Chapter 8 Controlling Information Systems: IT Processes.

Slides:



Advertisements
Similar presentations
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Advertisements

© Prentice Hall CHAPTER 15 Managing the IS Function.
BENEFITS OF SUCCESSFUL IT MODERNIZATION
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
TI BISNIS ITG using COBIT &
COBIT - II.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 8 IT Governance: Management Control of Information.
© Prentice Hall CHAPTER 13 Setting a Direction for Information Resources.
Managing the Information Technology Resource Jerry N. Luftman
Chapter 4 Internal Control Bus 319 Accounting Information Systems.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
7.2 System Development Life Cycle (SDLC)
Chapter 10 Managing the Delivery of Information Services.
NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
The Information Systems Audit Process
CHAPTER 9 DEVELOPING BUSINESS/IT STRATEGIES. IT Planning Planning an information system doesn’t start with bits, and bytes, or a Web site. It starts with.
PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 8 IT Governance: Management Control of Information.
Session 3 – Information Security Policies
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Chapter 13 Planning & Organizing
Organizing Information Technology Resources
Evolving IT Framework Standards (Compliance and IT)
Information ITIL Technology Infrastructure Library ITIL.
Association for Biblical Higher Education February 13, 2013 Lori Jo Stanfield Evaluator Team Training for Business Officers.
Chapter Three IT Risks and Controls.
Controlling Information Systems: IT Processes. 2 Learning Objectives Learn the major IT resources Appreciate the problems in providing adequate controls.
Final Coverage Topic 4: INFORMATION RESOURCES and INFORMATION SYSTEMS By Dr. Faustino Reyes.
Roles and Responsibilities
Chapter 7 Control and AIS. Threats to AIS Natural disasters –DSM flood (p. 249) Political disasters –Terrorism Cyber crime (as opposed to general terrorism)
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
Chapter 8 - Controlling Information Systems: Introduction to Pervasive Controls Accounting Information Systems 8e Ulric J. Gelinas and Richard Dull © 2010.
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
Controlling Information Systems: IT Processes. 2 Learning Objectives Learn the major IT resources Appreciate the problems in providing adequate controls.
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc All rights reserved. Irwin/McGraw-Hill.
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Karina Adhitia Environmental Elements SuppliersCustomersLabor Unions Financial Community OwnersCompetitorsGovernment Global Community.
IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can.
Principles of Information Systems, Sixth Edition 1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
This Lecture Covers Roles of –Management –IT Personnel –Users –Internal Auditors –External Auditors.
Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
ISACA Willamette Valley Chapter Luncheon Thursday, March 20, 2008 Practical Auditors Guide for CobiT Steve Balough, CISA.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Information ITIL Technology Infrastructure Library ITIL.
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Accounting Information Systems: An Overview
Review of IT General Controls
Principles of Information Systems Eighth Edition
Accounting Information Systems: A Business Process Approach
Copyright © 2004 South-Western. All rights reserved.
Managing the Delivery of Information Services
Planning for Information System
Controlling Information Systems: IT Processes
Information Resource Management
Chapter 18 Information Resources Information Systems
Alignment of COBIT to Botswana IT Audit Methodology
IT OPERATIONS Session 7.
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Chapter 8 Controlling Information Systems: IT Processes

2 Learning Objectives Know the major IT resources Appreciate the problems in providing adequate controls over IT resources Know & understand major IT control processes used to manage IT resources Understand how organizational/personnel control plans help achieve strategic IT vision

3 Learning Objectives (cont.) Appreciate steps in acquiring/implementing new IT resources Understand business continuity/security controls that help IT continuous, reliable service Appreciate importance of monitoring

4 IT Resources Data Application systems Technology Facilities People

5 Hypothetical Computer System

6 Organization Structures Centralized Decentralized Matrix Project

7

8

9

10 IT Control Process Domains

11 IT Control Processes & Domains Planning & Organization –IT Process 1: Establish strategic vision –IT Process 2: Develop tactics to realize strategic vision Acquisition & Implementation –IT Process 3: Identify automated solutions –IT Process 4: Develop & acquire IT solutions –IT Process 5: Integrate IT solutions into operations –IT Process 6: Manage change to existing IT systems

12 IT Control Processes & Domains (cont.) Delivery & Support –IT Process 7: Deliver required IT services –IT Process 8: Ensure security & continuous service –IT Process 9: Provide support services Monitor operations

13 IT Process 1 Elements of Strategic IT Plan Summary of Org’s strategic goals/strategies & how they relate to IT function IT goals/strategies & how each will support Org’s goals & strategies Info architectural model - corporate data model & associated info systems Inventory of current info sys capabilities

14 Elements of Strategic IT Plan (cont.) Acquisition/development schedules for H/W, S/W, & application sys & for personnel & financial requirements IT-related requirements to comply with industry, regulatory, legal, & contractual obligations IT risks and risk action plan Process for modifying plan to accommodate changes

15 IT Process 2 Organizational Control Plans Segregation of duties –authorizing transactions –executing transactions –recording transactions –safeguarding resulting resources Organizational plans for Info Sys function IT steering committee

16 IT Process 2 Personnel Control Plans Selection & Hiring Retention Personnel development Personnel management –Personnel planning –Job descriptions –Supervision –Personnel security –Personnel termination

17 IT Process 3 Identify Automated Solutions Develop/Acquire Application Software Acquire Technology Infrastructure Develop Service-Level Requirements & Application Documentation Develop solutions consistent the strategic IT plan IT Process 4 Develop/Acquire IT Solutions

18 Applications Documentation Systems documentation Program documentation Operations run manuals User manuals Training materials IT Process 4 cont.

19 IT Process 5: Integrate IT Solutions Into Operational Processes IT Process 6:Manage Changes to Existing IT Systems

20 IT Process 7: Deliver Required IT Services Define service levels Manage Third-party services Manage IT Operations Manage data (backup) Identify and allocate costs

21 IT Process 8: Ensure Security & Continuous Service Disaster recovery –hot site –cold site Restrict Access –physical access –logical access

22 IT Process 8 (Cont.)

23 IT Process 9: Provide Support Services IT Process 10: Monitor Operations Regular Training sessions should be provided Advice and assistance should be given Very often a “help desk” is setup for these purposes Gather data about processes Generate performance reports. WebTrust - ISP

24 Learning Objectives Know the major IT resources Appreciate the problems in providing adequate controls over IT resources Know & understand major IT control processes used to manage IT resources Understand how organizational/personnel control plans help achieve strategic IT vision

25 Learning Objectives (cont.) Appreciate steps in acquiring/implementing new IT resources Understand business continuity/security controls that help IT continuous, reliable service Appreciate importance of monitoring