Question

Question 1- 20 marks The Internal Environment or Culture of an organization consists of seven (7) elements of which Human Resource Standards is one. Required: List and briefly describe ten (10) Human Resource policies/procedures (2 marks each) that are important to an organization that will help to guard against Internal Control weaknesses. (20 marks) Question 2- 12 marks The active involvement and support of senior management is necessary in every facet of Information Security. Required: List and briefly describe the six (6) activities (2 marks each) of Management's Role in Information Security. (12 marks) Question 3 - 16 marks Required: a) What is meant by Availability of its Systems to an organization? (2 marks) b) Why is Availability of its Systems important to an organization? (2 marks) c) List and briefly describe the two (2) objectives (2 marks each) of Availability of Systems (4 marks) d) Identify eight (8) key controls (1 mark each) related to the two (2) objectives identified in Part (c) of this question. (8 marks)

Answer 1

Since, multiple questions have been posted, I have answered the first one (Question 1).

_____

Question 1:

The human resource policies and procedures that will help to guard against internal control weaknesses are provided below:

1) Recruitment Process: Human resource department should conduct/initiate the recruitment process based on the specific requirements/instructions of the manager/department. Job postings should clearly communicate the criteria/eligibility for the job.

2) Interview /Screening Process: The interview process should be informed to the applicants and should involve questions relating to employee background, his/her current profile and expectations from the company. The objective behind applying for the job should also be ascertained. The information provided by the applicants should be corroborated with the details provided in the application form and bio-data/resume.

3) Employee Documentation: The human resource department should ensure that all the documents (attested copies) such as educational certificates, experience letters, salary slips, non disclosure agreement, etc.) have been obtained from the applicant. Likewise, the selected employee has been provided with the employment letter (containing all the details of employment including finalized salary). The terms and conditions of employment should be clearly specified in the appointment letter.

4) Background Verification: The human resource department should ensure that the background verification of newly hired employees (based on the information/documentation provided by them) is completed on time and before the employees are actually placed on the jobs. In case of any discrepancy, human resource department should act swiftly and ensure that the applicants who have provided incorrect/false information is canceled/terminated in time.

5) Identity Card: The human resource department should ensure that the information of new employees/terminated employees is provided to the information technology department on a timely basis so that the identity cards for newly hired employees are issued and the cards of terminated employees get deactivated. This can prevent misuse of company's resources, and information. Some companies also require bio-metric details (such as fingerprints) of the employees. Human resource department should ensure that such information has been obtained for all the employees.

6) Employee Information: All the information related to the employees (including copies of documents) to be stored in a secure place. The access to this information should be made available only to the authorized members of the human resource team.

7) Employee Training: Employees should be trained on the various policies and procedures relating to promotion, rewards, compensation, ethics and governance and disciplinary action. The employees in the human resource should also be trained on various human resource policies and procedures (including any modifications) from time to time.

8) Compliance with Labor Laws: It is very important to ensure that employees/workers are treated with respect and are paid fairly in accordance with applicable labor laws. Further, the human resource department should also ensure that all the safety norms/requirements have been complied with.

9) Tax Compliance: The human resource department should ensure that the applicable amount of tax (if any) has been deducted (from the salary), withheld and deposited with the tax authorities. The amount should be deducted based on the tax rates applicable to the employees. Employees should be provided with salary slips detailing components of their income, deductions and taxes.

10) Appraisal Process: The human resource department should ensure that the employee appraisal process is free from any bias and discrimination. It is important to ensure that deserving employees get due rewards, while non-performing employees/workers are penalised. Disciplinary action may also be required in some cases.