Information Systems Operations & Maintenance IT Infrastructure refers to the supporting processes that allow IT

Week 1-2 applications to function and deliver their results to the systems
users.
Module 1: Lesson 1: IT Governance
-Service Support
-Service Delivery
IT Governance
-A subset of corporate governance that focuses on the management
IT Governance Issues
and assessment of strategic Information Technology (IT) resources.
1. Organizational Structure
2. Computer Center Operations
1. Reduce Risk
3. Disaster Recovery Planning
2. Add Value
IT Functions- Segragation of duties
Modern IT Governance follows broad-based involvement.
-IT Management
-Database Administration
IT Governance is concerned with the strategic alignment between
-Data Processing
the goals and objectives of the business and the utilization of its IT
-Data Conversion
resources to effectively achieve the desired results.
-Computer Operations
-Data Library
-Steering Committee
-Systems Development and Maintenance
-IT Strategy
-Chief Information Officer
Information Technology Function
 Centralized Data Processing
IT Governance Framework
-ALL data processing is performed by one or more large
 Sarbanes-Oxley Act
computers housed at central site that serves users
-U.S. law enacted in 2002 to improve public company
throughout the organization.
financial reporting, audit, and enterprise governance
processes.
 Distributed Data Processing
- Involves reorganizing the central IT function into small IT
 COSO Framework
units that are placed under the control of endusers.
-A common framework for the definition of internal
-May be distributed according to business functions or
controls, as well as procedures to evaluate those controls.
geographic locations.

 COBIT
-A more IT-oriented internal control assessment and
guidance framework , with an emphasis on enterprise IT
resources.

 ITIL
-Detailed framework of significant IT best practices, with
comprehensive checklists, tasks, procedures, and
responsibilities designed to be tailored to any IT function

Control Objectives For Information And Related Technology (Cobit)

 COBIT
-is an IT governance internal control framework that is an
important support tool for documenting and
understanding COSO internal controls and SOx
requirements, and for recognizing the value of and risks
associated with IT assets in an enterprise.

 ITIL
- provides a framework for the governance of IT and
focuses on the continual measurement and improvement
of the quality of delivered IT services from both a business
and a customer perspective.
Module 2: Lesson 1: Internal Controls
Internal control system encompass a set of rules, policies, and
procedures an organization implements to provide reasonable
assurance on the achievement of the following objectives:
1. To safeguard assets of the firm.
2. To ensure the accuracy and reliability of accounting records and
information.
3. To promote efficiency in the firm’s operations.
4. To measure the compliance with management’s prescribed
policies and procedures.
Preventive Controls
-First line of defense. These controls are passive techniques
designed to reduce the frequency of occurrence of undesirable
events.
Detective Controls
-Second line of defense. These are devices, techniques, and
procedures designed to identify and expose the undesirable events
that elude the preventive controls.
Corrective Controls
-Must be taken to reverse the effects of detected errors. Fix the
problem.
Control Environment
1. Demonstrates commitment to integrity and ethical values
2. Exercises oversight responsibility
3. Establishes structure, authority and responsibility
4. Demonstrates commitment to competence
5. Enforces accountability
Risk Assessment
6. Specifies suitable objectives
7. Identifies and analyzes risk
8. Assesses fraud risk
9. Identifies and analyzes significant change
Control Activities
10. Selects and develops control activities
11. Selects and develops general controls over technology
12. Deploys through policies and procedures
Information And Communication
13. Uses relevant information
14. Communicates internally
15. Communicates externally
Monitoring Activities
16. Conducts ongoing and/or separate evaluations
17. Evaluates and communicates deficiencies
 Application Controls
-Ensure the validity, completeness, and accuracy of
financial transactions.
-Controls that are designed to be application-specific.
 General Controls
-Apply to all systems.
- Includes IT Governance, IT infrastructure, security and
access to operating systems and databases, application
acquisition and development, and program change
procedures.
Module 2: Lesson 2: IT Functions
It Primary Service Areas
Database Administration – responsible for the security and integrity
of the database.
Data Processing – manages the computer resources used to perform
the day-to-day processing of transactions.
a. Data Conversion – transcribes the transaction data from
hard copy source documents into computer input.
b. Computer Operations – manages the processing of the
electronic files produced in data conversion; runs the
applications.
c. Data Library – room adjacent to the computer center that
provides the safe storage of the off-line data files
i.e. backups or current data files. Data librarian is
responsible for the receipt, storage, retrieval, and custody
of data files, controls access to the library.
Systems Development – group responsible for analyzing the user
needs and for designing new systems to satisfy those needs.
Systems Maintenance - group responsible for keeping the systems
current with user needs.
Segregation of Incompatible IT Functions
-Systems Development
-System Administration
-Computer Operations
-Systems Maintenance