Midwest Health Systems
Case Analysis Assignment
In this case, the context is Midwest Health Systems (Midwest) and the scenario is evaluating a enterpise information security architecture. Your analysis of this case will be framed around a number of questions that are presented at the end of this writeup. As laid out in our syllabus, your analysis should, at minimum, meet the “2-why” standard.
While you can find a number of strategies out there for conquering case analyses (many of them are very good), I recommend the approach of reading the case at least once without consideration of the questions. That opens the mind up to absorbing details that might otherwise erroneously get dismissed in a “know the questions, hunt for the answers” type of approach. After that, lay our your outline with each question framing a new major section. Then, re-read the case analysis and as you go through, build the outline of your answer with references to page numbers so you can quickly go back. Once the outline is built, you should have a clean connection between your point and some evidence from the case. At that point, it is a matter of polishing the communication without inadvertently changing the thesis.
The case can be found in your Harvard Coursepack, referenced in the Materials section of our syllabus. The case analysis must be submitted through Blackboard in Microsoft Word or .pdf format before 11:59pm Sunday, March 28th.
Case Analysis Questions:
1. Identify the IT general control risks evident from the case. For each risk identified, identifiy possible controls to mitigate those risks and explain why you believe the control would work.
2. Define residual risk and then identify at least three such risks from the case, mapping those examples conceptually to your definition of residual risk.
3. Do you agree with the audit team’s conclusion that the only significant areas of concern in IT general controls are access security and change management? Please explain your answer at a “2-why” minimum standard.
4. What course(s) of action do you recommend that Nelson take based on your analysis of identified risks and suggested controls?