Expert answer:WK5 IT Audit Process for Alluriam Quality Integrat

  

Solved by verified expert:*** Plagiarism is not acceptable *** Overview of Project –For this assignment, you will tackle the comprehensive task of auditing the IT and IS for an organization operating in a domain of your choice. You will apply the IT auditing process to a selected case study. The case study I have chosen is Alluriam Quality Integrated Health Network Instructions: Research Paper in in APA format. Plagiarism is not acceptable. (Please consider this top priority). For Week 1 to Week 5 project complete instructions are specified. All instructions or tasks must be addressed.(Try to address all the information specified in each task ). Kindly Review the attached documents. Also prepare the PPT for the final project. Paper must be included APA format References only and in-text citations. The references you cite should be credible, scholarly, or professional sources and Not older than 3 year
instructions_for_project.docx

20190605151907it_audit_week_4.docx

Don't use plagiarized sources. Get Your Custom Essay on
Expert answer:WK5 IT Audit Process for Alluriam Quality Integrat
Just from $10/Page
Order Essay

sample_classmate_project_week1_to_week5.docx

Unformatted Attachment Preview

Weeks 1–5 Project Overview
For this assignment, you will tackle the comprehensive task of auditing the IT and
IS for an organization operating in a domain of your choice. You will apply the IT
auditing process to a selected case study for your organization. You will first
define the scope of your organization, describe its IT capability, and explain how
it supports the organization’s critical mission. You will then conduct an evaluation
of how the IT capability aligns with the organization’s goa ls. Your evaluation will
examine IT/IS practices and operations in your organization. Your evaluation will
include an assessment of internal controls within the IT environment to assure
validity, reliability, and security of information, as well as an asse ssment of the
efficiency and effectiveness of the IT capability. Finally, you will describe your
findings and discuss recommendations in terms of specific controls improvements
to key IT processes for your selected case study. Your main objective is to
formulate a solution in the form of decisions that will aim at assuring the integrity
of your organization’s information assets.
The final project deliverable will be a report reviewing the organization’s
enterprise goals, IT-related goals, architecture, and summarizing the
findings based on your evaluation, and your final analysis and
recommendations (in the form of decisions). The report will include:





A description of the organization’s main business and mission, including the
enterprise goals
The IT/IS capability for your organization, including IT/IS infrastructure, systems,
and applications, as well as the organization’s IT-related goals
An evaluation of IT/IS practices and operations in your organization, including an
assessment of internal IT controls in terms of achieving IT assurance for your
organization
A description of the findings and an analysis of the risks and remedial
measures, arriving at specific, qualifiable decisions (that can be verified when
implemented)
A summary of how your IT auditing will achieve greater IT assurance and will
ensure a stronger alignment of the IT-related goals with the enterprise goals
Include a copy of all the references used in APA format.
The following is the modular breakdown of the project:
Week 1: Preliminary Review of Enterprise IT

Conduct a preliminary review of your case study’s organization. This review
should include business mission, organizational structures, culture, IS, products
and services, infrastructure and applications, people skills, and competencies.



Explain the need for an IT audit of your organization. Support your analysis in IT
governance terms. Identify the stakeholders for your case study.
Identify enterprise goals and IT-related goals for your case study and then create
a mapping of the two sets, indicating primary relationships and secondary
relationships.
Start developing an IT audit plan that addresses the following components: Define
scope, state objectives, structure approach, provide for measurement of
achievement (identify the areas you intend to measure; specific metrics will be
addressed later), address how you will assure comprehensiveness, and address
how you will provide approach flexibility.
Week 2: IT Audit Process: To be able to continue with the IT audit for your
case study and determine how to arrive at a stronger IT/IS assurance for your
organization, you need to first finalize your auditing framework. This week, as part
of the final project, you will perform the following tasks:




Discuss how you will apply a single auditing framework like COBIT 5 to structure your IT
audit.
Describe the IT audit procedures that you will rely on in your IT audit.
Start defining a balanced scorecard that lists IT-related goals and tracks some
performance metrics against the goals.
Review and revise your IT audit plan as needed by improving components in your plan
based on additional insight you have developed.
Week 3:
Preliminary Evaluation of IT Processes
In this phase of your project, relying on the concepts and techniques you covered
in the online lectures and in your textbook and based on the IT audit plan you
have developed, you will now tackle the evaluation of internal processes for your
case study. This week, as part of the final project, you will perform the following
tasks:




Identify your case study’s IT processes in key areas of the IT/IS lifecycle and describe
them according to the major domains.
Conduct a preliminary evaluation of internal IT processes, focusing primar ily on project
management and software development.
Refine your balanced scorecard as needed, possibly expanding the IT -related goals and
the performance metrics.
Create a process RACI chart that maps management practices to their related roles and
indicate the levels of responsibility for each role.
Week 4:
Evaluation of IT Internal Controls
In this phase of your project, relying on the concepts and techniques you covered
in the online lectures and in your textbook and based on the IT audit plan you
have developed so far, you will now tackle the evaluation of internal process
controls for your case study. For this next deliverable of your IT audit, you will
focus on the area of IT delivery and support. This week, as part of the final
project, you will perform the following tasks:




Conduct an evaluation of internal controls for service management.
Conduct an evaluation of internal controls for systems management.
Conduct an evaluation of internal controls for operations management.
Refine your balanced scorecard as needed, possibly expanding the IT-related
goals and the performance metrics.
Week 5:
IT Assurance Findings and Recommendations
This week, you will complete your final project. You will narrow down your IT audit
to a targeted scope. You will use the three-phase model of IT assurance to
synthesize your IT audit for your selected case study. This week, to conclude your
final project, use the three-phase model of the IT assurance initiative provided in
the online lectures and build an IT assurance initiative by performing the following
tasks:




Identify potential IT-related issues based on documented assumptions and your
evaluation of your case study in Week 1 through Week 4.
Scope the IT assurance initiative based on the subset of the organizational
system that should be targeted.
State relevant enablers and suitable assessment criteria to perform the
assessment of pertinent domains, processes, and controls.
Integrate the totality of your work from Week 1 through Week 4 and report the
results of your assessment, including your findings and recommendations .
This assignment is the final assignment for your project where you will put
everything together. In this assignment, you will revise your work completed in
previous weeks, and address additional components. Using the case study that
you have selected and worked on, based on instructor’s direction and approval,
create a final report that focuses on the audit plan to support the audit of the
organization in your case study and complete the following tasks.
Submit the following components:









Scope and assurance initiative assignment
Enterprise and it goals as well as the metrics and criteria
Assessment plan for principles, policies, and frameworks
Assessment plan for the process in scope
Assessment plan for the organizational structure
Assessment plan for the culture, ethics, and behavior in scope
Assessment plan for the information items in scope
Assessment plan for the services, infrastructure, and applications in scope
Assessment plan for the people, skills, and competencies in scope
Running Head: IT AUDIT PLAN
1
IT Audit Plan
Name
Institutional Affiliation
Date
IT AUDIT PLAN
2
IT Audit Plan
Introduction
Alluriam Healthcare Systems, Inc. (AHSI) main focus is to improve the quality of health care for
partners such as ACO’s, PCMH, HIE’s, CIN and government agencies. AHSI offers its services
through Cloud-Based Health Information Management Suite. Health care organizations are also
assisted by AHSI to plan their transition when it comes to value-based care and patient-centric
care. This is done by offering executive consultants and a team of CMIO’s.
Organization Overview
Business Mission
Alluriam Healthcare Systems, Inc. (AHSI) mission is to support care providers to provide quality
services to the patients. This is achieved by supporting all stakeholders with the necessary
technologies and information.
Organizational Structure
The organization has a board of management at the top that makes sure all operations are going
smoothly. The organization has an administration with various departments. The departments
include the information technology department, Therapeutic department, diagnostics department,
and support department. Each and every department provides various services. The IT
department makes sure that all other departments have the necessary technologies to support
their services.
IT AUDIT PLAN
Culture
The organization has a culture of embracing teamwork. Proper communications channels and
frameworks have been established within the hospitals. This framework enables various
departments to work together as a team and it is easy to raise any emerging issues.
Information System
The information system of AHSI is cloud-based mainly for health information management.
Their system is integrated with systems from Bildk Inc., HealthPoint Solutions Inc. (HPS), and
openAirWare, Inc.(oAW). This extends AHSI services to include HER-agnostic data collection
and integration, Artificial intelligence and platform which is patient center to manage data.
Products and Services
The AHSI provides the following services to its stakeholders:
➢ Improved communication systems and services.
➢ Electronic health management by allowing parties to store data, access it and even
exchange it.
➢ System security services for secure information exchange.
➢ Provides user interfaces to the parties involved in health care.
➢ Electronic security services through encryption and even restricting physical access by
use of Decentralized Identities (DIDs).
➢ Provision ambulatory network.
➢ Blockchain technology to prevent fraudulent transactions.
3
IT AUDIT PLAN
4
Importance of IT Audit
It is a best practice to have a regular audit on computer systems in an organization more so an
organization that deals with medical data. The following are the importance of IT audit in the
organization:
➢ The audit checks if the system is reliable and secure.
➢ It checks if confidentiality, availability, and integrity of health information are
maintained.
➢ To comply with set standards and regulatory policies and laws.
The organization has to make sure patient information is not misused and it is secure. An audit
will also identify weak points and vulnerabilities of the system making it possible to prevent
system breaches (Khan, Kamath & Roddy, 2018).
Stakeholders
The key stakeholders of the organization include:
➢ Accountable Care Organizations (ACO’s) which is supported by the AHSI with CI
analytics and dashboards.
Patient-centered medical home (PCMH) supported by AHSI through funding for a
smooth transition.
➢ Clinically integrated network (CIN) supported by AHSI with blockchain technology in
order to prevent fraudulent transactions.
➢ Primary care physicians (PCPs) which include Patients doctors, technicians, doctors, and
others. AHSI provides an interface to PCPs in order to perform their task in real time.
➢ Independent practice association (IPA) is provided with blockchain technology by AHSI.
IT AUDIT PLAN
➢ Patients are supported AHSI by been provided with patient-centered care.
➢ Employers & Insurance Companies depends on AHSI CI in order to reduce the risk
associated with monetarization.
Goals
The goals of the Aluriam are divided into two which are enterprise goals and IT-related goals.
Enterprise goals
The enterprise goals are as follows:
➢ To improve the quality of health care.
➢ To increase patient safety.
➢ To improve the efficiency of health care
IT-Related Goals
IT-related goals are as follows:
➢ To ensure the organization supports the exchange of clinical information electronically.
➢ To reduce unnecessary test by real-time access to medical information.
➢ To have an easy entry of medical information to computer systems
➢ To automate various processes such as billing
➢ To ensure those who are involved in providing care to the patient have access to the
patient’s information.
➢ To ensure medical information stored in a cloud-based system is secure.
➢ To ensure system reliability
5
IT AUDIT PLAN
6
Mapping of goals
The improvement of health care is achievable by having the necessary technology that allows
medical information to be exchanged easily. The efficiency of health care is improved by making
sure patient information is easy to access hence reducing the number of tests and increasing
patents’ safety.
IT Audit Plan
Scope
The audit plan will be focused on auditing the Alluriam services only and not those of its
stakeholders. The audit will focus on the following:
AHSI CI analytics decisions
➢ AHSI blockchain technology security
➢ Issues associated with the AHSI interfaces and dashboards.
➢ Decentralized identities (DIDs) security
Objectives
The following are the objectives of the organization:
➢ To analyze if decisions made by AHSI CI analytics are of any benefit to the stakeholders.
➢ To confirm if the AHSI blockchain technology is secure by preventing fraudulent
transactions.
➢ To check for any issues with the AHSI interfaces and dashboards. This includes tests of
access speed.
➢ To check if the compressive ambulatory network is secure.
IT AUDIT PLAN
7
➢ To verify is a particular entity such as a user is can able to access requested resource or
service.
➢ To verify the message delivery feature that allows users to send direct messages is secure.
➢ To check if the system is logging failed transactions and other errors.
➢ To check security issues from the existing error log in the system.
➢ To verify patient’s data confidentiality and privacy is kept.
Structure Approach
The nature of the audit plan in the organization is integrated but it does not depend on other
business operations. The audit process is overseen by the IT director of the organization. The
director has a team that audits the system and they report to him/her.
Measurement of Achievement
The number of issues reported and identified during auditing will help a lot to determine the
success of the audit. The objectives attained will help a lot to determine the success of the
project. The feedback and user feedback will are also useful in determining the progress of the
audit and its results. Other factors that will indicate success is the number of action plans
improved, meeting user requirements and regulations and contribution to necessary plans such as
disaster management plan. Finally, measurement toolkits that identify performance indicators
will be utilized (Khan, Kamath & Roddy, 2018).
Ensuring Comprehensiveness
To ensure comprehensiveness in auditing, all features of Aluriam are audited at the same time.
This makes sure all issues associated with the Aluriam are captured at the same time.
IT AUDIT PLAN
8
Compressive audit resources made for audit are utilized and time is saved since there is no need
for multiple audits (Omoteso, 2016).
Flexibility Approach
It is important to have a plan which is flexible such that it can accommodate unexpected changes
and risks. To ensure flexibility, the team studies emerging risks and revises the audit plan
regularly. The changes made are communicated to key stakeholders. The plan is designed to
have phases which can be completed within a short time. These phases can be iterated when
changes have been made in a given phase. In other words, agile methodology is utilized in the
auditing process by having sprint planning and sprint execution.
IT AUDIT PLAN
9
IT Audit Process
Single auditing framework
COBIT 5 framework will be used to structure the IT audit process. In order to be able to govern
the audit process, five principles of COBIT will be utilized. This framework makes sure that
goals are met and the IT infrastructure is in good condition. COBIT 5 framework is useful since
it provides structure to be followed, best practices and tools to be utilized (Andry, 2016).
The system will be audited to make sure it meets the stakeholders’ needs such as viewing
medical records and medical records exchange. End to end enterprise will be covered as well as
using a single integrated framework. It is important to ensure the process is reliable by using a
holistic approach in IT auditing. It is also important to separate the governance from
management to avoid confusing the two aspects. Using COBIT 5 auditing will ensure the
organization proactively deliver value to stakeholders, maximize the rate of investment, avoid
disasters such as data breach, protect intellectual property and manage potential IT-related risks.
IT audit procedures
The process of auditing the Aluriam will involve simple steps which are planning, assessment,
reporting, and follow-up (Wijaya, 2017). The processes follow each other in a sequential
manner. Once in the follow-up stage one can go back to planning where the auditing process is
repeated again. Remember for flexibility of the audit process sprint execution is applied.
Planning
The planning process involves gathering the necessary materials and tools. It also involves
defining the roles and responsibilities of everyone in the team. Necessary documents such as
IT AUDIT PLAN
10
internal control questionnaire should be ready at this stage. Audit scope and objectives are also
defined in this stage.
Assessment
This will involve the actual fieldwork where the audit team will have to find problems and
weaknesses in the organization and its systems. Data and information received will have to be
evaluated. This information will come from key stakeholders who are using the Aluriam. The
Alluriam will be tested to check for any vulnerability that exists in the system.
Reporting
The audit results are documented and communicated at this stage. In other words, the team
composes the audit findings and assessment results in a report. Necessary security
recommendations by the audit team are also done at this phase.
Follow-up
This stage is mainly made to confirm if the recommended actions and solution have been
implemented. Lastly, the audit response is verified by the audit team. In case the audit didn’t
solve all the existing issues then a new audit can be planned at the planning stage.
Note that the procedure will have to manage incidents, problem change, and access. This ensures
the process does not create problems in the organization. In other words, the audit operations
may have unwanted outcomes which need to be addressed.
Scorecard
IT-related Goals
Performance metrics
IT AUDIT PLAN
1. Exchange clinical information
11

electronically
Time taken to exchange the
information

Network bandwidth used by the
Alluriam system to transfer
information

Reduced effort to exchange clinical
information.

Reduced number of failures during the
exchange of information and amount
of work to be redone
2. Real-time access to medical
information

Reduced time to access information

Reduced number of access failures in
the Alluriam system

Number of care providers who can
access medical information in real
time
3. Easy entry of medical information to

computer systems
Amount of work taken to enter a
single set of medical information

The time it takes in order to enter a
single set of medical informati …
Purchase answer to see full
attachment

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Order your essay today and save 30% with the discount code ESSAYSHELP