Monday, November 26, 2012

IT Audit Domains

IT ORGANIZATION AND ADMINISTRATION
      ·         IT department organization        
·         Company and CIO business plan
·         Budget/costing
·         Management reports
·         Performance monitoring and capacity planning
·         IT service performance management
·         Inventory control
·         Project management
·         Problem management
·         Auditing report
·         IT procurement
·         Customer service agreements
·         Vendor management
·         Computer insurance.

IT STRATEGY
·         Strategy process
·         Strategic management
·         EDI (Electronic Data Interchange) strategy.

IT SECURITY
·         Management of information security issues
·         Information security policy
·         Hardware security
·         Magnetic media control
·         Physical access security
·         Operating system and database management
·         Application systems
·         Networks
·         Personnel ethics (IT, users)
·         Controls over data and files
·         Data protection rules
·         Data classification system.


CONTINGENCY PLANNING
·         Preliminary planning for critical applications
·         Identification of various processing alternatives
·         Contingency plan deliverables
·         Escrow agreement audit
·         Alternate facility review
·         Alternate computer vendors review.
  
SOFTWARE AND COMPUTERIZED DATA – BACK-UP PROCESS
·         Back-up policy review
·         On-site back-up safe vault review
·         Off-site back-up safe vault review
·         Recovery testing plan review
·         Data back-up media archival/recycling review
·         Application software media archival/recycling review
  
SYSTEM DEVELOPMENT AND MAINTENANCE
·         Management review
·         Standards and methodologies review
·         Software specifications review
·         Error correction procedures
·         Software package evaluation
·         Program library maintenance
·         Program and system testing
·         User documentation review
·         System documentation review
·         Emergency procedures review
·         Application data retention policy review
·         Training plans review
·         Audit trail review
·         Conversion review

DATA CENTER OPERATIONS
·         Operations standards review
·         Operations log review
·         Consumables review
·         Massive/sensitive reports printing
·         Media library control
·         Media access control

SYSTEMS SOFTWARE MAINTENANCE
·         Software asset inventory review
·         Maintenance contracts review
·         Program library maintenance
·         Problem fixing
·         Security review
·         System documentation review
·         Segregation of duties assessment
·         Performance monitoring


DATA AND DATABASE MANAGEMENT
·         Scope of data management (identification, classification, ownership, distribution, protection, integrity)
·         Controls review (management, corporate data model, data-driven methodology, normalization of database structure, synchronization)
·         Assessment (data modeling, database procedures, security, DBA personnel, user training, performance monitoring, database integrity)

PERSONAL COMPUTERS
·         Management control and procedures review
·         Security review
·         Technical support audit
·         Software development review
·         Office applications support/review

USER SUPPORT
·         User satisfaction assessment
·         Help desk support
·         Data back-up review

TELECOMMUNICATIONS AND NETWORKING
·         Strategic planning and design review
·         Network security review
·         Maintenance contract review
·         Problem resolution and support
·         Change and performance management

APPLICATION CONTROLS AND TESTING
·         Processing controls assessment
·         Transaction audit trail review
·         Data integrity controls review
·         Application related integrity controls review (data element validity, file validity, audit trail, network transmission, concurrent updating, feasibility, quality)
·         Continuity of application processing
·         Transaction tests (as per worksheets
·         Help desk support
·         Data back-up review


Thursday, November 22, 2012

Bargain Hunting Sites


http://www.logicbuy.com

http://www.techbargains.com/


http://www.fatwallet.com


http://bensbargains.net


Happy Black Friday, and don't buy yesterday's electronic marvels.  Wait until January, post Las Vegas electronic show.  Hint to the wise. Word !




Monday, November 19, 2012

IT Performance Measurements

IT Finance:   Adherence to budget, expenditures on maintenance vs. new development, expenditures on preventative maintenance, return on IT Investments, ratio of administrative (staff) costs to production (line) costs

IT Human Resource Management:  Turnover ratios, training per employee (amounts, hours), average tenure within the company

IT System Development:  Functions developed worth to users, number of lines coded/tested/changed, number of applications supporting critical business functions, hours spent on maintenance (person, program)

IT Operations:  Timely delivery of reports to users, average response time, average availability time, volume of data stored, mean time between failures, number of lines printed, volume of data maintained, number of shared applications, number of shared databases, number of online transactions processed

IT Compliance:  IT departmental terms of reference not followed, IT vision, mission and values statements not crafted, IT governance framework not instituted

Reports from Monitoring and Review of Controls

·        Back-up and recovery issues
·    Changes, problems, errors, security incidents and backlog of requests
·    Compliance issues
·    Critical performance measures per IT area
·    Development issues of new applications
·    Help desk related issues
·    Industry trends and developments
·    IT project milestones
·    Online access issues
·    Post-implementation review issues
·    Project actual costs (against budgets)
·    Technical performance issues
·    Transactions and jobs processed

ISO/IEC 38500:2008: Corporate governance of information technology

·  Acquire IT acquisitions and investments in a proper and valid way.
·  Corporate and IT strategy should be clearly aligned.
·  Ensure compliance with rules for all IT activities.
·  Ensure performance of IT is delivered when required.
·  Ensure respect and consideration for human factors in IT policies and practices.
·  Ensure that IT responsibilities are clearly established.
 

Main Types of IT Application Controls

·  End-user computing controls
    ·  Input, processing and output controls
    ·  IT application database, operation, change and testing controls
·  Monitoring and review controls

Main Types of Systems Software Controls

·    Audit trail log file controls
·    Data communications controls
·    Database controls
·    Monitoring and review controls.
·    Systems software operating environment controls

Main Types of Data Center Operational and Support Controls

·      Computer hardware management controls
·      Data center design and infrastructural controls
·      Data center physical access controls
·       IT contingency planning and disaster recovery controls
·       IT operational performance measures
·      Monitoring and review controls

Main Types of System Development Controls

·         Application systems development process controls
·         System development quality controls
·         Change management controls
·         Systems development personnel controls
·         Monitoring and review controls.

Main Types of Enterprise Architecture Controls

·         Enterprise Architecture (EA) description controls
·         Enterprise Architecture business related controls
·         Enterprise Architecture development roles
·         Enterprise Architecture IT-related controls
·         Enterprise Architecture performance measures
·         Designing and implementing plan for an Enterprise Architecture (EA) framework
·         Monitoring and review controls
·         Organizational Structure

Main Types Of IT Administration Controls

  • IT administration performance measures.
  • IT asset controls
  • IT budget
  • IT office administration controls
  • IT personnel management controls
  • IT purchasing controls
  • IT standards, policies and procedures
  • Monitoring and review controls

IT Department Functional Description Controls

  • Detailed IT department terms of reference
  • IT department job description controls
  • IT department overall objectives
  • IT department overall terms of reference
  • Other IT roles at the senior management level

Main Types Of IT Organization Controls

·         IT department functional description controls
·         IT governance and control frameworks
·         IT organization controls
·         IT organization performance measures.
·         IT vision, mission and values statements
·         Monitoring and review controls

IT Governance Responsibilities

Strategy and structure – including the formulation of IT strategy, enterprise architecture and IT standards

Multi-year planning of initiatives, product and service plans, and the IT sourcing plan for the enterprise

Annual planning of priorities, initiatives, the operating plan/budget and capital plan/budget

Execution – which includes implementation, variations to the plan, performance targets and plans, and benefits realization.

Accenture’s IT strategy includes seven key elements:

·     Creating strong, central IT governance

·     Aligning the IT operating model with Accenture’s go-to- market strategy

·    Running IT like a business based on a managed-services approach

·    Consolidating, standardizing and centralizing operations

·    Focusing the workforce strategy on variable resources and low-cost locations

·    Strengthening IT performance measurement processes

·    Communicating successes and benefits realization at every opportunity.

Friday, November 16, 2012

Why we make bad decisions?

How to Clean Up Your Online Reputation

http://news.yahoo.com/blogs/upgrade-your-life/clean-online-reputation-135856619.html

When there is IT-based competitive advantage

·    A concern for information content exists
·  A consensus between senior managers and IS managers is present
·  Alignment of IS with organizational infrastructure is in force
·  Business literate IS managers are the norm 
·  IS literate business managers constitute majority
·  Maximum interaction between IS and business managers happens regularly
·  Strategic processes which were well documented are used appropriately
·  Strong well-established planning approach which involved staff at all levels is executed regularly