Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing the IT Function

Published byTheresa Curtis Modified over 6 years ago

Similar presentations

Presentation on theme: "Managing the IT Function"— Presentation transcript:

1 Managing the IT Function
Revised on 2014

2 Content What is IT Function?
How to plan, measure and monitor IT function in an organization Managing IT function in terms of: Organizing the IT function Funding the IT function Staffing the IT function Directing the IT function Controlling the IT function CISB424, Sulfeeza

3 Overview of IT function
So what is an IT function? Basically, what does an IT department do in an organization According to Gartner Group: A company's Information Technology department: plans, operates and supports an organization’s IT infrastructure which enables business users to carry out their roles efficiently, productively and securely. must fulfill the multiple business and technical requirements by providing a secure and reliable IT infrastructure and minimizing costs (Source: Ian Linton , Demand Media) CISB424, Sulfeeza

4 Overview of IT function
Effective management of IT function is a critical success factor in ensuring economic viability of an organization Why? Mismanagement of IT function could result in serious risks, such as: Risks associated with ensuring the availability, security, integrity and maintainability of computing infrastructure Risks associated with ensuring the effectiveness, efficiency, confidentiality, integrity, availability, compliance and reliability of company information IT auditors must ensure that IT managers are properly managing the IT functions of an organization in ensuring that the IT function will add value to the organization CISB424, Sulfeeza

5 How to plan, measure and monitor IT Functions performance?
Using the concept of IT Function Scorecard Based on balanced scorecard Kaplan & Norton (1996) A performance metric used in strategic management to identify and improve various internal functions and their resulting external outcomes. The balanced scorecard attempts to measure and provide feedback to organizations in order to assist in implementing strategies and objectives CISB424, Sulfeeza

6 Balanced Scorecard CISB424, Sulfeeza
Source: Balanced Scorecard Organization

7 Strategy Mapping using Balanced Scorecard Approach
CISB424, Sulfeeza Source: Balanced Scorecard Organization

8 Traditional Balanced Scorecard
IT Balanced Scorecard Traditional Balanced Scorecard IT Balanced Scorecard Financial Corporate Contribution Customer User Orientation Internal Business Process Operational Excellence CISB424, Sulfeeza Learning and Growth Future Orientation Figure 4-4 IT Function Scorecard

9 IT Balanced Scorecard Vision and Strategy Corporate Contribution
Strategic Contribution Business Value of IT Projects Service Capability Improvement Staff Management Effectiveness Synergy Achievement Enterprise Architecture Evolution Corporate Contribution Future Orientation Management of IT Investment Emerging Technology Vision and Strategy Customer Orientation Operational Excellence Customer Satisfaction Process Excellence CISB424, Sulfeeza Responsiveness Application Development Performance Security & Safety Figure 4-4 IT Function Scorecard Service Level Agreement IT Business Partnership Internal Cost of Quality Measures Backlog Management

10 1. Organizing the IT Function
Structuring IT function in an organization has becoming more complex as corporate structures also becoming more complicated In order to fully benefit IT function and is recognized as an important entity in the organization, IT functions in an organizational setting must be planned well One of the issues to be determine is on the “location” of IT function

11 1. Organizing the IT Function
What are the risks of improper locating and structuring IT functions: IT function fail to address the organization’s strategic initiatives The potential efficiency and effectiveness of IT function are not fully optimized Improper segregation of incompatible functions which can threaten the integrity and security of enterprise-wide information and computing infrastructure

12 1. Organizing the IT Function
So, how does IT function should be structured in an organization? IT Function operating models Centralized IT Decentralized IT Federated IT CISB424, Sulfeeza

13 1. Organizing the IT Function
Centralized IT All IT infrastructure and application services throughout each line of business (LOB) in the organization are delivered by a single internal IT department (Source: LOB LOB LOB CISB424, Sulfeeza CIO LOB

14 1. Organizing the IT Function
Decentralized IT Every LOB has its own dedicated internal IT department (Source: CEO LOB LOB LOB CISB424, Sulfeeza CIO CIO CIO

15 1. Organizing the IT Function
Federated IT Some services (such as infrastructure services) are offered centrally to the entire organization, and some services (such as application services) are offered by the dedicated IT department within the individual LOB (Source: CIO Group CIO CISB424, Sulfeeza CIO CIO

16 1. Organizing the IT Function
Three (3) main categories of activities performed by IT function in an organization IT Infrastructure management Decisions that address the nature of hardware and software platforms, annual enhancement to these platforms, the nature of network and data architectures, and the corporate standards for procurement and deployment of IT assets IT use management Decisions that address applications prioritization and planning, budgeting, and the day-to-day delivery of operations and services IT project management (Source: Sambamurthy and Zmud, 1999)

17 IT auditor tasks in examining the IT Function
IT Auditors should ensure that segregation of incompatible duties are enforced Systems development and computer operation functions are segregated It is also advisable for the IT function to form a separate security specialization to maintain custody of software applications and corporate data

18 Systems Development Systems developers are authorized to create and alter software logic, therefore, they should not be allowed to process information They should not maintain custody of corporate data and business applications

19 Computer Operations Computer Operation staff are responsible for:
Entering Data (similar to the internal control concept of ‘authorizing transactions’) Processing information (similar to the internal control concept of ‘recording transactions’) Disseminating Output (similar to the internal control concept of ‘maintaining custody’)

20 Computer Security Responsible for the safe-keeping of resources
includes ensuring that business software applications are secure responsible for the safety (‘custody’) of corporate information, communication networks and physical facilities Systems analysts and programmers should not have access to the production library

21 IT auditor tasks in examining the IT Function
IT Auditors should ensure that segregation of incompatible duties are enforced Systems development and computer operation functions are segregated It is also advisable for the IT function to form a separate security specialization to maintain custody of software applications and corporate data IT Auditors should also ensure that control over applications and data are integrated into the system development and computer operations

22 2. Funding the IT Function
IT function must be adequately funded to conduct day-to-day operations and fulfill strategic objectives Risks associated with lack of proper financing and funding for IT function: Inability to fulfill the needs and demands of customers, vendors, employees and other stakeholders, which can adversely impact the success of the company Heavy workloads can lead to a culture of ‘working around’ the system of internal controls

23 2. Funding the IT Function
Two (2) main approaches in funding the IT function in an organization: Cost center approach – part of a company that does not produce direct profit and adds to the cost of running a company Profit center approach – a part of a company that is treated as a separate business, and thus the profits or losses are calculated separately (Source: Wikipedia)

24 2. Funding the IT Function
Cost Center Profit Center Pros: IT requests may be justified using the IT balanced scorecard approach IT department can run its own operations by ‘charging’ the services that it provides Cons: IT department has to compete with other departments in the organization for budget IT department may ‘overly’ charge their services and products

25 2. Funding the IT Function
IT Auditor should assess whether : Cost center Profit center IT requests are appropriate and properly justified Reasonableness check is performed at least annually to ensure that IT charges are not excessive An independent party within the company should compare rates to outside services

26 3. Staffing the IT Function
Human resources of IT function is as important as the other types of resources of IT function The possible risks associated with mismanaging the human resources of IT function: IT employees lack of sufficient knowledge and experience IT employees are not being utilized in efficient and effective manner IT employees are unaware or unconcerned about the internal controls of IT related function Disgruntled or bad IT employees might expose the company to computer security threats, information integrity problems or asset misappropriation The risks can be effectively controlled via sound human resource procedures in the areas of hiring, rewarding and terminating employees

27 3. Staffing the IT Function - Hiring
Acquiring and retaining qualified IT personnel is critical factor in the ultimate success of IT function The process of hiring IT personnel include Recruiting Verifying Testing Interviewing IT Auditor should ensure that: the company has formal procedures in hiring new employees and that the procedures are followed each job should have a substantive description of roles and responsibilities.

28 Hiring - Recruiting IT manager should carefully plan and execute each step in compliance with company policy or regulatory/statutory rules Identify Needs Write a job description Obtain permissions Advertise Accept Applications Review Applications IT Auditor should ensure that: Clear authoritative guidance in hiring The personal and professional qualifications of candidates are being verified

29 Hiring - Verifying Extent depends on the position, but all candidates should have some checking, such as: Contact references, both personal and professional. Conduct Background checks Verify Education Checks for criminal or civil violations IT Auditor should ensure that: the company has written procedures on verifying new applicants the company follows the procedures and documents the evidences

30 Hiring - Testing Written and/or oral tests administered to the applicants to test skills and knowledge IT Auditor should: determine that testing is performed (as needed) ensure that company is consistent in testing procedures

31 Hiring - Interviewing Steps of interviewing:
Select appropriate interviewers Develop an internal interview schedule Arrange for interviews with interviewees Conduct the interviews IT Auditor should determine that: interview is conducted in proper manner interview follows company, regulatory and statutory rules

32 3. Staffing the IT Function - Rewarding
Motivating and challenging employees in positive ways is important as to build their sense of self-efficacy and self-esteem, as well as develop their loyalty and commitment to the company The steps of rewarding IT personnel include Evaluating Compensating Promoting Learning

33 3. Staffing the IT Function - Rewarding
The possible risks associated with improper rewarding of IT personnel: IT employees might develop a ‘bad attitude’ toward the IT manager and the company, which could lead to: lower productivity frustration turnover Disgruntled IT employees might engage in mischievous and criminal behaviors, which could threaten the availability, accuracy, security and reliability of corporate information

34 Rewarding - Evaluating
Most common is the annual performance review Evaluator must be as fair as possible to prevent frustration and resentment. IT Auditor should ensure that: the evaluation process have a proper structure and is reasonable

35 Rewarding - Compensating
The company should strive to compensate employees at least as well as peer organizations. If IT employees are not being compensated well, it could increase the number of turnover, which could result to: Can cause productivity losses Replacement costs are high Risks the availability and reliability of systems Employees take sensitive information to competitors IT Auditor should check whether: IT function periodically assess comparative wage rates IT function does not discriminate employees (race, gender, etc) IT Auditor can perform test to see wage outliers

36 Rewarding - Promoting Should be based on merit
Compensation should be commensurate with the new job’s role and responsibilities IT Auditor should check whether : a formal policies with regards to promotion is available the written procedures and policies are consistently followed

37 Rewarding - Learning Training benefits the employee, the employer and society as a whole. Failure to offer learning opportunities create: potential loss of competitive positioning due to an uneducated workforce low employee morale stagnate and frustrated employees attitude of complacency toward internal controls Disregard for internal controls

38 3. Staffing the IT Function - Terminating
Terminating an employee, either voluntarily or involuntarily is a delicate issue A disgruntled employee can disrupt the company’s systems and controls, whereby can put the availability, reliability and integrity of information, computers and networks at risk The IT function needs to design and implement countervailing controls such as backup procedures, checks-and-balances, cross-training, job rotations, mandated vacations, immediately separate them from the computing environment or terminate all computer privileges to eliminate the possible risks

39 4. Directing the IT Function
Focuses in the approach used by IT managers in managing and directing the IT function of an organization IT manager responsibilities encompass four (4) areas: Workflow administration Computing environment management Handling 3rd party services Assisting end-users CISB424, Sulfeeza

40 a) Administering the Workflow
Defining the levels of service that IT function promises to deliver to its users, which involve in: Effective capacity planning Ensures that systems and information are available to users when needed Prevents misunderstandings and fosters atmosphere of mutual trust Schedule and perform the work Have enough resources for peak time yet minimize idle time CISB424, Sulfeeza

41 a) Administering the Workflow
IT Auditor roles in: Effective capacity planning Assess whether IT function has formal capacity planning and workload forecasting Assess whether there is a written Service Level Agreement between IT function and users Schedule and perform the work Identify the peaks and lows of IT function workloads Understand how IT function handles extreme workload Assess the effectiveness of IT function performance monitoring process CISB424, Sulfeeza

42 b) Managing the Computing Environment
Focuses on the IT manager’s responsibilities related to the computing infrastructure of an organization, which includes: Computer hardware Network hardware Communication systems Operating systems Application software and data files CISB424, Sulfeeza

43 b) Managing the Computing Environment
In managing the IT function of an organization, IT manager must: understand how the IT infrastructure is functioning to meet the IT function vision, mission and strategy establish policies for acquiring, disposing, and accounting for inventory and also track rented equipment and software comply with licensing agreements ensure that the physical IT environment is safe for human and computers ensure that physical IT environment complies with Occupational Safety and Health Administration (OSHA) CISB424, Sulfeeza

44 b) Managing the Computing Environment
IT Auditor roles in: Assessing the IT manager’s responsibility Review and verify the inventory of owned and non-owned items Review and assess the compliances of software licenses The physical security of IT facilities Perform walk-through the IT facilities to determine whether they are safe for humans and computers Review IT function’s formal safety plan Determine how IT functions tracks and investigate safety violation CISB424, Sulfeeza

45 c) Handling Third Party Services
Focuses on how the IT managers handles third party services, such as: Internet service providers (ISP) - an organization that provides services for accessing, using, or participating in the Internet Application service providers (ASP) - a business providing computer-based services to customers over a network; such as access to a particular software application (such as customer relationship management) using a standard protocol (such as HTTP) Security firms Call centers CISB424, Sulfeeza

46 c) Handling Third Party Services
Among issues to be considered: Establishment of policies and procedures for the purchase, use, and termination of 3rd party services Existence of legally binding contracts, which specifies: the roles and responsibilities of each party kind of services to be performed Service level agreement Contract duration and cost Dispute arrangement and resolution Ensuring the security and confidentiality of company information by 3rd party service providers CISB424, Sulfeeza

47 c) Handling Third Party Services
IT Auditor roles: Obtain the list of 3rd party services providers Verify the existence of legal contract between parties Verify dispute resolution mechanism and assess its adequacy Ensure that back-up and recovery plan is in placed Ensure that there is periodic back-up Ensure that disaster recovery plan is tested in periodic manner CISB424, Sulfeeza

48 d) Assisting Users IT function can assist the users by:
Creating a healthy environment of learning and growth through training and education, which involve: Identifying training needs Designing curricula to meet the identified needs Delivering training programs Providing helpful assistance and advices when needed, through helpdesk CISB424, Sulfeeza

49 d) Assisting Users IT Auditor roles, in terms of:
User training and education Review the nature and extent of training provided Determine if the trainings are consistent with the IT needs Assisting users through helpdesk Identify the methods used in logging, tracking, resolving and reporting problems and incidences Assess the methods used in logging, tracking, resolving and reporting problems and incidences Identify escalation procedures CISB424, Sulfeeza

50 CISB424, Sulfeeza

Download ppt "Managing the IT Function"

Similar presentations

St. Louis Public Schools Human Resources Support for District Improvement Initiatives (Note: The bullets beneath each initiative indicate actions taken.

St. Louis Public Schools Human Resources Support for District Improvement Initiatives (Note: The bullets beneath each initiative indicate actions taken.
Restaurant and Foodservice Operations Are Labor-Intensive

Restaurant and Foodservice Operations Are Labor-Intensive
HR Manager – HR Business Partners Role Description

HR Manager – HR Business Partners Role Description
Auditing Computer Systems

Auditing Computer Systems
Recruiting and Selecting the Best Employees

Recruiting and Selecting the Best Employees
MODULE 8 MONITORING INDIANA HPRP Training 1. Role of Independent Financial Monitors 2 IHCDA is retaining an independent accounting firm to monitor its.

MODULE 8 MONITORING INDIANA HPRP Training 1. Role of Independent Financial Monitors 2 IHCDA is retaining an independent accounting firm to monitor its.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Environmental Management Systems An Overview With Practical Applications.

Environmental Management Systems An Overview With Practical Applications.
Laboratory Personnel Dr/Ehsan Moahmen Rizk.

Laboratory Personnel Dr/Ehsan Moahmen Rizk.
Chapter 5 IT Processes Presented by Dr. Mohamed Sammouda.

Chapter 5 IT Processes Presented by Dr. Mohamed Sammouda.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
IS Audit Function Knowledge

IS Audit Function Knowledge
Chapter 10 Managing the Delivery of Information Services.

Chapter 10 Managing the Delivery of Information Services.
The Information Systems Audit Process

The Information Systems Audit Process
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Chapter 2 Strategic Training

Chapter 2 Strategic Training
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
Roles and Responsibilities of School Principals

Roles and Responsibilities of School Principals
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing

Similar presentations

Ads by Google