Você está na página 1de 33

WHO MANAGE THE IT FUNCTIONS?

IT MANAGER/IT AUDITOR

Responsibilities

Manage information technology and computer systems


Plan, organize, control and evaluate IT and electronic data operations
Manage IT staff by recruiting, training and coaching employees, communicating job expectations and
appraising their performance
Design, develop, implement and coordinate systems, policies and procedures
Ensure security of data, network access and backup systems
Act in alignment with user needs and system functionality to contribute to organizational policy
Identify problematic areas and implement strategic solutions in time
Audit systems and assess their outcomes
Preserve assets, information security and control structures
Handle annual budget and ensure cost effectiveness
WHAT ARE THE FIVE AREAS IN WHICH THE IT
MANAGER CAN ESTABLISH POLICIES AND
PROCEDURES IN IT FUNCTION ?
AREAS WHERE IT MANAGER CAN ESTABLISH POLICIES AND
PROCEDURES ...

a) Organizing
b) Funding
c) Staffing
d) Directing
e) Controlling
HOW IT FUNCTION IS BEING ORGANIZED ?
TWO WAYS IN ORGANIZING THE IT FUNTION

Locating IT Function
Designing IT Function
LOCATING THE IT FUNCTION

To whom should the IT manager report?


Should the IT manager report to whoever manages corporate accounting?
What about having the IT function manager report to another functional/lines manager, such as the
marketing, human resources or operations manager?
DESIGNING THE IT FUNCTION

A typical approach to organizing an IT funtion is along lines of specialization such as systems analysis,
software programming, information processing, computer security, and so on.

The important internal control consideration within an IT function are to separate systems development,
computer operation and computer security from one another for the following reasons.
IMPORTANT INTERNAL CONTROL TO CONSIDERED IN IT FUNCTION ARE TO
SEPARETE:
1.System Development
- have access to operating system, business operation and other key software
2.Computer development- responsible of :
- entering data in the computer

3.Computer security- responsible for safekeeping of valuable corporate resources, which includes ensuring that
business software application are secure.
FINANCING THE IT FUNCTION
Funding IT Operations
Two approaches:
Cost center- IT manager prepares a budget along with other functional/line managers,
submits it to upper management and justifies the request for operating funds.

Profit Center- requires the same budgeting process just described with respect expenditures.
ACQUIRING IT RESOURCES

WHAT IS IT RESOURCES?
IT RESOURCES

such as IT infrastructure, databases, networks and software packages and applications, as


well as non-physical (human) resources.
STAFFING THE IT FUNCTION

can be business risk:


can be audit risk:
HUMAN RESOURCES PROCEDURES

Hiring Learning
-Recruiting Terminating
-Verifying
- Testing
-Interviewing
Rewarding
Evaluating
Compensating
Promoting
DIRECTING THE IT FUNCTION
ADMINISTERING THE WORKFLOW
TWO ASPECTS:
1. Define the levels of service that the IT function promises to deliver to users.
2.Schedule and perform the work.

*The downside is that the IT FUNCTION would have idle resources for most of the month which
leads to inefficient use of resources.
* The upside is that the system would be available and the work would get done.
Managing the Computing Environment
TWO ASPECTS:
**Taking responsibility for the computing infrastructure.
** Centers of maintaining physical facilities.

COMPUTING INFRASTRUCTURE includes:


computer hardware
network hardware
communication system
operating system
application software and data files
INFRASTRUCTURE ELEMENTS:
**To fulfill the IT Functions Mission, Vision and Stategy**

Severe damages of external environment:


flood
hurricanes
tornados

OCCUPATIONAL SAFETY AND HEALTH ADMINISTATION (OSHA)


HANDLING THIRD-PARTY SERVICES

Consists of :
*internet service providers(ISP)
*communication companies
*security firms
*call centers
ASSISTING USERS
Two Aspects:
1.deals with creating an healthy environment of learning and growth through user training and education.
2.providing helpful advice when needed.

HELP DESK
SLIPPERY SLOPE SYNDROME
SUPER USERS
CONTROLLING THE IT FUNCTION
Major Categories involved in IT FUNCTION:
1.Security input
2. processing
3. output
4. database
5. backup and recovery
SECURITY CONTROLS
Security issues along two Avenues:
**physical security
**logical security
Security Issues Physical Controls Logical Controls
Access Controls Security guards ID passwords
Locks and keys Authorization matrix
Biometric devices Firewalls and
encryption
Monitor Controls Security guards Access logs
Video cameras Supervisory oversight
Penetration alarms Penetration alarms
Review Controls Formal reviews Formal reviews
Signage logs Activity logs
Violation investigations Violation investigations
Penetatong tests Unauthorized attempts Unauthorized attempts
to enter IT faccilities to enter servers and
Attempts to break in networks
through vulnerable Attempts to override
points access controls
As authorized visitor, (hacking)
attempts to leave As authorized user,
authorized personnel attempts to use
and wander around unauthirized
the facility without applocations and view
oversight. unauthorized
INFORMATION CONTROLS

The procese of capturing, pocessing, and distributing accounting information arising from economic
events.
Classified into: input , process, and output activities.
The company must integrate sound backup controls into the process.
INPUT CONTROLS
. -----The IT auditor should see whether the company follows written procedures regading the
proper authorization, approval, and input of accounting transactions.
PROCESS CONTROLS
-----The processing stage involves validating, error handling and updating acivities.
DATABASE CONTROLS
. ----- involves the near simultaneous update of multiple tables (called files in nonrelational
darabase environments), a glitch such as a power failure or computer malfunction can corrupt or destroy many data
items throughout the database.
OUTPUT CONTROLS

----Access to computer output should be controlled so that proprietary company


information is requested and seen only by authorized parties and printed reports remain within the
company premises.
CONTINUITY CONTROLS

- The disruption of business activities due to computer failures and disasters.

BACK UP CONTROLS
Is imperative that organizations develop and follow a sound backup strategy, otherwise,, there
would be nothing left to recover after a disaster.
DATA BACKUP

Two key issues when designing a back up strategy for an organization:


1. storage location
2. hardware redundancy
Two general solutions:
1.Physical vaulting- it is presumed that the medium is removed from the companys computer and
taken to an off-site location
2. Electronic Vaulting - involves sending backup data over a communications network to an off-site
storage medium, typically another Computer.

HARDWARE BACKUP
-an integral component of a well-rounded backup stategy is the integration of hardware redundancy into
the computing environment.
3 Common Configurations

Redundant array of independents disks (RAID)


1. DISK MIRRORING - in which data is simultaneously written to the primary disk and to one or more
redundant disks.
2.DISK STRIPING- where an array of at least three, but usually five, disks is established.

NETWORK ATTACHED STORAGE(NAS)


-Integrates one or more storage devices, also called NAS appliances, into the companys loval
area network(LAN)
SERVER AREA NETWORK
-expands the NAS CONCEPT TO WIDE AREA NETWORK (WAN)

DISASTER RECOVERY CONTROLS


1. the first step is to plan for various disaster scenarios.
2. When to enact the remainder of the contingency plan, now becomes critical.
3. where to transfer the lost computer processing load.