Flashcards in 8 - IT Systems and Controls Deck (29)
What is an information system?
System for processing data and information that may involve people based activities and or computer based functions
What are separate systems?
Wholly separate IT systems in place
Integration only though transfers initiated by staff
Significant and costly human intervention
Scope for error, omission and duplication
Some IT controls but mostly manual
What are enterprise systems?
Systems from across different areas of a business that are connected to a central data system
Performed quickly so minimised errors and waste
IT controls in place over central data
Manual controls over inputs and outputs
What is straight through processing?
Removes need for human intervention
Almost entirely IT controls
Manual controls only for exceptions and reviewing
Remit of IT department?
Develop IT strategy
Develop IT policy
Procedures and address controls
4 steps to develop IT Strategy?
Starting position GOT
Identify ideal systems WANT
Analyse gaps GAP
Project plan PLAN - bridge gaps
What are the elements of ITGCs?
Access to programs and data
Programme changes and development
Continuity of operations
What are ITGCs?
Manual, automated or a combination of both
Within info systems and end user computing
What are IT application controls?
Automated procedures that typically operate at a transaction level and are designed to ensure integrity of data
Used to initiate, authorise, record, process and report transactions
E.g audit logs
What is a master file?
Standing or permanent source data needed to process transactions
May affect more than one processing cycle
Master file change controls?
Changes recorded on a change request form and authorised
Records of before and after position kept and reviewed
Segregation of duties between those who amend and process transactions
Audit log, reviewed
Complete listing reviewed periodically
Program changes and development considerations?
Changes should be made in separate test environment
How to mitigate risk of program changes?
Separate test environment
Migration to production environment
Project management controls applicable ?
Risk management approach
Stages of systems development life cycle?
Business analysis - want from new
Feasibility study - what’s on offer
System analysis - whether will suit
Design - detail process
Development - off shelf or bespoke
Implementation - methods
Wish list / enhancement - future upgrades
(Bopping Frank Sometimes Dances Down To Indie Pop Music Well)
Disadvantages of packaged systems?
Unlikely to fully fit needs
Inefficiency from extra functions not needed
Third party reliance
Difficult to integrate
Same system as everyone
Advantages of packaged systems?
Limited risk of faults
Functional features reflecting marketplace changes
Advantages of bespoke systems?
Good fit to needs
Can include specialised features
Unique system may give competitive advantage
Disadvantages of bespoke systems?
Slower development and implementation
May require debugging
Developer may not have extensive knowledge
Reliance on third party oi
What are the methods of implementation?
Stop old and start new
Minimise maintenance work
High risk of damage
High stress for IT
Operating both at same time
Comfort of retaining old
Increased overall cost
Doubles commitment for staff
May prevent new application implemented
Introduce a bit at a time e.g in departments
Get used to look and feel
High burden on IT
Trial in regions first
Unexpected problems identified
Users maintain control
Less IT staff
Implementation lengthy so costly
Boredom for IT staff as continuous
Best practice for continuity of operations?
Second site or server back up alternatives
Mutual aid pact
Mutual aid pact?
Agreement between two companies to share resources in case of disaster
No additional cost
Must have excess capacity
Must have compatible platforms
All must not be impacted by the disaster
Leases space to hold computer equipment
Easier to implement
Cheaper than hot site
More convenient that mutual aid pact
Costs more than mutual aid
Slower time to implement
Cold site may not hold all equip
May not be reliable
Equipped and functioning recovery centre
Mirroring data is a technique used to backup data
Ready to go