Corporate Governance of Information and Communication Technology

Questions: 1.Does your host company have in place a formal IT Governance framework? Some clues as to its existence might be that there is a Corporate Governance or IT Governance policy document; the corporate intranet might contain references to governance. Structures may exist, at higher levels that are the decision making bodies and which control activities in the company for all levels through delegated authority? 2.Describe a situation in your internship, or previous work, where you have taken account of an Australian Standard in fulfilling your ICT task, and why. If you have not already experienced such situation, describe a situation in your internship where you will need to take account of an Australian standard in fulfilling your ICT task, and why. Be specific? 3.Describe a situation in your internship, or previous work, where you have taken account of compliance (legislation) in fulfilling your ICT task, and why. If you have not already experienced such situation, describe a situation in your internship where you will need to take account of Australian legislation in fulfilling your ICT task, and why? Answers: 1. It was a small company where I did my internship. There was no evidence of a formal IT governance structure within the organization. In fact, the organization maintained a hierarchical structure that included the positions of MD, manager, supervisor, receptionists and other general staffs. The job and responsibilities were divided among these positions. For keeping the records of the business operation, the company uses the database management system. There are a number of different segments in the data base to store the different types of data such as the marketing, management and HRM. All kinds of vital decisions in the organization were undertaken in a collaborative participation of the MD and the managers. The information stored in the database are used at the time of making any decision. The database system can be accessed by the major heads of the organization like the supervisors, managers and the MD. Only the supervisors had the permission to insert data into the database. However, the managers and the MD enjoyed the authority of manipulating and deleting data from the system. Since, the system was not so high standard, there was no such security to access and control of the database by the users. Permission was given to each level of the employees while controlling the infrastructure of the organization. 2. I have worked for a small sized organization where there was no presence of a formal information system for managing the information of the organization. Therefore, the need for a developed information system was felt to make the work easier and smoother. Therefore, I was asked to suggest a particular framework for the development of both the IS and IT system of the organization for the overall governance. For this purpose, I used the Australian Standard AS8015 framework. This particular framework is based on governance of ICT in the organization. In this respect, a list of six principles of the ICT governance that had helped me to understand the effective level of suggestions that I was responsible to do can be mentioned. These principles are: To understand the job role and responsibility of the ICT within the organization To develop a best suitable ICT plan for the organization To acquire the validity of the ICT (Global, 2005) To ensure that the designed ICT platform works well as per the requirement To ensure that the formal rules are aligned with the set ICT framework designed for the organization To ensure that the designed ICT framework respect the needs of the employees working in the organization I had examined every detail and principle of the organization to understand the requirement. I had collected information regarding the formal rules related to the work of the organization. I suggested a framework the IS that would be effective for the overall activities of the organization. 3. When I used to work as an intern in the organization, I was responsible for optimizing the records in the database system of the organization on a regular basis. The major responsibility f the task was to ensure that the work is done with highest accuracy within the organization. Personal details of every employee of the organization were stored in the database. In addition to this, some information of few customers were also kept in the database. These data were stored in an easily accessible format that did not require any particular prevention of integrity of data. This factor was particularly had compliance with the Data Protection Act. According to this Act, an organization should be responsible for keeping the confidentiality and security of the data. With proper investigation, I made the fact evident among all that the organization had been violating the Data Protection Act 2014 (Privacy and Data Protection Act 2014, 2016). The organization should be responsible for keeping the data protective and recurred, but it was found that the data was stored without the consent of the customers. The organization should have informed the customers and they should have clear understanding of the stored data. In fact, the organization should also have to be responsible enough to check to protect that the hardware of the system is not stolen. In order to overcome this crisis, I suggested them to use the data encryption technique for the overall maintenance of the database. The customers were also given a consent form in order to make them aware that their details have been stored in the database of the organization. References Global, S. A. I. (2005). AS 8015-2005 Corporate governance of information and communication technology. Privacy and Data Protection Act 2014. (2016). legislation.vic.gov.au. Retrieved from https://www.legislation.vic.gov.au/domino/web_notes/ldms/pubstatbook.nsf/f932b66241ecf1b7ca256e92000e23be/05CC92B3F8CB6A6BCA257D4700209220/$FILE/14-060aa%20authorised.pdf [Accessed on: 11-4-2017]