Tri 2 2015/2016

TIS3415 / TSC2111 Group Assignment

Objective
To evaluate risks in the information technology (IT) functional areas. To formulate internal control
activities based on COBIT control objectives. To create standard documentation of internal controls.
.
Requirement
1.
2.
3.
4.

Register in a group of THREE (3) students by 10 Dec. Take note of the assigned group number.
Use Times New Roman size 12, 1.5 spacing. Any bullet point must be elaborated.
Attend group interview (20%) on 21 Jan, 4pm.
Submit hardcopy group-report (80%) on 22 Feb, 11am. Report size is not lesser than 3000 wordcount.
5. Submit softcopy group-report on MMLS for TurnItIn plagiarism checking. Ideas taken from other
sources must be rephrased and cited. Penalty for plagiarism or not submitting softcopy is zero mark
for the entire report.

Task
1. Please refer to the attached document IT Security Policy and Procedure. The policy is a reference
rules for actions and IT internal control activities in order to minimize IT risks.
Choose any ONE (1) group of IT activities from the list of IT Security scope (see page 8).
Note: Your choice of IT Security scope determines the context of your discussion in the following
tasks.

2. Identify all possible IT risks, in accordance to the organization vulnerability towards the risks.

3. Next, refer to the attached COBIT 4.1. COBIT contains control-objectives, which define the ultimate
goal of implementing any IT policy and IT activities. The control-objectives state generic action
statements of minimum IT management good practices.
Choose the relevant COBIT domains, process, and control objectives which will guide you to
formulate IT internal controls activities.

4. Discuss all possible IT controls activities, in accordance to their materiality for the organization.
State clearly the relevant COBIT domains, process, and control objectives.
Note: The IT control activities must be relevant to minimize the IT risks above.

1 of 2

Tri 2 2015/2016

5. From your answer above, draw an Internal Control (IC) flowchart, to document the IT controls for
any complex IT internal control activities.
Note: You may draw one or more IC flowcharts. Provide a legend for every symbol you use in the
IC flowchart. Make sure the IC flowchart include all relevant persons, steps, and numberings to
indicate where the controls are applied.
Note: COBIT process description, control objectives, RACI chart, process and activities metrics
provide additional information to complete your IC flowchart.

6. Supporting documents could be included as appendix, and entitled for bonus marks.

Resource
1. COBIT Framework 4.1
2. IT Security Policy and Procedure
3. Organization structure https://www.mmu.edu.my/index.php?req=107
4. IT division http://itsd.mmu.edu.my/
5. APA citation guide
https://www.libraries.psu.edu/psul/researchguides/citationstyles/APA_citation.html#apa-citation

2 of 2