Auditing IT Controls

Auditing IT Controls

Question 1

Some of the terms and concepts that are important in the management of IT risks, providing IT assurance and making use of appropriate HCI principles in IT operations include;

  1. Risk – By knowing what risk is, I’ll be able to know how to manage it.
  2. Controls – It is crucial given that effective controls can mitigate threats.
  3. Assurance is crucial as it tells us how to make information secure and also assists in managing risks.
  4. Users are essential since Human Computer Interaction is centered on the manner in which users relate with computers.
  5. Standards are important as they assist in managing of IT risks
  6. User interface is important as it forms a platform for the interaction of users and computers.
  7. Assets are critical given that they what is required be secured from unauthorized access.
  8. Computers are what users use
  9. Vulnerabilities need to be recognized to succeed in managing risks efficiently.
  10. Framework is critical as it is the manner in which IT governance goals get organized.


Question 2

During an analytical approach, a lot of research and time if needed in the evaluation of the manner in which a center is operating. Despite the method being famous, it is likely to be the most boring. With the heuristic approach, it is possible to resonate with new managers and directors of IT. Once the director is able to connect a panel of center representative he or she can evaluate and reach a conclusion concerning what’s working well and what requires being modifies. This forms the foundation of the heuristic approach. The approach aims at finding a solution to the productivity of the center. The person who is likely to get affected is taken care of through the HCI. Through the assistance of trial and error, the evaluation will understand the issues afflicting the center and exhibit the existing alternatives for the operation to succeed. During this evaluation, it is possible to assess IT assurance.

It is important to keep an eye on the effectiveness of password reset to guarantee the operations of the center are effectively appealed. Being able to test and fail with no major hindrance or liability will give room for more liberty to discover the flawless equilibrium between policies that are implemented and effectiveness of operations. To finish the current report and with assistance of the panel, other testing aimed at assessing how rapidly the password change is executed, the rate of password change needed, and usefulness of password change within the given time need to be implemented.

In conclusion, the heuristic approach makes it possible for IT director to test various approaches to quick and actual password changes which do not interfere with the policies and productivity of the center. With the trial and error approach in place, mistakes which could be made during operational success given that the accountability level if highly compromised.


Question 4

People who have used computers are familiar with viruses or might have lost data at some point. The reaction that follows after such reaction of an individual can be easily predicted; one can panic, get frustrated, or feel helpless. An incident that occurred to me recently, my laptop wanted to restart but I kept skipping the restarting, at some point when I was almost finishing my homework I failed to skip and the computer restarted without giving me a chance to save my work. It was disastrous and by bad luck I was not able to apply any of the recommendation the book presents. Had I implemented any of the recommendations, it could have been safer for me. I did not do any risk assessment, system monitoring, or provision of alternative plan. I lost a lot of information and it was quite unfortunate for me to start the work again.  Despite all that it prepared me on how to handle updates whenever need arises. Now, I know how to monitor and recognize messages that pop-up, continuously save any of my work, avail regular updates of my work by channels such as emails and always assess my laptop’s performance. Through these IT governance framework aspects, then am guaranteed to avoid any challenges likely to happen.

Question 5

Some of the recommendations include allowing personnel to make lively comments and enhance contributions to IT activities; in case employees fully take part in an enterprise’s daily activities, the IT manager will find it easier to apply fresh changes related to IT and establish innovative idea to expand the IT and HCI network. I will recommend that the executive be invited to follow the password reset policy for the center and assess if it is an approach that can be relied on; I trust the password reset policy conform to the centers requirements. I will recommend creation of a program which is likely to represent and enlighten how to endure all

Dosit Corporation

Dosit Corporation

Question 1: What steps should you take to bring the company into compliance with the HCS considering best practices?

There are numerous steps that I will take as a safety manager to bring the corporation into conformity with HCS with regard to best practices. To begin with, I will ensure that MSDS or SDSs are visibly printed on the packages at the time of their delivery to any seller. Secondly, I guarantee that the Dosit Corporation upholds the material safety data sheets for the entire chemical produces by the corporation. Thirdly, I will make sure that the entire workforces of the corporation are appropriately trained on corporation’s disaster management policies. Next, I will make a chemical inventory, assign the responsibility for particular tasks, ensure labeling of all containers, obtain the material safety data sheets for a particular chemical and get a certified copy of the Hazard Communication Standard rules. The chemical inventories offer a record of the room and building content that is essential in the situations of emergency in addition to control of inventory (Jiang et al., 2014). Moreover, I will guarantee that all the company workforces are well informed concerning the perilous properties of the chemicals that are manufactured by the corporation. Finally, I will guarantee that the workers of the corporation are conscious of the dangerous effects of the chemicals they utilize within their working zones.

Question 2a: Is this a problem from a safety or regulatory point of view? Why?

This is a glitch from the regulatory view point. In accordance with the Hazard Communication Standard, the pipes and the tanks do not need to be labeled at the place of work; nonetheless, regulation should be put in place to guide the workforce as they carry out their tasks. The chemical corporations are permitted to use color coding in order to identify the chemicals within pipes and tanks. According to the Hazard Communication Standards regulatory, the pipes are not deliberated as containers, however, all the chemical containers and transmission channels need to be labeled with regard to the required standards (Jiang et al., 2014). The workforce needs to be informed of the risks associated with the chemicals within the unlabelled pipes. They should be trained on the appropriate measures to safeguard themselves from the chemicals.
Question 2b: What would be your recommendation on labeling considering the regulatory requirements?

With regard to the Hazard Communication Standards, the safety managers should prepare their workforce concerning the hazards associated with the chemicals within their area of work. All the potential health risks need to be communicated to the employees to create awareness and precautions to be taken upon their occurrences. The workforce should be prepared on the data concerning the operations in which hazardous chemicals are accessible and their dangers. The workforce needs to have essential information about the pipes and the coding framework, naming of pipes as provided by distinct norms, chemical hazards within the pipes, routines utilized to identify a crack or break in the pipes (Reese, 2015). The employees should know the appropriate measures to take when the pipes break. There is the need to train the employees that perform their tasks using the pipes on the efficient techniques of protecting themselves from the dangers of the chemicals within the pipes.

Question 3a: What most likely went wrong in this training?

The safety manager might have failed to make the workforce comprehend that they are previously exposed to the hazardous chemicals hence were capable of reading and identifying the chemical labels in addition to the safety data sheet. There was no invitation of the chemical laboratory personnel to conduct the training. The workforce had low concentration throughout the training session thus did not grasp the essential information. The trainer did not involve the use of charts and pictograms to help in the demonstration of the effects of the chemical hazards. The training might have lacked the use of past training records that could have served as an appropriate guideline for efficient and productive training. The workforce might have lost interest owing to the utilization of safety data sheet description and oral description of the dangerous properties of the chemical products (Jiang et al., 2014).
Question 3b: How could future training be improved, including the explanation of chemical hazards without specifically addressing each chemical?

The improvement of future training necessitates the utilization of more pragmatic examples and physical demonstrations of the products chemical properties to uphold the interest of the workforce. It will assist in the live display of the workforce the effects of the chemicals and consequently makes them have higher concentration throughout the whole future training sessions (Reese, 2015). Moreover, they will be keen during the training sessions to grasp the important information about the chemicals. The workforce should be given necessary and detailed information and productive training that are required for safe handling of chemicals.
Question 4a: How would find out about the proper use, storage, and disposal of this chemical?

To obtain the proper utilization, disposal, and storage of the chemical, there is the need to send a given sample of the chemical to laboratory in order to obtain its name. Afterward, the name of the chemical will assist me in obtaining its proper utilization, storage and disposal through the utilization of accessible resources like websites (Jiang et al., 2014).


Question 4b: How would you identify the chemical as hazardous, or as not hazardous?

Identifying the chemical as hazardous or non-hazardous necessitates the careful study of the product packaging and safety data sheet of the, product. The product labels can comprise hazard statements, active ingredients, and pictograms that relates to the chemical hazard categorization of the chemicals that are contained in the product. Thus, there is the necessity to carefully read the product label for identifying it as hazardous or non-hazardous (Reese, 2015). The safety data sheet contains comprehensive information concerning the hazardous chemical ingredients and their possible impacts comprising physical hazards, storage, requirements for disposal, procedures for an emergency, safe utilization, handling and toxicological properties that are essential for identifying it as hazardous or non-hazardous.

Question 5: What should you do, if anything, about this container?

The unlabeled five gallon container needs to be kept in a safe place as it awaits identification and proper disposal. It should be screened for water reactivity, flammability, corrosivity and air reactivity prior to labeling (Reese, 2015).