Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

City Medical Partners Case Study

Verified

Added on 2023/06/04

AI Summary

This case study analyzes the IT-related risk assessment of City Medical Partners and suggests regulatory actions using COBIT framework. The report highlights the importance of communication, IT-based HR department, IT risk assessment team, secure risk management policy, regular training on regulatory laws, and firm communication with health insurance providers. The report also recommends implementing a high service level framework-based IT system, multiple backup systems, regular updating of the system, system security, information management, and building a strong IT team.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: CITY MEDICAL PARTNERS CASE STUDY
CITY MEDICAL PARTNERS CASE STUDY
Name of the Student:
Name of the University:
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1CITY MEDICAL PARTNERS CASE STUDY
Executive Summary
Risk management is a major issue for organizations now a day. For different sectors, risk can
be of different types. Implementing a system, which can not only analyze the ins and outs of
the organization but also can predict different risk factors and prevent them, is the solution to
be implemented as risk management process. The recent trend of risk management is IT
based systems. Such systems offer highest accuracy, automation and proper process flow in
any organization. However, how IT based system can be the answer for risk management can
be answered by a thorough analysis of the requirements and planning of the existing system.
This is why COBIT framework is used. COBIT framework reviews the existing policies,
process flow structure and other parameters of the company to analyze the exact requirements
and proposes the exact planning helpful for the organization. Here the chosen organization is
City Medical Partners Organization of New Zealand.

2CITY MEDICAL PARTNERS CASE STUDY
Table of Contents
1. Introduction..............................................................................................................................3
2. Why is COBIT implemented?..................................................................................................3
3. Objective of COBIT analysis...................................................................................................4
4. COBIT 4.1 framework based analysis of the requirements and implementations in City
Medical Partners..............................................................................................................................5
5. COBIT 4.1 framework based planning required for City Medical Partners Organization......7
6. Conclusion and Recommendation............................................................................................9
Reference.......................................................................................................................................11

3CITY MEDICAL PARTNERS CASE STUDY
1. Introduction
For a medical institution, IT can have advantages besides risk factor. If implemented
properly, IT can reduce the risk factors in considerable level, yet it can be a high-risk
parameter in opposite condition. COBIT is a highly beneficial framework for any medical
establishment to properly implement the IT or Hospital Information System (HIS) and avail
risk management (Zhang & Le, 2013). This is because employees of any medical
organization do not have adequate knowledge regarding how to handle IT related risk.
COBIT framework is the best solution to cop up in such situation and identify the necessary
steps, which need to be implement properly for risk management in hospitals. The report will
explain the implementation of COBIT to analyze the IT-related risk assessment at City
Medical Partners, which is situated in New Zealand.
Identifying the risk factors and COBIT control parameters for medical organizations
are quite a task for many specialists however, in case of City Medical Partners Organization,
it is apparently an Easy one as the new Chief Information Officer (CIO) of the organization,
Jim Foley, has previous experience of utilizing COBIT framework. He understands the
importance of data protection and IT risk parameters. In addition, he has sound knowledge
regarding the regulatory rules and regulations of Data protection and health organizations in
New Zealand. The aim of this report is to identify the IT risk factors of the hospital and
suggest regulatory actions, which will be beneficial for the organizations.
2. Why is COBIT implemented?
For hospitals and medical organizations, risk management typically refers to
conditions like immediate response situation. The staff and employees of medical
organizations have very less knowledge and experience about IT and high-risk management
related to it (Putri, Lestari & Aknuranda, 2017). Their management style is not well planned

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4CITY MEDICAL PARTNERS CASE STUDY
in case of IT risk assessment and response. Implementing a well-organized and efficient IT
based risk management system is utmost important for medical facilities as the IT for such
organizations are quite critical and complex in nature (Božić, 2012). In addition to this,
medical staffs do not have adequate knowledge in this field. This is the reason COBIT 4.1
framework has been chosen to analyze the IT risk management and steps required for these
within a short time limit.
The risk factors related to any health organizations are typically three types. The
medical risk factors, which include situations, like bacterial or information outbreak, medical
errors and any problem related to the medical situations (Khther & Othman, 2013). The
second in the list is the financial risks like, irregular cash flow, irregular bill clearing or
anything related to cost management system. The last in the list is the rules and regulations,
which includes matters like electronic statements and intern acceptance (Othman et al.,
2013). To manage these risk factors and implement a proper IT base solution is the target of
COBIT framework.
3. Objective of COBIT analysis
The objective of implementing COBIT analysis is to give reasonable affirmation that
future objectives can be achieved and any undesirable event can be predicted successful and
can be prevented in time. All these can be achieved if the company policies, practices, and
organizational formation is reviewed and renewed. Certain control objectives do exist in IT
based governance system, which are helpful to build sustainable administration (Pasquini &
Galiè, 2013). This process can be a continuous service if certain control parameters are
renewed like communication among departments, improved customer service,
implementation of tight data security (Andry & Hartono, 2017). A continuous test of all these
parameters are also quite important to keep up with the high-service quality. COBIT 4.1

5CITY MEDICAL PARTNERS CASE STUDY
framework provides guidelines to assess control and rearrange particular IT based processes
to enhance the service of a certain organization (Surbakti, 2014).
4. COBIT 4.1 framework based analysis of the requirements and
implementations in City Medical Partners
As per the COBIT 4.1 framework, the requirements, which need to be addressed in
City Medical Partners Organization in the planning and organizing phase. The requirements
are as follows.
 Communication between administration and other staffs of the hospital is
important: it has been found that the lack of timely communication among
doctors, nurses and other staffs and the administration is quite weak. This
needs to be strengthened. Until now, there had been no official meeting been
held due to which many doctors do not even care to inform the top
management in case of any medical risk occurs. Such situations need to be
addressed and only by a strong inter-departmental communication, this can be
done (Batenburg, Neppelenbroek & Shahim, 2014).
 Strong IT based HR department is required: Human resource department is
the strongest feature any successful organization will have anywhere. The
objective of the HR is not only to maintain the data related to the organization
but also to keep update of every new possibilities in the typical sector. Medical
Field is no different. IT based HR department of any hospital is able to record
current trends of treatment and latest medicines for a certain disease. In City
Medical Partners, the HR department should be upgraded with more
employees to record and maintain all the information. A proper IT based
training is also important, as employees in this department require a good

6CITY MEDICAL PARTNERS CASE STUDY
knowledge in the medical regulatory of New Zealand and medical rights of the
citizens.
 Strong IT risk assessment team is required: it is not necessary that, only
doctors and people related to medical science should be the employees of any
hospital (Sadikin, Hardi & Haji, 2014). Like any other organizations, health
care organizations do need a strong IT team to keep a watchful eye on the
smooth running f any organization. Starting from organizing information of
every employee and patients to keeping records of every surgeries performed
and medicines provided in sudden cases and maintaining backup of all the
records are all responsibilities of the IT team of any Hospital (Mangalaraj,
Singh & Taneja, 2014). The City Medical Partners did not have any IT team
until now which is why, the organization suffered a lot previously.
 Secure risk management policy should be implemented: in case of any
high-risk situation, the fast response can be the key solution to save human life
and other resources. There was no major risk management policy existed until
now in City Medical Partners organization (Ramadhani, Kurniati & Maharani,
2013). A board combining senior doctors of different departments,
administrators must be created. The aim of the board is to jot down strong risk
assessment and risk management policies and update them in regular interval.
 Regular training on Regulatory laws: it is the duty of the HR department to
keep records of and organize training sessions for doctors, nurses and clerks
on the medical rules of medicine administration, performing treatments and
human rights of the patients and the employees too. This is important so no
case of deviation from nation medical regulatory laws happen in the hospital.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7CITY MEDICAL PARTNERS CASE STUDY
 Firm communication with health insurance providers is important: bill
generation and clearance are two of the important tasks the finance department
has to perform smoothly. Every patient in the country is supported by a health
insurance policy of different insurance providers. At time of admission, a
possible estimation of bill is made and provided to the insurance company by
the hospital. Unless the hospital has a strong communication with the
insurance providers, the bill clearance can be delayed effecting the treatment
of the patient. In large scale, this can hamper the reputation of the hospital.
The City Medical Partners Organization has faced major issues regarding bill
clearance from insurance providers in past. This is why they need a team,
which can build and maintain a strong relationship with the insurance
companies so that the organization do not face any risk in the finance sector.
5. COBIT 4.1 framework based planning required for City Medical
Partners Organization
Based on the requirements of City Medical Partners Organization, below mentioned
planning steps are required for the hospital.
 A High service level framework based IT system must be implemented for the
organization which can ensure medical facility for anyone 24 hours a day and
365 days a year. The system should be able to allocate duties of doctors and
nurses, perform data collection, management and other tasks automatically.
 Any kind of system lag should not be entertained in an emergency service like
medical field. This is why; multiple backup systems should be installed to
ensure a smooth operation. No patient should suffer due to lagging system
(Krisanthi, Sukarsa & Bayupati, 2014).

8CITY MEDICAL PARTNERS CASE STUDY
 With critical and complicated medical conditions emerging every day, it is
important to always update with all the records and updates of worldwide
medical field and use them in emergency cases. In City Medical Partners
Organization IT, system should be designed in such a way (TARIQ, HAQ &
IQBAL, 2013). This is important to ensure fast and well-planned solutions in
case of any disaster or high-risk condition. The service should not be
hampered at any situation due not enough information and expertise.
 System security for the IT department is most important to ensure data
security for the organization (Latif & Hanifi, 2013).
 Organize regular training sessions for physicians and medical staffs is another
important thing the City Medical Partners Organization is important.
 Information management is another major aspect the administrators of the
organization should plan. It is not helpful if data of all the patients and doctors
are piled up. It can create major chaos in the hospital and can result in
incorrect treatment and other problems.
 The organization should build a strong IT team to keep a watchful eye on all
the actions, data storage and maintenance of the organization. The job role
also includes maintaining communication between all the departments and
employees (Amid & Moradi, 2013).
 The organization has to implement proper policies regarding data security in
their systems. Data theft and hacking can not only affect the system it will also
hamper the reputation of the organization.
 A patient-friendly environment in the hospital can improve the popularity of
the organization. For example an automatic platform for outdoor patients to
access information, regarding doctors available in the hospital and the tests,

9CITY MEDICAL PARTNERS CASE STUDY
which are performed in a hospital. Like patients and common people, this is
also helpful for the IT department of the hospital to maintain all the data.
6. Conclusion and Recommendation
City Medical Partners Organization, being a reputed organization has to maintain a
high level of performance in their services. In case a lagging attitude in implementing a
strong IT based risk management system can hamper the medical service of the company as
well as the reputation of the organization. COBIT 4.1 frameworks are used here to clearly
point out the requirements of the organizations. This report explains clearly that the medical
facility has to implement an IT based system to resolve the entire short comes to maintain a
strong position in the market. For an emergency service provider, City Medical Partners
Organization should be able to understand the importance of communication within
employees and top management. By implementing the results of COBIT 4.1 framework
analysis, it is clear that the organization has to implement a thorough solution of IT based
framework for a well-planned risk management system.
COBIT 4.1 framework is a typical analysis of the existing IT based system of an
organization and analyze the short comes of the system. As per the report, the major problem
in the IT based system of City Medical Partners Organization is the lack of communication
among departments is hampering the smooth run of the system. In addition to this, the
organization has to increase security levels of data safety besides increasing the strength of
the IT department. Importance should be given to constant updating of the system to increase
knowledge base on recent trends in the medical field and recent laws regarding patient safety
and medical practices. The administration of must have to keep an eye on the finance
department too, as any risk in this department can hamper the emergency services. The study
recommends the City Medical Partners Organization to take immediate actions to enhance the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10CITY MEDICAL PARTNERS CASE STUDY
IT based system. This will also escalate the process of treatments giving a boost to the
reputation of the organization. Besides the enhancing the IT department, the management
should know the importance of regular communication among doctors, nurses and top
management. This is required to avoid any situation of medical risk.

11CITY MEDICAL PARTNERS CASE STUDY
Reference
Amid, A., & Moradi, S. (2013). A Hybrid Evaluation Framework of CMM and COBIT for
Improving the Software Development Quality. Journal of Software Engineering and
Applications, 6(05), 280.
Andry, J. F., & Hartono, H. (2017). Performance Measurement of IT Based on COBIT
Assessment: A Case Study. Jurnal Sistem Informasi Indonesia, 2(1).
Batenburg, R., Neppelenbroek, M., & Shahim, A. (2014). A maturity model for governance,
risk management and compliance in hospitals. Journal of Hospital
Administration, 3(4), 43.
Božić, V. (2012, June). Risk management in informatization. In Central European
Conference on Information and Intelligent Systems Pg (pp. 337-493).
Khther, R. A., & Othman, M. (2013). Cobit framework as a guideline of effective it
governance in higher education: a review. International Journal of Information
Technology Convergence and Services, 3(1), 21.
Krisanthi, G. T., Sukarsa, I. M., & Bayupati, I. P. A. (2014). Governance audit of application
procurement using COBIT framework. Journal of Theoretical and Applied
Information Technology, 59(2), 342-351.
Latif, A. A., & Hanifi, N. (2013). Analyzing IT Function Using COBIT 4.1–A Case Study of
Malaysian Private University. Journal of Economics, Business and
Management, 1(4), 406-408.
Mangalaraj, G., Singh, A., & Taneja, A. (2014). IT governance frameworks and COBIT-a
literature review.

12CITY MEDICAL PARTNERS CASE STUDY
Othman, M., Ahmad, M. N., Suliman, A., Arshad, N. H., & MARA, N. (2013). Towards
COBIT-based Framework to Govern Flood Management. In PACIS (p. 118).
Pasquini, A., & Galiè, E. (2013). COBIT 5 and the Process Capability Model. Improvements
Provided for IT Governance Process. Proceedings of FIKUSZ, 13, 67-76.
Putri, M. A., Lestari, V. A., & Aknuranda, I. (2017, January). Audit of Information
Technology Governance Using COBIT 4.1: Case Study in PT. XY. In Int. Conf. Ind.
Internet Things (ICIIOT), Bandung, Indonesia (pp. 1-7).
Ramadhani, D. P., Kurniati, A. P., & Maharani, W. (2013). IT governance analysis
of XYZ hospital based on COBIT 4.1. In The Proceedings of The 7th international
conference on information and communication technology and systems (ICTS).
Sadikin, M., Hardi, H., & Haji, W. H. (2014). IT governance self assessment in higher
education Based on COBIT case study: University of Mercu Buana. Journal of
Advanced Management Science Vol, 2(2).
Surbakti, H. (2014). Cobit 4.1: A Maturity Level Framework For Measurement of
Information System Performance (Case Study: Academic Bureau at Universitas
Respati Yogyakarta). International Journal of Engineering, 3(8).
TARIQ, M. I., HAQ, D. I. U., & IQBAL, J. (2013). SLA Based Information Security Metric
for Cloud Computing from COBIT 4.1 Framework. International Journal of
Computer Networks and Communications Security, 1(3), 95-101.
Zhang, S., & Le, F. H. (2013). An Examination of the Practicability of COBIT Framework
and the Proposal of a COBIT-BSC Model. Journal of Economics, 1, 5.

1 out of 13

+13062052269

info@desklib.com

City Medical Partners Case Study

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

IT Risk Assessment at City Medical Partners using COBIT 4.1 Framework

Implementing COBIT 5 Framework as a mechanism of IT Governance: A Case study of Road Fund Administration

IT Governance & Change Management Proposal.

State of IT Governance and Framework for Enron Corporation

Understanding COBIT 2019

ICT Strategic Plan for Camdale Hospital