Services provided by UTS

Discuss about the IS Security and Risk Management for Technology Sydney.

University of Technology or UTS’s started its operations in the 1870s but the current form of the University was formed in the year of 1988. UTS is an public research University which is situated in Sydney, Australia. This University is considered to be one of the leading young University of Australia. Under the rank of 50 this university is ranked 1^st in Australia and 8^th in the world. This report mainly discusses about the services that are provided by UTS and how the IS is associated with supporting the various business operations of the organization (uts.edu.au, 2018). This report also discusses about the GMC o the general management control used by UTS so as to manage the various risks. The application control for information system, comparisons between the GMC and Ac or application control has also been done in this report. The report also highlights the risk management techniques that has been adopted by UTS.

UTS or University of technology Sydney is associated with providing of various services so as to enhance the learning process along with health and well-being of all the UTS students. The services provided by UTS are discussed below:

• Health Service: This type of service is provided to the students, staffs, alumni and their families in a friendly and confidential way. The service is available at the City Camus and is associated with the facility of bulk billing (uts.edu.au, 2018). Highest priority is provided to the students of UTS.
• Financial assistance: this service is associated with providing of financial assistance to the individuals regarding practical and financial aspects of the life at the university some of the thing included in this so as to assist the students includes Interest free student loans in various situations (uts.edu.au, 2018).
• UTS housing service: UTS housing service is associated with offering of comfortable, affordable and convenient living options in and around the UTS city campus.

Along with this there also exists other services like the Multi-faith Chaplaincy, Careers Service, and Counselling.

The IS or Information System of UTS provides support to all the ongoing processes especially the teaching processes. The main aim of Information system of the university is to create an integrated system which would be aimed at computerizing all the processes of the university and this mainly makes use of the university registers, general classification (Laudon & Laudon, 2016). This helps the users by assisting them in avoiding the interpretation of the same data in different ways. The IS helps the university in storing all the information’s at a centralized database which helps in avoiding the problem of data duplication. Firstly the information is gathered and then put the database and then it is managed (Arvidsson, Holmström & Lyytinen, 2014).

GMCs or general management control system is the framework that is established for the purpose of guiding the various operations of the University provide various services to the peoples associated with the university. By making use of the GMCs the UTS is capable of identifying various types of risks so as to achieve the main objectives and perform the necessary things which is needed to manage the risks. (Ter Bogt & Scapens, 2012). The major components included in the GMCs of UTS are strategic planning, operational planning, monitoring and control, functional threading and lastly providing motivation, rewards and recognition.  This management system is associated with controlling of the information system of the University and this mainly includes the controlling of the data centers of UTS, system software acquisition and maintenance, security access, along with application and maintenance (Kallio & Kallio, 2014). The GMC is generally used by UTS so as to support the various functionalities of the application control or AI. Some of the major features of the GMC of UTS includes the following:

• Security related to access, security of the programs and the data and Physical Security.
• Software Development & Program Change Controls.
• Recovery in times of any kind of disaster.
• Operations related to data centers.

Information system of UTS

The GMC system of the university consists of some practices which are generally designed for the purpose of maintaining the integrity and availability of various information processing functions of the university, the networks as well as the associated application systems (Rainer et al., 2013).. The GMCs of the university consists of the following:

The university has adopted certain ways for the purpose of managing the risks the risk management techniques adopted by the university has been discussed below with respect to an event when the Nursing academy at the university were being stretched to breaking points as they have to work for 50 hours a week with more than 20 contact hours. 

This is generally done by the university by asking themselves about the possibilities by which the delivery of objectives might get hampered and by what means this can happen. The risks are recorded by the university in a clear and precise way which helps in describing the various events as well as the root causes of the problem. Thin in turn helps in effective mitigation, audit and assessment of the risks (McNeil, Frey & Embrechts, 2015). (Haimes, 2015). By this practice they are capable of achieving the strategic priorities, operational objectives and operation health. For each identified risks a risk owner is assigned and this owner is responsible for overseeing any kind of management of the risks and provide the periodical report. The main identified reason for this risk is due to the shifting of the teaching load to fewer staffs so as to free the other employees for the research purpose. It was also denied by the university that their staffs were carrying unsustainable workloads. 

The risk assessment of UTS includes a clear and decisive consideration regarding the impacts severity along with its likelihood. This in turn supports the risk prioritization which is associated with turning of the risk controls and allocation of the resources (McNeil, Frey & Embrechts, 2015). (Haimes, 2015). The risk assessment matrix of the University helps in recording and communicating the risks which are derived from the evidence based assessments. The assessment also helps the university in understanding the risk escalation. The staffs were excessive workload so around 15 of employees submitted a written complaint. The complaint mainly stated that they were having lots of stress and ill health.

UTS puts the countermeasures in place so as to mitigate the risks that are recorded. The mitigation actions of UTS is clear and concise which are agreed and updated at a regular basis. After identification of the countermeasures the risk assessment is applied for the second time. If any type of residual risk remains which seems to be critical on the local risk register, then the university considers this to be an escalation in the Corporate Risk Register. Certain changes were made regarding the workplace policies and new changes were done so as to eliminate the workloads. 

General Management Control (GMC)

This is done by the university so as to determine if any type of additional risks exists or not and what are the additional actions which would be required for the purpose of reducing the impacts of the risks or the likelihood of reoccurrence of the risks. By this technique the University identifies the risks which are not adequately mitigated. And if it is found that some risks are still significant and critical then an additional column is added to the risk register.

The AC of the university consists of mechanism which is placed over different separate computer system so as to make sure the data authorization is processed completely and accurately. They have been designed so as to make the university capable of preventing, detecting and correcting the errors and the irregularities (Covello, Menkes & Mumpower, 2012). This happens due to the fact that flow of all the transactions takes place through the business system of the university. Application control of the university makes it sure that all the transactions and programs are secured and along with the system generally resumes sometimes later after the interruption in the business has occurred. Along with this all the transactions of the university is corrected and accounted for whenever any kind of error occurs and also this system helps the university in processing the data in an efficient manner (Vijayakumar & Nagaraja, 2012).

Risk management generally refers to the process of identifying, assessing and controlling the threats that an organization faces regarding its capital and earnings. And this threats or risks are capable of stemming a wide variety of sources which might include the uncertainty regarding financial matters, liabilities regarding legal issues, errors in the strategic management system and many more (Camacho & Bordons, 2012)

Application control of the university is associated with the specific control over each computerized applications whereas the general management control is associated with management of the risks by establishing of designs and makes use of the computerized programs throughout the organization.

Major things which must be anticipated by risk management includes the following:

• Definition of the goals
• Delegation of the responsibilities
• Determination of the area and the level on which risk management is to be conducted
• Considering the time and space the activity is to be defined
• Definition regarding the connection that exists between certain type of activities
• Providing a definition regarding the methodologies related to risk management (Stefaniak, Houston & Cornell, 2012).
• Determination of the procedures included in the risk management process.
• Taking certain decisions
• Identification of the areas where revision needs to be done along with the purposes and sources which are necessary for making such decisions.

University of technology Sydney has adopted a certain risk management methodology which includes the following steps:

• Firstly an introduction to the process of working, the system and many is more is provided.
• Second step involves the identification and determination of the danger and the damages that might occur in all parts of the system
• Third step involves the assessing of the risks in relation to the damage and the danger (Klamm, Kobelsky & Watson, 2012).
• Fourth step involves the determination of the ways and the measures that are to be taken for the purpose of eliminating, minimizing and preventing the risks
• Fifth step involves the reassessing of the risks with respect to damages and danger that are remaining
• The last step involves the maintenance of the level of risks which is remaining (Janvrin et al., 2012).

Information Asset	Criterion 1: Impact to Revenue	Criterion 2: Impact to Profitability	Criterion 3: Impact to public image	Weighted score
Criteria weights out of 100	45	60	55
EDI document set 1-logistics BOL to outsourcer	0.9	0.7	0.6	75
EDI document set 2-Supplier orders	0.7	0.8	0.8	78
EDI document set 2-Supplier Fulfillment advice	0.5	0.6	0.2	41
Customer order via SSL	1.0	1.0	1.0	100
Customer service request via e-mail	0.3	0.6	0.8	55

Asset	Asset relative value	vulnerability	Loss frequency	Loss magnitude
Customer service request via e-mail (inbound)	55	E-mail disruption due to hardware failure	0.2	11
customer order via SSL (Inbound)	100	Lost orders due to web server hardware failure	0.1	10
Customer order via SSL (inbound)	100	Lost orders due to web server or ISP service failure	0.1	10
Customer service request via e-mail (inbound)	55	E-mail disruption due to SMTP mail relay attack	0.1	5.5
Customer service request via e-mail (inbound)	55	E-mail disruption due to ISP service failure	0.1	5.5
Customer order via SSL (inbound)	100	Lost orders due to web server denial-of-service attack	0.025	2.5

The audit plan of UTS includes the improvement of the effectiveness of the campus governance, management of the risks and control over various processes. Along with this the plan would also assist the leaders of the University in discharging their oversight, management and responsibilities related to their various operations. It also assists the managers in addressing various financial operational and compliance risks of the university and help them in taking informed risk acceptance decisions. The plan also helps in leveraging and supporting the efforts of the campus so as to identify evaluate and mitigate the various risks. A support to the management restructuring and the strategies for the budget is also provided by this plan. The plan also supports the evaluation of the System wide Compliance Program. This plan also helps the university in meeting up all the challenges so as to enhance the value of the Internal Audit program. 

The University of Technology has adopted certain IS which helps each and every individuals associated with this university. They are also associated with providing of several services for their students and staffs which makes achieve success in various fields. Along with this there also exists General Management control for the purpose of dealing with various types of risks. Along with the GMCs there are also certain risk management strategies which has been adopted by the university. There also exists application control which helps the university in its different processes. 

References:

Arvidsson, V., Holmström, J., & Lyytinen, K. (2014). Information systems use as strategy practice: A multi-dimensional view of strategic information system implementation and use. The Journal of Strategic Information Systems, 23(1), 45-61.

Camacho, E. F., & Bordons, C. A. (2012). Model predictive control in the process industry. Springer Science & Business Media.

Covello, V. T., Menkes, J., & Mumpower, J. L. (Eds.). (2012). Risk evaluation and management (Vol. 1). Springer Science & Business Media.

Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.

Janvrin, D. J., Payne, E. A., Byrnes, P., Schneider, G. P., & Curtis, M. B. (2012). The updated COSO Internal Control—Integrated Framework: Recommendations and opportunities for future research. Journal of Information Systems, 26(2), 189-213.

Kallio, K. M., & Kallio, T. J. (2014). Management-by-results and performance measurement in universities–implications for work motivation. Studies in Higher Education, 39(4), 574-589.

Klamm, B. K., Kobelsky, K. W., & Watson, M. W. (2012). Determinants of the persistence of internal control weaknesses. Accounting Horizons, 26(2), 307-333.

Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education India.

McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts, techniques and tools. Princeton university press.

Rainer, R. K., Cegielski, C. G., Splettstoesser-Hogeterp, I., & Sanchez-Rodriguez, C. (2013). Introduction to information systems. John Wiley & Sons.

Stefaniak, C. M., Houston, R. W., & Cornell, R. M. (2012). The effects of employer and client identification on internal and external auditors’ evaluations of internal control deficiencies. Auditing: A Journal of Practice & Theory, 31(1), 39-56.

Ter Bogt, H. J., & Scapens, R. W. (2012). Performance management in universities: Effects of the transition to more quantitative measurement systems. European Accounting Review, 21(3), 451-497.

uts.edu.au. (2018). Services and support | University of Technology Sydney. Uts.edu.au. Retrieved 3 April 2018, from https://www.uts.edu.au/current-students/info-international-students/services-and-support

Vijayakumar, A. N., & Nagaraja, N. (2012). Internal Control Systems: Effectiveness of Internal Audit in Risk Management at Public Sector Enterprises. BVIMR Management Edge, 5(1).