icab - ita chapter 5 class 9-10 - controls and standards
DESCRIPTION
ICAB Professional Stage - Application Level - IT Application Class SlidesTRANSCRIPT
![Page 1: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/1.jpg)
IT APPLICATIONSProfessional Stage Application Level, ICABTeacher: Mohammad Abdul Matin
Chapter 5Controls and Standards
![Page 2: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/2.jpg)
Chapter Outline Information System Security Controls Physical Security Controls Logical Security Controls Control and Standard for Information Integrity Control and Standard for Information Access Control Control and Standard for Computer Audit Control and Standard for System
Implementation Phase Control and Standard for System Maint. and
Evaluation Risks of IT Systems Controls for Personal Systems
![Page 3: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/3.jpg)
Syllabus In the examination, candidates may be required to
a. explain the controls and standards which are applied during the system implementation phases of installation, testing, training, documentation, file conversion and changeover, and post-implementation review
b. explain the controls and standards which are applied to system maintenance and evaluation (system maintenance, evaluation, computer based monitoring, system performance)
c. describe the controls that are applied to personal systems to ensure processing integrity, security and safeguarding of IT resources, and availability/continuity provisions (backup and recovery) for IT resources
![Page 4: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/4.jpg)
Systems’ Purpose & Components• Capital management • Foundation of doing business • Productivity • Strategic opportunity and advantage
![Page 5: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/5.jpg)
Typical Enterprise System
![Page 6: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/6.jpg)
Control & Standards for System Implementation Phases
System Installation System Testing Documentation
TrainingConversion & Change Over
![Page 7: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/7.jpg)
Control in ERP Implementation
Training & Practice
System Tests
Develop To-Be
Phase 2: Business Blueprint
Go Live
Phase 3: Realization
Project Close
Phase 1: Project
Preparation
Project Kickoff
Understand As-Is
Overview Training
Phase 4: Final
Preparation
Configure System
Training Materials
User Support
Phase 5:Go Live & Support
March April May JuneW1 W2 W3 W4 W5 W6 W7 W8 W9 W10 W11 W12 W13 W14 W15 W16 W15 W16
Cutover
![Page 8: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/8.jpg)
System Selection
![Page 9: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/9.jpg)
Implementation ReadinessBusiness Readiness: business PROCESSES are seen through and
documented competent PEOPLE are in right places process CHAMPIONS are identified
Technology Readiness: robust IT INFRASTRUCTURE is in place right HARDWARE is selected, ordered and delivered right SOFTWARE is selected and licenses are ordered competent SYSTEM INTEGRATOR is selected and
engaged An agreed PROJECT PLAN is finalized
![Page 10: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/10.jpg)
Planning (High Level)Broad Activities Sep Oct Nov Dec Jan Feb Apr Jun Jul
BUSINESS READINESS
TECHNOLOGY READINESS :
- Infra. & ERP resources recruitment
- Secured Data Center preparation
- Project Office & Training Facility set up
- Network Review & Redundancy set up
- ERP solution finalization
- Hardware sizing, ordering & delivery
- System Integrator selection
- Scope of Work finalization
- Project Plan finalization
PROJECT KICK OFF (Start)
ERP IMPLEMENTATION (As per Project Plan)
GO LIVE 1st August 2012
1st February 2012
![Page 11: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/11.jpg)
Project Team
![Page 12: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/12.jpg)
System Development Lifecycle
System Implementation
Prepare for System Implementation
Deploy System
SystemInitiation
Requirement Analysis
System Design
System Construction
SystemAcceptance
System Preparation
Transition to Performing Organization
Transition
![Page 13: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/13.jpg)
Control & Standards for System Implementation Phases (cont.)
System Installation– Implementation plan, milestones, stakeholder
engagement, communication, approval, issue handling and back out plan
System Testing– Scheduled, planned testing with defined criteria,
scope, expectation, scenarios and records– User Acceptance Testing (UAT)
Documentation– System / Process Description– System Documentation– System File Layout / Architecture Documentation
![Page 14: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/14.jpg)
Control & Standards for System Implementation Phases (cont.)
Training– Administration / MDM training– User Training– TOT Approach
File Conversion and Change-over– New System Implementation
• Data preparation, go-live
– Manual System to Automation• Data preparation, parallel run, cut-over
– Old System to New System• Data conversion & transfer, cut-over
![Page 15: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/15.jpg)
Risks in Implementation
![Page 16: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/16.jpg)
Expectation & Experience Curve
![Page 17: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/17.jpg)
Risks to IT Systems Computer Viruses
– Protection and Updating– Checking and Cleaning– Awareness of Risks (Internet, removable disks)– Recovery from Losses
Computer Hackers (Intrusion)– Implement Firewall– Develop and Apply Policy– Antivirus, Antispyware and Intrusion Prevention
Software– Address vulnerabilities– Conduct Tests
![Page 18: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/18.jpg)
Controls for Personal Systems Sensitivity of information is much higher
than any other systems in an organization– HRIS– Personal information– Salary information
Needs to be protected from both external and internal users
Sometimes needs separating HRIS and Payroll at Admin levels
![Page 19: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/19.jpg)
Controls for Personal Systems (cont.) General Controls
– Access, data, program, physical security– Software development and change control– Data center operation– Disaster recovery
Application Controls– Input controls– Authorization– Validation– Error notification and correction– Processing controls– Output controls
![Page 20: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/20.jpg)
Questions How the security requirements can be
implemented in developing a new accounting system?
![Page 21: ICAB - ITA Chapter 5 class 9-10 - Controls and Standards](https://reader035.vdocuments.us/reader035/viewer/2022062319/5562bc26d8b42a13618b4be5/html5/thumbnails/21.jpg)
Thank You