ICAB - ITK Chapter 5 Set 2 - Internal Control in IT Systems
Download as PPTX, PDF1 like1,115 views
The document discusses internal controls for computer-based business systems. It describes Control Objectives for Information and related Technology (COBIT), which provides a framework for IT processes and control objectives. COBIT covers planning, acquisition, delivery, and monitoring of IT. The document also discusses audit trails, controls for information system selection and acquisition, post-implementation reviews, business continuity planning, and enterprise resource planning systems like SAP.
ICAB - ITK Chapter 5 Set 2 - Internal Control in IT Systems
- 1. IT KNOWLEDGE CA Professional Stage - Knowledge Level, ICAB Tutor: Mohammad Abdul Matin Chapter 5 Internal Control in Computer Based Business System
- 2. Chapter Outline Control, IT Internal Control, IT Internal Audit Responsibility of Control Control Objectives and Techniques Control over Acquisition, Implementation and Changes Risk Assessment Business Continuity Plan Overview of ERP
- 3. Control Objectives for IT (COBIT) Developed in 1996 as generally accepted information technology control objectives for day-to-day use. COBIT 4.1 has around 34 high level processes and covers 201 control objectives in four domains: – Planning & Organization – Acquisition & Implementation – Delivery & Support – Monitoring & Evaluation
- 4. Control Objectives for IT (COBIT) A complete COBIT package contains: Executive Summary: Summary, principles, concepts, synopsis of the framework, etc. Framework: Defines the different (34) high level and other IT processes in four domains. Also defines the Information criteria. Control Objectives: Defines the (210) control objectives in the form of statements throughout the high level processes. Management & Implementation Guidelines: Composed of Maturity Models to help defining and comparing expectations, CSFs, KPIs, Key Goals Indicators, industry norms, etc.
- 5. Control Objectives for IT (COBIT) IT Assurance Guide: Tools to assess if the IT controls linked to the respective control objectives are achieving results. Compatible with ISACA’s (Information System Audit and Control Association) and ITAF’s (Information Technology Assurance Framework) standards.
- 6. Audit Trails Logs that are designed to record activity at the system application and user levels to provide detective control related to security, issue finding, etc. Audit Trail Objectives: – Detecting unauthorized access – Facilitating reconstruction of failure events or problems – Establishing personal accountability
- 7. Controls – IS Selection, Acquisition Strategic Master Plan A strategic master plan to ensure appropriateness and priority Project Control Project Management, resource and time planning with responsibilities Data Processing Schedule Backend tasks to be distributed and scheduled to maximize resource usage System Performance Measurement Throughput and time based utilization measurements Post-Implementation Review Compare the cost and benefit between plan and implementation
- 8. Post Implementation Review (PIR) Post Implementation Review (PIR) of an initiative is performed to mainly assess if the following were met as per expectation / plan: – Business Objectives (budget, deadline, benefits, etc.) – User Expectations (friendliness, workload, reliability, etc.) – Technical Requirements (expandability, ease of operation, interconnectivity with external systems, etc.) PIR is typically performed after any project is completed, has become stable and not being significantly changed/modified as a result of errors or realizations. PIR should be performed by independent IS consultant/team who had not been involved in the original initiative/project/development.
- 9. Business Continuity Planning (BCP) Key Objectives of a BCP – Safety of people at the time of a disaster – Continue critical business operations – Minimize the duration of disruption of regular operations – Minimize immediate damage or losses (data and equipment) – Establishing management succession and emergency powers – Facilitate effective coordination of recovery tasks – Reduce the complexity in recovery – Identify critical lines of business and supporting functions
- 10. Business Continuity Planning (BCP) Eight Phases of Developing a BCP i. Pre-planning activities ii. Vulnerability assessment iii. Business impact analysis iv. Definitions of requirements v. Plan development vi. Testing program vii. Maintenance program viii. Plan testing and implementation
- 11. Enterprise Resource Planning (ERP) ERP system is a fully integrated business management system covering different functional areas of an enterprise. ERP systems can be general or industry specific. Components integrated within a ERP system can vary depending on the organizational needs and priority. Examples of ERP systems: SAP, Oracle EBS, Dynamics AX, IFS, Glovia, Infor, Sage, etc.
- 12. Enterprise Resource Planning (ERP) Benefits of a ERP System – Integrated Financial Systems – Standardized Processes – Shared, Real-time Information Implementation of ERP Systems – Corporate culture – Process change – Management support – Project Manager competence – The ERP Team – Project Methodology – Training – Commit to the change
- 13. ERP Example: SAP World’s most used tier one ERP system developed by SAP AG, a German company. SAR R/3 System Architecture: – Presentation layer – Application layer – Database layer Can run on many different O/S and Database platforms Can be distributed into multiple systems for load management and other objectives.
- 14. Common SAP R/3 Functional Modules
- 15. Exam Questions What is control? What are the purposes of internal control? Explain the five key components required for effective internal control. What is Audit Trail? Explain its objectives. Describe Post Implementation Review (PIR). Why is information system security important? Explain “vulnerability management” and “threat management” in management of IT security What is disaster recovery plan? Describe major areas of a disaster recovery planning document. What is ERP? Explain SAP as a ERP system.
- 16. Thank You