How would an organization monitor and test compliance with regulatory guidelines?
Topic: Bring your own Device (BYOD) is a trend that organizations are implementing. They are allowing (encouraging) employees to access company records and data from personal mobile devices and machines that the company does not own. Some companies are not supplying computers to their employees and are relying on employees to access company information on their own devices.
Written Assignment: Prepare an analysis of the subject using the information below as a guide. The paper should be in the 2300 – 2500 word range. You might not answer every sub-question, but your paper should be organized along the four major categories below. Be sure to footnote all direct quotes and facts. You also need to have a separate “Sources” page at the end of the report that documents the items that you used as a reference. You are required to have at least 3 sources for the paper. (Wikipedia or other “open source” websites are not an appropriate academic source for this class.)
Remember that you are writing these papers from an auditor’s perspective asking the question, “How would I test these IT controls?” This will be part of your critical thinking grade.
1. FACTS: Present the FACTS about BYOD in business today. How many companies have adopted these ideas in part or in full? What are the predicted trends for the future of BYOD?
In expressing your answer, evaluate based on the following:
How does BYOD fit into client’s needs in light of regulations and security baselines?
What policies need to be established and enforced to ensure confidentiality,Integrity,and availability?
How would an organization monitor and test compliance with regulatory guidelines?
2. POSITIVES: What have been some positive experiences with BYOD? What have companies found that has made this a good idea? What are some of the budget savings that companies have experienced? Are there any “pleasant surprises” or side-affects that have been obtained? What good “tips/best practices” have successful companies used to make this a good undertaking?
3. NEGATIVES: What problems have companies had with BYOD? What are some of the negative aspects of BYOD? Have there been problems that were not anticipated? Has there been any negative influence on the IT budget process? What are some areas of networking and security that are causing issues or potential problems? Are there instances where BYOD has jeopardized the regulatory compliance of organizations? Provide examples and what problems should have been addressed?
4. AFFECT ON IT (and other) AUDITS: Have there been any negative consequences on the auditing of data and information? What are some problems for companies that might be anticipated with the storage and retrieval of business records from devices they do not own? What are some of the unique challenges that auditors might face in the future as the trend of BYOD continues to grow?