Scribd Logo
Upload

Welcome to Scribd!

  • 47 views

    Ch-17 Control and Governance of Information System

    Uploaded by

    sheetalthomas
    This document discusses the need for controlling and governing information systems. It outlines various objectives of information system control (CIS) such as safeguarding assets, maintaining data integrity, and achieving organizational effectiveness efficiently. The document then describes several frameworks for information technology governance and control objectives for information systems. It provides details on management controls for information systems, systems development, programming, data resources, security, operations, and quality assurance. Finally, the document discusses application controls, communication controls, database controls, output controls, and information system auditing and disaster recovery planning.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Ch-17 Control and Governance of Information System

    Uploaded by

    sheetalthomas
    47 views17 pages
    This document discusses the need for controlling and governing information systems. It outlines various objectives of information system control (CIS) such as safeguarding assets, maintaining data integrity, and achieving organizational effectiveness efficiently. The document then describes several frameworks for information technology governance and control objectives for information systems. It provides details on management controls for information systems, systems development, programming, data resources, security, operations, and quality assurance. Finally, the document discusses application controls, communication controls, database controls, output controls, and information system auditing and disaster recovery planning.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses the need for controlling and governing information systems. It outlines various objectives of information system control (CIS) such as safeguarding assets, maintaining data integrity, and achieving organizational effectiveness efficiently. The document then describes several frameworks for information technology governance and control objectives for information systems. It provides details on management controls for information systems, systems development, programming, data resources, security, operations, and quality assurance. Finally, the document discusses application controls, communication controls, database controls, output controls, and information system auditing and disaster recovery planning.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    47 views17 pages

    Ch-17 Control and Governance of Information System

    Uploaded by

    sheetalthomas
    This document discusses the need for controlling and governing information systems. It outlines various objectives of information system control (CIS) such as safeguarding assets, maintaining data integrity, and achieving organizational effectiveness efficiently. The document then describes several frameworks for information technology governance and control objectives for information systems. It provides details on management controls for information systems, systems development, programming, data resources, security, operations, and quality assurance. Finally, the document discusses application controls, communication controls, database controls, output controls, and information system auditing and disaster recovery planning.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 17

    Control and governance of

    information systems
    By Sheetal Thomas
    Dean, GIMT
    Need for control of information
    system
    • High cost of loss of data and wrong
    decision making
    • Possibility of computer abuse
    • Risk of computer errors
    • Protection of hardware, software, and
    personnel
    • Data privacy and confidentiality
    Objectives of CIS
    • Safeguarding of assets
    • Maintenance of data integrity
    • Effectiveness in achieving organizational
    objectives
    • Efficient consumption of resources
    Information technology governance
    • IT infrastructure library
    – Service delivery
    • Service support
    • Planning to implement service management
    • Security management
    • Infrastructure management
    • Business perspective
    • Applications management
    • Software assets management
    Control objectives for information
    and related technology
    • Planning and organization
    • Acquisition and implementation
    • Delivery and support
    • Monitoring
    Management control of information
    system
    • Top management controls
    – Planning
    – Organizing
    – Leading
    – Monitoring
    Systems development
    management control
    • Feasibility study and project initiation
    • System analysis and specifying user
    requirements
    • System design and development
    • Acceptance testing
    • Implementation and maintenance
    • Auditing the systems development management
    function
    – Concurrent audit
    – Post implementation audit
    – General audit
    Programming Management
    Controls
    • Planning
    • Control
    • Design
    • Coding
    • Testing
    • Operation and maintenance
    Controls
    • Data resource management controls
    • Security management controls
    – Exposure analysis
    • Operations management controls
    – Control of computer and network operations
    – Maintaining data files, programme files, and
    documentation
    – Help desk and technical support
    – Management of outsourced operations
    Quality assurance management
    controls
    • Capability maturity model
    – The initial level
    – The repeatable level
    – The defined level
    – The managed level
    – The optimizing level
    Application control of information
    systems
    • Boundary controls
    – Access controls
    – Cryptographic controls
    – Audit trail controls
    – Existence controls
    • Input controls
    – Design of source documents and data entry screens
    – Data code controls
    – Batch controls
    – Validation of data input
    – Audit trail controls
    – Existence controls
    Communication controls
    • Transmission impairment
    • Component failure
    • Subversive threats
    • Audit trail controls
    • Existence controls
    • Processing controls
    Database controls
    • Access controls
    • Integrity controls
    • Application software controls
    • Concurrency controls
    • Cryptographic controls
    • File handling controls
    • Audit trail controls
    • Existence controls
    – Roll forward
    – Roll back
    Output controls
    • Inference controls
    • Batch report design controls
    • Output production and distribution controls
    • Audit trail controls
    • Existence controls
    Information system Audit
    • Inf. System audit procedures
    – Use of computers in information systems audit
    • Business continuity and disaster recovery
    – Business continuity management
    • Availability
    • Reliability
    • Recoverability
    Business continuity planning
    Disaster recovery planning
    Categorizing the functions
    • Critical functions
    • Vital functions
    • Sensitive functions
    • Non-critical functions
    • Components of a disaster recovery plan
    – Emergency plan
    – Backup plan
    – Recovery plan
    – Test plan
    Testing a disaster recovery plan
    • Paper test
    • Preparedness test
    • Post test

    You might also like