unpad02 - it environment1 v1
DESCRIPTION
UNPAD02 - IT Environment1 v1TRANSCRIPT
![Page 1: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/1.jpg)
Technology and Security Risk Services
24 Sept 2005 1
Session 2IT Environment (1)
for Universitas PadjadjaranAccounting DepartmentIT Audit – S1 Regular Class
by Isnaeni Achdiat, CISA, CIA, CISMShinta Marina
Session 2IT Environment (1)
for Universitas PadjadjaranAccounting DepartmentIT Audit – S1 Regular Class
by Isnaeni Achdiat, CISA, CIA, CISMShinta Marina 24 September 2005
![Page 2: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/2.jpg)
IS Audit SyllabusIS Audit SyllabusNo Subject Name Date
1 Introduction of IS Audit 17-Sep-05
2 IT Environment (1) 24-Sep-05
3 IT Environment (2) 1-Oct-05
4 IT Processes 8-Oct-05
5 General Computer Control Review (1) 15-Oct-05
6 General Computer Control Review (2) 22-Oct-05
7 General Computer Control Case Study 29-Oct-05
8 Mid-semester Exam 12-Nov-05
9 Application Control Review (1) 19-Nov-05
10 Application Control Review (2) 26-Nov-05
11 Application Control Case Study 3-Dec-05
12 IT Sarbanes-Oxley and IT Governance 10-Dec-05
13 IT Security and Data Analysis Approach 17-Dec-05
14 IT Risk Management & ERP Systems 24-Dec-05
15 Final Exam TBA
24 Sept 2005 2
![Page 3: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/3.jpg)
Technology and Security Risk Services
24 Sept 2005 3
AgendaAgenda
• Role of IT for the Business• IT Organization in the Business• Hardware
• Role of IT for the Business• IT Organization in the Business• Hardware
![Page 4: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/4.jpg)
Session 2 ObjectivesSession 2 Objectives
• Gain understanding of the importance and role of IT for the Business
• Understand IT organization & its requirements
• Introduce the students to:– The concepts of hardware and the risks and controls associated
with them, and– The basic audit/review aspects and considerations of the above
concepts.
• Gain understanding of the importance and role of IT for the Business
• Understand IT organization & its requirements
• Introduce the students to:– The concepts of hardware and the risks and controls associated
with them, and– The basic audit/review aspects and considerations of the above
concepts.
24 Sept 2005 4
![Page 5: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/5.jpg)
Technology and Security Risk Services
24 Sept 2005 5
Role of IT for the BusinessRole of IT for the Business
![Page 6: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/6.jpg)
Examples of IT in the businessExamples of IT in the business
• Accounting systems• Payroll systems• Production planning systems• Inventory management systems• Network• Document scanning, printing, digital storing• Email, Internet
• Accounting systems• Payroll systems• Production planning systems• Inventory management systems• Network• Document scanning, printing, digital storing• Email, Internet
24 Sept 2005 6
![Page 7: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/7.jpg)
Examples of IT in the businessExamples of IT in the business
• How is Information Technology used in organizations, examples?
• How is Information Technology used in organizations, examples?
24 Sept 2005 7
![Page 8: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/8.jpg)
Elements of Information TechnologyElements of Information Technology
• Software– Business applications– Office applications– Spreadsheets, databases, etc.
• Hardware– PC’s/workstations– Terminals– Servers– Network equipment (hub, switch, router, etc.)– Printers, scanners, etc.
• Software– Business applications– Office applications– Spreadsheets, databases, etc.
• Hardware– PC’s/workstations– Terminals– Servers– Network equipment (hub, switch, router, etc.)– Printers, scanners, etc.
24 Sept 2005 8
![Page 9: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/9.jpg)
Elements of Information TechnologyElements of Information Technology
• Support tools– System development tools– Change Management tools– Helpdesk software– Security software (firewall, anti-virus software, etc.)
• Support tools– System development tools– Change Management tools– Helpdesk software– Security software (firewall, anti-virus software, etc.)
24 Sept 2005 9
![Page 10: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/10.jpg)
What Matters to CEOs?What Matters to CEOs?
1. Maximizing shareholder value
2. Protecting the market position of the company
Therefore they want IT to:• Enable/facilitate the business’ strategy• Deliver ROI• Enhance competitive advantage• Deliver quality while minimizing risk• Achieve compliance goals
1. Maximizing shareholder value
2. Protecting the market position of the company
Therefore they want IT to:• Enable/facilitate the business’ strategy• Deliver ROI• Enhance competitive advantage• Deliver quality while minimizing risk• Achieve compliance goals
24 Sept 2005 10
![Page 11: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/11.jpg)
CFO IT PerspectivesCFO IT Perspectives
• 49% of CIOs report to the CFO (29% to the CEO)• Technology expertise considered most important skill
after financial expertise (44% response)• IT training first priority for developing accounting staff
(52%)• 82% of CFOs say accounting departments have
become more involved in technology initiatives• Responsibilities outside the scope of traditional
financial functions will occupy 37% of a senior accountant’s time in five years.
Source: RHI Management Resources / FEI-CSC Surveys
• 49% of CIOs report to the CFO (29% to the CEO)• Technology expertise considered most important skill
after financial expertise (44% response)• IT training first priority for developing accounting staff
(52%)• 82% of CFOs say accounting departments have
become more involved in technology initiatives• Responsibilities outside the scope of traditional
financial functions will occupy 37% of a senior accountant’s time in five years.
Source: RHI Management Resources / FEI-CSC Surveys
24 Sept 2005 11
![Page 12: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/12.jpg)
Changing Role of CFOsChanging Role of CFOs
interaction with
More strategic planning and
decision making
26%
Increased other
departments16%
Expanded leadership and management
role14%
Other/don't know
5%
Greater role in technology and
information systems
initiatives39%
Source: RHI Management Resources Survey
24 Sept 2005 12
![Page 13: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/13.jpg)
IT Priorities for CFOsIT Priorities for CFOs
0
1020
3040
50
6070
80
A B C D
A. Identifying appropriate level of IT investment 61.2%
B. Prioritizing technology investments 55.3%
C. Identifying how IT can improve or influence business processes 53.3%
D. Determining appropriate use of eCommerce 32.4%
Source: FEI-CSC Survey
200120001999
24 Sept 2005 13
![Page 14: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/14.jpg)
Management ChallengesManagement Challenges
• 30% of businesses are unable to determine their return on technology investments
• 61% do not have a written strategic plan for information systems
• Only 23% of those with plans believe them to be fully aligned to the business strategy
Source: FEI-CSC Survey
• 30% of businesses are unable to determine their return on technology investments
• 61% do not have a written strategic plan for information systems
• Only 23% of those with plans believe them to be fully aligned to the business strategy
Source: FEI-CSC Survey
24 Sept 2005 14
![Page 15: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/15.jpg)
Business Requirements on ITBusiness Requirements on IT
• Confidentiality
• Integrity and Reliability
• Availability
• Effectiveness and Efficiency
• Compliance
• Confidentiality
• Integrity and Reliability
• Availability
• Effectiveness and Efficiency
• Compliance
24 Sept 2005 15
![Page 16: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/16.jpg)
Impact of IT on the BusinessImpact of IT on the Business
• Software implementation failures leading to process failure, financial and reputational loss
• Lack of valid information required to make business decisions
• Lack of security resulting in financial and reputational loss
• Hardware failure leading to inability to process transactions and/or trade effectively
• Legislative implications of non-compliance
• Software implementation failures leading to process failure, financial and reputational loss
• Lack of valid information required to make business decisions
• Lack of security resulting in financial and reputational loss
• Hardware failure leading to inability to process transactions and/or trade effectively
• Legislative implications of non-compliance
24 Sept 2005 16
![Page 17: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/17.jpg)
Possible ResultsPossible Results
• Restatement of accounts
• Bankruptcy
• Falling share price
• Poor financial performance
• Bad publicity
• Customer dissatisfaction
• Restatement of accounts
• Bankruptcy
• Falling share price
• Poor financial performance
• Bad publicity
• Customer dissatisfaction
24 Sept 2005 17
![Page 18: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/18.jpg)
Top 10 IT IssuesTop 10 IT Issues1. Strategy – prioritizing technology investments2. Budgeting – identifying appropriate investment level3. Efficiency – evaluating/measuring return on technology4. Security – confidentiality/integrity/reliability of data5. Continuity – securing the availability of information6. eCommerce – re-volution to e-volution7. Project Management – high price of implementation failure8. ERP – pros and cons of integrated software9. Outsourcing – trusting your business to third parties10. Regulation – legislation compliance (e.g., data privacy)
1. Strategy – prioritizing technology investments2. Budgeting – identifying appropriate investment level3. Efficiency – evaluating/measuring return on technology4. Security – confidentiality/integrity/reliability of data5. Continuity – securing the availability of information6. eCommerce – re-volution to e-volution7. Project Management – high price of implementation failure8. ERP – pros and cons of integrated software9. Outsourcing – trusting your business to third parties10. Regulation – legislation compliance (e.g., data privacy)
24 Sept 2005 18
![Page 19: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/19.jpg)
Technology and Security Risk Services
24 Sept 2005 19
IT Organization in the BusinessIT Organization in the Business
![Page 20: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/20.jpg)
Responsibility of IT ManagementResponsibility of IT Management
Where can you find the IT organization in a company?
•Finance manager ( no specific IT manager)
•IT Manager, reporting to Finance Manager
•IT Manager or CIO, reporting to CEO
•CIO and IT Manager
Where can you find the IT organization in a company?
•Finance manager ( no specific IT manager)
•IT Manager, reporting to Finance Manager
•IT Manager or CIO, reporting to CEO
•CIO and IT Manager
24 Sept 2005 20
![Page 21: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/21.jpg)
Responsibilities in IT ManagementResponsibilities in IT Management
• System developmentDevelopment and implementation of new information systems
• Application management
• Network Management
• Helpdesk/user support
• Project management
• System developmentDevelopment and implementation of new information systems
• Application management
• Network Management
• Helpdesk/user support
• Project management
24 Sept 2005 21
![Page 22: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/22.jpg)
Types of IT organizationsTypes of IT organizationsSmall IT organization (1-5 people)
Marketing
Application managementand support
Network (hardware) management
Head of IT
Finance Production
CEO/PresDir
Small IT organization (1-5 people)
Marketing
Application managementand support
Network (hardware) management
Head of IT
Finance Production
CEO/PresDir
24 Sept 2005 22
![Page 23: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/23.jpg)
Types of IT organizationsTypes of IT organizationsMedium size IT organization (5 - 50 staff)
Marketing
Finance
Production
Programmers
Information analysts
System Development
Network management
Hardware management
Telecommunication management
Infrastructure management
Database Manager
Office application management
Business application management
Application management Helpdesk
IT Department
CEO/PresDir
Medium size IT organization (5 - 50 staff)
Marketing
Finance
Production
Programmers
Information analysts
System Development
Network management
Hardware management
Telecommunication management
Infrastructure management
Database Manager
Office application management
Business application management
Application management Helpdesk
IT Department
CEO/PresDir
24 Sept 2005 23
![Page 24: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/24.jpg)
Organizational requirements for IT departmentsOrganizational requirements for IT departments
• Position in the organization
• Segregation of duties
• Screening and hiring
• Staff skills and development (training)
• Position in the organization
• Segregation of duties
• Screening and hiring
• Staff skills and development (training)
24 Sept 2005 24
![Page 25: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/25.jpg)
Technology and Security Risk Services
24 Sept 2005 25
HardwareHardware
![Page 26: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/26.jpg)
HardwareHardware
• Hardware architecture
• Hardware components
• Risks and Controls
• Hardware Review/audit techniques
• Hardware architecture
• Hardware components
• Risks and Controls
• Hardware Review/audit techniques
24 Sept 2005 26
![Page 27: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/27.jpg)
Hardware …Hardware architectureHardware …Hardware architectureClasses• Large (mainframe)
– IBM S-360/370, S390, z900– Unisys NX4801-21– Bull, Fujitsu
• Medium (mini computer)– IBM S/36, S/38, AS/400 (i-series), RISC 6000– DEC VAX– HP3000 series, Bull
• Small (microcomputer)– IBM PC Compatible
Classes• Large (mainframe)
– IBM S-360/370, S390, z900– Unisys NX4801-21– Bull, Fujitsu
• Medium (mini computer)– IBM S/36, S/38, AS/400 (i-series), RISC 6000– DEC VAX– HP3000 series, Bull
• Small (microcomputer)– IBM PC Compatible
24 Sept 2005 27
![Page 28: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/28.jpg)
24 Sept 2005 28
![Page 29: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/29.jpg)
Hardware …Hardware componentsHardware …Hardware components
DevicesProcessorsStorage
FDD, Hard disk, CD-ROM, Magnetic Tape, Micro filmInput/output devices
Keyboard, POS terminals, Barcode readers, Mouse, Stylus, scannerPrinter, Monitor, Plotter
Communication and networking devicesModems, routers, switches & hubs, NIC
24 Sept 2005 29
![Page 30: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/30.jpg)
Hardware …Risks and controlsHardware …Risks and controls
Risks ControlsFailures • Environmental controls (humidifiers,
AC, UPS, surge protector)
• Monitoring and MaintenanceTheft, vandalism Physical access
Disasters Backup, avoid flammable materials (incl. Printers)
Under/over capacity Capacity planning
24 Sept 2005 30
![Page 31: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/31.jpg)
Hardware …Hardware review/audit techniquesHardware …Hardware review/audit techniques• Physical controls• Environmental controls • Hardware capacity management
– CPU, I/O, terminal, telecommunication, bandwidth and storage utilization– Number of users– New technologies, applications– Service level agreements
• Hardware monitoring– Hardware error reports– Availability reports– Utilization reports
• Hardware acquisition plan & maintenance– Information processing requirements, Hardware requirements, System software requirements,
Support and maintenance requirements.
• Physical controls• Environmental controls • Hardware capacity management
– CPU, I/O, terminal, telecommunication, bandwidth and storage utilization– Number of users– New technologies, applications– Service level agreements
• Hardware monitoring– Hardware error reports– Availability reports– Utilization reports
• Hardware acquisition plan & maintenance– Information processing requirements, Hardware requirements, System software requirements,
Support and maintenance requirements.
24 Sept 2005 31
![Page 32: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/32.jpg)
Technology and Security Risk Services
24 Sept 2005 32
Operating SystemsOperating Systems
![Page 33: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/33.jpg)
SummarySummary
• The hardware are one of the organizations assets that should be properly controlled and managed by management.
• Today’s auditors should familiar and be prepared to deal with various rapid development in IT and its risks
• IS Auditors tasks:– Review the existing controls available– Test the compliance– Recommend adequate controls
• The hardware are one of the organizations assets that should be properly controlled and managed by management.
• Today’s auditors should familiar and be prepared to deal with various rapid development in IT and its risks
• IS Auditors tasks:– Review the existing controls available– Test the compliance– Recommend adequate controls
24 Sept 2005 33
![Page 34: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/34.jpg)
Technology and Security Risk Services
24 Sept 2005 34
Question and AnswerQuestion and Answer
![Page 35: UNPAD02 - IT Environment1 v1](https://reader034.vdocuments.us/reader034/viewer/2022042703/5695d41e1a28ab9b02a05b15/html5/thumbnails/35.jpg)
Technology and Security Risk Services
24 Sept 2005 35
Thank YouThank You