Professional Documents
Culture Documents
Module 2: SOX and IT Governance and Management
Module 2: SOX and IT Governance and Management
5
Dates @February 5, 2024
Type 📒 Lesson
Status Done
Shared
ideal organization
ok pa din naman
pero possible risk if programming also does maintenance → often if may changes, di maayos ang
documentation → magiging mahirap sundan ang changes, which can be the beginning of fraud
SYNC 2.5 1
Distributed Data Processing (DDP) is reorganizing the IT function into small information
processing (IPUs) that are distributed to end users and placed under their control.
Advantages of DDP
Backup
Disadvantages of DDP
Redundant tasks
Different units do the same tasks because the system is not integrated
e.g. gagawa ng sales file sa marketing, pati accounting gagawa ng sarili nilang file for the
same transaction
since walang clear guidelines on managing the IT function, also minimized ang role niya sa
department which also leads to limited career path (kaya hindi appealing to IT
professionals)
Lack of standards
SYNC 2.5 2
Creating a Corporate IT Function
Corporate IT function is a coordinating IT unit that attempts to establish corporate-wide standards
among distributed IT units. Has the capability to provide:
you are trying to create an office that will harmonize the independent IT functions across the
organization
The ff. audit tests provide evidence in achieving the audit objective:
Review relevant documentation, including the current organizational chart, mission statement,
and job descriptions for key functions, to determine if individuals or groups are performing
incompatible functions
Through observation, determine that the segregation policy is being followed in practice
Review user roles to verify that programmers have access to privileges consistent with their job
descriptions
SYNC 2.5 3
Fires, floods, wind, sabotage, earthquakes, or even power outages can deprive an organization of
its data processing facilities and bring to a halt those functions that are performed or aided by
computer
Because weaknesses in computer center security have a potential impact on the function of
application controls related to the financial reporting process
Important Features
Physical Location
Airconditioning
Construction
Fire Suppression
Access
Operator documentation is adequate to deal with system failures as well as routine operations
RAID
SYNC 2.5 4