory Board and management about the other stakeholders’ understanding of change management and adherence to policies. They validate the efforts of management to be effective and proactive in facing current and future threats. They compare present practices within the organization with regulatory guidelines and industry practices. What are the responsibilities of internal auditors?

Business Continuity (BC) Strategies Identifying the organization’s risk treatment strategy will determine which products and services require a BC strategy to ensure the continuity of prioritized activities. The aim of designing continuity and recovery strategies is to set time frame for recovery and identify the means by which those objectives will be achieved. 8.3.1 Points to consider when determining BC Strategies To ensure success, the BC strategies shall determine: • The party which is responsible for achieving the recovery goals • Means and resources to be used to achieve the goals • The timeframe set for achieving the goals • Determining the best strategies which ensure many factors are taken into consideration. of these: 1. Results

At the system level, the probability of the entire ERP system usage failure can be obtained by quantitative evaluation of the fault tree, thus making it possible for executives of the hosting organisation to make informed decisions on ERP project initiation, termination and high-level system requirement and scope changes. At the component level, the implications of fault tree analysis depend on the approach that was adopted in fault tree construction. There are two basic approaches, which a third one is the mix of them. The difference in these two approaches is that the second requires one to incorporate the root causes to component failures into the fault tree and thus directly assess the impact of these root causes on system failure, while the first approach indicates that the causes are either too elusive to be included in the fault tree or will be identified on a later

The report identifies the need of a knowledge management strategy for BobCo and proposes a design and implementation method of a knowledge management system for the company. The scope of the proposed KM project is to optimize organizational functions within BobCo by acquiring, creating and sharing the knowledge within the organization. The feasibility study analyzes the technicality, functionality, cultural issues, project schedule and budgeting issues of the proposed system. The risk management plan identifies the potential risks that may occur during and after the project development and implementation. Finally the report highlights the importance of a KM strategy for BobCo and the potential of a Knowledge Management system for the company.

The question is how does a business accomplish that goal? Michael Porter, a strategy expert and professor at Harvard Business School, emphasizes the need for strategy to define and communicate an organization's unique position, and says that it should determine how organizational resources, skills, and competencies should be combined to create competitive advantage. (“What is Strategy?,” 2017) Strategy is critical to the principals of management. Strategy is about making choices, like what the business plans to do today, tomorrow, and every day after that. (Management Principles, 2012) The text’s definition of strategy compares as they both mention strategy needs to take place to accomplish a goal or objective.

In reference to Marks and Spencer, it is essential for organisation before making use of best-in-class benchmarking to measure organisational performance by analysing internal as well as external competition. It can be an integral part for improvement of organisation, however it is a fact that Marks and Spencer could not able to employ all the relevant strategies patented by competitors. But it can help in making appropriate business decisions as management will be aware of all the advantages as well as difficulties that lies in incorporating specific changes. It depicts that role of best-in-class benchmarking data play efficient role in decision making process which is dependent on the business requirements of Marks and Spencer (Shao L. P.,

Project describe Plan Cost Scope Time Deloitte In This Project - Deloitte Plan extends the standard software, improve technology system - Provides a universal tool for the development of business planning models - Support technology, employee, cost, experience to research the project - Reduce the delinquent personal and small business loans - Reduce finance risks - Cost suitable for Addison bank' budget - Accept high cost to ''strategically invest'' in the project - Employee training costs - Hardware facilities - Cost for warranty. - Supported by Enterprise Technology - Create a business architecture framework based on business objectives - Recommendation to bridge the gap between current state and future optimal technology support - System consult and maintain 6 months – 1 year(system) (December to February)(forecast) 2.4. Answers the question: What is the core purpose? Addison’s core purpose business in the project: recover loans, risk assessments on its loan portfolio in order to estimate the proportion of loans that were recoverable. Addison Business Core Purpose => Strategy =>

A review of existing IT Audit Committee Charters shows the following typical qualities: 1. Evaluation, examine and make suggestions on technology-based problems of importance to business. o Appraise and seriously evaluate the financial, strategic and tactical advantages of proposed major innovation related jobs and innovation architecture

Following our initial assessment we will provide recommendations for the “to be” RMF IA and C&A program by providing DLA J6 with the analysis of alternatives (AoA) on courses of action (COAs) for the current IA C&A program. Part of this initial assessment is to address key risk areas across DLA Global Enterprise Architecture and supply chains to look at best practices for mitigation procedures that minimize the operational risks posed from cyber threats to the DLA Global Enterprise Architecture. Following our initial assessment we will incorporate the “to be” RMF IA and C&A program across which will standardize, and centralize, the program while grounding it in Industry standards and best practices. The RMF mandated transition is already in the implementation phase and a strategy will have to managed and complied with to continue the transition through to completion. This strategy represents the DOD IT and DODI 8510.01 policy signed into effect in March 2014 aligns the DOD agencies (DLA) through the standardized use of the NIST 800-37 and 800-53 publications and the CNSSI 1253.