Essay Writing Help on Management Letter

Management Letter

Date:

The Executive Board, Fosaro Tool Incorporation,

Dear Sir/Madam,

Management Letter for Information System Audit

In line with the pronounced weaknesses in the management of information systems of

Fusaro Tool Incorporation, there are certain considerations that the management of the firm should integrate in the operation to ensure safety of the systems besides fostering confidentiality of the data of the organization. The organization should develop an effective IT governance plan. Central in the nature of the IT department should be the ability to monitor the operations of the firm from all the perspectives. It is vital for the executive to develop an IT governance system that should be tailored towards ensuring safety of all the data of the organization. The structure of the IT governance Centre should be centrally located in order to allow for effective control of all the systems of the organization. In most instances, it will be prudent for the department to develop the use of wide area network that will allow access to all the computing devices of the organization from various points. The audit conducted reveals the great influence that the IT department has on the audit process. Owing to the monopoly of control of the systems that the department has, it plays a vital role in the realization of the general desired operation levels of the systems. Due to lack of internal control systems, the organization, Fusaro Tool Corporation, s exposed to a number of perils that risk jeopardizing the general functions of the entity. The case elucidated that witnessed the systems of the firm compromised by softwares entailing virus can be directly related to lack of internal control system. In the event that softwares such as firewall systems were available, inconveniences resulting from these external adoptions could be curbed. Through the IT department, every system of the organization can be subjected to constant scrutiny of a malware that could compromise the systems.

Secondly, the audit conducted reveals the weakness of shared user code by individuals of the organizationin the access of the organization systems. Through the joint user code, individuals are easily allowed access into the systems hence compromising the aspect of confidentiality of the systems. In line with this weakness that is made manifest, it becomes key for the organization to initiate the use of individual biometric data in the access of the systems. Apart from promoting confidentiality of the data stored, the measure will also help in preventing constant breakdown of the systems that could arise due to unskilled users.

An array of facets can result into the disruption of the operations of the IT system hence effective identification of these risks should be considered and necessary measures taken to curb the effect. Initially, lack prior detective system that resulted into malwares into the system can disrupt the overall operations of the department as both the local and the regional information systems will be tampered. In connection with tis, there is need for the department to come up with measures such as departmental strong anti – virus systems that allows for earlier detection of possible foreign wares that could compromise the systems.

Disaster Recovery Plan

Due to the high level of risk pertaining to various disasters the organization has, there is need for the management to put in place an effective disaster recovery plan that will restore the organization to its initial status before the occurrence of the peril. This can be achieved through a well stipulated plan that should be adhered to by all the involved parties. Initially, the plan begins with extensive identification process for any possible disaster that could occur in the organization. This should therefore be precededby an extensive determination of the possible magnitude of the loss in the event of the occurrence of the peril. This will then be followed by selection of possible alternatives that could help in the curbing and in the general recovery process. The best alternative is therefore selected.  Among the key options that the organization can consider in this case is the use of insurance plans that will assist the firm to effectively recover from the condition of loss.

During the auditing processes, it was realized that apart from the weaknesses of FTI’s information systems, there are several risks that the information systems are exposed to. Risks are barriers to the development of any organization and need to be eradicated. For instance, the audit found out that non-employees of the organization can obtain information and other important data about the company and leak it to the company’s rivals. FTI’s information systems are also exposed to virus infection and this could possibly lead to loss of important information. The other risk faced by FTI’s information systems is the unnecessary change of information and sharing of information with rival companies as several employees have access to the systems. The overall risk for FTI is that it might record huge losses due to the stiff competition from close rivals. As the overall owners of the company, you and your daughter have done a lot to make FTI a $10 million a year business, besides making it have an excellent reputation among its clients. However, these achievements could be brought down if the employees who have access to FTI’s information systems disclose the information to close rivals.

Your capacity as the head of the company and the cooperation with equipment suppliers, have ensured that provision of sample programs and training of employees develops FTI’s operations. As mentioned earlier, despite these efforts, FTI’s information systems still experience certain weaknesses. These have had negative implications on the development and expansion of the company. For instance, the absence of control systems such as firewalls, that would have regulated or prevented corrupted or infected files from getting their way into the information systems, has led to the company losing vital information due to the breakdown of systems. As in the case where one of FTI’s suppliers unfortunately sent sample programs that had been infected by a virus, no action was taken against the supplier. Though the management was lucky that the systems did not breakdown, more funds and time were dedicated to the cleansing of the servers and each of the machines within the company’s premises. This is very unfortunate as the funds would have been directed to other important issues such as installation of other control systems or payment of the employees. The audit process also found out that the sharing of a user code among the employees could be detrimental to the company. The implication that this weakness has on the company is that any employee could decide to delete, change or share vital confidential information with other external sources. This is a serious offence in any organization and it often leads to disagreements among stakeholders.

Bearing in mind the possible implications of the weaknesses of FTI’s information systems, the auditing process came up with recommendations that would be of great help to you as the owner of FTI. First, ensuring confidentiality in any organization is essential. This would be achieved through doing away with the policy that employees and other stakeholders within the organization share a user code and have easy access to FTI’s information and data. Instead, FTI’s management should ensure that all the information systems are controlled from a central point. Secondly, there should be proper and effective protection of FTI’s information systems. This can be achieved through installation of firewalls and antivirus software that will scan documents and delete any infected files that would cause interference of the information systems. Moreover, since the company has two central servers, addition of an extra server would be vital. This would make it difficult for individuals to hack FTI’s information systems thus enhancing profitability. It would also be important for the management of FTI to ensure a good working relationship with all its stakeholders. This would prevent suppliers from sending programs infected with viruses knowing well that this would lead to the breakdown of information systems and subsequent loss of vital information. Provision of proper training to the employees of FTI would also help reduce incidences whereby machinery and software are not properly handled. Well trained employees will ensure software is scanned for virus infections besides cleansing of the manual machineries. Well trained employees will also be aware of how to handle clients and this will help enhance the reputation of FTI.

We would like to thank the management for their systems and corporation throughout the audit. We would be pleased to provide any clarification that you may require on the issues raised in this report.

Yours faithfully