Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Information Technology SOX Industry Specific Regulations International Regulations Privacy Laws 5-2

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Recent regulations impact a greater number of systems. Systems are more interconnected. Organizations are more dependent on Information Systems. Systems are more global and are affected by many countries. 5-3

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Requires an annual evaluation of internal controls. Requires the CEO and CFO personally certify controls. Requires independent auditors test control effectiveness. Controls must be designed to achieve objectives using established criteria. Controls and control objectives must be documented. 5-4

© 2009 Pearson Education, Inc. Publishing as Prentice Hall 1. Cost and Challenges 2. Benefits and Opportunities 5-5

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Compliance requires a significant resource investment. Compliance adds new project costs and lengthens development schedules. CIOs must personally attest to the effectiveness of IT’s internal controls and the quality of information. 5-6

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Compliance requires that IT staff have excellent written communication skills. Compliance requires the organization adopt a document retention strategy. Compliance may cause morale issues due to shifting goals and oversight requirements. 5-7

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Compliance provides an opportunity to enhance business processes. Compliance has enhanced IT visibility with executives and the board of directors. Compliance has increased the importance of security, quality, data architecture, and change management. 5-8

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Improved overall IT governance Enhanced understanding of IT by senior executives Better business decisions based on more accurate information Improved IT-Business alignment Reduced risk of system security breaches 5-9

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Reduced difficulty complying with new regulations More efficient and effective operations An integrated approach to security Enhanced risk management competencies 5-10

© 2009 Pearson Education, Inc. Publishing as Prentice Hall 5-11 Figure 5.1

© 2009 Pearson Education, Inc. Publishing as Prentice Hall 1. Enabling IT Work 2. New Systems 3. Information 4. Daily Operations 5. Controlling IT Work 5-12

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Physical and Virtual Access Security Architecture Business Continuity Planning and Disaster Recovery IT Governance HR Management and Training IT Finance 5-13

© 2009 Pearson Education, Inc. Publishing as Prentice Hall IT Strategic Planning Risk Assessment Project Management 5-14

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Information Architecture Access to Data Document Retention Data Administration 5-15

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Operations and Infrastructure Support Help Desk Change Management 5-16

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Testing and Validation Documentation Management Quality Assurance 5-17

© 2009 Pearson Education, Inc. Publishing as Prentice Hall Organize for Compliance Use Standards and Frameworks Emphasize Training and Awareness Ensure Appropriate Business Resources Caveat Emptor regarding Compliance Technology 5-18

© 2009 Pearson Prentice Hall Plan and organize (IT environment) IT strategic planning Information architecture Determine technological direction IT organization and relationships Manage the IT investment Communication of management aims and direction Management of human resources Compliance with external requirements Assessment of risks Manage projects Manage quality 5-19

© 2009 Pearson Prentice Hall Acquire and implement (program development and program change) Identify automated solutions Acquire or develop application software Acquire technology infrastructure Manage changes Deliver and support (computer operations and access to programs and data) Define and manage service levels Manage third-party services 5-20

© 2009 Pearson Prentice Hall Manage performance and capacity Ensure continuous service Ensure systems security Identify and allocate costs Educate and train users Assist and advise customers Manage the configuration Manage problems and incidents Manage data Manage facilities Manage operations 5-21

© 2009 Pearson Prentice Hall Monitor and evaluate (IT environment) Monitoring Adequacy of internal controls Independent assurance Internal audit 5-22

© 2009 Pearson Education, Inc. Publishing as Prentice Hall New laws and regulations have had a significant impact on IT. IT managers are struggling to implement new controls to support these regulations. IT in the future will be controlled, standardized, and bureaucratized. 5-23

© 2009 Pearson Education, Inc. Publishing as Prentice Hall 5-24 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America. Copyright © 2009 Pearson Education, Inc. Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall