MGAD30H3 Chapter Notes - Chapter 2: Relate, Fault Tolerance, Organizational Chart

90 views5 pages
Published on 9 Jul 2013
School
Course
Professor
Chapter 2 Auditing IT Governance
Controls
Overview
IT governance with IC and financial reporting implications
Computer threats and controls
Disaster recovery plan, backup
IT outsourcing
IT Governance
IT governance are to reduce risk and ensure that investments in IT resources add
value to corporation
Stakeholders, BoD, management are active participants in key IT decisions
IT Governance Controls
3 issues regarding SOX and COSO IC framework
o Organizational structure of the IT function
o Computer center operations
o Disaster recovery planning
Structure of the information technology function
Two types of IT structures: centralized and distributed approach
Centralized data processing
Centralized data processing model: all data processing is performed by one or more
large computers housed at a central site that serves users throughout the
organization
When information is shared, the database administrator (DBA) is responsible for
the security and integrity of the database
Data processing group has 3 functions: data conversion, computer operations, and
data library
o Transcribe transaction data from hard-copy source documents into
computer input
o Data converted are processed by the central computer which is managed by
the computer operations group
o Safe storage for the off-line data
System development analyzes user needs and designs systems to satisfy those needs
System maintenance assumes responsibility for keeping it current with user needs
Segregation of incompatible IT functions
3 operational tasks that should be segregated:
o Separate transaction authorization from transaction processing
Unlock document

This preview shows pages 1-2 of the document.
Unlock all 5 pages and 3 million more documents.

Already have an account? Log in
o Record keeping from asset custody
o Transaction-processing tasks among individuals such that short of collusion
between 2+ individuals is not possible
Separating systems development from computer operations
o Systems development and maintenance professionals should create systems
for users, and should have no involvement in entering data, or running
applications
o Operations staff should run systems and have no involvement in their design.
With detailed knowledge of application’s logic and control parameters and
access to the computer’s operating system and utilities, an individual could
make unauthorized changes to the application during its execution
Separating database administration from other functions
o Database administrator (DBA) should be separate from other computer
center functions
o DBA are responsible for database security, creating database schema, and
user views, assigning database access authority to users, monitoring
database usage, and planning for future expansion.
Separating new systems development from maintenance
o Systems development into 2 groups: systems analysts and programming
o Systems analysts work to produce detailed designs of the new systems. They
code the programs according to design specs. The programmer who codes
the program also maintains the system. This causes 2 control problems:
inadequate documentation and program fraud:
Documenting systems is not fun; prefer to work on next project. Also,
this raises concerns re job security makes them more valuable
Original programmer may conceal fraudulent code. The programmer
may disable fraud during inspection
o Superior structure for systems development
Systems development function is divided into 2 groups: new systems
development and systems maintenance
Designing, programming and implementation
Upon successful implementation, ongoing maintenance falls to
the systems maintenance group
Documentation standards improve as maintenance group requires
documentation to perform their tasks
Denying programmer future access to the program deters program
fraud
The distributed Model
Distributed data processing (DDP) involves reorganizing the central IT function into
small IT units. There are two ways
o Terminals are distributed to end users for handling input and output
o Distributes all computer services to the end users
Risks
Unlock document

This preview shows pages 1-2 of the document.
Unlock all 5 pages and 3 million more documents.

Already have an account? Log in

Get OneClass Grade+

Unlimited access to all notes and study guides.

YearlyMost Popular
75% OFF
$9.98/m
Monthly
$39.98/m
Single doc
$39.98

or

You will be charged $119.76 upfront and auto renewed at the end of each cycle. You may cancel anytime under Payment Settings. For more information, see our Terms and Privacy.
Payments are encrypted using 256-bit SSL. Powered by Stripe.