Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing the IT Function

Published byMervyn Nichols Modified over 5 years ago

Similar presentations

Presentation on theme: "Managing the IT Function"— Presentation transcript:

1 Managing the IT Function
CISB424, Sulfeeza Revised on 2015

2 Content What is IT Function?
How to plan, measure and monitor IT function in an organization Managing IT function in terms of: Organizing the IT function Funding the IT function Staffing the IT function Directing the IT function Controlling the IT function Security Applications Database Backup and Recovery CISB424, Sulfeeza

3 b) Application Controls
The main objective of application controls are to ensure the confidentiality, accuracy, integrity, availability and completeness of the application and its associated data. So, what does that mean? Confidentiality – a data breach or release in violation of legal regulations Accuracy – correctness of data Integrity – data can be relied upon for accuracy Availability – data is available when needed Completeness – data is processed in complete manner CISB424, Sulfeeza

4 b) Application Controls
It covers the controls over input, processing and output So, what does that mean? Ensure that input data is complete, accurate and valid Ensure that processing produces expected results Ensure that processing accomplished desired tasks Ensure that output are protected from disclosure CISB424, Sulfeeza

5 b) Application Controls
Input controls - Controls that are in-placed to ensure only accurate and authorised data is entered into the system Objectives of input control: All transactions are initially and completely recorded All transactions are completely and accurately entered into the system All transactions are entered only once CISB424, Sulfeeza

6 b) Application Controls - Input
Controls that can be implemented: Pre-numbered documents Control total reconciliation Data validation Activity logging Document scanning Access authorization Document cancellation CISB424, Sulfeeza

7 Input Controls – Example Scenario
A customer purchases goods at a store counter. (Authorizing the sale) A cashier records the sale on the cash register (Approving the sale, balances the register, logs the logs into the register with ID) An accounting clerk later processes cash register sales in batches. (Inputs sales transactions into accounting system in batches) CISB424, Sulfeeza

8 Sample audit program CISB424, Sulfeeza

9 Sample audit program CISB424, Sulfeeza

10 b) Application Controls
Processing controls -Controls that are in-placed to ensure that data are correctly and completely processed by the system Objectives of process controls: Approved transactions are accepted by the system and processed All rejected transactions are reported, corrected and re-input All accepted transactions are processed only once All transactions are accurately processed All transactions are completely processed Input data update the correct data files CISB424, Sulfeeza

11 b) Application Controls - Processing
Controls that can be implemented: Control totals Programmed balancing Segregation of duties Restricted access File labels Exception reports Error logs Reasonableness tests Concurrent update control CISB424, Sulfeeza

12 Sample audit program CISB424, Sulfeeza

13 b) Application Controls
Output controls Controls that are in-placed to ensure that data are correct, can only be accessed by authorized personnel and distributed only to authorized recipients Determine where the output could be printed, how long should it be retained in the systems, when it should be archived, etc CISB424, Sulfeeza

14 b) Application Controls - Output
Controls that can be implemented: Complete audit trail Output distribution logs CISB424, Sulfeeza

15 Sample audit program CISB424, Sulfeeza

16 Sample audit program CISB424, Sulfeeza

17 b) Application Controls - Output Computer Screens
Screens need to be physically secured when output is visible. Output should be removed when user leaves the terminal. Return to the screen should require a password. Printed reports Printer rooms need trail of accountability. Locks to prevent unauthorized access. Logs to sign in anyone entering. Logs to sign for reports. End user report requests should be password protected. Network printers should be placed where unauthorized persons will not have access. Must have record retention and destruction policies. Mandated by regulatory agency. Dictated by company policy. Permanent reports must be in secured area. Temporary reports must by properly destroyed. CISB424, Sulfeeza

18 c) Database Controls The DBMS acts as a layer between the application software and the OS. The application passes on the instructions for manipulating data, which are executed by the DBMS following the integrity rules and constraints built into the database definitions CISB424, Sulfeeza

19 c) Database Controls IT auditor would check to see that the following controls have been implemented and maintained to ensure database integrity and availability: Definition standards Data backup and recovery procedures Access controls - only authorized personnel can read, update or delete the database Concurrency controls Controls to ensure the accuracy, completeness and consistency of data elements and relationships. Checkpoints to minimize data loss Database re-organizations Database performance Capacity planning Who can access the database without going through the application? CISB424, Sulfeeza

20 d) Backup and Recovery Controls
Controls that are implemented to ensure that business operations are able to recover and resume in the event of disasters Disaster can be: Natural – flood, earthquake Environmental – oil spill Man made – arson (fire), crime CISB424, Sulfeeza

Download ppt "Managing the IT Function"

Similar presentations

Presented to the Tallahassee ISACA Chapter

Presented to the Tallahassee ISACA Chapter
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
General Ledger and Reporting System

General Ledger and Reporting System
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Auditing Computer Systems

Auditing Computer Systems
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
Chapter 10: Auditing the Expenditure Cycle

Chapter 10: Auditing the Expenditure Cycle
12 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.

©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.

Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.
Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.

Chapter 14 System Controls. A Quote “The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The.
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
Pertemuan 16 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 16 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley 11 - 1 The Impact of Information Technology on the Audit.

©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Impact of Information Technology on the Audit.

Similar presentations

Ads by Google