UTS IS Security and Risk Management: Analysis and Techniques
VerifiedAdded on  2023/06/13
|13
|3005
|287
Report
AI Summary
This report provides an analysis of Information Systems (IS) security and risk management practices at the University of Technology Sydney (UTS). It discusses the various services offered by UTS and how the IS supports the university's business operations. The report also examines the General Management Controls (GMCs) used by UTS to manage risks, compares GMCs with Application Controls (AC), and highlights the risk management techniques adopted by the university. Specific examples, such as the workload issues in the Nursing academy, are used to illustrate the application of risk management steps, including risk identification, assessment, mitigation, and evaluation. The document further differentiates between application control and general management control, emphasizing the importance of anticipating and managing risks effectively within the university's framework. The report also includes weighted factor analysis worksheet and ranked vulnerability risk worksheet.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: IS SECURITY AND RISK MANAGEMENT
IS Security and Risk Management
[Name of the Student]
[Name of the University]
[Author note]
IS Security and Risk Management
[Name of the Student]
[Name of the University]
[Author note]
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1IS SECURITY AND RISK MANAGEMENT
University of Technology or UTS’s started its operations in the 1870s but the current
form of the University was formed in the year of 1988. UTS is an public research University
which is situated in Sydney, Australia. This University is considered to be one of the leading
young University of Australia. Under the rank of 50 this university is ranked 1st in Australia and
8th in the world. This report mainly discusses about the services that are provided by UTS and
how the IS is associated with supporting the various business operations of the organization
(uts.edu.au, 2018). This report also discusses about the GMC o the general management control
used by UTS so as to manage the various risks. The application control for information system,
comparisons between the GMC and Ac or application control has also been done in this report.
The report also highlights the risk management techniques that has been adopted by UTS.
UTS or University of technology Sydney is associated with providing of various services
so as to enhance the learning process along with health and well-being of all the UTS students.
The services provided by UTS are discussed below:
ď‚· Health Service: This type of service is provided to the students, staffs, alumni and their
families in a friendly and confidential way. The service is available at the City Camus
and is associated with the facility of bulk billing (uts.edu.au, 2018). Highest priority is
provided to the students of UTS.
ď‚· Financial assistance: this service is associated with providing of financial assistance to
the individuals regarding practical and financial aspects of the life at the university some
of the thing included in this so as to assist the students includes Interest free student loans
in various situations (uts.edu.au, 2018).
University of Technology or UTS’s started its operations in the 1870s but the current
form of the University was formed in the year of 1988. UTS is an public research University
which is situated in Sydney, Australia. This University is considered to be one of the leading
young University of Australia. Under the rank of 50 this university is ranked 1st in Australia and
8th in the world. This report mainly discusses about the services that are provided by UTS and
how the IS is associated with supporting the various business operations of the organization
(uts.edu.au, 2018). This report also discusses about the GMC o the general management control
used by UTS so as to manage the various risks. The application control for information system,
comparisons between the GMC and Ac or application control has also been done in this report.
The report also highlights the risk management techniques that has been adopted by UTS.
UTS or University of technology Sydney is associated with providing of various services
so as to enhance the learning process along with health and well-being of all the UTS students.
The services provided by UTS are discussed below:
ď‚· Health Service: This type of service is provided to the students, staffs, alumni and their
families in a friendly and confidential way. The service is available at the City Camus
and is associated with the facility of bulk billing (uts.edu.au, 2018). Highest priority is
provided to the students of UTS.
ď‚· Financial assistance: this service is associated with providing of financial assistance to
the individuals regarding practical and financial aspects of the life at the university some
of the thing included in this so as to assist the students includes Interest free student loans
in various situations (uts.edu.au, 2018).
2IS SECURITY AND RISK MANAGEMENT
ď‚· UTS housing service: UTS housing service is associated with offering of comfortable,
affordable and convenient living options in and around the UTS city campus.
Along with this there also exists other services like the Multi-faith Chaplaincy, Careers
Service, and Counselling.
The IS or Information System of UTS provides support to all the ongoing processes
especially the teaching processes. The main aim of Information system of the university is to
create an integrated system which would be aimed at computerizing all the processes of the
university and this mainly makes use of the university registers, general classification (Laudon &
Laudon, 2016). This helps the users by assisting them in avoiding the interpretation of the same
data in different ways. The IS helps the university in storing all the information’s at a centralized
database which helps in avoiding the problem of data duplication. Firstly the information is
gathered and then put the database and then it is managed (Arvidsson, Holmström & Lyytinen,
2014).
Fig 1: Structure of the IS of UTS
ď‚· UTS housing service: UTS housing service is associated with offering of comfortable,
affordable and convenient living options in and around the UTS city campus.
Along with this there also exists other services like the Multi-faith Chaplaincy, Careers
Service, and Counselling.
The IS or Information System of UTS provides support to all the ongoing processes
especially the teaching processes. The main aim of Information system of the university is to
create an integrated system which would be aimed at computerizing all the processes of the
university and this mainly makes use of the university registers, general classification (Laudon &
Laudon, 2016). This helps the users by assisting them in avoiding the interpretation of the same
data in different ways. The IS helps the university in storing all the information’s at a centralized
database which helps in avoiding the problem of data duplication. Firstly the information is
gathered and then put the database and then it is managed (Arvidsson, Holmström & Lyytinen,
2014).
Fig 1: Structure of the IS of UTS
3IS SECURITY AND RISK MANAGEMENT
GMCs or general management control system is the framework that is established for the
purpose of guiding the various operations of the University provide various services to the
peoples associated with the university. By making use of the GMCs the UTS is capable of
identifying various types of risks so as to achieve the main objectives and perform the necessary
things which is needed to manage the risks. (Ter Bogt & Scapens, 2012). The major components
included in the GMCs of UTS are strategic planning, operational planning, monitoring and
control, functional threading and lastly providing motivation, rewards and recognition. This
management system is associated with controlling of the information system of the University
and this mainly includes the controlling of the data centers of UTS, system software acquisition
and maintenance, security access, along with application and maintenance (Kallio & Kallio,
2014). The GMC is generally used by UTS so as to support the various functionalities of the
application control or AI. Some of the major features of the GMC of UTS includes the
following:
ď‚· Security related to access, security of the programs and the data and Physical Security.
ď‚· Software Development & Program Change Controls.
ď‚· Recovery in times of any kind of disaster.
ď‚· Operations related to data centers.
The GMC system of the university consists of some practices which are generally
designed for the purpose of maintaining the integrity and availability of various information
processing functions of the university, the networks as well as the associated application systems
(Rainer et al., 2013).. The GMCs of the university consists of the following:
The university has adopted certain ways for the purpose of managing the risks the risk
management techniques adopted by the university has been discussed below with respect to an
GMCs or general management control system is the framework that is established for the
purpose of guiding the various operations of the University provide various services to the
peoples associated with the university. By making use of the GMCs the UTS is capable of
identifying various types of risks so as to achieve the main objectives and perform the necessary
things which is needed to manage the risks. (Ter Bogt & Scapens, 2012). The major components
included in the GMCs of UTS are strategic planning, operational planning, monitoring and
control, functional threading and lastly providing motivation, rewards and recognition. This
management system is associated with controlling of the information system of the University
and this mainly includes the controlling of the data centers of UTS, system software acquisition
and maintenance, security access, along with application and maintenance (Kallio & Kallio,
2014). The GMC is generally used by UTS so as to support the various functionalities of the
application control or AI. Some of the major features of the GMC of UTS includes the
following:
ď‚· Security related to access, security of the programs and the data and Physical Security.
ď‚· Software Development & Program Change Controls.
ď‚· Recovery in times of any kind of disaster.
ď‚· Operations related to data centers.
The GMC system of the university consists of some practices which are generally
designed for the purpose of maintaining the integrity and availability of various information
processing functions of the university, the networks as well as the associated application systems
(Rainer et al., 2013).. The GMCs of the university consists of the following:
The university has adopted certain ways for the purpose of managing the risks the risk
management techniques adopted by the university has been discussed below with respect to an
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4IS SECURITY AND RISK MANAGEMENT
event when the Nursing academy at the university were being stretched to breaking points as
they have to work for 50 hours a week with more than 20 contact hours.
Identification of the risk:
This is generally done by the university by asking themselves about the possibilities by
which the delivery of objectives might get hampered and by what means this can happen. The
risks are recorded by the university in a clear and precise way which helps in describing the
various events as well as the root causes of the problem. Thin in turn helps in effective
mitigation, audit and assessment of the risks (McNeil, Frey & Embrechts, 2015). (Haimes,
2015). By this practice they are capable of achieving the strategic priorities, operational
objectives and operation health. For each identified risks a risk owner is assigned and this owner
is responsible for overseeing any kind of management of the risks and provide the periodical
report. The main identified reason for this risk is due to the shifting of the teaching load to fewer
staffs so as to free the other employees for the research purpose. It was also denied by the
university that their staffs were carrying unsustainable workloads.
Risk assessment:
The risk assessment of UTS includes a clear and decisive consideration regarding the
impacts severity along with its likelihood. This in turn supports the risk prioritization which is
associated with turning of the risk controls and allocation of the resources (McNeil, Frey &
Embrechts, 2015). (Haimes, 2015). The risk assessment matrix of the University helps in
recording and communicating the risks which are derived from the evidence based assessments.
The assessment also helps the university in understanding the risk escalation. The staffs were
excessive workload so around 15 of employees submitted a written complaint. The complaint
mainly stated that they were having lots of stress and ill health.
Risk mitigation:
event when the Nursing academy at the university were being stretched to breaking points as
they have to work for 50 hours a week with more than 20 contact hours.
Identification of the risk:
This is generally done by the university by asking themselves about the possibilities by
which the delivery of objectives might get hampered and by what means this can happen. The
risks are recorded by the university in a clear and precise way which helps in describing the
various events as well as the root causes of the problem. Thin in turn helps in effective
mitigation, audit and assessment of the risks (McNeil, Frey & Embrechts, 2015). (Haimes,
2015). By this practice they are capable of achieving the strategic priorities, operational
objectives and operation health. For each identified risks a risk owner is assigned and this owner
is responsible for overseeing any kind of management of the risks and provide the periodical
report. The main identified reason for this risk is due to the shifting of the teaching load to fewer
staffs so as to free the other employees for the research purpose. It was also denied by the
university that their staffs were carrying unsustainable workloads.
Risk assessment:
The risk assessment of UTS includes a clear and decisive consideration regarding the
impacts severity along with its likelihood. This in turn supports the risk prioritization which is
associated with turning of the risk controls and allocation of the resources (McNeil, Frey &
Embrechts, 2015). (Haimes, 2015). The risk assessment matrix of the University helps in
recording and communicating the risks which are derived from the evidence based assessments.
The assessment also helps the university in understanding the risk escalation. The staffs were
excessive workload so around 15 of employees submitted a written complaint. The complaint
mainly stated that they were having lots of stress and ill health.
Risk mitigation:
5IS SECURITY AND RISK MANAGEMENT
UTS puts the countermeasures in place so as to mitigate the risks that are recorded. The
mitigation actions of UTS is clear and concise which are agreed and updated at a regular basis.
After identification of the countermeasures the risk assessment is applied for the second time. If
any type of residual risk remains which seems to be critical on the local risk register, then the
university considers this to be an escalation in the Corporate Risk Register. Certain changes were
made regarding the workplace policies and new changes were done so as to eliminate the
workloads.
Risk evaluation:
This is done by the university so as to determine if any type of additional risks exists or
not and what are the additional actions which would be required for the purpose of reducing the
impacts of the risks or the likelihood of reoccurrence of the risks. By this technique the
University identifies the risks which are not adequately mitigated. And if it is found that some
risks are still significant and critical then an additional column is added to the risk register.
The AC of the university consists of mechanism which is placed over different separate
computer system so as to make sure the data authorization is processed completely and
accurately. They have been designed so as to make the university capable of preventing,
detecting and correcting the errors and the irregularities (Covello, Menkes & Mumpower, 2012).
This happens due to the fact that flow of all the transactions takes place through the business
system of the university. Application control of the university makes it sure that all the
transactions and programs are secured and along with the system generally resumes sometimes
later after the interruption in the business has occurred. Along with this all the transactions of the
university is corrected and accounted for whenever any kind of error occurs and also this system
UTS puts the countermeasures in place so as to mitigate the risks that are recorded. The
mitigation actions of UTS is clear and concise which are agreed and updated at a regular basis.
After identification of the countermeasures the risk assessment is applied for the second time. If
any type of residual risk remains which seems to be critical on the local risk register, then the
university considers this to be an escalation in the Corporate Risk Register. Certain changes were
made regarding the workplace policies and new changes were done so as to eliminate the
workloads.
Risk evaluation:
This is done by the university so as to determine if any type of additional risks exists or
not and what are the additional actions which would be required for the purpose of reducing the
impacts of the risks or the likelihood of reoccurrence of the risks. By this technique the
University identifies the risks which are not adequately mitigated. And if it is found that some
risks are still significant and critical then an additional column is added to the risk register.
The AC of the university consists of mechanism which is placed over different separate
computer system so as to make sure the data authorization is processed completely and
accurately. They have been designed so as to make the university capable of preventing,
detecting and correcting the errors and the irregularities (Covello, Menkes & Mumpower, 2012).
This happens due to the fact that flow of all the transactions takes place through the business
system of the university. Application control of the university makes it sure that all the
transactions and programs are secured and along with the system generally resumes sometimes
later after the interruption in the business has occurred. Along with this all the transactions of the
university is corrected and accounted for whenever any kind of error occurs and also this system
6IS SECURITY AND RISK MANAGEMENT
helps the university in processing the data in an efficient manner (Vijayakumar & Nagaraja,
2012).
Risk management generally refers to the process of identifying, assessing and controlling
the threats that an organization faces regarding its capital and earnings. And this threats or risks
are capable of stemming a wide variety of sources which might include the uncertainty regarding
financial matters, liabilities regarding legal issues, errors in the strategic management system and
many more (Camacho & Bordons, 2012)
Application control of the university is associated with the specific control over each
computerized applications whereas the general management control is associated with
management of the risks by establishing of designs and makes use of the computerized programs
throughout the organization.
Major things which must be anticipated by risk management includes the following:
ď‚· Definition of the goals
ď‚· Delegation of the responsibilities
ď‚· Determination of the area and the level on which risk management is to be conducted
ď‚· Considering the time and space the activity is to be defined
ď‚· Definition regarding the connection that exists between certain type of activities
ď‚· Providing a definition regarding the methodologies related to risk management
(Stefaniak, Houston & Cornell, 2012).
ď‚· Determination of the procedures included in the risk management process.
ď‚· Taking certain decisions
helps the university in processing the data in an efficient manner (Vijayakumar & Nagaraja,
2012).
Risk management generally refers to the process of identifying, assessing and controlling
the threats that an organization faces regarding its capital and earnings. And this threats or risks
are capable of stemming a wide variety of sources which might include the uncertainty regarding
financial matters, liabilities regarding legal issues, errors in the strategic management system and
many more (Camacho & Bordons, 2012)
Application control of the university is associated with the specific control over each
computerized applications whereas the general management control is associated with
management of the risks by establishing of designs and makes use of the computerized programs
throughout the organization.
Major things which must be anticipated by risk management includes the following:
ď‚· Definition of the goals
ď‚· Delegation of the responsibilities
ď‚· Determination of the area and the level on which risk management is to be conducted
ď‚· Considering the time and space the activity is to be defined
ď‚· Definition regarding the connection that exists between certain type of activities
ď‚· Providing a definition regarding the methodologies related to risk management
(Stefaniak, Houston & Cornell, 2012).
ď‚· Determination of the procedures included in the risk management process.
ď‚· Taking certain decisions
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7IS SECURITY AND RISK MANAGEMENT
ď‚· Identification of the areas where revision needs to be done along with the purposes and
sources which are necessary for making such decisions.
University of technology Sydney has adopted a certain risk management methodology
which includes the following steps:
ď‚· Firstly an introduction to the process of working, the system and many is more is
provided.
ď‚· Second step involves the identification and determination of the danger and the damages
that might occur in all parts of the system
ď‚· Third step involves the assessing of the risks in relation to the damage and the danger
(Klamm, Kobelsky & Watson, 2012).
ď‚· Fourth step involves the determination of the ways and the measures that are to be taken
for the purpose of eliminating, minimizing and preventing the risks
ď‚· Fifth step involves the reassessing of the risks with respect to damages and danger that
are remaining
ď‚· The last step involves the maintenance of the level of risks which is remaining (Janvrin et
al., 2012).
ď‚· Identification of the areas where revision needs to be done along with the purposes and
sources which are necessary for making such decisions.
University of technology Sydney has adopted a certain risk management methodology
which includes the following steps:
ď‚· Firstly an introduction to the process of working, the system and many is more is
provided.
ď‚· Second step involves the identification and determination of the danger and the damages
that might occur in all parts of the system
ď‚· Third step involves the assessing of the risks in relation to the damage and the danger
(Klamm, Kobelsky & Watson, 2012).
ď‚· Fourth step involves the determination of the ways and the measures that are to be taken
for the purpose of eliminating, minimizing and preventing the risks
ď‚· Fifth step involves the reassessing of the risks with respect to damages and danger that
are remaining
ď‚· The last step involves the maintenance of the level of risks which is remaining (Janvrin et
al., 2012).
8IS SECURITY AND RISK MANAGEMENT
Weighted Factor Analysis
Worksheet
Information
Asset
Criterion 1: Impact
to Revenue
Criterion 2: Impact
to Profitability
Criterion 3: Impact
to public image
Weighted score
Criteria weights
out of 100
45 60 55
EDI document
set 1-logistics
BOL to
outsourcer
0.9 0.7 0.6 75
EDI document
set 2-Supplier
orders
0.7 0.8 0.8 78
EDI document
set 2-Supplier
Fulfillment
advice
0.5 0.6 0.2 41
Customer order
via SSL
1.0 1.0 1.0 100
Customer
service request
via e-mail
0.3 0.6 0.8 55
Weighted Factor Analysis
Worksheet
Information
Asset
Criterion 1: Impact
to Revenue
Criterion 2: Impact
to Profitability
Criterion 3: Impact
to public image
Weighted score
Criteria weights
out of 100
45 60 55
EDI document
set 1-logistics
BOL to
outsourcer
0.9 0.7 0.6 75
EDI document
set 2-Supplier
orders
0.7 0.8 0.8 78
EDI document
set 2-Supplier
Fulfillment
advice
0.5 0.6 0.2 41
Customer order
via SSL
1.0 1.0 1.0 100
Customer
service request
via e-mail
0.3 0.6 0.8 55
9IS SECURITY AND RISK MANAGEMENT
Asset
Asset
relativ
e
value
vulnerability Loss
frequency
Loss
magnitude
Customer service
request via e-mail
(inbound)
55 E-mail disruption due to hardware failure 0.2 11
customer order via
SSL (Inbound)
100 Lost orders due to web server hardware
failure
0.1 10
Customer order via
SSL (inbound)
100 Lost orders due to web server or ISP service
failure
0.1 10
Customer service
request via e-mail
(inbound)
55 E-mail disruption due to SMTP mail
relay attack
0.1 5.5
Customer service
request via e-mail
(inbound)
55 E-mail disruption due to ISP service
failure
0.1 5.5
Customer order via
SSL (inbound) 100 Lost orders due to web server
denial-of-service attack
0.025 2.5
Ranked Vulnerability Risk Worksheet
Asset
Asset
relativ
e
value
vulnerability Loss
frequency
Loss
magnitude
Customer service
request via e-mail
(inbound)
55 E-mail disruption due to hardware failure 0.2 11
customer order via
SSL (Inbound)
100 Lost orders due to web server hardware
failure
0.1 10
Customer order via
SSL (inbound)
100 Lost orders due to web server or ISP service
failure
0.1 10
Customer service
request via e-mail
(inbound)
55 E-mail disruption due to SMTP mail
relay attack
0.1 5.5
Customer service
request via e-mail
(inbound)
55 E-mail disruption due to ISP service
failure
0.1 5.5
Customer order via
SSL (inbound) 100 Lost orders due to web server
denial-of-service attack
0.025 2.5
Ranked Vulnerability Risk Worksheet
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10IS SECURITY AND RISK MANAGEMENT
The audit plan of UTS includes the improvement of the effectiveness of the campus
governance, management of the risks and control over various processes. Along with this the
plan would also assist the leaders of the University in discharging their oversight, management
and responsibilities related to their various operations. It also assists the managers in addressing
various financial operational and compliance risks of the university and help them in taking
informed risk acceptance decisions. The plan also helps in leveraging and supporting the efforts
of the campus so as to identify evaluate and mitigate the various risks. A support to the
management restructuring and the strategies for the budget is also provided by this plan. The
plan also supports the evaluation of the System wide Compliance Program. This plan also helps
the university in meeting up all the challenges so as to enhance the value of the Internal Audit
program.
The University of Technology has adopted certain IS which helps each and every
individuals associated with this university. They are also associated with providing of several
services for their students and staffs which makes achieve success in various fields. Along with
this there also exists General Management control for the purpose of dealing with various types
of risks. Along with the GMCs there are also certain risk management strategies which has been
adopted by the university. There also exists application control which helps the university in its
different processes.
The audit plan of UTS includes the improvement of the effectiveness of the campus
governance, management of the risks and control over various processes. Along with this the
plan would also assist the leaders of the University in discharging their oversight, management
and responsibilities related to their various operations. It also assists the managers in addressing
various financial operational and compliance risks of the university and help them in taking
informed risk acceptance decisions. The plan also helps in leveraging and supporting the efforts
of the campus so as to identify evaluate and mitigate the various risks. A support to the
management restructuring and the strategies for the budget is also provided by this plan. The
plan also supports the evaluation of the System wide Compliance Program. This plan also helps
the university in meeting up all the challenges so as to enhance the value of the Internal Audit
program.
The University of Technology has adopted certain IS which helps each and every
individuals associated with this university. They are also associated with providing of several
services for their students and staffs which makes achieve success in various fields. Along with
this there also exists General Management control for the purpose of dealing with various types
of risks. Along with the GMCs there are also certain risk management strategies which has been
adopted by the university. There also exists application control which helps the university in its
different processes.
11IS SECURITY AND RISK MANAGEMENT
References:
Arvidsson, V., Holmström, J., & Lyytinen, K. (2014). Information systems use as strategy
practice: A multi-dimensional view of strategic information system implementation and
use. The Journal of Strategic Information Systems, 23(1), 45-61.
Camacho, E. F., & Bordons, C. A. (2012). Model predictive control in the process industry.
Springer Science & Business Media.
Covello, V. T., Menkes, J., & Mumpower, J. L. (Eds.). (2012). Risk evaluation and
management (Vol. 1). Springer Science & Business Media.
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
Janvrin, D. J., Payne, E. A., Byrnes, P., Schneider, G. P., & Curtis, M. B. (2012). The updated
COSO Internal Control—Integrated Framework: Recommendations and opportunities for
future research. Journal of Information Systems, 26(2), 189-213.
Kallio, K. M., & Kallio, T. J. (2014). Management-by-results and performance measurement in
universities–implications for work motivation. Studies in Higher Education, 39(4), 574-
589.
Klamm, B. K., Kobelsky, K. W., & Watson, M. W. (2012). Determinants of the persistence of
internal control weaknesses. Accounting Horizons, 26(2), 307-333.
Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education
India.
References:
Arvidsson, V., Holmström, J., & Lyytinen, K. (2014). Information systems use as strategy
practice: A multi-dimensional view of strategic information system implementation and
use. The Journal of Strategic Information Systems, 23(1), 45-61.
Camacho, E. F., & Bordons, C. A. (2012). Model predictive control in the process industry.
Springer Science & Business Media.
Covello, V. T., Menkes, J., & Mumpower, J. L. (Eds.). (2012). Risk evaluation and
management (Vol. 1). Springer Science & Business Media.
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
Janvrin, D. J., Payne, E. A., Byrnes, P., Schneider, G. P., & Curtis, M. B. (2012). The updated
COSO Internal Control—Integrated Framework: Recommendations and opportunities for
future research. Journal of Information Systems, 26(2), 189-213.
Kallio, K. M., & Kallio, T. J. (2014). Management-by-results and performance measurement in
universities–implications for work motivation. Studies in Higher Education, 39(4), 574-
589.
Klamm, B. K., Kobelsky, K. W., & Watson, M. W. (2012). Determinants of the persistence of
internal control weaknesses. Accounting Horizons, 26(2), 307-333.
Laudon, K. C., & Laudon, J. P. (2016). Management information system. Pearson Education
India.
12IS SECURITY AND RISK MANAGEMENT
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Rainer, R. K., Cegielski, C. G., Splettstoesser-Hogeterp, I., & Sanchez-Rodriguez, C.
(2013). Introduction to information systems. John Wiley & Sons.
Stefaniak, C. M., Houston, R. W., & Cornell, R. M. (2012). The effects of employer and client
identification on internal and external auditors' evaluations of internal control
deficiencies. Auditing: A Journal of Practice & Theory, 31(1), 39-56.
Ter Bogt, H. J., & Scapens, R. W. (2012). Performance management in universities: Effects of
the transition to more quantitative measurement systems. European Accounting
Review, 21(3), 451-497.
uts.edu.au. (2018). Services and support | University of Technology Sydney. Uts.edu.au.
Retrieved 3 April 2018, from https://www.uts.edu.au/current-students/info-international-
students/services-and-support
Vijayakumar, A. N., & Nagaraja, N. (2012). Internal Control Systems: Effectiveness of Internal
Audit in Risk Management at Public Sector Enterprises. BVIMR Management Edge, 5(1).
McNeil, A. J., Frey, R., & Embrechts, P. (2015). Quantitative risk management: Concepts,
techniques and tools. Princeton university press.
Rainer, R. K., Cegielski, C. G., Splettstoesser-Hogeterp, I., & Sanchez-Rodriguez, C.
(2013). Introduction to information systems. John Wiley & Sons.
Stefaniak, C. M., Houston, R. W., & Cornell, R. M. (2012). The effects of employer and client
identification on internal and external auditors' evaluations of internal control
deficiencies. Auditing: A Journal of Practice & Theory, 31(1), 39-56.
Ter Bogt, H. J., & Scapens, R. W. (2012). Performance management in universities: Effects of
the transition to more quantitative measurement systems. European Accounting
Review, 21(3), 451-497.
uts.edu.au. (2018). Services and support | University of Technology Sydney. Uts.edu.au.
Retrieved 3 April 2018, from https://www.uts.edu.au/current-students/info-international-
students/services-and-support
Vijayakumar, A. N., & Nagaraja, N. (2012). Internal Control Systems: Effectiveness of Internal
Audit in Risk Management at Public Sector Enterprises. BVIMR Management Edge, 5(1).
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.