Documente Academic
Documente Profesional
Documente Cultură
IT Environment (1)
for
for Universitas
Universitas Padjadjaran
Padjadjaran
Accounting
Accounting Department
Department
IT
IT Audit
Audit S1
S1 Regular
Regular Class
Class
24 September 2005
1
IS Audit Syllabus
No
Subject Name
Date
Introduction of IS Audit
17-Sep-05
IT Environment (1)
24-Sep-05
IT Environment (2)
1-Oct-05
IT Processes
8-Oct-05
15-Oct-05
22-Oct-05
29-Oct-05
Mid-semester Exam
12-Nov-05
19-Nov-05
10
26-Nov-05
11
3-Dec-05
12
10-Dec-05
13
17-Dec-05
14
24-Dec-05
15
Final Exam
24 Sept 2005
TBA
Agenda
24 Sept 2005
Session 2 Objectives
Gain understanding of the importance and role of IT
for the Business
Understand IT organization & its requirements
Introduce the students to:
The
The concepts
concepts of
of hardware
hardware and
and the
the risks
risks and
and controls
controls associated
associated
with them, and
The
The basic
basic audit/review aspects and considerations of the above
concepts.
24 Sept 2005
24 Sept 2005
24 Sept 2005
Hardware
PCs/workstations
Terminals
Servers
Network equipment (hub, switch, router, etc.)
Printers, scanners, etc.
24 Sept 2005
24 Sept 2005
24 Sept 2005
10
CFO IT Perspectives
49% of CIOs report to the CFO (29% to the CEO)
Technology expertise considered most important skill
after financial expertise (44% response)
IT training first priority for developing accounting staff
(52%)
82% of CFOs say accounting departments have
become more involved in technology initiatives
Responsibilities outside the scope of traditional
financial functions will occupy 37% of a senior
accountants time in five years.
Source:
Source: RHI
RHI Management
Management Resources
Resources // FEI-CSC
FEI-CSC Surveys
Surveys
24 Sept 2005
11
Greater role in
technology and
information
systems
initiatives
39%
Other/don't
know
5%
Expanded
leadership and
management
role
14%
Increased
other
interaction with
departments
16%
12
70
60
50
2001
2000
1999
40
30
20
10
0
A
D
Source: FEI-CSC Survey
24 Sept 2005
13
Management Challenges
30% of businesses are unable to determine
their return on technology investments
61% do not have a written strategic plan for
information systems
Only 23% of those with plans believe them
to be fully aligned to the business strategy
Source:
Source: FEI-CSC
FEI-CSC Survey
Survey
24 Sept 2005
14
Business Requirements on IT
Confidentiality
Integrity and Reliability
Availability
Effectiveness and Efficiency
Compliance
24 Sept 2005
15
16
Possible Results
Restatement of accounts
Bankruptcy
Falling share price
Poor financial performance
Bad publicity
Customer dissatisfaction
24 Sept 2005
17
Top 10 IT Issues
1. Strategy prioritizing technology investments
2. Budgeting identifying appropriate investment level
3. Efficiency evaluating/measuring return on technology
4. Security confidentiality/integrity/reliability of data
5. Continuity securing the availability of information
6. eCommerce re-volution to e-volution
7. Project Management high price of implementation failure
8. ERP pros and cons of integrated software
9. Outsourcing trusting your business to third parties
10. Regulation legislation compliance (e.g., data privacy)
24 Sept 2005
18
24 Sept 2005
19
Responsibility of IT Management
Where can you find the IT organization in a
company?
Finance manager ( no specific IT manager)
IT Manager, reporting to Finance Manager
IT Manager or CIO, reporting to CEO
CIO and IT Manager
24 Sept 2005
20
Responsibilities in IT Management
System development
Development and implementation of new
information systems
Application management
Network Management
Helpdesk/user support
Project management
24 Sept 2005
21
Types of IT organizations
Small IT organization (1-5 people)
CEO/PresDir
Finance
Marketing
Production
Head of IT
Application management
and support
24 Sept 2005
22
Types of IT organizations
Medium
Medium size
size IT
IT organization
organization (5
(5 -- 50
50 staff)
staff)
CEO/PresDir
CEO/PresDir
Marketing
Marketing
Finance
Finance
Production
Production
ITIT Department
Department
System
System Development
Development
Infrastructure
Infrastructure management
management
Application
Application management
management
Programmers
Programmers
Network
Network management
management
Database
Database Manager
Manager
Information
Information analysts
analysts
Hardware
Hardware management
management
Office
Office application
application management
management
Telecommunication
Telecommunication management
management
Business
Business application
application management
management
24 Sept 2005
Helpdesk
Helpdesk
23
24 Sept 2005
24
Hardware
24 Sept 2005
25
Hardware
Hardware architecture
Hardware components
Risks and Controls
Hardware Review/audit techniques
24 Sept 2005
26
Hardware
Hardware architecture
Classes
Large (mainframe)
IBM S-360/370, S390, z900
Unisys NX4801-21
Bull, Fujitsu
Small (microcomputer)
IBM PC Compatible
24 Sept 2005
27
24 Sept 2005
28
Hardware
Hardware components
Devices
Processors
Storage
FDD, Hard disk, CD-ROM, Magnetic Tape, Micro film
Input/output devices
Keyboard, POS terminals, Barcode readers, Mouse,
Stylus, scanner
Printer, Monitor, Plotter
Communication and networking devices
Modems, routers, switches & hubs, NIC
24 Sept 2005
29
Hardware
Risks and controls
Risks
Failures
Theft, vandalism
Disasters
Under/over capacity
24 Sept 2005
Controls
Environmental controls (humidifiers,
AC, UPS, surge protector)
Monitoring and Maintenance
Physical access
Backup, avoid flammable materials
(incl. Printers)
Capacity planning
30
Hardware
Hardware review/audit techniques
Physical
Physical controls
controls
Environmental
Environmental controls
controls
Hardware
Hardware capacity
capacity management
management
CPU,
CPU, I/O,
I/O, terminal,
terminal, telecommunication,
telecommunication, bandwidth
bandwidth and
and storage
storage utilization
utilization
Number
of
users
Number of users
New
New technologies,
technologies, applications
applications
Service
Service level
level agreements
agreements
Hardware
Hardware monitoring
monitoring
Hardware
Hardware error
error reports
reports
Availability
Availability reports
reports
Utilization
Utilization reports
reports
Hardware
Hardware acquisition
acquisition plan
plan &
& maintenance
maintenance
Information
Information processing
processing requirements,
requirements, Hardware
Hardware requirements,
requirements, System
System software
software requirements,
requirements,
Support
and
maintenance
requirements.
Support and maintenance requirements.
24 Sept 2005
31
Operating Systems
24 Sept 2005
32
Summary
The hardware are one of the organizations assets
that should be properly controlled and managed by
management.
Todays auditors should familiar and be prepared to
deal with various rapid development in IT and its
risks
IS Auditors tasks:
24 Sept 2005
33
24 Sept 2005
34
Thank You
24 Sept 2005
35