微信客服:xiaoxionga100
微信客服:ITCS521
report代写-BISM7221
时间:2022-05-15
UQ Business School
7th March 2022
BISM7221 Information Systems
Control, Governance and Audit
Report – Business Consulting Report
(IS Recommendations)
Assessment Guideline
SEMESTER 1 2022
UQ Business School
7th March 2022
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations)
Assessment Guideline
(Semester 1 2022)
1
Purpose
This document identifies the requirements for this assessment and a marking rubric to provide
guidance in undertaking this assessment.
Details:
Type: Report
Due Date: 2:00pm 20th May 2022
Weight: 50%
In Brief: One Business Consulting Report with recommendations to inform the Company's
Board and Management regarding IT Governance, Fraud assessment, and
assessment of General controls and Operations to improve business performance.
Task Description
This is an individual assignment. Students will use their understanding developed in understanding IT
governance, fraud detection, and general controls to prepare a Business Consulting Report with
recommendations that improve business performance. This report is derived from a case organisation
described in the Assignment Specification.
The Business Consulting Report will require analytical skills to assess the case organisation's portfolio
of IT governance mechanisms, consider the potential for fraud arising from weaknesses in the general
control mechanisms, document any findings of fraud, and how to improve organisational performance
through recommendations that strengthen the general controls environment.
The results are communicated as a Business Consulting Report of no more than 12 pages in length
(excluding appendices) that documents the project rationale and approach, findings, and key
recommendations for IT governance, fraud prevention, and the IT general controls environment. The
report is a cohesive document that can be communicated to the client.
Students are to use SQL data analytic techniques used in tutorials for fraud detection work and use
Excel data visualisations to highlight their findings in the report. These visualisations should be to a
high standard as they are to be communicated directly to the client.
PostgreSQL is available as open-source software for installation on your own computer. PostgreSQL
is not installed on the University's computer laboratories. Excel is available as part of the Office 365
package available to students free-of-charge and installation on your own computer. A Windows or
macOS computer can be used for this software.
Key to success in this assessment is a professional Business Consulting Report that demonstrates
completeness, attention to detail, insightful analysis, and clear communication.
Criteria and Marking
An Assessment Guideline is provided in Learn.UQ with more details regarding this assessment item,
including a grading rubric. The grading rubric allocates marks to five dimensions: Engagement
Rationale and Planning (10%), IT Governance assessment and recommendations (20%), Fraud
assessment, detection, conclusions, and recommendations (20%), Assessment of General Controls
and Recommendations (30%), Presentation and Communication (20%).
A full and complete Business Consulting Report (no more than 12 pages excluding title pages and
appendices) is to be submitted.
UQ Business School
7th March 2022
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations)
Assessment Guideline
(Semester 1 2022)
2
Requirements
This assessment task is a full and complete Business Consulting Report, formatted
professionally and appropriately.
Students shall address this task individually.
This Business Consulting Report is to be written by you as an individual consultant that has been
asked to use your understanding of IT governance as well as the systems analytical skills and
techniques to provide advice to a client identified in the accompanying Assignment Specification. The
Assignment Specification is provided on Learn.UQ as a supporting document separate to this
Guideline. You are to document the results of your analysis as a business consulting report. The
business consulting report is addressed to the audience noted in the Assignment Specification but is
to be executed to a high standard as this report will be provided to the Board and Chief Executive
Officer.
In the Assignment Specification, you are provided with Guiding Questions. Answering these questions
requires that you apply your understanding of IT Governance and IT General Controls to provide IT
governance and operational advice and use the PostgreSQL and Microsoft Excel tools to undertake
fraud analysis.
The data files used are provided with the Assignment Specification in the assessment folder –
it is a zip file that will need to be unzipped. You are to download these files to your computer
and import the data into PostgreSQL
As a starting point for your analysis, the following seminars from the course will be particularly helpful:
• Seminar 3 (Business, Ethics and Fraud)
• Seminar 4 (IT Governance
• Seminar 5 (Information and Cyber Governance)
• Seminar 7 (General IT Environment)
• Seminar 8 (General Controls)
Seminar 6 (Professional IS Advisory Services) also provides you with a context for planning and
undertaking the Business Consulting Report assessment.
Format
Your report should be typed (in Times Roman 10-point font or equivalent, single-spaced) and it should
be approximately 12 pages in length (excluding Executive Summary, appendices, figure,
diagrams, tables, or, where used, references in the reference list). In all ways you should format
the report to conform to the standards of a professional business consulting report.
On the cover/title page note the essay title, your student number, name, the course code and course
title, the date, the word count (excluding cover page, Executive Summary, appendices, figures,
diagrams, tables, appendices and, where used, references in the reference list) and the
reference citation style where relevant.
The length of the report is specified as being no more than 12 pages in length. You should write a
consulting report that, in your professional judgment, best addresses the Guiding Questions whilst
also aiming for clarity and conciseness. Too short and there may be insufficient detail. Too long, and
you may not have summarised the material sufficiently. Use appendices well for reference and
supporting material.
Figures/diagrams/tables presented in the main body of the report should not exceed one page.
There is no limit on the number of pages of appendices.
However, in this vein, you should think in terms of a highly paid, busy senior executive spending his or
her time reading your report. You would want to get your arguments across forcefully, but not waste
UQ Business School
7th March 2022
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations)
Assessment Guideline
(Semester 1 2022)
3
the person's time. The senior executive would probably not read the appendices, so the body of your
report should be able to stand on its own and match to the expectations of a business consulting
report. The senior executive's staff analysts would likely examine your appendices in depth, however,
so they must also be executed and presented to a high standard.
You may need to use external independent sources in support of the arguments you present in the
report, or the tests that you discuss. References when used can be cited using APA 6th, Harvard, or
Vancouver styles (you must note the referencing style on the title page). Other citation styles may
be allowed through permission granted by the lecturer.
Always remember that the report should conform to the standards of a professional business
consulting report.
Frequently Asked Questions
• Are independently researched quality academic sources required, and what are they?
No they are not required. You may however choose to cite such sources in support of your
answers to guiding questions.
• Can we cite non-academic ‘industry’ sources?
Yes you can, although are not required. You may however choose to cite such sources in
support of your answers to guiding questions.
• How long does the report need to be?
The specification sheet says that the main body of the report (excluding title page, executive
summary, and appendices) should be no more than 12 pages in length in Times Roman 10-
point font or equivalent. You will need to keep in mind the need for a professionally presented
report. The main part of the report should be sufficient for the busy executive to understand
the core answers addressing the guiding questions. Detailed material and reports (query files,
long reports, etc.) should be placed in the appendices.
In writing your report, consider the busy executive who is reading the report, and aim for
efficiency and ease of communication rather than for density and exhaustive analysis in the
main report. Each student’s response will vary, not least due to the selected format and
approach. Although no minimum length is specified, it is likely though that the main report will
be somewhere in the range of between 8 to 12 pages in length.
Given the usual rule of thumb of approximately 10% leeway – the report should not be
more than 14 pages in length.
Appendices and detailed analysis can (and should) be included in appendices to support your
overall analysis. You should include some detail in the main body of your report and provide
greater detail in the appendices.
UQ Business School
7th March 2022
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations)
Assessment Guideline
(Semester 1 2022)
4
• How professional is professional? What does that even mean?
It means that in every way the report is true to what you would expect a professional to
provide in a consulting engagement. The internet has several examples available.
Several pointers:
• Use dot points judiciously. Perhaps open and close your answer to each question with a
full paragraph, but focused dot points statements that explicitly address the question are
clear and concise in a business report.
• Consider following an exemplar format of a consulting report that you have found as a
guide. If this is done, however, be sure that the report is structured to clearly relate to the
guiding questions set out in the Assignment Specification.
• Do not allow your report to become waffly, vague, and wordy. Explicitly identify
recommendations made (for example, "It is recommended that [insert
recommendation].").
You should structure your report to match the requirements of the case.
• What goes on the cover page again?
On the cover/title page note the essay title, your student number, name, the course code and
course title, the date, the word count (excluding Cover Page, Abstract,
Figures/Diagrams/Tables, Appendices and References) and the reference citation style.
Assessment
The criterion-based marking rubric below applies the Criteria and Marking noted above. Part marks
are rounded up to the nearest half mark.
Assignment Submission
There will be electronic submission of assignments through TurnItIn in the course website (Learn.UQ)
under Assessment. The drop-box will remain open to allow for late submission.
Your document must be submitted in either Microsoft Word document format or PDF format.
You must name your document with your last name followed by your initial(s) (e.g., Smith_A.doc). All
students will receive an electronic copy of their marked assignment through Learn.UQ.
When you submit your assignment to the drop−box, this act will certify that you have acknowledged
and understand the Plagiarism Statute of the University of Queensland.
As a safeguard, you may wish to submit your assignment to the lecturer by electronic email at the
same time as submitting via Blackboard (m.axelsen@business.uq.edu.au).
Please discuss any problems that may lead to late submission with your lecturer at the earliest
possible opportunity. Items (for which no extension has been granted) submitted after the due date
and time, incur a late submission penalty. The penalty is at the rate of 10% of the total available
marks for that piece of assessment, for each calendar day or part thereof that the item is overdue.
Additional information
Additional information will be given to students in class on how to undertake the assignment.
BISM7221 – MARKING RUBRIC: BUSINESS CONSULTING REPORT (IS RECOMMENDATIONS)
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations) Assessment Guideline
(Semester 1 2022)
5
Assessed out of 100 points and scaled back to 50 marks. Part marks are rounded up to the nearest half mark.
Below Expectations
< 50%
Meets Expectations
50% - 65%
Good
65% to 75%
Very Good
75% to 85%
Outstanding
85% to 100%
Engagement Rationale and Planning (10 points)
You have not identified the
scope and audience for the
report.
You have identified the
scope and audience for the
report.
You have identified the
scope and audience for the
report.
You have clearly identified
the scope and audience by
name for the report.
You have clearly identified
the scope and audience by
name for the report and
identified key business
questions addressed by the
report.
No engagement plan
(approach) is provided, or the
engagement plan misses
crucial steps.
Engagement plan identifies
most crucial steps.
Engagement plan identifies
all crucial steps.
Engagement plan identifies
and describes all crucial
steps and project inputs and
outputs.
Engagement plan identifies &
describes all crucial steps &
links project outcomes to
guiding questions.
Engagement plan (approach)
is not identified in a diagram.
Engagement plan is
identified in a diagram.
Engagement plan is
identified in a diagram & is
presented to a high visual
standard.
Engagement plan is
identified in a diagram & the
diagram is presented to a
high visual standard with
project inputs and outputs
identified.
Engagement plan is
identified in a diagram & the
diagram is presented to a
high visual standard with
project outputs, & outcomes
identified.
IT governance assessment and recommendations (20 points)
No IT Governance
mechanisms from the
'Engagement Model' from the
case are identified.
Some IT Governance
mechanisms from the
'Engagement Model' from the
case are identified.
Most Key IT Governance
mechanisms from the
'Engagement Model' from the
case are identified.
Key IT Governance
mechanisms from the
'Engagement Model' from the
case are identified.
All IT Governance
mechanisms from the
'Engagement Model' from the
case are identified.
No IT Governance
mechanisms from the
'Engagement Model' from the
case are evaluated.
Some IT Governance
mechanisms from the
'Engagement Model' from the
case are evaluated.
Most Key IT Governance
mechanisms from the
'Engagement Model' from the
case are evaluated.
Key IT Governance
mechanisms from the
'Engagement Model' from the
case are evaluated.
All IT Governance
mechanisms from the
'Engagement Model' from the
case are evaluated.
BISM7221 – MARKING RUBRIC: BUSINESS CONSULTING REPORT (IS RECOMMENDATIONS)
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations) Assessment Guideline
(Semester 1 2022)
6
Below Expectations
< 50%
Meets Expectations
50% - 65%
Good
65% to 75%
Very Good
75% to 85%
Outstanding
85% to 100%
Fewer than two
recommendations are
provided to improve IT
Governance.
Two or more
recommendations are
provided to improve IT
Governance.
Two or more
recommendations are
provided to improve IT
Governance & the
recommendations are
supported by the evaluation.
Two or more
recommendations are
provided to improve IT
Governance & explicitly
address the evaluation.
Two or more highly relevant
recommendations are
provided to improve the IT
Governance & explicitly
address the evaluation.
Fraud assessment, detection, conclusions, and recommendations (20 points)
Only a few fraud detection
techniques using SQL are
designed & performed.
Most fraud detection
techniques using SQL are
designed & performed (or a
reason given as to why not)
to test for the existence of
fraud.
Key fraud detection
techniques using SQL are
designed & performed (or a
reason given as to why not)
to test for the existence of
fraud.
Key fraud detection
techniques using SQL are
designed & performed (or a
reason given as to why not)
to test for the existence of
fraud.
All fraud detection
techniques using SQL are
designed & performed (or a
reason given as to why not)
to test for the existence of
fraud.
None or some fraud review
results are presented and
discussed, but major detail is
missing.
The fraud review results are
presented and discussed;
however, key details are
missing.
The fraud review results are
presented and discussed
including key details.
The fraud review test results
are discussed, fully detailed,
and clearly explained.
The fraud review test results
are discussed, fully detailed,
and clearly explained in a
concise and focused manner.
Fewer than two relevant
recommendations are
provided to address fraud
weaknesses.
Two recommendations are
provided to address fraud
weaknesses.
Two recommendations are
provided to address fraud
weaknesses.
Two recommendations are
provided to address fraud
weaknesses and they are
relevant.
Two recommendations are
provided to address fraud
weaknesses and they are
highly relevant.
No SQL Script is provided in
relation to fraud issues.
The SQL Script for fraud
issues is included for some
tests carried out.
SQL Script for fraud issues is
included for all tests carried
out.
SQL Script for fraud issues is
included for all tests carried
out, & they support the
analysis.
SQL Script for fraud issues is
included for all tests carried
out, support the analysis, &
queries are effective and
efficient.
BISM7221 – MARKING RUBRIC: BUSINESS CONSULTING REPORT (IS RECOMMENDATIONS)
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations) Assessment Guideline
(Semester 1 2022)
7
Below Expectations
< 50%
Meets Expectations
50% - 65%
Good
65% to 75%
Very Good
75% to 85%
Outstanding
85% to 100%
Assessment of General Controls and Recommendations (30 points)
Fewer than two operational
concerns are identified.
Two operational concerns
are identified.
Two operational concerns
are identified & the concerns
are relevant.
Two operational concerns
are identified & supported by
an explanation as to why
they are concerns.
Two insightful operational
concerns are identified and
supported by an explanation
as to why they are concerns.
Fewer than two
recommendations are
provided to address
operational concerns.
Two or more
recommendations are
provided to address the
operational concerns.
Two or more
recommendations are
provided to address each
operational concern and the
recommendations address
the relevant concern.
Two or more
recommendations are
provided to address each
operational concern & the
concerns and
recommendations are
explicitly linked.
Two or more highly relevant
recommendations are
provided to address each
operational concern & the
concerns and
recommendations are
explicitly linked.
No physical controls are
identified.
Some physical controls are
identified and evaluated.
Key physical controls are
identified and evaluated.
Most physical controls are
identified and evaluated.
Almost all physical controls
are identified and evaluated.
No IT general controls are
identified.
Some IT general controls are
identified and evaluated.
Key IT general controls are
identified and evaluated.
Most IT general controls are
identified and evaluated.
Almost all IT general controls
are identified and evaluated.
Fewer than two
recommendations, is
provided to improve
physical/general controls.
Two or more
recommendations are
provided to improve
physical/general controls.
Two or more
recommendations are
provided to improve
physical/general controls &
the recommendations
address the weakness(es).
Two or more
recommendations are
provided to improve
physical/general controls &
the link between control
weaknesses & the
recommendation is explicit.
Two or more highly relevant
recommendations are
provided to improve
physical/general controls &
the link between control
weaknesses & the
recommendation is explicit
BISM7221 – MARKING RUBRIC: BUSINESS CONSULTING REPORT (IS RECOMMENDATIONS)
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations) Assessment Guideline
(Semester 1 2022)
8
Below Expectations
< 50%
Meets Expectations
50% - 65%
Good
65% to 75%
Very Good
75% to 85%
Outstanding
85% to 100%
Presentation and communication (20 points)
No Executive Summary is
provided, or the Executive
Summary is inadequate.
The Executive Summary
summarises most
assessment points and most
recommendations made.
The Executive Summary
summarises key assessment
points and key
recommendations made.
The Executive Summary
summarises all assessment
points and recommendations
made.
The Executive Summary
summarises all assessment
points and recommendations
made and is clear & concise.
No to very few mechanical
criteria (spelling, referencing)
are addressed as required.
Most mechanical criteria
(spelling, referencing) are
addressed as required.
Most mechanical criteria
(spelling, referencing,
grammar) are addressed as
required.
All mechanical criteria
(spelling, referencing,
grammar) are addressed as
required.
All mechanical criteria
(spelling, referencing,
grammar) are done to a very
high standard.
The report lacks professional
presentation.
The presentation of the
report contains some
deficiencies in appearance
but could be delivered to the
client with minor changes.
The presentation of the
report contains some
deficiencies in appearance
but could be delivered to the
client as is.
The report is presented in a
professional manner.
The report is presented in a
highly professional manner.
The structure is not clear. The structure of the report
addresses most of the
report's objectives.
The structure of the report is
appropriate and supports
most of the report’s
objectives.
The structure of the report is
appropriate and clearly
supports all the report’s
objectives.
The structure is appropriate
for the report, supports all the
report's objectives, and
builds towards and supports
its scope and conclusions.
Formatting requirements are
not addressed.
Formatting requirements are
below expectations.
Formatting requirements
meet expectations.
Formatting requirements are
addressed well.
Formatting requirements are
addressed exceptionally well.
Prepared by: Micheal Axelsen
Senior Lecturer (Business Information Systems)
Date: 7th March 2022
7th March 2022
BISM7221 Information Systems
Control, Governance and Audit
Report – Business Consulting Report
(IS Recommendations)
Assessment Guideline
SEMESTER 1 2022
UQ Business School
7th March 2022
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations)
Assessment Guideline
(Semester 1 2022)
1
Purpose
This document identifies the requirements for this assessment and a marking rubric to provide
guidance in undertaking this assessment.
Details:
Type: Report
Due Date: 2:00pm 20th May 2022
Weight: 50%
In Brief: One Business Consulting Report with recommendations to inform the Company's
Board and Management regarding IT Governance, Fraud assessment, and
assessment of General controls and Operations to improve business performance.
Task Description
This is an individual assignment. Students will use their understanding developed in understanding IT
governance, fraud detection, and general controls to prepare a Business Consulting Report with
recommendations that improve business performance. This report is derived from a case organisation
described in the Assignment Specification.
The Business Consulting Report will require analytical skills to assess the case organisation's portfolio
of IT governance mechanisms, consider the potential for fraud arising from weaknesses in the general
control mechanisms, document any findings of fraud, and how to improve organisational performance
through recommendations that strengthen the general controls environment.
The results are communicated as a Business Consulting Report of no more than 12 pages in length
(excluding appendices) that documents the project rationale and approach, findings, and key
recommendations for IT governance, fraud prevention, and the IT general controls environment. The
report is a cohesive document that can be communicated to the client.
Students are to use SQL data analytic techniques used in tutorials for fraud detection work and use
Excel data visualisations to highlight their findings in the report. These visualisations should be to a
high standard as they are to be communicated directly to the client.
PostgreSQL is available as open-source software for installation on your own computer. PostgreSQL
is not installed on the University's computer laboratories. Excel is available as part of the Office 365
package available to students free-of-charge and installation on your own computer. A Windows or
macOS computer can be used for this software.
Key to success in this assessment is a professional Business Consulting Report that demonstrates
completeness, attention to detail, insightful analysis, and clear communication.
Criteria and Marking
An Assessment Guideline is provided in Learn.UQ with more details regarding this assessment item,
including a grading rubric. The grading rubric allocates marks to five dimensions: Engagement
Rationale and Planning (10%), IT Governance assessment and recommendations (20%), Fraud
assessment, detection, conclusions, and recommendations (20%), Assessment of General Controls
and Recommendations (30%), Presentation and Communication (20%).
A full and complete Business Consulting Report (no more than 12 pages excluding title pages and
appendices) is to be submitted.
UQ Business School
7th March 2022
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations)
Assessment Guideline
(Semester 1 2022)
2
Requirements
This assessment task is a full and complete Business Consulting Report, formatted
professionally and appropriately.
Students shall address this task individually.
This Business Consulting Report is to be written by you as an individual consultant that has been
asked to use your understanding of IT governance as well as the systems analytical skills and
techniques to provide advice to a client identified in the accompanying Assignment Specification. The
Assignment Specification is provided on Learn.UQ as a supporting document separate to this
Guideline. You are to document the results of your analysis as a business consulting report. The
business consulting report is addressed to the audience noted in the Assignment Specification but is
to be executed to a high standard as this report will be provided to the Board and Chief Executive
Officer.
In the Assignment Specification, you are provided with Guiding Questions. Answering these questions
requires that you apply your understanding of IT Governance and IT General Controls to provide IT
governance and operational advice and use the PostgreSQL and Microsoft Excel tools to undertake
fraud analysis.
The data files used are provided with the Assignment Specification in the assessment folder –
it is a zip file that will need to be unzipped. You are to download these files to your computer
and import the data into PostgreSQL
As a starting point for your analysis, the following seminars from the course will be particularly helpful:
• Seminar 3 (Business, Ethics and Fraud)
• Seminar 4 (IT Governance
• Seminar 5 (Information and Cyber Governance)
• Seminar 7 (General IT Environment)
• Seminar 8 (General Controls)
Seminar 6 (Professional IS Advisory Services) also provides you with a context for planning and
undertaking the Business Consulting Report assessment.
Format
Your report should be typed (in Times Roman 10-point font or equivalent, single-spaced) and it should
be approximately 12 pages in length (excluding Executive Summary, appendices, figure,
diagrams, tables, or, where used, references in the reference list). In all ways you should format
the report to conform to the standards of a professional business consulting report.
On the cover/title page note the essay title, your student number, name, the course code and course
title, the date, the word count (excluding cover page, Executive Summary, appendices, figures,
diagrams, tables, appendices and, where used, references in the reference list) and the
reference citation style where relevant.
The length of the report is specified as being no more than 12 pages in length. You should write a
consulting report that, in your professional judgment, best addresses the Guiding Questions whilst
also aiming for clarity and conciseness. Too short and there may be insufficient detail. Too long, and
you may not have summarised the material sufficiently. Use appendices well for reference and
supporting material.
Figures/diagrams/tables presented in the main body of the report should not exceed one page.
There is no limit on the number of pages of appendices.
However, in this vein, you should think in terms of a highly paid, busy senior executive spending his or
her time reading your report. You would want to get your arguments across forcefully, but not waste
UQ Business School
7th March 2022
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations)
Assessment Guideline
(Semester 1 2022)
3
the person's time. The senior executive would probably not read the appendices, so the body of your
report should be able to stand on its own and match to the expectations of a business consulting
report. The senior executive's staff analysts would likely examine your appendices in depth, however,
so they must also be executed and presented to a high standard.
You may need to use external independent sources in support of the arguments you present in the
report, or the tests that you discuss. References when used can be cited using APA 6th, Harvard, or
Vancouver styles (you must note the referencing style on the title page). Other citation styles may
be allowed through permission granted by the lecturer.
Always remember that the report should conform to the standards of a professional business
consulting report.
Frequently Asked Questions
• Are independently researched quality academic sources required, and what are they?
No they are not required. You may however choose to cite such sources in support of your
answers to guiding questions.
• Can we cite non-academic ‘industry’ sources?
Yes you can, although are not required. You may however choose to cite such sources in
support of your answers to guiding questions.
• How long does the report need to be?
The specification sheet says that the main body of the report (excluding title page, executive
summary, and appendices) should be no more than 12 pages in length in Times Roman 10-
point font or equivalent. You will need to keep in mind the need for a professionally presented
report. The main part of the report should be sufficient for the busy executive to understand
the core answers addressing the guiding questions. Detailed material and reports (query files,
long reports, etc.) should be placed in the appendices.
In writing your report, consider the busy executive who is reading the report, and aim for
efficiency and ease of communication rather than for density and exhaustive analysis in the
main report. Each student’s response will vary, not least due to the selected format and
approach. Although no minimum length is specified, it is likely though that the main report will
be somewhere in the range of between 8 to 12 pages in length.
Given the usual rule of thumb of approximately 10% leeway – the report should not be
more than 14 pages in length.
Appendices and detailed analysis can (and should) be included in appendices to support your
overall analysis. You should include some detail in the main body of your report and provide
greater detail in the appendices.
UQ Business School
7th March 2022
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations)
Assessment Guideline
(Semester 1 2022)
4
• How professional is professional? What does that even mean?
It means that in every way the report is true to what you would expect a professional to
provide in a consulting engagement. The internet has several examples available.
Several pointers:
• Use dot points judiciously. Perhaps open and close your answer to each question with a
full paragraph, but focused dot points statements that explicitly address the question are
clear and concise in a business report.
• Consider following an exemplar format of a consulting report that you have found as a
guide. If this is done, however, be sure that the report is structured to clearly relate to the
guiding questions set out in the Assignment Specification.
• Do not allow your report to become waffly, vague, and wordy. Explicitly identify
recommendations made (for example, "It is recommended that [insert
recommendation].").
You should structure your report to match the requirements of the case.
• What goes on the cover page again?
On the cover/title page note the essay title, your student number, name, the course code and
course title, the date, the word count (excluding Cover Page, Abstract,
Figures/Diagrams/Tables, Appendices and References) and the reference citation style.
Assessment
The criterion-based marking rubric below applies the Criteria and Marking noted above. Part marks
are rounded up to the nearest half mark.
Assignment Submission
There will be electronic submission of assignments through TurnItIn in the course website (Learn.UQ)
under Assessment. The drop-box will remain open to allow for late submission.
Your document must be submitted in either Microsoft Word document format or PDF format.
You must name your document with your last name followed by your initial(s) (e.g., Smith_A.doc). All
students will receive an electronic copy of their marked assignment through Learn.UQ.
When you submit your assignment to the drop−box, this act will certify that you have acknowledged
and understand the Plagiarism Statute of the University of Queensland.
As a safeguard, you may wish to submit your assignment to the lecturer by electronic email at the
same time as submitting via Blackboard (m.axelsen@business.uq.edu.au).
Please discuss any problems that may lead to late submission with your lecturer at the earliest
possible opportunity. Items (for which no extension has been granted) submitted after the due date
and time, incur a late submission penalty. The penalty is at the rate of 10% of the total available
marks for that piece of assessment, for each calendar day or part thereof that the item is overdue.
Additional information
Additional information will be given to students in class on how to undertake the assignment.
BISM7221 – MARKING RUBRIC: BUSINESS CONSULTING REPORT (IS RECOMMENDATIONS)
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations) Assessment Guideline
(Semester 1 2022)
5
Assessed out of 100 points and scaled back to 50 marks. Part marks are rounded up to the nearest half mark.
Below Expectations
< 50%
Meets Expectations
50% - 65%
Good
65% to 75%
Very Good
75% to 85%
Outstanding
85% to 100%
Engagement Rationale and Planning (10 points)
You have not identified the
scope and audience for the
report.
You have identified the
scope and audience for the
report.
You have identified the
scope and audience for the
report.
You have clearly identified
the scope and audience by
name for the report.
You have clearly identified
the scope and audience by
name for the report and
identified key business
questions addressed by the
report.
No engagement plan
(approach) is provided, or the
engagement plan misses
crucial steps.
Engagement plan identifies
most crucial steps.
Engagement plan identifies
all crucial steps.
Engagement plan identifies
and describes all crucial
steps and project inputs and
outputs.
Engagement plan identifies &
describes all crucial steps &
links project outcomes to
guiding questions.
Engagement plan (approach)
is not identified in a diagram.
Engagement plan is
identified in a diagram.
Engagement plan is
identified in a diagram & is
presented to a high visual
standard.
Engagement plan is
identified in a diagram & the
diagram is presented to a
high visual standard with
project inputs and outputs
identified.
Engagement plan is
identified in a diagram & the
diagram is presented to a
high visual standard with
project outputs, & outcomes
identified.
IT governance assessment and recommendations (20 points)
No IT Governance
mechanisms from the
'Engagement Model' from the
case are identified.
Some IT Governance
mechanisms from the
'Engagement Model' from the
case are identified.
Most Key IT Governance
mechanisms from the
'Engagement Model' from the
case are identified.
Key IT Governance
mechanisms from the
'Engagement Model' from the
case are identified.
All IT Governance
mechanisms from the
'Engagement Model' from the
case are identified.
No IT Governance
mechanisms from the
'Engagement Model' from the
case are evaluated.
Some IT Governance
mechanisms from the
'Engagement Model' from the
case are evaluated.
Most Key IT Governance
mechanisms from the
'Engagement Model' from the
case are evaluated.
Key IT Governance
mechanisms from the
'Engagement Model' from the
case are evaluated.
All IT Governance
mechanisms from the
'Engagement Model' from the
case are evaluated.
BISM7221 – MARKING RUBRIC: BUSINESS CONSULTING REPORT (IS RECOMMENDATIONS)
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations) Assessment Guideline
(Semester 1 2022)
6
Below Expectations
< 50%
Meets Expectations
50% - 65%
Good
65% to 75%
Very Good
75% to 85%
Outstanding
85% to 100%
Fewer than two
recommendations are
provided to improve IT
Governance.
Two or more
recommendations are
provided to improve IT
Governance.
Two or more
recommendations are
provided to improve IT
Governance & the
recommendations are
supported by the evaluation.
Two or more
recommendations are
provided to improve IT
Governance & explicitly
address the evaluation.
Two or more highly relevant
recommendations are
provided to improve the IT
Governance & explicitly
address the evaluation.
Fraud assessment, detection, conclusions, and recommendations (20 points)
Only a few fraud detection
techniques using SQL are
designed & performed.
Most fraud detection
techniques using SQL are
designed & performed (or a
reason given as to why not)
to test for the existence of
fraud.
Key fraud detection
techniques using SQL are
designed & performed (or a
reason given as to why not)
to test for the existence of
fraud.
Key fraud detection
techniques using SQL are
designed & performed (or a
reason given as to why not)
to test for the existence of
fraud.
All fraud detection
techniques using SQL are
designed & performed (or a
reason given as to why not)
to test for the existence of
fraud.
None or some fraud review
results are presented and
discussed, but major detail is
missing.
The fraud review results are
presented and discussed;
however, key details are
missing.
The fraud review results are
presented and discussed
including key details.
The fraud review test results
are discussed, fully detailed,
and clearly explained.
The fraud review test results
are discussed, fully detailed,
and clearly explained in a
concise and focused manner.
Fewer than two relevant
recommendations are
provided to address fraud
weaknesses.
Two recommendations are
provided to address fraud
weaknesses.
Two recommendations are
provided to address fraud
weaknesses.
Two recommendations are
provided to address fraud
weaknesses and they are
relevant.
Two recommendations are
provided to address fraud
weaknesses and they are
highly relevant.
No SQL Script is provided in
relation to fraud issues.
The SQL Script for fraud
issues is included for some
tests carried out.
SQL Script for fraud issues is
included for all tests carried
out.
SQL Script for fraud issues is
included for all tests carried
out, & they support the
analysis.
SQL Script for fraud issues is
included for all tests carried
out, support the analysis, &
queries are effective and
efficient.
BISM7221 – MARKING RUBRIC: BUSINESS CONSULTING REPORT (IS RECOMMENDATIONS)
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations) Assessment Guideline
(Semester 1 2022)
7
Below Expectations
< 50%
Meets Expectations
50% - 65%
Good
65% to 75%
Very Good
75% to 85%
Outstanding
85% to 100%
Assessment of General Controls and Recommendations (30 points)
Fewer than two operational
concerns are identified.
Two operational concerns
are identified.
Two operational concerns
are identified & the concerns
are relevant.
Two operational concerns
are identified & supported by
an explanation as to why
they are concerns.
Two insightful operational
concerns are identified and
supported by an explanation
as to why they are concerns.
Fewer than two
recommendations are
provided to address
operational concerns.
Two or more
recommendations are
provided to address the
operational concerns.
Two or more
recommendations are
provided to address each
operational concern and the
recommendations address
the relevant concern.
Two or more
recommendations are
provided to address each
operational concern & the
concerns and
recommendations are
explicitly linked.
Two or more highly relevant
recommendations are
provided to address each
operational concern & the
concerns and
recommendations are
explicitly linked.
No physical controls are
identified.
Some physical controls are
identified and evaluated.
Key physical controls are
identified and evaluated.
Most physical controls are
identified and evaluated.
Almost all physical controls
are identified and evaluated.
No IT general controls are
identified.
Some IT general controls are
identified and evaluated.
Key IT general controls are
identified and evaluated.
Most IT general controls are
identified and evaluated.
Almost all IT general controls
are identified and evaluated.
Fewer than two
recommendations, is
provided to improve
physical/general controls.
Two or more
recommendations are
provided to improve
physical/general controls.
Two or more
recommendations are
provided to improve
physical/general controls &
the recommendations
address the weakness(es).
Two or more
recommendations are
provided to improve
physical/general controls &
the link between control
weaknesses & the
recommendation is explicit.
Two or more highly relevant
recommendations are
provided to improve
physical/general controls &
the link between control
weaknesses & the
recommendation is explicit
BISM7221 – MARKING RUBRIC: BUSINESS CONSULTING REPORT (IS RECOMMENDATIONS)
BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations) Assessment Guideline
(Semester 1 2022)
8
Below Expectations
< 50%
Meets Expectations
50% - 65%
Good
65% to 75%
Very Good
75% to 85%
Outstanding
85% to 100%
Presentation and communication (20 points)
No Executive Summary is
provided, or the Executive
Summary is inadequate.
The Executive Summary
summarises most
assessment points and most
recommendations made.
The Executive Summary
summarises key assessment
points and key
recommendations made.
The Executive Summary
summarises all assessment
points and recommendations
made.
The Executive Summary
summarises all assessment
points and recommendations
made and is clear & concise.
No to very few mechanical
criteria (spelling, referencing)
are addressed as required.
Most mechanical criteria
(spelling, referencing) are
addressed as required.
Most mechanical criteria
(spelling, referencing,
grammar) are addressed as
required.
All mechanical criteria
(spelling, referencing,
grammar) are addressed as
required.
All mechanical criteria
(spelling, referencing,
grammar) are done to a very
high standard.
The report lacks professional
presentation.
The presentation of the
report contains some
deficiencies in appearance
but could be delivered to the
client with minor changes.
The presentation of the
report contains some
deficiencies in appearance
but could be delivered to the
client as is.
The report is presented in a
professional manner.
The report is presented in a
highly professional manner.
The structure is not clear. The structure of the report
addresses most of the
report's objectives.
The structure of the report is
appropriate and supports
most of the report’s
objectives.
The structure of the report is
appropriate and clearly
supports all the report’s
objectives.
The structure is appropriate
for the report, supports all the
report's objectives, and
builds towards and supports
its scope and conclusions.
Formatting requirements are
not addressed.
Formatting requirements are
below expectations.
Formatting requirements
meet expectations.
Formatting requirements are
addressed well.
Formatting requirements are
addressed exceptionally well.
Prepared by: Micheal Axelsen
Senior Lecturer (Business Information Systems)
Date: 7th March 2022
