IT Governance and Management - IT Functions and Controls Related to People Flashcards
Organizational structure of IT
IT CONTROLS USUALLY General, Preventive
3 main functional areas
1) Applications Development
2) Systems administration and programming
3) Computer operations
Segregation of functions
Development, Admin & Programming, Operations must be segregated
Applications development
Responsible for creating new end-user computer applications and for maintaining existing applications
1) systems analysts - Responsible for analyzing and designing computer systems; also work with end users to define problem and identify solution
2) application programmers - work under systems analyst to write actual programs that process data and produce reports
System admin and programming
Maintains computer hardware and computing infrastructure and grants access to system resources
1) system administrators - responsible for management activities associated with system they control. Due to influence they wield, must not be permitted to participate directly in these systems’ operations
2) system programmers - Maintain various operating systems and related hardware. Updating system for new software releases/installing new hardware. Because they are in dire contact with the production programs and data they are not permitted to have access to information about application programs or data files
Computer operations
Responsible for day-to-day operations of system.
1) data control - controls flow of all documents into and out of operations; for batch processing scheduling batches, monitors processing, and ensures that batch totals are reconciled. “QUALITY ASSURANCE”
2) data entry clerk - enters handwritten or printed records to covert them into electronic media; data entry clerk should not be responsible for reconciling batch totals, should not run programs, access system output, or have any involvement in application development and programming
3) computer operators - Responsible for operating the computer: loading program and data files, running the programs, and producing output
4) file libration - files and data not online stored in “file library” maintains controls over files, checking them in and out as only necessary
More on Segregation
- Computer operators and data entry personnel – Should never be allowed to act as programmers.
- Systems programmers – Should never have access to application program documentation.
- Data administrators – Should never have access to computer operations (“live” data).
- Application programmers and systems analysts – Should not have access to computer operations (“live” data).
- Application programmers and systems analysts – Should not control access to data, programs, or computer resources.