8 - IT Systems and Controls Flashcards
What is an information system?
System for processing data and information that may involve people based activities and or computer based functions
What are separate systems?
Wholly separate IT systems in place
Integration only though transfers initiated by staff
Simpler
Significant and costly human intervention
Scope for error, omission and duplication
Some IT controls but mostly manual
What are enterprise systems?
Systems from across different areas of a business that are connected to a central data system
E.g oracle
Integrates everything
Performed quickly so minimised errors and waste
IT controls in place over central data
Manual controls over inputs and outputs
What is straight through processing?
Removes need for human intervention
Fully automated
Almost entirely IT controls
Manual controls only for exceptions and reviewing
Remit of IT department?
Develop IT strategy Develop IT policy Procedures and address controls Reporting lines Scope Monitor Integration
4 steps to develop IT Strategy?
Starting position GOT
Identify ideal systems WANT
Analyse gaps GAP
Project plan PLAN - bridge gaps
What are the elements of ITGCs?
Access to programs and data
Programme changes and development
computer Operations
Continuity of operations
What are ITGCs?
Manual, automated or a combination of both
Within info systems and end user computing
What are IT application controls?
Automated procedures that typically operate at a transaction level and are designed to ensure integrity of data
Used to initiate, authorise, record, process and report transactions
E.g audit logs Batch controls Programmed editing Calculation Check digits
What is a master file?
Standing or permanent source data needed to process transactions
May affect more than one processing cycle
Master file change controls?
Changes recorded on a change request form and authorised
Records of before and after position kept and reviewed
Segregation of duties between those who amend and process transactions
Audit log, reviewed
Batch controls
Complete listing reviewed periodically
Program changes and development considerations?
Development
Authorisation
Testing
Approval
Changes should be made in separate test environment
How to mitigate risk of program changes?
Separate test environment Migration to production environment Configuration changes Emergency changes Program development
Project management controls applicable ?
Initiation Planning Risk management approach Execution Completion
Stages of systems development life cycle?
Business analysis - want from new Feasibility study - what’s on offer System analysis - whether will suit Design - detail process Development - off shelf or bespoke Testing Implementation - methods Maintenance Wish list / enhancement - future upgrades
(Bopping Frank Sometimes Dances Down To Indie Pop Music Well)
Disadvantages of packaged systems?
Unlikely to fully fit needs Inefficiency from extra functions not needed Third party reliance Difficult to integrate Same system as everyone
Advantages of packaged systems?
Lower cost Faster implementation Documentation Limited risk of faults Functional features reflecting marketplace changes Developer knowledge
Advantages of bespoke systems?
Good fit to needs Can include specialised features Less inefficiency Integrate well Unique system may give competitive advantage
Disadvantages of bespoke systems?
Cost Slower development and implementation May require debugging Developer may not have extensive knowledge Reliance on third party oi
What are the methods of implementation?
Pilot
Parallel
Phased
Direct
Direct method?
Stop old and start new
Lowest cost
Faster
Minimise maintenance work
High risk of damage
High stress for IT
Parallel method?
Operating both at same time
Lowest risk
Comfort of retaining old
Flexibility
Doubles workload
Increased overall cost
Doubles commitment for staff
May prevent new application implemented
Phased implementation?
Introduce a bit at a time e.g in departments
Risks controlled
Compromise approach
Get used to look and feel
High burden on IT
Integrate manually
Pilot implementation?
Trial in regions first
Unexpected problems identified
Users maintain control
Less IT staff
Minimise risks
Implementation lengthy so costly
Boredom for IT staff as continuous
Best practice for continuity of operations?
Second site or server back up alternatives
Cloud computing
Mutual aid pact
Cold site
Hot site
Mutual aid pact?
Agreement between two companies to share resources in case of disaster
No additional cost
Must have excess capacity
Must have compatible platforms
All must not be impacted by the disaster
Must trust
Cold site?
Leases space to hold computer equipment
Easier to implement
Cheaper than hot site
More convenient that mutual aid pact
Costs more than mutual aid
Slower time to implement
Cold site may not hold all equip
May not be reliable
Hot site?
Equipped and functioning recovery centre
Mirroring data is a technique used to backup data
Ready to go
Highest cost
Natural disaster
Cloud computing?
Remote servers
Rapid recovery
Dependence on third party hosting