Compare and contrast audit process and compliance requirements across industries.

Evaluate how different audit processes and compliance requirements.

Analyze how an audit process impacts risk for an organization.

• Purpose
• This assignment has two purposes. First, you are provided an opportunity to work in a team to complete an assignment and to evaluate team member performance, including the team’s ability to resolve conflict. Many projects in the real world are conducted on teams and this provides a good real-world experience in understanding how teams function.

Secondly, you will have an opportunity to compare and contrast organizations in two different domains and evaluate the organization in terms of the information they collect, process, and store and to evaluate the organizations’ risk, audit/regulation requirements within each domain, and necessary security controls. This leaves you with a well-rounded view of the organizational impact of regulation across domains. You will also analyze areas related to risk analysis, standard compliance, and control implementation where conflict resolution may be necessary.

Assignment Instructions

Your instructor will have set up teams during Unit 5 and will have posted those teams to Announcements. Your team should have used the Unit 5 ungraded team discussion area to introduce yourselves and to set ground rules for communication and participation during the Unit 6 assignment. To complete this assignment, you are expected to attend team meetings, complete your individual part of the team Assignments, and contribute to the integration of those Assignments into a cohesive team submission. Team Tools:

Your team has a team-specific area below Unit 6 in the left nav. Teams can conduct most of their work in the team area unless the team chooses a different type of communication tool.

Your team has access to the full suite of Google® Tools through your student accounts, so you may want to use Google Docs for editing and sharing your work in progress.

Part 1 – The Team Project

Pick two organizations (they can be real or hypothetical in nature). Make sure they are different types of organizations (like those listed below).

Municipality

Educational institution (e.g., university, community college, high school, etc.)

Police station

Retail store

Government research

Hospital

Utility

• Bank
• Manufacturing facility

Convention center

Airline

Military installation

Describe the organizations in moderate detail.

• Identify the types of information that these two businesses use, process, or store that must be protected by one of the regulatory requirements previously discussed in this course.
• List the types of information and how the info is collected, used, processed, or stored.
• Identify the risk exposure for each of these two organizations. Compare and contrast these risks.
• List the risks (of the information being lost, corrupted, stolen, etc.) by different methods.
• Identify the impact of not adequately protecting this information (consequences and costs).
• Identify the compliance frameworks that would apply to these organizations based upon their information needs and applicable rules, regulations, and standards (e.g., ISO, COBIT, HIPPA, PCI, SOX, etc.).
• List the requirements or standards that apply to the two organizations based on their businesses and the information that they use or process.
• Identify and list the types of controls that would be the most important to implement to safeguard this information to comply with regulations and to minimize risk to the organizations.
• Summarize the internal controls that would need to be established to achieve these compliance goals (including physical, administrative, technological, and auditing controls that would have to be in place).
• Summarize how the differences in business requirements, information needs, and regulatory environment affect business priorities, operations, and structure.
• Close the paper with a conclusion, summary of lessons learned, and/or personal observations or opinions of the team.
• Part 2 – Conflict Management Skills Evaluation 

Consider the process of identifying risks, identifying relevant standards, identifying and implementing security controls (both process and technology). In addition to identifying risks, standards, and controls, there is also a people element, and often there is tension between business needs and processes and security controls. Discuss the types of inter-departmental conflicts that might arise during this process. Using the library resources and the Internet, find and summarize five conflict management skills. Be certain to cite your sources. Focus on one of the industries discussed in part 1, and discuss which of these conflict resolution skills that might be required to successfully implement effective security for an organization.