Written Report

in
Accounting
Information System

Charrie Mae R. Javier

Chapter 8 Controlling Information Systems:

 Introduction to Pervasive and General Controls

IT Governance and Organizational Governance

IT Governance is the responsibility of executives and board of directors, and

consists of the leadership, organizational structures and processes that ensure that the
enterprise’s IT sustains and extends the organization’s strategies and objectives.
Organizational governance is about processes employed by organizations to select and
attain objectives. IT Governance is about processes to see that the organization’s IT
supports the attainment of organizational objectives.

Control

Controls are the policies, procedures, practices, and organizational structures

designed to provide reasonable assurance that business objectives will be achieved
and that undesired events will be prevented or detected and corrected.

Pervasive Control and General Control

Pervasive Control Plans are those that relate to a multitude of control goals and
processes. Like the control environment, pervasive control plans influence the
effectiveness of the business process control plans. At the same time, general
controls/IT controls influence the effectiveness of application controls.

IT Resources

IT Resources must be managed by IT control processes to ensure that an

organization ha the information it needs to achieve its objectives.

• Applications. Automated systems and manual procedures that process

information.

• Information. Data, in all their forms, that are input, processed, and output by
information systems.

• Infrastructure. Technology and facilities (hardware, operating systems,

networking, multimedia, etc., and the environment that houses and supports
them) that enable the processing of the applications.
 • People. Personnel, who plan, organize, acquire, implement, deliver, support,
monitor and evaluate information systems and services.

The Information Systems Organization

It is the department or function that develops and operates an organization’s

information system. The function (department) is composed of people, procedures, and
equipment, and it is typically called the information systems department, IS department,
or IT department. Figure 1 depicts a typical department. This type of structure places
the information systems function under the line authority of the chief information officer
or CIO (also known as the vice president of information systems).

Figure 1 Information Systems Organization

Chief
Executive
officer
Security Steering
officer Committee

Chief Vice CHIEF Vice Vice President

Financial President of INFORMATIO President of of human
Officer Marketing N OFFICER Production

Systems Technical Data Center

Developmen Services Manager
t Manager Manager

Quality Systems Database Telecommunication

Assurance Programmin administrati s/ Network Control
g on

Data Data Computer Data

Contro preparation/en operations librarian
l try
Four Broad IT Control Process Domains

IT control processes are grouped into four broad domains:

1. Plan and Organize

2. Acquire and Implement

3. Deliver and Support

4. Monitor and Evaluate

Figure 2 depicts the relationship of these four domains and lists the IT control
processes within each domain, for a total of 10 processes. Notice that the Monitor and
Evaluate domain provides feedback to the other three domains.

Figure 2 Four Broad IT Control Process Domains and Ten Important IT

Control Processes

Plan and
Organize

Monitor Acquire
and and
Evaluate Impleme
nt

Deliver
and
Support

IT Control Processes and Domain

Domain Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate

IT Control 1. Establish strategic 3. Identify automated 7. Deliver required IT 10. Monitor and
Processes vision for IT. solutions. services. evaluate the
2. Develop tactics to 4. Develop and acquire IT 8. Ensure security processes.
plan, communicate solutions. and continuous
and manage 5. Integrate IT solutions service.
realization of strategic into operational processes. 9. Provide support
 vision. 6. Manage changes to service.
existing IT systems.

A control process could easily be, and often is, referred to as a “management
practice”. This latter terminology emphasizes management’s responsibility for control in
the organization and the practices or processes that will bring about achievement of an
organization’s objectives. Second, the prominence of “process” in this terminology
reminds us of the definition of control as a “process”. it is through a coordinated effort,
across all IT resources and all organizational units, that the objective =s of the
organization are achieved.