Computer Science 1032A/B Study Guide - Corporate Governance Of Information Technology, Financial Statement, External Auditor

25 views5 pages
of 5
Chapter 9 IS strategy, governance and ethics
- Organization’s goals and objectives is to determine its competitive strategy
- Use Porter’s five forces model to consider the structure of the industry under which a company
o Given a structure, we could’ve develop competitive strategy for he organization
o This strategy is supported through acitivites in the value chain which consist of a
collection of business processes
o Business processes are supported by informationa systems
- Information system exist to help achieve company’s goals and objectives
- Information system should support competitive strategy (understanding of technological and
organizational systems)
What is information technology architecture?
- IT architecture: plan for a city , it is the basic framework for all the computers, systems and
information management that support organizational services
o More services and different technology is used -> more complex
- Enterprise architect -> people who do this work ^ create a blueprint of an organization’s
information systems and the management of these systems
o Blueprint should provide an overview that helps people in the organization better
understand current investments in technology and plan for changes
o Usually considers organizational objectives, business processes, databases, information
flows and operating systems, appliocations andsoftware and supporting technology
- How does IT architecture look like?
o An architecture is usually a long document with many sections that include some pretty
complicated diagrams as well as management policies (ex. Privacy, sourcing and seucirty)
and discussion of future changes to the architecture
- Use Zachman freamwork to development an IT architecture (by John zachman by IBM in the
o Based on 6 reasons for communication (what data, how fucntion, where network,
who- people, when- time, why - motivation)
o And the oterh is based on stakeholder groups (planner, owner, designer, builder,
implementer and worker)the intersection of these two dimentsions helps provide a
relatively holistic view of the enterprise
o Architecture is important when an organization is considering significant changes, such
as mergers, acquisitions, divestiture or rapid growth
o Useful to see how your company is working and how it will have change in order to work
even more effectively
o In a framework of enterprise architecture : moving down provides higher levels of detail ,
moving across shows different perspectives on systems
What is alignment, why is it important and why is it difficult?
- Process of matching organizational objectives with IT architecture is often referred to as
alignment (MIS researchers have suggested that alignment sould be viewed as an ongoing
process)IT architecture to business objectives is a challenge that continually evolves
- Alignment process takes advantage of IT capabilities as they develop while at the same time
maintaining a balance between business objectives and IT architecture
- What works for one organization as a balacen may not work for another since alignment
depends on business goals, the organizational contect and the state of IT architecture
- Supporting business objectives with appropriate IT invstments remains a critical part of IT
What is information governance?
- Some committee or political party has the ability to decide on expectations for performance , to
authorized appropriate resources and power meet expectations and perhaps eventually to
verify whether expectations have been met (ensure on behave of the firm’s shareholders)
- Governance is often designed to work toward the development of consistent, cohesive
management policies and verifiable internal processes
- Establisling rules such as sourcing, privacy, security and internal investments, goal of governance
is to improve the benefits of organization’s IT investments overtime
- Increasing interest in information systems governance is liely a result of laws such as the
Sarbanes Oxley act in the United sates and Bill 198 aka the Budget measures act in Ontario
o These laws force companies to comply with standards for collecting, reporting and
disclolsing informationa
- Legislation known as the Sarbanes Oxley Act in the United States and the Budget Measures Act
(or Bill 198) in Ontario has affected many information systems, particularly accounting
information systems
o Sarbanes Oxley Act governs the reporting requirements of publicly held companies,
prevent corporate frauds lilel those perpetrated b WoldCOm etc
o Ontario -> budget measures act -? Increase the level of responsibility and accountability
of executive management of publicly held canadain companies treade on the TSE
o Both require management and to create internal controls sufficient to produce reliable
financial statements and to protect the organization’s assets and also external auditor
must also issue an opinion on the quality of the internal controls
o One example of internal control is the separation of duties and authorities
o IS governance in the future will require stakeholders to have inpujt into important IS
What is an information system audit?
- Examaniationa nd verification of a company’s financial and accounting records and supporting
documents by an accredited professional
- Ex CA, CMA, CGA (financial audit -> financial governance of an organization)
- The concept of an information systems audit is analogous to a financial audit -> focus is placed
on informatona resources that are used to collect , sgtore , process and retrieve information (IS
- standards were first developed for 1970s) and have been evolving with chances in technology
- The information systems aujdit and control association is an organization that was formed in
1969 by a group of individuals that was in charge of auditing controls for newly developed
computer systems -> became a leader in developing knowledge and standards relating to IT
audit and IT governance
- The Certified information systems auditor (CISA) certification is recognized globally and has
been earned by 60000 professionals
- In Canada, the canaaidna institute of chartered accountants (CICA) have an greement with
ISACA that recognizes the certified information systems auditor designation developed by ISACA
as the only designation that leads to recognition as a CA-esignated specialist in information
systems audit , control and security
- Control objectives for infomaration and related technology -> best frameowkr of best practices
designed for IT management
o Help link business goals to IT goals
o Provides a process through which alignment between IT and business objectives is
- What are ifnoramtiona systems ethics?
- - there are few limits to the use of information technology and information systems in
developing competitive advantage
- information systems ethics
o advances in finformation technology bring new opportunities fo rindviudals and
organizations as well as new risks if we could put ethics into rule-based behaviour then
computers could control ethics
o information systems ethics is about understanding our own behaviour -> the way we
thik and act in situations in which our choices affect otherswhistle blowers have shown
us that it is no longer acceptable to do what your boss says or do what the system tells
youwhen it coms to ethical situations
o understanding your own personal principles is an important part of establishing your
ethical behaviour
What is green IT and why should I care?
o Green IT provides a good example of the importantce of understanding the choices an
organization makes and impact of thse choices
Green IT, green computing means using information technology resources to better support the triple
bottom line for organization
- Triple bottom line is a concept that expands the notion of traditional financial reports
- There are many elements of green IT but its primary goals are to improve energy efficiency,
promote recyclability and reduce the use of materials that are hazardous to the environment