Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Systems Operations IS Operations (Chapter 9) Practicum: Cendant Corporation.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Systems Operations IS Operations (Chapter 9) Practicum: Cendant Corporation."— Presentation transcript:

1 Information Systems Operations IS Operations (Chapter 9) Practicum: Cendant Corporation

2 Schedule WeekTopicReadingsPracticum 12-Sep-05Identifying Computer SystemsChapter 2Evaluating IT Benefits and Risks Jacksonville Jaguars 19-Sep-05IS Audit ProgramsChapter 3The Job of the Staff AuditorA Day in the Life of Brent Dorsey 26-Sep-05IS SecurityChapter 4Recognizing FraudThe Anonymous Caller 3-Oct-05Utility Computing and IS Service Organizations Chapter 5Evaluating a Prospective Audit Client Ocean Manufacturing 10-Oct-05Physical SecurityChapter 6Inherent Risk and Control Risk Comptronix Corporation 17-Oct-05Logical SecurityChapter 7 & 8Evaluating the Internal Control Environment Easy Clean 24-Oct-05IS OperationsChapter 9Fraud Risk and the Internal Control Environment Cendant Corporation 31-Oct-05Controls AssessmentChapter 10IT-based vs. Manual Accounting Systems St James Clothiers 7-Nov-05Encryption and CryptographyChapter 11Materiality / Tolerable Misstatement Dell Computer 14-Nov-05Computer ForensicsChapter 12Analytical Procedures as Substantive Tests Burlington Bees 21-Nov-05New Challenges from the Internet: Privacy, Piracy, Viruses and so forth Chapter 13Information Systems and Audit Evidence Henrico Retail 28-Nov-05Auditing and Future TechnologiesChapter 16Flowcharting Transaction Cycles Southeast Shoe Distributor

3 Changes to our Schedule Because we are one week behind I want to drop the 28 Nov 2005 class And move each of the prior classes back a week Dropped: Topic: Auditing and Future Technologies Chapter: 16 Practicum: Flowcharting Transaction Cycles (Southeast Shoe Distributor) This material will be integrated into the existing lectures

4 What are ‘Operations’ Development and Test Production Outsourcing and Utility Computing

5 Two Components Or you might consider them two sides to one system Business Operations All the tangible physical things that go on in a corporation Computer Operations

6 Business & Computer Operations

7 Look Familiar?

8 Computer Operations Only a subset of business operations are computerized (automated) Computers do the following well: High-speed arithmetic operations Storage and search of massive quantities of data Standardization of repetitive procedures All other Business Operations require human intervention

9 Human Intervention Even computer operations require human intervention at some level E.g., turning the computer on and off In both business and computer operations Human interventions demand the most auditing

10 Computerized procedures Fully automated (computerized) procedures Can be audited once with a small data set And these results can be considered to hold over time

11 @ Boeing?

12 The ‘Glass House’

13 Mass Storage Z Microsystems TranzPacs Shared chassis - shared peripherals. Less space, less weight, less power, less cost. Hot-swappable sealed computer modules (SCM) and disk modules. Mix & match platforms and OS's. Independent stand-alone systems. Shared peripheral clusters. Mass Storage at NASA

14 Server Farms

15 Audit Here! Systems Life Cycle

16 Operations Objectives What to look for in an audit Production jobs are completed in time Output (information) are distributed on time Backup and recovery procedures are adequate (requires risk analysis) Maintenance procedures adequately protect computer hardware and software Logs are kept of all changes to HW & SW

17 Automation & Operations Objectives Operations should be about following predetermined procedures The appeal rests largely on the ability to reduce or alter the role of people in the process The intent is to take people out of the loop entirely, Or to increase the likelihood that people will do what they are supposed to do, and that they do it accurately People are flexible and clever We sometimes don’t want to take people out of the loop on a lot of systems The problem is when a lot of things break at the same time.  There’ll probably be a few things that are hard to fix, a cascade of effects.

18 Case Study: Manual versus Automated Scheduling pp. 187-189 Question: Why is automation important?

19 Backup and Recovery Objectives Best Practices Determination of appropriate recovery and resumption objectives for activities in support of critical markets. Core organizations should develop the capacity to recover and resume activities within the business day on which the disruption occurs. The overall goal is to resume operations within two hours Maintenance of sufficient geographic dispersion of resources to meet recovery and resumption objectives. back-up sites should not rely on the same infrastructure components used by the primary site, and back-up operations should not be impaired by a wide-scale evacuation or inaccessibility of staff that services the primary site Routine use or testing of recovery and resumption arrangements. Testing should not only cover back-up facilities of the firm, but connections with the markets, third party service providers and customers Connectivity, functionality and volume capacity should be covered.

20 How Does Backup & Recovery Fit into your Risk Assessment Framework? Your Toolkit: Computer Inventory, Risk Assessment Matrix, Dataflow Diagrams and Systems Components Hierarchy Asset (Ex 2.1)Risk Assessment (Ex. 2.2 with improvements) Primary OSOwner Applicati on Asset Value ($000,000 to Owner)* Transaction Flow Description Total Annual Transaction Value Flow managed by Asset($000,000)*Risk Description Probability of Occurrence (# per Year) Cost of single occurrence ($) Expected Loss Win XP Receiving DockA/P0.002 RM Received from Vendor23Theft100 10000 Win XP Receiving DockA/P0.002 RM Received from Vendor23 Obsolescence and spoilage3535012250

21 Prioritizing Backup & Recovery Tasks Find the critical transactions (High value; High volume) Identify the critical applications for processing these transactions Identify the critical personnel  including those you may not have hired or defined jobs for  Who are essential to processing these transactions

22 Case Study: NYSE after 9/11 CNET interview with NYSE's chief technology officer Roger Burkhardt Were most of the trading firms in the area that connect with your systems all up and running by 9:30 am on Monday (September 17)? Were there any from outside or in the area unable to participate in trading that morning? We had lost a lot of telephone lines that bring in data to our computer centers and also voice lines to the floor, which would have meant that we would not have had full access by all members. That raised some public policy issues, particularly for the retail investor; if their broker-dealer is the one who doesn't have connectivity, they would be disadvantaged. "I think September 11 was the biggest challenge that our technical team has had to face in recent years." So NYSE faced a connectivity issue on a uniquely massive scale? There was a connectivity issue that affected not just our market, but all markets. There was also the fact that there were a number of firms that were scrambling to get into their back-up facilities. A number of large firms like Morgan Stanley and Merrill Lynch were affected. And then there were firms like Goldman Sachs, just down the street from here, who were like us in that their building was undamaged. In fact, the Merrill Lynch building was also undamaged, but they were just not allowed to come in because the authorities quite rightly wanted to focus on rescue operations. That affected all the markets. Clearly, if you want a market, you want it to be a fair market, with breadth of access. You don't want one retail investor to not be able to get through to sell or buy. So by Monday, how did you manage to connect all the firms that connect to your systems? We worked with member firms for the balance of that week to help them re-establish connectivity. We worked very closely with Verizon, whose staff did a tremendous job. We have a subsidiary called Securities Industry Automation Corporation. It's been around for over 25 years and provides data processing and communications capabilities for the securities industry. It was initially set up by the NYSE and the American Stock Exchange, but also provides services to a broader part of the industry--for example, market data systems for equities and options. It also is the collection point for all the post trade information for all instruments. What is important about that is that because so many of us use them, they have telephone lines coming in from everybody. They play this hub role where they can effectively use communications set up for one purpose in an emergency to recover something else.Securities Industry Automation Corporation "With the potential for cyber threats, the advice I get is, 'Don't tell anyone about anything we are using.'" What other platforms are you using? I just used that as an example that we are not a trailing edge adopter. And I am a little sad about this because I enjoy talking about a bunch of technologies here from many great companies like HP, IBM and others. But with the potential for cyberthreats, the advice I get is, "Don't tell anyone about anything we are using. “

23 Business Operations Computer Operations are a subset of business operations

24 Case Studies CS 9.3 to 9.7 pp. 195-202 Question: Can you recognize the control weaknesses What is the ‘Risk’ from inadequate control in each.

25 Practicum: Fraud Risk & The Internal Control Environment Cendant Corporation

Download ppt "Information Systems Operations IS Operations (Chapter 9) Practicum: Cendant Corporation."

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Distributed Data Processing

Distributed Data Processing
Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.
Business Plug-In B4 MIS Infrastructures.

Business Plug-In B4 MIS Infrastructures.
Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.

Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.
Introduction to Derivatives and Risk Management Corporate Finance Dr. A. DeMaskey.

Introduction to Derivatives and Risk Management Corporate Finance Dr. A. DeMaskey.
Information Systems Auditing Instructor: Chris Westland, PhD, CPA Certified Public Accountant (Texas License 17277) ISMT300T Information Systems Auditing.

Information Systems Auditing Instructor: Chris Westland, PhD, CPA Certified Public Accountant (Texas License 17277) ISMT300T Information Systems Auditing.
Business Continuity and DR, A Practical Implementation Mich Talebzadeh, Consultant, Deutsche Bank

Business Continuity and DR, A Practical Implementation Mich Talebzadeh, Consultant, Deutsche Bank
Auditing Utility (On-Demand) and Service Organization Applications

Auditing Utility (On-Demand) and Service Organization Applications
Information Systems Operations IS Operations (Chapter 9) Practicum: Cendant Corporation.

Information Systems Operations IS Operations (Chapter 9) Practicum: Cendant Corporation.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Electronic Commerce and Transaction Processing Systems

Electronic Commerce and Transaction Processing Systems
Information Systems Auditing (ISMT 350) week #2

Information Systems Auditing (ISMT 350) week #2
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Principles of Information Systems, Sixth Edition 1 Systems Investigation and Analysis Chapter 12.

Principles of Information Systems, Sixth Edition 1 Systems Investigation and Analysis Chapter 12.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Investigation and Analysis Chapter 12.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Investigation and Analysis Chapter 12.
1 Chapter 12 – Securities Markets Where financial assets are traded Primary market – First time a security sold –Initial Public Offering (IPO's) Secondary.

1 Chapter 12 – Securities Markets Where financial assets are traded Primary market – First time a security sold –Initial Public Offering (IPO's) Secondary.
Audit Programs for Computer Systems Assurance

Audit Programs for Computer Systems Assurance
CHAPTER OVERVIEW SECTION 5.1 – MIS INFRASTRUCTURE

CHAPTER OVERVIEW SECTION 5.1 – MIS INFRASTRUCTURE

Similar presentations

Ads by Google