IT Governance: Internship, Standards, and Legislation

Verified

Added on 2023/05/30

AI Summary

This discussion forum post reflects on a student's internship experience within a small IT company lacking a formal IT governance framework but adhering to basic rules for accountability and efficiency, emphasizing customer data privacy and operational efficiency. The post then addresses the application of Australian Standards in ICT tasks, outlining key considerations like clear responsibilities, efficient planning, and adherence to company policies and human rights. Finally, the post recounts a situation where the student encountered a potential breach of Australian legislation regarding data security and privacy, specifically concerning the storage and accessibility of employee and customer data without encryption. The student highlights the importance of complying with data protection laws and the need for secure data storage and encryption to prevent unauthorized access and potential misuse of sensitive information.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Week 4 Discussion Forum
Name of the Student:
Name of the University:
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Question 1.
The host company I was working on was a small IT company. Due to this, it did not have a
formal framework for IT governance. However, despite the fact that it did have that, there were
basic set of rules that were laid down on the process in order to make sure that accountability,
efficiency, responsibility, value and control have been achieved. The company maintains the
privacy of the information of its customers. To avoid any losses in regard to the customers’ data,
they have also ensured backing up of the customer data on multiple level. Additionally, in order
to access the data, the management on upper level is used for authorization (De Haes & Van
Grembergen, 2014).
The motto of the company is customers’ efficiency. Customers are taken care of by a number of
staffs who are always available to respond to customers’ queries. Finally, the company has staff
who have different positions such as the manager, managing director, reception, supervisor
among others. The various jobs carried out in the company are partitioned by the upper level to
the juniors. This is done according to the job nature.
After a long day of activities carried out, all the staff in the company meet and deliberate on the
day’s output (Brown & Grant, 2015).
Question 2.
During my internship and previous work, I did not encounter a situation whereby I had to apply
the Australian Standard in order to complete the ICT tasks assigned to me. If I was to experience
such situations, I would surely consider the following standards in order for me to complete my
tasks: (Odendaal, 2013)
 Establishment ICT responsibilities that are clear and well understood – since I would be
an internee, I would make sure that I am certain regarding my responsibilities. In case of
any queries that may arise, I would consult immediately with my supervisor.
 Planning ICT to be the best support for the organization – it involves making the tasks
performed efficiently. I would organize jobs that would offer help to the organization.
 Ensuring the ICT department functions well at all times – I would analyze the
information and data to ensure that all jobs are done perfectly.

 Ensuring that ICT complies with the formal rule – I would also ensure that any task I
would carry out would comply with the company’s policy and ethics.
 Ensuring that the ICT respects all aspects of human – I would make sure that I respect
resources and human property while carrying out my tasks. Anything that would result to
harming the human rights should be avoided (Brand & Boonen, 2009).
Question 3.
During my internship, I encountered a situation whereby I was required to apply the Australian
legislation. This situation however, the company was doing it against the law unknowingly. I
was assigned the responsibility of optimizing performance of keeping records in the database
system of the organization regularly. All the employees’ details were kept in the database as well
as some information regarding customers for analyzing the perception of customers. The
problem is that, the data is kept in such a way that, it can be easily accessed by anyone, there is
no encryption protocols applied. This poses a thread as the information can be accessed by
individuals who have bad intentions and use it for their personal gain. With regard to the
Australian legislation, stealing of data is among the major crimes carried out. Also, the
legislation also states that, when an organization is storing any kind of information regarding its
customers or employees, confidentiality as well as security of the data should be highly observed
(Greenleaf, 2014).
As a result, data in any organization should be kept in a manner that it’s secured in the database
and encryption techniques should be applied on the data to ensure that people do not have illegal
access to the data. The data could be stolen for ill motives which could cause harm to both
individuals as well as the company. Strong passwords should also be created to avoid guessing
by the employees or any other individual who may want to violate the data.
Individuals should be made aware of the legislation to avoid violation of data as well as breaking
the law. Therefore, it’s vital that before any individual carries out any task which they are unsure
about, they should consult with the Australian legislations (Campbell, McDonald & Sethibe,
2010).

References
Brand, K., & Boonen, H. (2009). IT governance based on CobiT® 4.1-A management guide.
Van Haren.
Brown, A. E., & Grant, G. G. (2015). Framing the frameworks: A review of IT governance
research. Communications of the Association for Information Systems, 15(1), 38.
Campbell, J., McDonald, C., & Sethibe, T. (2010). Public and private sector IT governance:
Identifying contextual differences. Australasian Journal of Information Systems, 16(2).
De Haes, S., & Van Grembergen, W. (2014). IT governance and its mechanisms. Information
Systems Control Journal, 1, 27-33.
Greenleaf, G. (2014). Sheherezade and the 101 data privacy laws: Origins, significance and
global trajectories. JL Inf. & Sci., 23, 4.
Odendaal, N. (2013). Information and communication technology and local governance:
understanding the difference between cities in developed and emerging economies.
Computers, Environment and Urban Systems, 27(6), 585-607.