Security and Risk Management in Amazon's Information System
Verified
Added on  2023/06/09
|11
|2853
|94
AI Summary
This report discusses the importance of information systems in Amazon's success, general management controls, application controls, risk management techniques, and audit plans and processes used by the company to identify problems within the system.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
SECURITY AND RISK MANAGEMENT1 Security and risk management Name of student Name of institution Name of instructor Course code Date
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
SECURITY AND RISK MANAGEMENT2 Introduction The report focusses on the Amazon Company and the reliance operations on the information systems. Additionally, the report outlines the importance of information system to the company’s success in the sale of goods such as allowing online payment and product tracking while in transit. Additionally, the report identifies the general management controls and application controls used by the organisation to avoid risks that could hinder operations. A further focus is on the risks that the organisation faces during operations and the methods used to analyse and control the risks. The risks include such as loss of information and inaccuracy in the data collected from the customers. Additionally, the report checks the benefits that accrue to the company by controlling risks such as the protection of the customer’s information. Moreover, the report focusses on the audit plans and processes used by the company to identify the problems within the system. The identification of the problems is important to ensure that the areas of possible threat are corrected and prevented from causing harm. The Amazon The Amazon is an E-commerce company that deals in the sale of goods to customers through the internet. The Amazon has operated for many years in various markets within the globe(Amazon, n.d.). Mostindividuals currently use the Amazon to sell and buy a variety of productssuchelectronics,clothes,shoesandmagazinesamongmanyotherproducts. Amazon requires that the customers log in and search for the required products within the price affordable price range. The customers put the products in an online cart and proceed to purchase the goods either by paying online or cash on delivery. The online payment is done using visa card or other online payment platforms such as the PayPal. After selecting the payment method, the goods are delivered to the customer’s point of receipt during the business days(Amazon, n.d.).
SECURITY AND RISK MANAGEMENT3 The information systems are core to the operations of the business since the Amazon site works as the point of contact with the customers(Ref. Mattord, 2018). Thesite has replaced the normal physical business premises where customers can visit and buy goods. Therefore, the customers find all the products required under the appropriate products category. The site allows the customers to have a one-stop shopping experience since many sellers post many goods on the site. Additionally, Amazon uses information systems to receive payments from customers through electronic payment methods. The methods include such as PayPal, MasterCard and visa card. Further uses of the information system include the online tracking of goods on delivery to the customer. The online tracking protects the loss and theft of good while in transit(Olsen, 2018). The online trackers identify where the customer’s position and provides information about the time that the customers will receive the product. The site also has customer relation tools that track the activities of the customers. The tool tracks such as the times that the customers’ log in to the site in a day, the goods and services that the customers like purchasing and the location of the customer. The site collects the customers’ information for use in conducting personalised marketing(Olsen, 2018). The Amazon’s general management controls The company uses various general management controls to ensure the effective operation of the programmed procedures(Amazon, n.d.).The controls apply to the whole system of application within the organisation. The Amazon uses data security controls to protect information from access by unauthorised third parties. The data security control protectscustomerinformationfromaccessbymaliciousindividuals.Thecustomer’s information includes such as the residential areas and credit card numbers. The hackers could use the information to steal money from the customers, which is bad for the customers due to the loss of customers who lack trust in the online store. Therefore, the company has installed
SECURITY AND RISK MANAGEMENT4 reliable data security procedures to ensure that third parties do not access the customer’s sensitive information(Data Security Controls and The CISSP, n.d.). Additionally, the company uses software controls to prevent the unauthorised access to the computer programme. The control governs the operation systems for proper execution of application programmes. Moreover, the software controls play an important role in the organisation such file set up, handling and record keeping. Application controls used by Amazon Amazon Company uses various application controls to ensure that only authorized data is accurately processed by the applications. The controls account for the application’s procedures from the initial stage of transactions, the processing and finally the use of the output. Amazon has installed input authorization controls to ensure the correct recording and monitoring of data flow through the systems. The steps include the authorisation of only a few employees to accept payments from customers and allow the exchange of goods. Moreover, Amazon has data conversion software to transcribe data accurately from one form to another. The transcription is used to convert information of orders placed by customers to a form that the system can read. The tool ensures that the transcription is accurate to avoid the delivery of wrong products to the customers. Comparisons of the general management controls to the application controls The general management and application controls have some similarities within the operations of the company. The similarity is seen where the two types of control create policies and procedures relating to a variety of information system functions leading to effective operations(Mendez, 2015). Additionally, the controls provide security to the system by preventing harmful access and ensure that theoutputs from processes are accurate to aid in decision-making.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
SECURITY AND RISK MANAGEMENT5 Furthermore, the differences appear in the use of the controls. The controls are applied differently within the company. The application controls are installed to ensure accuracy and security of the data passing through specific applications(Mendez, 2015). For example, application controls are installed in the payroll to prevent errors in payment such as double payment of salaries and the elimination of ghost workers from the pay slip.On the other hand, general management controls are used across all systems within the organisation. The controls are used by all departments to prevent unauthorised access to the information. The controls are more organisation wide than the application controls due to the combination of software and procedures that create an overall control structure. Risk management techniques Amazon employs various risk management techniques to ensure the success of the operations and that customers can rely on the site to buy goods. The company ensures that the system is always up and running to ensure that the customers always buy goods and services at any time. Therefore, the company focusses on various issues to ensure that the system is free from the possibility of failure(Li Rui, 2015). Thecompanyensuresthereliabilityofthesystembyemployingperformance monitors that give real-time reports on the operations. The company uses the information to improve the ability of the system to give the required response to the users(Jr, 2018). The data assists in identifying the points of poor performance within the system and necessary actions are taken to improve operations. Additionally, the company also prevents the risk of confidentiality, which is the unauthorised access to sensitive information. The risk could lead to a loss of trust in the company by customers thus resulting in a shortage of market for products. Therefore, the company employs technical control procedures to secure information from unauthorised
SECURITY AND RISK MANAGEMENT6 access by third parties. The technical controls ensure confidentiality by offering automated protection against misuse or access to valuable information(R., 2012). Additionally, the system ensures availability by using strong host computers to ensure that the site is always available to the customers. Furthermore, the company employs cloud- based backup systems to ensure that the system does not crash when fed with large amounts of data(Leach, 2018). The cloud-based system stores large amounts of data, which prevents the loss of information relating to products such as price, product name and availability. The company manages integrity and security by employing various procedures that ensure the full protection of users from the risk(Data Security Controls and The CISSP, n.d.). The company ensures integrity by using proper screening procedures for the sellers and buyers. Amazon requires that the sellers provide full information about the business and does follow up to ensure that the customers received the goods paid for. The measure protects the customers against con sellers who do not deliver after customers make payments. On the other hand, the system ensures security by putting up firewalls that prevent unauthorised persons from accessing the customers’ information. The company conducts the risk identification and assessment processes through conducting system risk audits. The audits take place during the period set by the management to identify the risks within the system. The company employs the services of external experts to audit the system for identification and assessment of the risks(Li Rui, 2015). Additionally, Amazon has internal auditors who perform continuous risk audits to prevent failure of the system. The auditors also report on the extent that the risk could affect operations. The risk controls take place through the installation of risk mitigation procedures that prevent the system against failure. Amazon collects data on the system to identify areas that pose a risk to the operations. The company has installed software that informs about risks and provides solutions to the problems. Additionally, the company uses various security measures
SECURITY AND RISK MANAGEMENT7 such as firewalls and antiviruses to prevent unauthorised access to the system(Simon Milton, 2015). Amazon’s information system audit The company benefits from the audit activities carried out in the system. The audits helpinthereviewoftheperformanceofthesystem,whichhelpstoimprovethe shortcomings and identify the risks that could result in failure(R., 2012). Additionally, auditing the system helps to ensure tight security of the system to avoid unauthorised access by persons such as hackers. The company uses effective audit plans and processes to ensure a successful review of the information system Audit plan The Amazon company has a comprehensive plan to follow when conducting the audit. The audit plan focusses on the need to identify risks and shortcomings within the informationsystem.Additionally,theriskseekstoachievethebestsolutionstothe challenges raised during an audit. The company requires that the auditors follow the steps specified in the audit plan. The plan includes five steps that ensure that the audit meets the set objectives. The first part of the audit plan requires the determination of the audit subject(Audit Plan Activities: Step-by-Step, 2018). The stage sets the various parts of the information system that will undergo auditing. Theplan requires the audit of areas that face high risk and that the users frequently access. The second step defines the objectives that the audit should achieve(Audit Plan Activities:Step-by-Step,2018).Theobjectivesincludetheidentificationofriskand determination of satisfaction levels among the users. Additionally, the plan also sets the scope of the audit, which sets the limit for audit. For example, the scope could specify that the audit should only review a single or multiple applications. The next step involves
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
SECURITY AND RISK MANAGEMENT8 performing a pre-audit plan, which refers to activities such as risk assessment to set the final cope of the audit(Audit Plan Activities: Step-by-Step, 2018).The step defines the clear subject and objects of the audit. Finally, the planners determine the steps for gathering data for auditing(Audit Plan Activities: Step-by-Step, 2018). The steps emphasisethe collection of necessary data to aid in the assessment and identification of the risk. Audit process The Amazon Company follows six steps of an audit process to ensure meeting of the set objectives. Additionally, the audit steps provide comprehensive information about the system. The first step includes the requesting of important documents and reports from the system to identify problems in the system(Penn, 2018). Theauditor also requests access to various parts of the software to conduct the audit. Secondly, the auditor prepares an audit plan to use during the exercise(Penn, 2018). The audit plan outlines the steps that the auditor follows while auditing. Additionally, the plan gives the issues to check and sets the objectives. The third stage requires the scheduling of a meeting with the various management and audit employees of the company(Penn, 2018). The meeting aims at setting rules of audit and informing on the responsibilities of each person. After the meeting, the auditor conducts a fieldwork, which entails the evaluation of internal controls and compliance tests(Penn, 2018). The auditors dothe fieldwork in a comprehensive way to avoid omitting important details. The auditor then drafts a report based on the finding of the audit. The report consists of the observations made by the auditor and recommendations to improve the system. Finally, the auditor closes the audit by seeking the management’s approval on whether the report adheres to the set objectives(Penn, 2018). Conclusion
SECURITY AND RISK MANAGEMENT9 TheAmazoncompanyhasahigh-qualityinformationsystemthatservesthe customers appropriately without failure. The system provides tight security to the customer information through the installation of security standards that prevent hacking. Additionally, the company ensures the availability of the system to the customers and maintains a high level of integrity and trust to the customers. The Amazon Company also conducts audit procedures that review the system to identify risks. However, the system could improve accessibility by ensuring that the customers can access the system using all browsers available. The company should consider complaints from consumers highlighting the inability to access the system using some browsers. Therefore,theimprovementcouldincreasethecustomervisitstothesiteandthe effectiveness in providing services.
SECURITY AND RISK MANAGEMENT10 References Amazon. (n.d.). Retrieved from Amazon: www.amazon.com Audit Plan Activities: Step-by-Step.(2018). Retrieved from ISACA: www.isaca.org/creating- audit-programs Data Security Controls and The CISSP. (n.d.). Retrieved from Infosec Institute: https://resources.inforsecinstitute.com/category/certifications-training Jr, L. R. (2018). Information Systems Research.Informs PubsOnline. Retrieved from https://pubsonline.informs.org Leach, D. F. (2018).Data Presentation. Retrieved from Data Presentation Website: https://www.academic.sun.ac.za Li Rui, Y. T.-L. (2015). Reliability Management for Information System.Springer, 268-274. doi:10.1007 Mendez, R. (2015).General Control vs. Application Control. Retrieved from Prezi: https://prezi.com Olsen, E. (2018).Strategic Implementation. Retrieved from On Strategy Website: https://www.onstrategyhq.com Penn, S. (2018).Six Steps in Audit Process. Retrieved from Chron: https:/www.smallbusiness.chron.com/six-step-audit-process R., W. (2012).Theory Building in the Information Systems Discipline: Some Critical Reflection.ANU Press. Retrieved from http://www.jstor.org/stable/j.ctt24h30p.6 Ref. Mattord, M. E. (2018).Principles of Information Security.Cengage Learning. Simon Milton, J. L. (2015).Reality of Information Systems Research.ANU Press. Retrieved from www.jstor.org/stable/j.ctt2jbj4x.6.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser