Você está na página 1de 23

MANAGING THE IT

FUNCTION
IT FUNCTIONS
Organizing the IT Function
Financing the IT Function
Staffing the IT Function
Directing the IT Function
Controlling the IT Function
Organizing the IT
Function
LOCATING THE IT FUNCTION

To whom should IT manager report?


Important ramifications on IT Manager’s
 Ability to acquire needed resources
 Ability to prioritize workloads.

Must Consider segregation of incompatible duties.


Responsibilities vest in different people:
 AuthorizingTransactions
 Recording Transactions
 Maintaining Custody of Assets
Designing the IT
Function
Internal control considerations
within an IT function
Separate from one another :
systems
development
computer operations
computer security
 In system development
 Staff has access to operating systems, business applications and other key software.
 They are eventually authorized to create and alter software logic, therefore, they
should not be allowed to process information
 They should not maintain custody of corporate data and business applications.
 In computer operation
 Operation staff are responsible for:
 Entering Data, processing information, disseminating Output
 Must segregate duties.
 In computer security
 Responsible for the safe-keeping of resources
 includes ensuring that business software applications are secure.
 responsible for the safety (‘custody’) of corporate information, communication networks and
physical facilities
 Systems analysts and programmers should not have access to the production library.

 IT auditors should ensure that systems developers and computer operators are
segregated.
 It is also advisable for the IT function to form a separate security specialization to
maintain custody of software applications and corporate data.
IT
Function
Manager

Systems Computer Computer User


Development Operations Security Services
Manager Manager Manager Manager
(a) (b) (c)
Systems Data Software Technical
Analysis (a) Input (a) Security Support

Computer Information Information Application


Programming (b) Processing (b) Security Support

Database Information Network User


Administration Output (c) Security Training
(c)
Continuity of Physical Help
Quality Operations Security Desk
Control
Financing the IT
Function
 Business risk of under-funding:
 Needs and demands of customers, vendors, employees and other
stakeholders will go unfulfilled.
 can adversely impact the success of the company.

 Audit risk of under-funding:


 Heavy workloads can lead to a culture of ‘working around’ the system
of internal controls
Funding the IT Function

 Two funding approaches: cost & profit center


 Cost Center Approach
 IT manager prepares budget, submit to upper management and justifies
the request for operating funds
 Typically budget request for human resources, materials and supplies,
and overhead.

 Profit Center Approach


 Submit detailed budget to upper management.
 Charge internal users for IT services creating intra-company funding of
the IT function based on the usage.
Staffing the IT
Function
 Business risk with mismanaging HR
 Employees lack sufficient knowledge and experience
 Inefficient and ineffectively used
 Audit risk
 Employees unaware or unconcern about IC
 ex[pose company to computer security threats, information integrity
problems, and asset misappropriation
 Business and audit risks can be effectively controlled via sound
human resource procedures in the areas of hiring, rewarding and
terminating employees.
Hiring

 Includes recruiting, verifying, testing,


and interviewing prospective
employees
 IT auditor determine if company have
formal procedures that if they are
followed
 Each job should have a substantive
description of responsibilities and
procedures.
 Recruiting
 Verifying
 Testing
 Interviewing
Rewarding

It is important to continually challenge and motivate


employees – build self-esteem, loyalty and commitment
Compensating
 The company should strive to compensate employees
at least as well as peer organizations.
Promoting
 Shouldbe based on merit
 Compensation should be commensurate with the
new job’s role and responsibilities.
Terminating
A disgruntled employee can disrupt the company’s
systems and controls.
The IT function needs to design and implement
countervailing controls
 backup procedures
 checks-and-balances
 cross-training
 job rotations
 mandated vacations
 immediately separate them from the computing environment
 terminate all computer privileges
Directing the IT
Function
 Overseeing technical projects in alignment with
organizational goals
 Directing the effective delivery of networks,
development, and disaster recovery systems and
processes
 Working with information engineers to find solutions
to manage business activities
 Supervising a team of workers, while working closely
with management, external vendors and advisors
 Preparing financial budgets and presenting
proposals for capital projects to senior
executives
 Researching and recommending new products
 Identifying new market opportunities
 Leading efforts to improve IT processes
Controlling the IT
Function
 To ensure secure operations of information systems and thus
safeguard assets and the data stored in these systems, and to
ensure that applications achieve their objectives in an efficient
manner, an organization needs to institute a set of policies,
procedures, and technological measures, collectively
called controls.