UQ Business School 19th February 2023 BISM7221 Information Systems Control, Governance and Audit Report – Business Consulting Report (IS Recommendations) Assessment Guideline SEMESTER 1 2023 UQ Business School 19th February 2023 BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations) Assessment Guideline (Semester 1 2023) 1 Purpose This document identifies the requirements for this assessment and a marking rubric to provide guidance in undertaking this assessment. Details: Type: Report Due Date: 2:00pm 9th June 2023 Weight: 50% In Brief: One Business Consulting Report with recommendations to inform the Company's Board and Management regarding IT Governance, Fraud assessment, and assessment of General controls and Operations to improve business performance. Task Description This is an individual assignment. Students will use their understanding from the course of IT governance, fraud detection, and general controls to prepare a Business Consulting Report with recommendations that improve business performance. This report is derived from a case organisation described in the Assignment Specification. The Business Consulting Report will require analytical skills to assess the case organisation's portfolio of IT governance mechanisms, consider the potential for fraud arising from weaknesses in the internal control mechanisms, document any findings of fraud, and how to improve organisational performance through recommendations that strengthen the internal controls environment. The report will document the project rationale and approach, findings, and key recommendations for IT governance, fraud prevention, and the IT general controls environment. The report is a cohesive document that can be communicated to the client. The results are communicated as a Business Consulting Report of 8 to 12 pages in length (excluding appendices). Students are to use SQL data analytic techniques used in tutorials for fraud detection work and use Excel data visualisations to highlight their findings in the report. These visualisations should be to a high standard as they are to be communicated directly to the client. Software Required: • PostgreSQL is available as open source software for installation on your own computer • PostgreSQL is not installed on the University's computer laboratories • Excel is available as part of the Office 365 package available to students free-of-charge and installation on your own computer Key to success in this assessment is a professional Business Consulting Report that demonstrates completeness, attention to detail, insightful analysis, and clear communication. UQ Business School 19th February 2023 BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations) Assessment Guideline (Semester 1 2023) 2 Criteria and Marking The grading rubric allocates marks to six dimensions: • IT Governance assessment and recommendations (10%) • Assessment of Internal Controls and Recommendations (20%) • Fraud assessment, detection, conclusions, and recommendations (20%) • Assessment of Operational Performance and Recommendations (20%), • Design and Performance of SQL Tests (20%), • Presentation and Communication (10%). A full and complete Business Consulting Report (between 8 and 12 pages in length excluding title pages and appendices) is to be submitted. Requirements This assessment task is a full and complete Business Consulting Report, formatted professionally and appropriately. Students shall address this task individually. This Business Consulting Report is to be written by you as an individual consultant that has been asked to use your understanding of IT governance as well as the systems analytical skills and techniques to provide advice to a client identified in the accompanying Assignment Specification. The Assignment Specification is provided on Learn.UQ as a supporting document separate to this Guideline. You are to document the results of your analysis as a business consulting report. The business consulting report is addressed to the audience noted in the Assignment Specification but is to be executed to a high standard as this report will be provided to the Board and Chief Executive Officer. In the Assignment Specification, you are provided with four Guiding Questions. Answering these questions requires that you apply your understanding of IT Governance and IT General Controls to provide IT governance and operational advice, and use the PostgreSQL and Microsoft Excel tools to undertake fraud analysis. The data files used are provided with the Assignment Specification in the assessment folder – it is a zip file that will need to be unzipped. You are to download these files to your computer and import the data into PostgreSQL Format Your report should be typed (in Times Roman 10-point font or equivalent, single-spaced) and it should be between 8 and 12 pages in length (excluding Executive Summary, appendices, figure, diagrams, tables, or, where used, references in the reference list). In all ways you should format the report to conform to the standards of a professional business consulting report. On the cover/title page note the essay title, your student number, name, the course code and course title, the date, the word count (excluding cover page, Executive Summary, appendices, figures, diagrams, tables, appendices and, where used, references in the reference list) and the reference citation style where relevant. The length of the main body of the report report is specified as being no more than 12 pages in length. You should write a consulting report that, in your professional judgment, best addresses the Guiding Questions whilst also aiming for clarity and conciseness. Too short and there may be insufficient detail. Too long, and you may not have summarised the material sufficiently. Use appendices well for reference and supporting material. UQ Business School 19th February 2023 BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations) Assessment Guideline (Semester 1 2023) 3 Figures/diagrams/tables presented in the main body of the report should not exceed one page. There is no limit on the number of pages of appendices. However, in this vein, you should think in terms of a highly paid, busy senior executive spending his or her time reading your report. You would want to get your arguments across forcefully, but not waste the person's time. The senior executive would probably not read the appendices, so the body of your report should be able to stand on its own and match to the expectations of a business consulting report. The senior executive's staff analysts would likely examine your appendices in depth, however, so they must also be executed and presented to a high standard. You may need to use external independent sources in support of the arguments you present in the report, or the tests that you discuss. References when used can be cited using APA 7th, Chicago, or Vancouver styles (you must note the referencing style on the title page). Other citation styles may be allowed through permission granted by the lecturer. Always remember that the report should conform to the standards of a professional business consulting report. Frequently Asked Questions • Are independently researched quality academic sources required, and what are they? No they are not required. You may however choose to cite such sources in support of your answers to guiding questions. • Can we cite non-academic ‘industry’ sources? Yes you can, although are not required. You may however choose to cite such sources in support of your answers to guiding questions. • How long does the report need to be? The specification sheet says that the main body of the report (excluding title page, executive summary, and appendices) should be no more than 12 pages in length in Times Roman 10- point font or equivalent. You will need to keep in mind the need for a professionally presented report. The main part of the report should be sufficient for the busy executive to understand the core answers addressing the guiding questions. Detailed material and reports (query files, long reports, etc.) should be placed in the appendices. In writing your report, consider the busy executive who is reading the report, and aim for efficiency and ease of communication rather than for density and exhaustive analysis in the main report. Each student’s response will vary, not least due to the selected format and approach. Although no minimum length is specified, it is likely though that the main report will be somewhere in the range of between 8 to 12 pages in length. Given the usual rule of thumb of approximately 10% leeway – the report should not be more than 14 pages in length. Appendices and detailed analysis can (and should) be included in appendices to support your overall analysis. You should include some detail in the main body of your report and provide greater detail in the appendices. UQ Business School 19th February 2023 BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations) Assessment Guideline (Semester 1 2023) 4 • How professional is professional? What does that even mean? It means that in every way the report is true to what you would expect a professional to provide in a consulting engagement. The internet has several examples available. Several pointers: • Use dot points judiciously. Perhaps open and close your answer to each question with a full paragraph, but focused dot points statements that explicitly address the question are clear and concise in a business report. • Consider following an exemplar format of a consulting report that you have found as a guide. If this is done, however, be sure that the report is structured to clearly relate to the guiding questions set out in the Assignment Specification. • Do not allow your report to become waffly, vague, and wordy. Explicitly identify recommendations made (for example, "It is recommended that [insert recommendation]."). You should structure your report to match the requirements of the case. • What goes on the cover page again? On the cover/title page note the essay title, your student number, name, the course code and course title, the date, the word count (excluding Cover Page, Abstract, Figures/Diagrams/Tables, Appendices and References) and the reference citation style. Assessment The criterion-based marking rubric below applies the Criteria and Marking noted above. Part marks are rounded up to the nearest half mark. Assignment Submission There will be electronic submission of assignments through TurnItIn in the course website (Learn.UQ) under Assessment. The drop-box will remain open to allow for late submission. Your document must be submitted in either Microsoft Word document format or PDF format. You must name your document with your last name followed by your initial(s) (e.g., Smith_A.doc). All students will receive an electronic copy of their marked assignment through Learn.UQ. When you submit your assignment to the drop−box, this act will certify that you have acknowledged and understand the Plagiarism Statute of the University of Queensland. As a safeguard, you may wish to submit your assignment to the lecturer by electronic email at the same time as submitting via Blackboard (m.axelsen@business.uq.edu.au). Please discuss any problems that may lead to late submission with your lecturer at the earliest possible opportunity. Items (for which no extension has been granted) submitted after the due date and time, incur a late submission penalty. The penalty is at the rate of 10% of the total available marks for that piece of assessment, for each calendar day or part thereof that the item is overdue. Additional information Additional information will be given to students in class on how to undertake the assignment. BISM7221 – MARKING RUBRIC: BUSINESS CONSULTING REPORT (IS RECOMMENDATIONS) BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations) Assessment Guideline (Semester 1 2023) 5 Assessed out of 100 points and scaled back to 50 marks. Part marks are rounded up to the nearest half mark. Below Expectations < 50% Meets Expectations 50% - 65% Good 65% to 75% Very Good 75% to 85% Outstanding 85% to 100% IT governance assessment and recommendations (10 points) No IT Governance mechanisms from the 'Engagement Model' from the case are considered in the analysis. Some IT Governance mechanisms from the 'Engagement Model' from the case are considered in the analysis. Most Key IT Governance mechanisms from the 'Engagement Model' from the case are considered in the analysis. Key IT Governance mechanisms from the 'Engagement Model' from the case are considered in the analysis. All IT Governance mechanisms from the 'Engagement Model' from the case are considered in the analysis. No evaluation considering current issues and future directions is provided. An evaluation considering some issues and future needs is provided. A thorough evaluation considering issues and future needs is provided. A thorough evaluation is provided that considers key issues and future needs whilst also linking the evaluation to the recommendations made. A clear and professional evaluation is provided that considers key issues and future needs whilst also linking the evaluation to the recommendations made. Fewer than two recommendations are provided to improve IT Governance. Two or more recommendations are provided to improve IT Governance. Two or more recommendations are provided to improve IT Governance & the recommendations are supported by the evaluation. Two or more recommendations are provided to improve IT Governance & explicitly address the evaluation. Two or more highly relevant recommendations are provided to improve the IT Governance & explicitly address the evaluation. Assessment of Internal Controls and Recommendations (20 points) No physical controls are identified. Some physical controls are identified and evaluated. Most physical controls are identified and evaluated. Key physical controls are selected according to criteria, identified and evaluated. Key physical controls are selected according to criteria, identified and thoroughly evaluated. No general controls are identified. Some general controls are identified and evaluated. Most general controls are identified and evaluated. Key general controls are selected according to criteria, identified and evaluated. Key general controls are selected according to criteria, identified and thoroughly evaluated. No application controls are identified. Some application controls are identified and evaluated. Most application controls are identified and evaluated. Key application controls are selected according to criteria, identified and evaluated. Key application controls are selected according to criteria, identified and thoroughly evaluated. No evaluation of the internal controls system as a whole is provided. An evaluation of the internal controls system as a whole is provided. An evaluation of the internal controls system as a whole is provided, and the evaluation is structured and considered in its approach. An evaluation of the internal controls system as a whole is provided, and the evaluation is structured and complete in its approach. An evaluation of the internal controls system as a whole is provided, and the evaluation is insightful, structured and complete in its approach. Fewer than three recommendations, are provided to improve internal controls. Three or more recommendations are provided to improve internal controls. Three or more recommendations are provided to improve internal controls and the recommendations address the weakness(es). Three or more recommendations are provided to improve internal controls and the link between control weaknesses & the recommendation is explicit. Three or more highly relevant recommendations are provided to improve internal controls and the link between control weaknesses & the recommendation is explicit BISM7221 – MARKING RUBRIC: BUSINESS CONSULTING REPORT (IS RECOMMENDATIONS) BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations) Assessment Guideline (Semester 1 2023) 6 Below Expectations < 50% Meets Expectations 50% - 65% Good 65% to 75% Very Good 75% to 85% Outstanding 85% to 100% Fraud assessment, detection, conclusions, and recommendations (10 points) Two or fewer fraud detection techniques using SQL are designed & performed. Most fraud detection techniques using SQL are designed & performed (or a reason given as to why not) to test for the existence of fraud. Key fraud detection techniques using SQL are designed & performed (or a reason given as to why not) to test for the existence of fraud. Key fraud detection techniques using SQL are designed & performed (or a reason given as to why not) to test for the existence of fraud. All fraud detection techniques using SQL are designed & performed (or a reason given as to why not) to test for the existence of fraud. No data visualisations (Excel Charts) are used in support of the analysis assessing fraud detection techniques. Some data visualisations (Excel Charts) are used in support of the analysis assessing some fraud detection techniques. Informative data visualisations (Excel Charts) are used in support of the analysis assessing some fraud detection techniques. Informative and well-presented data visualisations (Excel Charts) are used in support of the analysis assessing all fraud detection techniques. Informative and outstandingly presented data visualisations (Excel Charts) are used in support of the analysis assessing all fraud detection techniques. Limited fraud review results are presented and discussed, or major detail is missing. Fraud review results are presented and discussed; however, key details are missing. Fraud review results are presented and discussed including key details. Fraud review test results are discussed, fully detailed, and clearly explained. Fraud review test results are discussed, fully detailed, and clearly explained in a concise & focused manner. Fewer than two recommendations are provided that address fraud weaknesses. Two recommendations are provided that address fraud weaknesses. Two actionable recommendations are provided that address fraud weaknesses. Two actionable recommendations are provided that address fraud weaknesses and they are relevant. Two actionable recommendations are provided that address fraud weaknesses and they are highly relevant. Assessment of Operational Performance and Recommendations (20 points) One or fewer operational concerns are identified. Two operational concern is identified. Two operational concerns are identified and supported by an explanation as to why they are operational concerns. Three operational concerns are identified and supported by an explanation as to why they are operational concerns. At least three insightful operational concerns are identified and supported by an explanation as to why they are operational concerns. No recommendation, or only one recommendation, is provided to address operational concerns. Two recommendations are provided to address the operational concern(s). At least three recommendations are provided to address the operational concern(s) and a rationale for the recommendations is provided. At least three relevant recommendations are provided to address the operational concern(s). At least four relevant to highly relevant recommendations are provided to address the operational concern(s). No rationale for recommendations is provided, or the rationale does not link the recommendations to identified operational concerns. A rationale for some recommendations is provided that links the recommendations to identified operational concerns. A rationale for some recommendations is provided that links the recommendations to identified operational concerns while recognising some dependencies between the recommendations. A rationale for most recommendations is provided that links the recommendations to identified operational concerns while recognising critical dependencies between the recommendations. A clear and concise rationale for each recommendation is provided that links the recommendations to identified operational concerns while recognising critical dependencies between the recommendations. An inadequate (or no) analysis in support of recommendations made is provided.. An analysis that supports a range of recommendations is provided. A high-level analysis that supports a range of relevant recommendations is provided. A thorough high-level analysis that supports an actionable range of relevant recommendations is provided. A comprehensive but high-level analysis that supports an excellent and actionable range of relevant and creative recommendations is provided. BISM7221 – MARKING RUBRIC: BUSINESS CONSULTING REPORT (IS RECOMMENDATIONS) BISM7221 Information Systems Control, Governance, and Audit – Business Consulting Report (IS Recommendations) Assessment Guideline (Semester 1 2023) 7 Below Expectations < 50% Meets Expectations 50% - 65% Good 65% to 75% Very Good 75% to 85% Outstanding 85% to 100% Design and Performance of SQL Tests (20 points) No SQL Scripts1 are provided in support of the assessment of internal controls. At least four SQL Scripts are provided in support of the assessment of internal controls. At least four SQL Scripts are provided in support of the assessment of internal controls & most are advanced. At least four SQL Scripts are provided in support of the assessment of internal controls & all are advanced. At least four purposeful SQL Scripts are provided in support of the assessment of internal controls & all are advanced. No SQL Scripts are provided in support of the assessment and detection of fraud. At least four SQL Scripts are provided in support of the assessment and detection of fraud. At least four SQL Scripts are provided in support of the assessment and detection of fraud & most are advanced. At least four SQL Scripts are provided in support of the assessment and detection of fraud & all are advanced. At least four purposeful SQL Scripts are provided in support of the assessment and detection of fraud & all are advanced. No SQL Scripts are provided in support of the assessment of operational performance. At least four SQL Scripts are provided in support of the assessment of operational performance. At least four SQL Scripts are provided in support of the assessment of operational performance & most are advanced. At least four SQL Scripts are provided in support of the assessment of operational performance & all are advanced. At least four purposeful SQL Scripts are provided in support of the assessment of operational performance & all are advanced. Presentation and communication (10 points) No Executive Summary is provided, or the Executive Summary is inadequate. The Executive Summary summarises most assessment points and most recommendations made. The Executive Summary summarises key assessment points and key recommendations made. The Executive Summary summarises all assessment points and recommendations made. The Executive Summary summarises all points and recommendations made and is clear & concise. You have not identified the scope and audience for the report. You have identified the scope or audience for the report. You have identified the scope and audience for the report. You have clearly identified the scope and audience by name for the report. You have clearly identified the scope and audience by name for the report and identified the report's purpose. The report is not written to an adequate professional business standard (grammar, spelling, structure). The report is consistently written to an adequate professional business standard (grammar, spelling, structure). The report is consistently written to a good professional business standard (grammar, spelling, structure). The report is consistently written to a high professional business standard (grammar, spelling, structure) with clear arguments. The report is consistently written to a high professional business standard (grammar, spelling, format) with clear arguments demonstrating logical flow. Formatting & referencing requirements are not addressed. Formatting & referencing requirements are adequate. Formatting & referencing requirements are good. Formatting & referencing requirements are addressed well. Formatting & referencing requirements are addressed very well. Prepared by: Micheal Axelsen Senior Lecturer (Business Information Systems) Date: 19th February 2023 1 Important: A SQL script is a single SQL Statement, or a series of SQL statements that are inter-dependent. An 'advanced' SQL script is one that contains at least three different criteria in the where clause, a group by clause with a having clause, multiple table joins, a view, or at least three sql statements in a single script that are inter-dependent. In addition, an 'advanced' SQL Script must execute to completion without errors, and provide a final result.
学霸联盟