Information Technology Presentation by Group 3

INFORMATION TECHNOLOGY Presented by Group 3 CONTROL OBJECTIVES FOR INFORMATION AND RELATED TECHNOLOGY (COBIT) COBIT 5 takes a stakeholder approach to addressing information needs and incorporate the following 5 principles: A. Meeting stakeholder needs B. Covering the enterprise end-to-end C. Applying a single integrated framework D. Enabling a holistic approach E. Separating Governance from Management COBIT 5 ENABLERS a. Processes - an organized set of practices and activities to achieve certain objectives b. Organizational Structures - the key decision-making entities in an organization c. Culture, ethics, and behavior of individuals and the organization d. Principles, policies and frameworks - the vehicle to translate the desired behavior into guidance for day-to-day management COBIT 5 ENABLERS e. Information produced and used by the enterprise f. Services, infrastructure, and applications - the infrastructure technology and applications that provide the enterprise with information technology processing and services g. People, skills, and competencies required for successful completion of activities and for making correct decisions. EFFECT OF IT ON INTERNAL CONTROL 1.PRINCIPLE OF RELIABLE SYSTEMS AND EXAMPLE OF OVERALL RISKS a reliable system is one that is capable of operating without material error, fault, or failure during a specified period in a specified environment 5 PRINCIPLES OF RELIABLE SYSTEMS 1.SECURITY 2.AVAILABILITY 3.PROCESSING INTEGRITY 4.ONLINE PIRACY 5.CONFIDENTIALITY CONTROL ENVIRONMENT 7 FACTORS OF THE CONTROL ENVIRONMENT: I - Integrity and ethical values C - Commitment to competence H - Human resource policies and practices A - Assignment of authority and responsibility M - Management’s philosophy and operating style B - Board of directors or audit committee participation O - Organizational structure STEPS IN SYSTEM DEVELOPMENT LIFECYCLE 01 Software concept—identify the need for the new system. 02 Requirements analysis—determine the needs of the users. 03 Architectural design—determining the hardware, software, people, etc. needed STEPS IN SYSTEM DEVELOPMENT LIFECYCLE 04 Coding and debugging—acquiring and testing the software. 05 System testing—testing and evaluating the functionality of the system. SEGREGATION CONTROLS SYSTEM SYSTEM APPLICATIONS ANALYSIS PROGRAMMING PROGRAMMING The systems analyst The systems programmer is analyzes the present user The applications responsible for implementing, modifying, programmer is responsible environment and and debugging the software for writing, testing, and requirements and may (1) debugging the application necessary for making the recommend specific hardware work (such as the programs from the changes, (2) recommend operating system, specifications (whether the purchase of a new telecommunications general or specific) system, or (3) design a monitor, and the database provided by the systems new information system management system) analyst. SEGREGATION CONTROLS DATABASE DATA PREPARATION OPERATIONS ADMINISTRATION a database administrator (DBA) is responsible for Data may be prepared The operator is maintaining the by user departments responsible for the daily database and restricting and input by key to computer operations of access to the database storage devices. both the hardware and to authorized personnel. the software. T SEGREGATION CONTROLS DATA LIBRARY DATA PREPARATION The librarian is responsible for custody The control group acts of the removable media as liaison between users (i.e., magnetic tapes or and the processing disks) and for the center maintenance of program and system documentation. ELECTRONIC COMMERCE Electronic commerce has resulted in a number of new web-related positions, including WEB ADMINISTRATOR WEB MASTER WEB DESIGNER (WEB MANAGER) Responsible for providing Responsible for expertise and leadership Responsible for creating overseeing the in the development of a the visual content of the development, website, including the website planning, and the design, analysis, security, maintenance, content implementation of a development, and website updates ELECTRONIC COMMERCE Electronic commerce has resulted in a number of new web-related positions, including WEB COORDINATOR INTERNET DEVELOPER INTRANET/EXTRANET DEVELOPER Responsible for writing Responsible for the programs for Responsible for daily operations of commercial use. writing programs the website Similar to a software based on the needs of engineer or systems the company. programmer RISK ASSESSMENT Changes in computerized information systems and in operations may increase the risk of improper financial reporting INFORMATION AND COMMUNICATION The computerized accounting system is affected by whether the company uses small computers and/or a complex mainframe system. MONITORING Proper monitoring of a computerized system will require adequate computer skills to evaluate the propriety of processing of computerized applications. Page 9 CONTROL ACTIVITIES OVERALL a. Control activities in which a computer is involved may be divided into the following categories: (1) Computer general control activities. (2) Computer application control activities. Programmed application control activities. Manual follow-up of computer exception reports. (3) User control activities to test the completeness and accuracy of computer processed controls. Page 10 COMPUTER GENERAL CONTROL ACTIVITIES -control program development, program changes, computer operations, and access to programs and data. These control activities increase the assurance that programmed control activities operate effectively during the period. COMPUTER APPLICATION CONTROL ACTIVITIES PROGRAMMED CONTROL ACTIVITIES relate to specific computer applications and are embedded in the computer program used in the financial reporting system. MANUAL FOLLOW-UP OF COMPUTER EXCEPTION REPORTS s involves employee follow-up of items listed on computer exception reports. USER CONTROL ACTIVITIES TO TEST THE COMPLETENESS AND ACCURACY OF COMPUTER PROCESSED TRANSACTIONS represent manual checks of computer output against source document or other input, and thus provide assurance that programmed aspects of the accounting system and control activities have operated effectively THANK YOU Presented by Group 3

Information Technology Presentation by Group 3

Document Details

Tags

Related

Summary

Full Transcript