Problem
Investment in Information Technology (IT) has been consistently on the rise across most sectors, including healthcare in Canada. The Canadian healthcare sector is witnessing an ever-increasing usage of technological developments to provide safe and effective patient care as well as engage patients and their family through leveraging big health data, Internet of Things, virtual care, etc. For the longest time, Grand Valley Hospital (a 25-bed hospital in the Southwestern Ontario region) has been operating using the basic healthcare system (MedTech) for managing its Electronic Medical Records (EMR) as well as for support functions (procurement, payroll, financial reporting, etc.). The vendor has provided full support for the system since its implementation 16 years ago. Consequently, the hospital has never recruited any in-house IT professionals and always relied on the vendor for all IT operational and security needs. Recently, the vendor has informed that they are being acquired by GE Healthcare and will discontinue supporting MedTech by the end of current calendar year. The CEO of Grand Valley Hospital believes this is the right time to both replace MedTech with the current generation of the leading healthcare information system as well as establish a dedicated full-fledged in-house Information Services function. The hospital's Board of Directors has approved both strategic initiatives and instructed the executive management to proceed with securing long-term borrowing to fund these initiatives. The Audit Committee Chair proposed that Internal Audit (IA) function should provide some guidance to the executive management around the importance of Governance for Enterprise Information Technology (GEIT) considering the establishment of an IT function from scratch as well as replacement of the legacy system with an enterprise-wide Healthcare Information System (HIS). As a new graduate from Conestoga College's AAIT degree program, you have been hired to work at the IA function of Grand Valley Hospital. The Director of this department has asked you to help prepare a report to the CEO of the hospital that outlines the importance of implementing GEIT. The report your department creates will be used to set the mandate for the incumbent Chief Information Officer (CIO) to lead the soon-to-be established IT function. Your director has assigned you the research element of the report writing process and has asked you to summarize your research in the form of a memo. Be sure to include appropriate referencing for your research.
A. Analyze the role of in-house IT function in strengthening the hospital's control environment.
B. Explain the nature, purpose, and importance of GEIT.
C. List and explain the five primary components of GEIT that progressive organizations must implement.
D. Comment on how effective GEIT will help the incoming CIO establish an effective IT for the hospital.
E. Summarize the role of IT Auditing in evaluating the organization's internal and IT controls.
F. Propose four ways an IT Auditor can evaluate whether the organization has effective GEIT.
G. Provide your response in the form of a professional memo to the IA Director in a timely manner.