Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter Five MANAGING THE IT FUNCTION. Lecture Outline Organizing the IT Function Organizing the IT Function Financing the IT Function Financing the IT.

Published byDomenic Gregory Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter Five MANAGING THE IT FUNCTION. Lecture Outline Organizing the IT Function Organizing the IT Function Financing the IT Function Financing the IT."— Presentation transcript:

1 Chapter Five MANAGING THE IT FUNCTION

2 Lecture Outline Organizing the IT Function Organizing the IT Function Financing the IT Function Financing the IT Function Staffing the IT Function Staffing the IT Function Directing the IT Function Directing the IT Function Controlling the IT Function Controlling the IT Function

3 Organizing the IT Function Locating the IT Function To whom should IT manager report? To whom should IT manager report? –Important ramifications on IT Manager’s »Ability to acquire needed resources »Ability to prioritize workloads. Must Consider segregation of incompatible duties. Must Consider segregation of incompatible duties. –Responsibilities vest in different people: »Authorizing Transactions »Recording Transactions »Maintaining Custody of Assets

4 While difficult to vest the responsibilities in different people, it can be accomplished by While difficult to vest the responsibilities in different people, it can be accomplished by –Choices of placing the IT function in the organization –integrating programmed controls into computing infrastructures and applications. IT manager report to the accounting manager? IT manager report to the accounting manager? –Seems to be good idea »Most IT applications deal with accounting transactions. –However »Most controllers can already authorize and record certain transactions. If allowed to maintain custody of assets, then all three incompatible duties would be located under one them. »Fraud would be difficult to detect.

5 IT manager report to another functional/line manager? IT manager report to another functional/line manager? –Make sense »Many software applications deal with these functional/line areas. –However »Many managers can authorize transactions, so custody of computing assets would attribute them with 2 of the 3 incompatible duties. »Other managers would not likely have the expertise to guide and support an IT manager. »Managers would likely give priority to their own IT needs and less to the rest of the company. »The IT function may not have access to upper management for influencing decisions about placing priorities and setting strategies.

6 IT manager alongside other functional/line managers? IT manager alongside other functional/line managers? –Make sense »Politically strong enough to compete for resources »Work directly with upper management to set strategies, placing priorities and allocating resources –However »From internal control perspective, CEO has responsibility over authorizing, recording transactions and maintaining custody of assets. But CEO rarely performs the 3 incompatible duties. –But with sound internal controls, it can be effectively managed.

7 Designing the IT Function Designing the structure of the IT function is often determined by cultural, political and economic forces inherent in each organization. Designing the structure of the IT function is often determined by cultural, political and economic forces inherent in each organization. Internal control considerations within an IT function Internal control considerations within an IT function –Separate from one another : »systems development »computer operations »computer security –Why??

8 In system development In system development –Staff has access to operating systems, business applications and other key software. –They are eventually authorized to create and alter software logic, therefore, they should not be allowed to process information –They should not maintain custody of corporate data and business applications. In computer operation In computer operation – –Operation staff are responsible for: » »Entering Data, processing information, disseminating Output »Must segregate duties.

9 In computer security In computer security –Responsible for the safe-keeping of resources »includes ensuring that business software applications are secure. »responsible for the safety (‘custody’) of corporate information, communication networks and physical facilities –Systems analysts and programmers should not have access to the production library. IT auditors should ensure that systems developers and computer operators are segregated. IT auditors should ensure that systems developers and computer operators are segregated. It is also advisable for the IT function to form a separate security specialization to maintain custody of software applications and corporate data. It is also advisable for the IT function to form a separate security specialization to maintain custody of software applications and corporate data.

10 IT Function Manager Systems Development Manager (a) Computer Operations Manager (b) Computer Security Manager (c) User Services Manager Systems Analysis (a) Computer Programming (b) Quality Control Data Input (a) Information Output (c) Continuity of Operations Database Administration (c) Information Processing (b) Technical Support User Training Help Desk Application Support Software Security Network Security Physical Security Information Security

11 Financing the IT Function Must be adequately funded to fulfill strategic objectives. Must be adequately funded to fulfill strategic objectives. Business risk of under-funding: Business risk of under-funding: –Needs and demands of customers, vendors, employees and other stakeholders will go unfulfilled. –can adversely impact the success of the company. Audit risk of under-funding: Audit risk of under-funding: –Heavy workloads can lead to a culture of ‘working around’ the system of internal controls

12 Funding the IT Function Two funding approaches: cost & profit center Two funding approaches: cost & profit center Cost Center Approach Cost Center Approach –IT manager prepares budget, submit to upper management and justifies the request for operating funds –Typically budget request for human resources, materials and supplies, and overhead. Profit Center Approach Profit Center Approach –Submit detailed budget to upper management. –Charge internal users for IT services creating intra- company funding of the IT function based on the usage.

13 –Positive Outcome: Managers will not be overly demanding of IT services –Negative Outcome: IT can build excessive expenses into billing rates until the rates exceed costs of outside providers. –Independent Party within the company should compare rates to outside services. –IT Auditor should confirm that reasonableness check is performed at least annually to ensure that billing rates are not excessive

14 Acquiring IT Resources IT function should engage in long-term planning includes developing, purchasing, and implementing various components of the computing infrastructure IT function should engage in long-term planning includes developing, purchasing, and implementing various components of the computing infrastructure IT manager should justify IT Capital projects using a methodological approach. IT manager should justify IT Capital projects using a methodological approach. –Determine the net benefit »Present value of benefits minus costs –Use Scorecard approach for non-quantifiable paybacks. –Goal of capital projects is to ensure that company resources are being judiciously allocated across the organization.

15 Staffing the IT Function Business risk with mismanaging HR Business risk with mismanaging HR –Employees lack sufficient knowledge and experience –Inefficient and ineffectively used Audit risk Audit risk –Employees unaware or unconcern about IC –ex[pose company to computer security threats, information integrity problems, and asset misappropriation Business and audit risks can be effectively controlled via sound human resource procedures in the areas of hiring, rewarding and terminating employees. Business and audit risks can be effectively controlled via sound human resource procedures in the areas of hiring, rewarding and terminating employees.

16 Includes recruiting, verifying, testing, and interviewing prospective employees Includes recruiting, verifying, testing, and interviewing prospective employees IT auditor determine if company have formal procedures that if they are followed IT auditor determine if company have formal procedures that if they are followed Each job should have a substantive description of responsibilities and procedures. Each job should have a substantive description of responsibilities and procedures. Recruiting Recruiting –Carefully plan and execute each step in compliance with company policy. Identify Needs  Write a job description  Obtain permissions  Advertise  Accept Applications  Review Applications  select qualified candidates Hiring

17 Verifying Verifying –Extent depends on the position, but all candidates should have some checking. –Contact references, both personal and professional. –Conduct Background checks »Verify Education »Checks for criminal or civil violations –Document everything! Testing Testing –Written and/or oral tests can be administered to test skills. –Company must be consistent in testing procedures.

18 Interviewing Interviewing –Follow Sound Procedures –Follow Company, Regulatory & Statutory Rules –Steps of interviewing: »Select appropriate interviewers »Develop an internal interview schedule »Arrange for interviews with interviewees »Conduct the interviews –Once selected candidate, others need to be notified –IT auditor should ensure that hiring procedures have been formally developed and followed.

19 Rewarding Rewarding –It is important to continually challenge and motivate employees – build self-esteem, loyalty and commitment –Improperly rewarding employees may result in business and audit risks: »Business risks: might develop a ‘bad attitude’ toward the IT manager and the company might develop a ‘bad attitude’ toward the IT manager and the company leads to leads to –lower productivity –frustration –turnover

20 »Audit risks: employees can become bored and disgruntled employees can become bored and disgruntled engage in mischievous and criminal behaviors engage in mischievous and criminal behaviors can threaten the availability, accuracy, security and reliability of corporate information can threaten the availability, accuracy, security and reliability of corporate information Evaluating Evaluating –Most common is the annual review. –The evaluation process must have structure and reasonableness. –Evaluator must be as fair as possible to prevent frustration and resentment.

21 Compensating Compensating –The company should strive to compensate employees at least as well as peer organizations. –Turnover: »Can cause productivity losses »Replacement costs are high »Risks the availability and reliability of systems »Employees take sensitive information to competitors –Compensation Issues: »Equal Pay for Equal Work IT Function must not discriminate in appearance or substance among employees. IT Function must not discriminate in appearance or substance among employees. Test by comparing the compensation packages of employees holding similar positions. Test by comparing the compensation packages of employees holding similar positions.

22 »Compression and Inversion Compression: The compensation of newly hired employees gets very close to experienced employees in similar positions or the compensation of subordinates is nearly the same as their superiors. Compression: The compensation of newly hired employees gets very close to experienced employees in similar positions or the compensation of subordinates is nearly the same as their superiors. Inversion: The compensation of new hires is greater than more experienced employees in the same position, or the compensation of subordinates exceeds that of superiors. Inversion: The compensation of new hires is greater than more experienced employees in the same position, or the compensation of subordinates exceeds that of superiors. Promoting Promoting –Should be based on merit –Compensation should be commensurate with the new job’s role and responsibilities. –Must be formal written procedures that are consistently followed.

23 Learning Learning –Training benefits the employee, the employer and society as a whole. Failure to offer learning opportunities create: –Business Risk: »potential loss of competitive positioning due to an uneducated workforce »low employee morale –Audit Risk: »stagnate and frustrated employees »attitude of complacency toward internal controls »or utter disregard for internal controls

24 Terminating Terminating –A disgruntled employee can disrupt the company’s systems and controls. –The IT function needs to design and implement countervailing controls »backup procedures »checks-and-balances »cross-training »job rotations »mandated vacations »immediately separate them from the computing environment »terminate all computer privileges

Download ppt "Chapter Five MANAGING THE IT FUNCTION. Lecture Outline Organizing the IT Function Organizing the IT Function Financing the IT Function Financing the IT."

Similar presentations

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
Recruitment: The First Step in the Selection Process

Recruitment: The First Step in the Selection Process
Lecture 1 Human Resource Management Practices

Lecture 1 Human Resource Management Practices
Audit Considerations of Data Center Consolidation Jon Ingram Audit Manager Information Technology Audits Florida Auditor General 1.

Audit Considerations of Data Center Consolidation Jon Ingram Audit Manager Information Technology Audits Florida Auditor General 1.
MODULE 8 MONITORING INDIANA HPRP Training 1. Role of Independent Financial Monitors 2 IHCDA is retaining an independent accounting firm to monitor its.

MODULE 8 MONITORING INDIANA HPRP Training 1. Role of Independent Financial Monitors 2 IHCDA is retaining an independent accounting firm to monitor its.
Laboratory Personnel Dr/Ehsan Moahmen Rizk.

Laboratory Personnel Dr/Ehsan Moahmen Rizk.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Chapter 5 IT Processes Presented by Dr. Mohamed Sammouda.

Chapter 5 IT Processes Presented by Dr. Mohamed Sammouda.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
Lecture 6 Functional Business Systems. Objectives Functional Business Systems: –Marketing Systems –Manufacturing Systems –Human Resource Systems –Accounting.

Lecture 6 Functional Business Systems. Objectives Functional Business Systems: –Marketing Systems –Manufacturing Systems –Human Resource Systems –Accounting.
Chapter 4 Global Human Resource Management

Chapter 4 Global Human Resource Management
The Analyst as a Project Manager

The Analyst as a Project Manager
Chapter 16 Strategically Managing the HRM Function Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without.

Chapter 16 Strategically Managing the HRM Function Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without.
Prepared by Grace Amin, M.Psi, Psikolog. 1. Understand HRM at work 2. Understand why HRM important to all managers. 3. Understand line HR duties & HR.

Prepared by Grace Amin, M.Psi, Psikolog. 1. Understand HRM at work 2. Understand why HRM important to all managers. 3. Understand line HR duties & HR.
Purpose of the Standards

Purpose of the Standards
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Chapter 2 Strategic Training

Chapter 2 Strategic Training
Strategic Staffing Chapter 1

Strategic Staffing Chapter 1
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.

Similar presentations

Ads by Google