Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 8 Controlling Information Systems: IT Processes.

Published byDoris Garrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 8 Controlling Information Systems: IT Processes."— Presentation transcript:

1 Chapter 8 Controlling Information Systems: IT Processes

2 2 Learning Objectives Know the major IT resources Appreciate the problems in providing adequate controls over IT resources Know & understand major IT control processes used to manage IT resources Understand how organizational/personnel control plans help achieve strategic IT vision

3 3 Learning Objectives (cont.) Appreciate steps in acquiring/implementing new IT resources Understand business continuity/security controls that help IT continuous, reliable service Appreciate importance of monitoring

4 4 IT Resources Data Application systems Technology Facilities People

5 5 Hypothetical Computer System

6 6 Organization Structures Centralized Decentralized Matrix Project

7 7

8 8

9 9

10 10 IT Control Process Domains

11 11 IT Control Processes & Domains Planning & Organization –IT Process 1: Establish strategic vision –IT Process 2: Develop tactics to realize strategic vision Acquisition & Implementation –IT Process 3: Identify automated solutions –IT Process 4: Develop & acquire IT solutions –IT Process 5: Integrate IT solutions into operations –IT Process 6: Manage change to existing IT systems

12 12 IT Control Processes & Domains (cont.) Delivery & Support –IT Process 7: Deliver required IT services –IT Process 8: Ensure security & continuous service –IT Process 9: Provide support services Monitor operations

13 13 IT Process 1 Elements of Strategic IT Plan Summary of Org’s strategic goals/strategies & how they relate to IT function IT goals/strategies & how each will support Org’s goals & strategies Info architectural model - corporate data model & associated info systems Inventory of current info sys capabilities

14 14 Elements of Strategic IT Plan (cont.) Acquisition/development schedules for H/W, S/W, & application sys & for personnel & financial requirements IT-related requirements to comply with industry, regulatory, legal, & contractual obligations IT risks and risk action plan Process for modifying plan to accommodate changes

15 15 IT Process 2 Organizational Control Plans Segregation of duties –authorizing transactions –executing transactions –recording transactions –safeguarding resulting resources Organizational plans for Info Sys function IT steering committee

16 16 IT Process 2 Personnel Control Plans Selection & Hiring Retention Personnel development Personnel management –Personnel planning –Job descriptions –Supervision –Personnel security –Personnel termination

17 17 IT Process 3 Identify Automated Solutions Develop/Acquire Application Software Acquire Technology Infrastructure Develop Service-Level Requirements & Application Documentation Develop solutions consistent the strategic IT plan IT Process 4 Develop/Acquire IT Solutions

18 18 Applications Documentation Systems documentation Program documentation Operations run manuals User manuals Training materials IT Process 4 cont.

19 19 IT Process 5: Integrate IT Solutions Into Operational Processes IT Process 6:Manage Changes to Existing IT Systems

20 20 IT Process 7: Deliver Required IT Services Define service levels Manage Third-party services Manage IT Operations Manage data (backup) Identify and allocate costs

21 21 IT Process 8: Ensure Security & Continuous Service Disaster recovery –hot site –cold site Restrict Access –physical access –logical access

22 22 IT Process 8 (Cont.)

23 23 IT Process 9: Provide Support Services IT Process 10: Monitor Operations Regular Training sessions should be provided Advice and assistance should be given Very often a “help desk” is setup for these purposes Gather data about processes Generate performance reports. WebTrust - ISP

24 24 Learning Objectives Know the major IT resources Appreciate the problems in providing adequate controls over IT resources Know & understand major IT control processes used to manage IT resources Understand how organizational/personnel control plans help achieve strategic IT vision

25 25 Learning Objectives (cont.) Appreciate steps in acquiring/implementing new IT resources Understand business continuity/security controls that help IT continuous, reliable service Appreciate importance of monitoring

Download ppt "Chapter 8 Controlling Information Systems: IT Processes."

Similar presentations

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
© Prentice Hall 2002 15.1 CHAPTER 15 Managing the IS Function.

© Prentice Hall CHAPTER 15 Managing the IS Function.
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
TI BISNIS ITG using COBIT &

TI BISNIS ITG using COBIT &
COBIT - II.

COBIT - II.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 8 IT Governance: Management Control of Information.

PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 8 IT Governance: Management Control of Information.
© Prentice Hall 2002 13.1 CHAPTER 13 Setting a Direction for Information Resources.

© Prentice Hall CHAPTER 13 Setting a Direction for Information Resources.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
Chapter 4 Internal Control Bus 319 Accounting Information Systems.

Chapter 4 Internal Control Bus 319 Accounting Information Systems.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
7.2 System Development Life Cycle (SDLC)

7.2 System Development Life Cycle (SDLC)
Chapter 10 Managing the Delivery of Information Services.

Chapter 10 Managing the Delivery of Information Services.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)

Similar presentations

Ads by Google