Information Systems Operations & Maintenance IT Infrastructure refers to the supporting processes that allow IT
Week 1-2 applications to function and deliver their results to the systems
users.
Module 1: Lesson 1: IT Governance
-Service Support
-Service Delivery
IT Governance
-A subset of corporate governance that focuses on the management
IT Governance Issues
and assessment of strategic Information Technology (IT) resources.
1. Organizational Structure
2. Computer Center Operations
1. Reduce Risk
3. Disaster Recovery Planning
2. Add Value
IT Functions- Segragation of duties
Modern IT Governance follows broad-based involvement.
-IT Management
-Database Administration
IT Governance is concerned with the strategic alignment between
-Data Processing
the goals and objectives of the business and the utilization of its IT
-Data Conversion
resources to effectively achieve the desired results.
-Computer Operations
-Data Library
-Steering Committee
-Systems Development and Maintenance
-IT Strategy
-Chief Information Officer
Information Technology Function
Centralized Data Processing
IT Governance Framework
-ALL data processing is performed by one or more large
Sarbanes-Oxley Act
computers housed at central site that serves users
-U.S. law enacted in 2002 to improve public company
throughout the organization.
financial reporting, audit, and enterprise governance
processes.
Distributed Data Processing
- Involves reorganizing the central IT function into small IT
COSO Framework
units that are placed under the control of endusers.
-A common framework for the definition of internal
-May be distributed according to business functions or
controls, as well as procedures to evaluate those controls.
geographic locations.
COBIT
-A more IT-oriented internal control assessment and
guidance framework , with an emphasis on enterprise IT
resources.
ITIL
-Detailed framework of significant IT best practices, with
comprehensive checklists, tasks, procedures, and
responsibilities designed to be tailored to any IT function
Control Objectives For Information And Related Technology (Cobit)
COBIT
-is an IT governance internal control framework that is an
important support tool for documenting and
understanding COSO internal controls and SOx
requirements, and for recognizing the value of and risks
associated with IT assets in an enterprise.
ITIL
- provides a framework for the governance of IT and
focuses on the continual measurement and improvement
of the quality of delivered IT services from both a business
and a customer perspective.
Module 2: Lesson 1: Internal Controls Application Controls
-Ensure the validity, completeness, and accuracy of
Internal control system encompass a set of rules, policies, and financial transactions.
procedures an organization implements to provide reasonable -Controls that are designed to be application-specific.
assurance on the achievement of the following objectives:
General Controls
1. To safeguard assets of the firm. -Apply to all systems.
2. To ensure the accuracy and reliability of accounting records and - Includes IT Governance, IT infrastructure, security and
information. access to operating systems and databases, application
3. To promote efficiency in the firm’s operations. acquisition and development, and program change
4. To measure the compliance with management’s prescribed procedures.
policies and procedures.
Module 2: Lesson 2: IT Functions
Preventive Controls
-First line of defense. These controls are passive techniques It Primary Service Areas
designed to reduce the frequency of occurrence of undesirable Database Administration – responsible for the security and integrity
events. of the database.
Detective Controls Data Processing – manages the computer resources used to perform
-Second line of defense. These are devices, techniques, and the day-to-day processing of transactions.
procedures designed to identify and expose the undesirable events a. Data Conversion – transcribes the transaction data from
that elude the preventive controls. hard copy source documents into computer input.
b. Computer Operations – manages the processing of the
Corrective Controls electronic files produced in data conversion; runs the
-Must be taken to reverse the effects of detected errors. Fix the applications.
problem. c. Data Library – room adjacent to the computer center that
provides the safe storage of the off-line data files
Control Environment i.e. backups or current data files. Data librarian is
1. Demonstrates commitment to integrity and ethical values responsible for the receipt, storage, retrieval, and custody
2. Exercises oversight responsibility of data files, controls access to the library.
3. Establishes structure, authority and responsibility
4. Demonstrates commitment to competence Systems Development – group responsible for analyzing the user
5. Enforces accountability needs and for designing new systems to satisfy those needs.
Risk Assessment Systems Maintenance - group responsible for keeping the systems
6. Specifies suitable objectives current with user needs.
7. Identifies and analyzes risk
8. Assesses fraud risk Segregation of Incompatible IT Functions
9. Identifies and analyzes significant change -Systems Development
-System Administration
Control Activities -Computer Operations
10. Selects and develops control activities -Systems Maintenance
11. Selects and develops general controls over technology
12. Deploys through policies and procedures
Information And Communication
13. Uses relevant information
14. Communicates internally
15. Communicates externally
Monitoring Activities
16. Conducts ongoing and/or separate evaluations
17. Evaluates and communicates deficiencies