Professional Documents
Culture Documents
IT MANAGER/IT AUDITOR
Responsibilities
a) Organizing
b) Funding
c) Staffing
d) Directing
e) Controlling
HOW IT FUNCTION IS BEING ORGANIZED ?
TWO WAYS IN ORGANIZING THE IT FUNTION
Locating IT Function
Designing IT Function
LOCATING THE IT FUNCTION
A typical approach to organizing an IT funtion is along lines of specialization such as systems analysis,
software programming, information processing, computer security, and so on.
The important internal control consideration within an IT function are to separate systems development,
computer operation and computer security from one another for the following reasons.
IMPORTANT INTERNAL CONTROL TO CONSIDERED IN IT FUNCTION ARE TO
SEPARETE:
1.System Development
- have access to operating system, business operation and other key software
2.Computer development- responsible of :
- entering data in the computer
3.Computer security- responsible for safekeeping of valuable corporate resources, which includes ensuring that
business software application are secure.
FINANCING THE IT FUNCTION
Funding IT Operations
Two approaches:
Cost center- IT manager prepares a budget along with other functional/line managers,
submits it to upper management and justifies the request for operating funds.
Profit Center- requires the same budgeting process just described with respect expenditures.
ACQUIRING IT RESOURCES
WHAT IS IT RESOURCES?
IT RESOURCES
Hiring Learning
-Recruiting Terminating
-Verifying
- Testing
-Interviewing
Rewarding
Evaluating
Compensating
Promoting
DIRECTING THE IT FUNCTION
ADMINISTERING THE WORKFLOW
TWO ASPECTS:
1. Define the levels of service that the IT function promises to deliver to users.
2.Schedule and perform the work.
*The downside is that the IT FUNCTION would have idle resources for most of the month which
leads to inefficient use of resources.
* The upside is that the system would be available and the work would get done.
Managing the Computing Environment
TWO ASPECTS:
**Taking responsibility for the computing infrastructure.
** Centers of maintaining physical facilities.
Consists of :
*internet service providers(ISP)
*communication companies
*security firms
*call centers
ASSISTING USERS
Two Aspects:
1.deals with creating an healthy environment of learning and growth through user training and education.
2.providing helpful advice when needed.
HELP DESK
SLIPPERY SLOPE SYNDROME
SUPER USERS
CONTROLLING THE IT FUNCTION
Major Categories involved in IT FUNCTION:
1.Security input
2. processing
3. output
4. database
5. backup and recovery
SECURITY CONTROLS
Security issues along two Avenues:
**physical security
**logical security
Security Issues Physical Controls Logical Controls
Access Controls Security guards ID passwords
Locks and keys Authorization matrix
Biometric devices Firewalls and
encryption
Monitor Controls Security guards Access logs
Video cameras Supervisory oversight
Penetration alarms Penetration alarms
Review Controls Formal reviews Formal reviews
Signage logs Activity logs
Violation investigations Violation investigations
Penetatong tests Unauthorized attempts Unauthorized attempts
to enter IT faccilities to enter servers and
Attempts to break in networks
through vulnerable Attempts to override
points access controls
As authorized visitor, (hacking)
attempts to leave As authorized user,
authorized personnel attempts to use
and wander around unauthirized
the facility without applocations and view
oversight. unauthorized
INFORMATION CONTROLS
The procese of capturing, pocessing, and distributing accounting information arising from economic
events.
Classified into: input , process, and output activities.
The company must integrate sound backup controls into the process.
INPUT CONTROLS
. -----The IT auditor should see whether the company follows written procedures regading the
proper authorization, approval, and input of accounting transactions.
PROCESS CONTROLS
-----The processing stage involves validating, error handling and updating acivities.
DATABASE CONTROLS
. ----- involves the near simultaneous update of multiple tables (called files in nonrelational
darabase environments), a glitch such as a power failure or computer malfunction can corrupt or destroy many data
items throughout the database.
OUTPUT CONTROLS
BACK UP CONTROLS
Is imperative that organizations develop and follow a sound backup strategy, otherwise,, there
would be nothing left to recover after a disaster.
DATA BACKUP
HARDWARE BACKUP
-an integral component of a well-rounded backup stategy is the integration of hardware redundancy into
the computing environment.
3 Common Configurations