managing the it function_students.pdf
TRANSCRIPT
-
7/27/2019 Managing the IT Function_students.pdf
1/38
Managing the
it function
-
7/27/2019 Managing the IT Function_students.pdf
2/38
2
-
7/27/2019 Managing the IT Function_students.pdf
3/38
IT Managers
Must establish sound policies andprocedures aimed at controlling keyrisk associated with running the IT
function
3
-
7/27/2019 Managing the IT Function_students.pdf
4/38
I. Organizing the IT Function
IT manager must define the role andarticulate the value of the IT functionwithin the organization
they must balance many influences(profit, opportunity, growth, control)
against constant pressure to achieveST and LT goals
4
-
7/27/2019 Managing the IT Function_students.pdf
5/38
a. Locating the IT Function
To whom should the IT manager report?
5
-
7/27/2019 Managing the IT Function_students.pdf
6/38
a. Locating the IT Function
Segregation of duties:
recording transactions
authorizing transactions
maintaining custody of assets
6
-
7/27/2019 Managing the IT Function_students.pdf
7/38
a. Locating the IT Function
To whom should the IT managerreport?
Functional/ Line Managers?
Controllers that manages corporateaccounting?
CEOs/ Presidents?
7
-
7/27/2019 Managing the IT Function_students.pdf
8/38
b. Designing the IT Function
separation of :
systems development
( systems analysis, computer programming,
database administration, quality control)
computer operations
( data input, information processing,information output)
computer security
8
-
7/27/2019 Managing the IT Function_students.pdf
9/38
II. Financing the IT Function
IT function must be adequatelyfunded, or else will be unable toconduct day-to-day operations and
fulfill strategic objectives.
9
-
7/27/2019 Managing the IT Function_students.pdf
10/38
a. Funding IT Operations
Cost Center
IT manager prepares a budget, submits toupper management and justifies request
for operating funds Profit Center
Same budgeting process. Additionally, IT
function can charge internal users for ITservices (intracompany funding)
10
-
7/27/2019 Managing the IT Function_students.pdf
11/38
b. Acquiring IT Resources
IT managers engage in LT planning,which includes developing, purchasing &implementing various components of the
computing infrastructure(application software, computer hardware,
communication systems)
Net benefit = PV of benefits - costs
11
-
7/27/2019 Managing the IT Function_students.pdf
12/38
III. Staffing the IT Function
Human resources is the most valuableof all IT resources
Business risk : lack of sufficientknowledge and experience; inefficient andineffective use of human resources
Audit risk : unaware and unconcerned on
internal controls
12
-
7/27/2019 Managing the IT Function_students.pdf
13/38
Hiring
Recruiting
Verifying
Testing
Interviewing
13
-
7/27/2019 Managing the IT Function_students.pdf
14/38
-
7/27/2019 Managing the IT Function_students.pdf
15/38
Terminating
Voluntary
Involuntary
15
-
7/27/2019 Managing the IT Function_students.pdf
16/38
IV. Directing the IT Function
IT Managers perform thisresponsibility to minimize businessand audit risks
16
-
7/27/2019 Managing the IT Function_students.pdf
17/38
a. Administering theWorkflow
Define levels of service that the ITfunction promises to deliver to users
(Service Level Agreements or SLAs)
Schedule and perform the work IT resources are efficiently and effectively
used at a fairly steady rate
17
-
7/27/2019 Managing the IT Function_students.pdf
18/38
b. Managing theComputing Environment
Taking responsibility for thecomputing infrastructure Computer hardware, network, communication
systems, operating systems, applicationsoftware, data files
Maintaining physical facilities safe for humans and computers
18
-
7/27/2019 Managing the IT Function_students.pdf
19/38
c. Handling 3rd PartyServices
establish policies and proceduresregarding the purchase, use andtermination of 3rd party services
defining the roles and responsibilitiesof each party
ensure security and confidentiality
dealing with unexpected disruption
19
-
7/27/2019 Managing the IT Function_students.pdf
20/38
d. Assisting users
environment of learning and growththrough user training and education
providing helpful advice when needed
(i.e. helpdesk)
20
-
7/27/2019 Managing the IT Function_students.pdf
21/38
21
-
7/27/2019 Managing the IT Function_students.pdf
22/38
V. Controlling the IT Function
IT Auditor must assess whethercontrol risk is within a tolerable range;otherwise, (i) existing controls may
have to be strengthened or(ii)compensating controls may have to bedeveloped in order to lower control
risk to acceptable level.
22
-
7/27/2019 Managing the IT Function_students.pdf
23/38
a. Security Controls
Physical Security Access Security
Security system for monitoring entering,
roaming, leaving the facility Penetration alarms
Periodic review of access evidence
Backup lines (power and communication)
23
-
7/27/2019 Managing the IT Function_students.pdf
24/38
a. Security Controls
Logical Security corporate data & computer software =
most valuable portion of computinginfrastructure
Points of entry:
Computer terminal
Internet
Periodic monitoring
Penetration testing
24
-
7/27/2019 Managing the IT Function_students.pdf
25/38
-
7/27/2019 Managing the IT Function_students.pdf
26/38
b. Information Controls
Case 1:
Customer Cashier
Accounting
Clerk
26
-
7/27/2019 Managing the IT Function_students.pdf
27/38
b. Information Controls
Case 2:
Customer Cashier
Accounting
Clerk
27
-
7/27/2019 Managing the IT Function_students.pdf
28/38
b. Information Controls
Case 3:
Customer
Accounting
Clerk
28
-
7/27/2019 Managing the IT Function_students.pdf
29/38
b. Information Controls
Process Controls Validating
Error handling
Updating
29
-
7/27/2019 Managing the IT Function_students.pdf
30/38
b. Information Controls
CustomerAccounting
Clerk
30
Customer
MF
Inventory
MFJournalLedger
-
7/27/2019 Managing the IT Function_students.pdf
31/38
b. Information Controls
Database Controls Risk of corruption during glitches
DBMS = roll-back and recovery
(processing queue; initial state)
Concurrency control
(lock and release) , timestamps,
granular level (coarse, moderate, fine)
31
-
7/27/2019 Managing the IT Function_students.pdf
32/38
b. Information Controls
Output Controls Authorized persons can request and
possess
Printer proximity Reports disposal
32
-
7/27/2019 Managing the IT Function_students.pdf
33/38
c. Continuity Controls
Backup Controls Downtime
Cost
Data Backup
Hardware Backup
33
-
7/27/2019 Managing the IT Function_students.pdf
34/38
c. Continuity Controls
Data Backup Weekly, incremental, hourly, real-time
Key issues:
a. Storage locationb. Hardware redundancy
Physical and Electronic Vaulting
34
-
7/27/2019 Managing the IT Function_students.pdf
35/38
c. Continuity Controls
Hardware Backup Power lines redundancy
Extra disk drives
Common configurations:a. Redundant Array of Independent Disks
(RAID)
= disk mirroring; disk striping
b. Network Attached Storage (NAS)
c. Server Area Network (SAN)
35
-
7/27/2019 Managing the IT Function_students.pdf
36/38
d. Disaster Recovery Controls
Proactive, not reactive What (scenario)
Who (contacts)
W hen (timing)
36
-
7/27/2019 Managing the IT Function_students.pdf
37/38
d. Disaster Recovery Controls
Where (to transfer comp. processing load) Peer company = same industry or 3PSP
Cold site = bldg space and basicinfrastructure
Warm site = has basic computinginfrastructure
Hot site = complete infrastructure
37
-
7/27/2019 Managing the IT Function_students.pdf
38/38
d. Disaster Recovery Controls
How (logistics) Which (priorities) and Why
periodic testing of plan
38