IT Auditing Case studies Assignment 1

EP 1513

01. Workplace drug abuse

Problem statement:
Employee drug
abuse
Key risks:
Drug abuse of
employee Have all possible
risks identified: No

Have identified risks managed with Mitigation or

Contingency plan? No.
Gaps in Risk Management:
No any plan in risk management. No monitoring employees
and manage
risks.
List all possible
risks: Drug
Abuse
Began arriving late and calling in
sick often Began borrowing and
failing to repay money Short
temper on the phone with
customers
Calculate REI for each risk:
Risks

Impact

Drug Abuse

Probability REI
3 (5% <
10%)
12

Began arriving late and

calling in sick often
Began borrowing and failing
to repay money
Short temper on the phone
with customers

12

12

Recommendations:
Use risk avoidance, mitigation and contingency plan.
Monitor the employees behavior
Care about customer complaints

02. Malden mills

Problem statement:
Factory burned
down Key risks:
Burning of factory
Have all possible risks identified: No
Have identified risks managed with Mitigation or
Contingency plan? Yes, they used a contingency
plan.
Gaps in Risk Management:
No mitigation or avoidance planning.
Too much believe in employees (Sometimes they
abandon the job after get salary)
List all possible risks:
Burning of factory
Bankruptcy of
factory
Employees out of work
Employees may not come back
(impossible to rehire) Pay salary without
profit
Calculate REI for each risk:
Risk

Impact

Probability REI

Burning of factory

Employees out of work

Employees may not come

back (impossible to rehire)

20

Factory will collapse by

paying salary without profit

15

Recommendations:
Use risk avoidance panning like use of immediate fire
protection system

03. Small customers, Big profits

Problem statement:
Catering only to large
orders Key risks:
Shop sat idle between
orders Have all possible risks
identified: No
Have identified risks managed with Mitigation or
Contingency plan? Yes, they use contingency
plan after shop idle.
Gaps in Risk Management:
No risk avoidance plan when shift into only catering
large orders. List all possible risks:
Shop will be idle between
large orders Profit will be less
in small orders
Calculate REI for each risk:
Risk
Shop will be idle between
large orders
Profit will be less in small
orders

Impact
4

Probability REI
4
16

Recommendations:
Improve quality of customized products.
Deliver on time.
04. Retiring employees, Lost of knowledge
Problem statement:
Lost organization knowledge by retiring employees.
Key risks:
Lost knowledge
Have all possible risks identified: No
Have identified risks managed with Mitigation or Contingency
plan?
Yes, they managed loss of knowledge with mitigation plan.
Gaps in Risk Management:
Two much time taken after retirement (1 year is long time)

Provide same much of salary for mentoring after

retirement.

List all possible risks:

Loss of knowledge and experience
Retiring employees gradually give up some day
to day work Employees stay sometime year
after retiring
Pay salary and benefits after
retirement Reduce productivity
with new employees
Difficult to find replacement for retired employee
Calculate REI for each risk:
Risk
Loss of knowledge and
experience
Retiring employees
gradually
give up some day to day
work
Employees stay
sometime
year after retiring
Pay salary and benefits
after
retirement
Reduce productivity with
new
employees
Difficult to find
replacement
for retired employee

Impact
4

Probability REI
3
12

Recommendations:
Speed up the
program.
Start program earlier than usually do.

N.D.K.G
Dharmasiri
12/AS/CI/008
EP 1513