8 - IT Systems and Controls

Question 1

What is an information system?

Answer 1

System for processing data and information that may involve people based activities and or computer based functions

Question 2

What are separate systems?

Answer 2

Wholly separate IT systems in place
Integration only though transfers initiated by staff
Simpler
Significant and costly human intervention
Scope for error, omission and duplication

Some IT controls but mostly manual

Question 3

What are enterprise systems?

Answer 3

Systems from across different areas of a business that are connected to a central data system
E.g oracle
Integrates everything

Performed quickly so minimised errors and waste

IT controls in place over central data
Manual controls over inputs and outputs

Question 4

What is straight through processing?

Answer 4

Removes need for human intervention
Fully automated

Almost entirely IT controls
Manual controls only for exceptions and reviewing

Question 5

Remit of IT department?

Answer 5

Develop IT strategy
Develop IT policy 
Procedures and address controls 
Reporting lines
Scope 
Monitor 
Integration

Question 6

4 steps to develop IT Strategy?

Answer 6

Starting position GOT
Identify ideal systems WANT
Analyse gaps GAP
Project plan PLAN - bridge gaps

Question 7

What are the elements of ITGCs?

Answer 7

Access to programs and data
Programme changes and development
computer Operations
Continuity of operations

Question 8

What are ITGCs?

Answer 8

Manual, automated or a combination of both

Within info systems and end user computing

Question 9

What are IT application controls?

Answer 9

Automated procedures that typically operate at a transaction level and are designed to ensure integrity of data

Used to initiate, authorise, record, process and report transactions

E.g audit logs
Batch controls
Programmed editing 
Calculation
Check digits

Question 10

What is a master file?

Answer 10

Standing or permanent source data needed to process transactions

May affect more than one processing cycle

Question 11

Master file change controls?

Answer 11

Changes recorded on a change request form and authorised

Records of before and after position kept and reviewed

Segregation of duties between those who amend and process transactions

Audit log, reviewed

Batch controls

Complete listing reviewed periodically

Question 12

Program changes and development considerations?

Answer 12

Development
Authorisation
Testing
Approval

Changes should be made in separate test environment

Question 13

How to mitigate risk of program changes?

Answer 13

Separate test environment 
Migration to production environment 
Configuration changes 
Emergency changes 
Program development

Question 14

Project management controls applicable ?

Answer 14

Initiation 
Planning
Risk management approach 
Execution
Completion

Question 15

Stages of systems development life cycle?

Answer 15

Business analysis - want from new
Feasibility study - what’s on offer 
System analysis - whether will suit 
Design - detail process
Development - off shelf or bespoke 
Testing 
Implementation - methods 
Maintenance 
Wish list / enhancement - future upgrades 

(Bopping Frank Sometimes Dances Down To Indie Pop Music Well)

Question 16

Disadvantages of packaged systems?

Answer 16

Unlikely to fully fit needs 
Inefficiency from extra functions not needed 
Third party reliance 
Difficult to integrate
Same system as everyone

Question 17

Advantages of packaged systems?

Answer 17

Lower cost
Faster implementation 
Documentation 
Limited risk of faults 
Functional features reflecting marketplace changes 
Developer knowledge

Question 18

Advantages of bespoke systems?

Answer 18

Good fit to needs
Can include specialised features 
Less inefficiency 
Integrate well
Unique system may give competitive advantage

Question 19

Disadvantages of bespoke systems?

Answer 19

Cost
Slower development and implementation 
May require debugging 
Developer may not have extensive knowledge 
Reliance on third party oi

Question 20

What are the methods of implementation?

Answer 20

Pilot
Parallel
Phased
Direct

Question 21

Direct method?

Answer 21

Stop old and start new

Lowest cost
Faster
Minimise maintenance work

High risk of damage
High stress for IT

Question 22

Parallel method?

Answer 22

Operating both at same time

Lowest risk
Comfort of retaining old
Flexibility

Doubles workload
Increased overall cost
Doubles commitment for staff
May prevent new application implemented

Question 23

Phased implementation?

Answer 23

Introduce a bit at a time e.g in departments

Risks controlled
Compromise approach
Get used to look and feel

High burden on IT
Integrate manually

Question 24

Pilot implementation?

Answer 24

Trial in regions first

Unexpected problems identified
Users maintain control
Less IT staff
Minimise risks

Implementation lengthy so costly
Boredom for IT staff as continuous

Question 25

Best practice for continuity of operations?

Answer 25

Second site or server back up alternatives

Cloud computing
Mutual aid pact
Cold site
Hot site

Question 26

Mutual aid pact?

Answer 26

Agreement between two companies to share resources in case of disaster

No additional cost

Must have excess capacity
Must have compatible platforms
All must not be impacted by the disaster
Must trust

Question 27

Cold site?

Answer 27

Leases space to hold computer equipment

Easier to implement
Cheaper than hot site
More convenient that mutual aid pact

Costs more than mutual aid
Slower time to implement
Cold site may not hold all equip
May not be reliable

Question 28

Hot site?

Answer 28

Equipped and functioning recovery centre
Mirroring data is a technique used to backup data

Ready to go

Highest cost
Natural disaster

Question 29

Cloud computing?

Answer 29

Remote servers

Rapid recovery

Dependence on third party hosting