Documente Academic
Documente Profesional
Documente Cultură
Governance Controls
PRESENTED BY :
DEL MUNDO, GIAH DAVYN
ELEAZAR, JESSA MARIE
GONZALES, TYRON RYAN
GUILLERMO, MAUREEN
VERZOSA, LEVY
Information Technology
Governance
Objectives of Information
Technology Governance
Reduce
Ensure
risk
that IT resources
increases the value of the
firm
Issues addressed by
SOX and COSO
(a) Organizational structure of
the IT function
(b) Computer center
operations
(c) Disaster recovery planning
Structure of the
IT function
Models:
a.) Centralized data processing
b.) The Distributed model
A. Centralized Data
Processing
Processing is
performed in one
computer or in a
cluster of coupled
computers in a
single location.
It services
Systems
development
and design
Database
administratio
n
Data
Processing
Database
Administration
Database Processing
System Development
and Maintenance
Segregation of duties
System
Data
New
documentation
Fraud
Risks of DDP
Inefficient Use of Resources
Risk of Mismanagement of Resources
Risk of Operational Inefficiencies
Data Redundancy
Risk of Incompatible Hardware and Software
Advantages of DDP
Cost Reduction
Data can be edited and entered by end
users
Application complexity can be reduced
Improved Cost Control Responsibility
Backup Flexibility
Requires coordination among end user
managers
Improving/Controlling
DDP
Implement
Corporate IT
Function
A corporate IT
function alleviates
potential problems
associated with
distributed IT
organizations by
providing:
Technical help
Technical help
Electronic Bulletin Board
Electronic Bulletin Board
Chat rooms
Chat rooms
Help desk
Help desk
Technical courses
Technical courses
Standard-Setting Body
Standard-Setting Body
Personnel Review
Personnel Review
Distributed
Organization
with Corporate
Information
Technology
Function
Audit Objective
Verify
Audit Procedures
Review the corporate policy regarding computer
security
Verify whether policy is communicated to
employees
Review documentation to determine incompatible
functions
Review systems documentation and maintenance
records
Verify that maintenance programmers are not also design programmers
Computer center
COMPUTER CENTER
Physical Location
Construction
COMPUTER CENTER
Access
Air
Conditioning
Fire
Suppression
Fault
Tolerance
COMPUTER CENTER
Audit
Objectives:
Audit Procedures
Tests of Physical
Construction
Tests of Raid
Tests of Uninterruptible
Power Supply
Disaster Recovery
Plan
IDENTIFY CRITICAL
APPLICATIONS
Purchasing Functions
Cash disbursements
CREATE A DISASTER
RECOVERY TEAM
Second-site
Program
Facilities Group
Group
Data
Providing Second-Site
Backup
Operating System
Backup
Application Backup
Backup
Documentation
Audit Procedures
IT Outsourcing
Benefits of IT
Outsourcing
Improved
core
business
processes
Improved
IT
performance
Reduced
costs
IT
Risks of IT Outsourcing
Failure
to perform
Vendor
exploitation
Costs
exceed benefits
Reduced
Loss
security
of strategic
advantage
Audit Implications of IT
Outsourcing
Management
retains
SOX responsibilities
SAS
No. 7 report or
audit of vendor will be
required