information systems control & audit(2) shin, soojung based on ron’s book
TRANSCRIPT
![Page 1: Information Systems Control & Audit(2) Shin, SooJung Based on Ron’s book](https://reader035.vdocument.in/reader035/viewer/2022072015/56649ec85503460f94bd4bfd/html5/thumbnails/1.jpg)
Information Systems Control & Audit(2)
Shin, SooJung
Based on Ron’s book
![Page 2: Information Systems Control & Audit(2) Shin, SooJung Based on Ron’s book](https://reader035.vdocument.in/reader035/viewer/2022072015/56649ec85503460f94bd4bfd/html5/thumbnails/2.jpg)
Chapter 3Top Management Control
![Page 3: Information Systems Control & Audit(2) Shin, SooJung Based on Ron’s book](https://reader035.vdocument.in/reader035/viewer/2022072015/56649ec85503460f94bd4bfd/html5/thumbnails/3.jpg)
Introduction
Planning Organizing
Leading Controlling
TopManagement
Control
TopManagement
Control
![Page 4: Information Systems Control & Audit(2) Shin, SooJung Based on Ron’s book](https://reader035.vdocument.in/reader035/viewer/2022072015/56649ec85503460f94bd4bfd/html5/thumbnails/4.jpg)
(1) Evaluating The planning function
Preparing the plan involves 3 tasks
- Recognizing opportunities and problems that confront the organization in which IT and IS can be applied cost-effectively
- Identifying the resources needed to provide the required IT and IS.- Formulating strategies and tactics for acquiring the needed resources.
Preparing the plan involves 3 tasks
- Recognizing opportunities and problems that confront the organization in which IT and IS can be applied cost-effectively
- Identifying the resources needed to provide the required IT and IS.- Formulating strategies and tactics for acquiring the needed resources.
Strategic plan(3-5 years)
1) Current information assessment
2) Strategic directions3) Development strategy
Operational plan(1-3 years)
1) Progress report( 현재계획 , 주요 platform 변경 등 )
2) Initiatives to be undertaken(systems, HW,SW, 인력 , 투자 )
3) Implementation schedule
![Page 5: Information Systems Control & Audit(2) Shin, SooJung Based on Ron’s book](https://reader035.vdocument.in/reader035/viewer/2022072015/56649ec85503460f94bd4bfd/html5/thumbnails/5.jpg)
(1) Evaluating The planning function
Supportorganization
Turnaroundorganization
Factoryorganization
Strategicorganization
Low
Low
High
High
Importance of future systems
Imp
ortance of cu
rrent
systems
Small amount ofplanning
moderate amount Of planning
moderate –largeamount of planning
substantialamount of planning
Traditionalorganization
Backboneorganization
Federationorganization
Complexorganization
Low
Low
High
High
System Infusion
System
d
iffusion
Small amount ofplanning
moderate amount Of planning
moderate –largeamount of planning
substantialamount of planning
McGarlan et al.’s strategic grid model Sullivan’s infusion-diffusion model
Steering committee: assume overall responsibility for the activities of IS functions.For strategic organization –CEO chaired, + senior users and senior IS personnelSteering committee: assume overall responsibility for the activities of IS functions.For strategic organization –CEO chaired, + senior users and senior IS personnel
![Page 6: Information Systems Control & Audit(2) Shin, SooJung Based on Ron’s book](https://reader035.vdocument.in/reader035/viewer/2022072015/56649ec85503460f94bd4bfd/html5/thumbnails/6.jpg)
(2) Evaluating Organizing function
The planning functions: establish goal & objectives for IS within organizationThe organizing functions: gather, allocate, & structures resources to enable these goals and ob
jectives to be achieved.
- Resourcing the IS function: 최고 경영층의 중요한 임무는 정보시스템 계획에 수립되어 있는 목표와 목적을 수행하기 위해 필요한 자원 (HW,SW, 인력 , 설비 , 재무 등 ) 을 획득하는 것임 .
- Staffing the IS functionA. Personnel acquisition: - control: background check, screening for health, bonding of key employee, organization
protocol 의 설명 - Job requirement, job descriptionB. Personnel development - 종업원들에 대한 promotional and personal growth opportunities 의 수립 - Education - Regular staff review 필요 ( 승진평가 , 성장기회의 정의 , 강약점 정의 )C. Personnel termination - 퇴직의사를 밝힐 경우 최고경영자는 즉시 공지받고 상급자는 이유확인 - 키 ,ID 반납 , 패스워드 취소 , 공지 리스트 변경 , 모든 서적 및 문서 반납 , 장비 반납 - 교체인력에 대한 교육수행 , 직원이 disgruntled 일 경우 즉시 퇴사 - 퇴직면담수행 ( 불만족 영역 확인 , 비밀약조 , 잠재된 문제 정의 )
The planning functions: establish goal & objectives for IS within organizationThe organizing functions: gather, allocate, & structures resources to enable these goals and ob
jectives to be achieved.
- Resourcing the IS function: 최고 경영층의 중요한 임무는 정보시스템 계획에 수립되어 있는 목표와 목적을 수행하기 위해 필요한 자원 (HW,SW, 인력 , 설비 , 재무 등 ) 을 획득하는 것임 .
- Staffing the IS functionA. Personnel acquisition: - control: background check, screening for health, bonding of key employee, organization
protocol 의 설명 - Job requirement, job descriptionB. Personnel development - 종업원들에 대한 promotional and personal growth opportunities 의 수립 - Education - Regular staff review 필요 ( 승진평가 , 성장기회의 정의 , 강약점 정의 )C. Personnel termination - 퇴직의사를 밝힐 경우 최고경영자는 즉시 공지받고 상급자는 이유확인 - 키 ,ID 반납 , 패스워드 취소 , 공지 리스트 변경 , 모든 서적 및 문서 반납 , 장비 반납 - 교체인력에 대한 교육수행 , 직원이 disgruntled 일 경우 즉시 퇴사 - 퇴직면담수행 ( 불만족 영역 확인 , 비밀약조 , 잠재된 문제 정의 )
![Page 7: Information Systems Control & Audit(2) Shin, SooJung Based on Ron’s book](https://reader035.vdocument.in/reader035/viewer/2022072015/56649ec85503460f94bd4bfd/html5/thumbnails/7.jpg)
Control Location Function
Dimension
Option
Centralized
Intermediate
Decentralized
Control : IS 의 의사결정의 책임이 1 인에게 있는가 ? 여러 사람들에게 분산되어 있는가 ?Location: HW/SW 의 위치가 한 곳에 있는가 ? 여러 곳에 있는가 ?Function: IS 의 기능이 한 site 의 직원들에 의해 수행되는가 ? 여러 곳의 직원들에 의해
수행되는가 ?
Control : IS 의 의사결정의 책임이 1 인에게 있는가 ? 여러 사람들에게 분산되어 있는가 ?Location: HW/SW 의 위치가 한 곳에 있는가 ? 여러 곳에 있는가 ?Function: IS 의 기능이 한 site 의 직원들에 의해 수행되는가 ? 여러 곳의 직원들에 의해
수행되는가 ?
Centralization-decentralization options
(2) Evaluating Organizing function
![Page 8: Information Systems Control & Audit(2) Shin, SooJung Based on Ron’s book](https://reader035.vdocument.in/reader035/viewer/2022072015/56649ec85503460f94bd4bfd/html5/thumbnails/8.jpg)
(1) 각 직무에 대한 책임이 명확한가 ? 각 사람들이 임무 , 권한 , 책임을 완전히 이해하는가 ?(2) 임무의 분리가 이루어져 있는가 ?(1) 각 직무에 대한 책임이 명확한가 ? 각 사람들이 임무 , 권한 , 책임을 완전히 이해하는가 ?(2) 임무의 분리가 이루어져 있는가 ?
Recent IS department organizational structure
(2) Evaluating Organizing function
Manager of IT planning
Manager of IT services
Manager of QA
Manager of EU support
Manager of SI
Manager of Contract &Outsourcing
Manager of Operations
Manager Administration
ApplicationDevelopment
ApplicationMaintenance
StandardDevelopment
DA DBA CorporateModeling
CIO
![Page 9: Information Systems Control & Audit(2) Shin, SooJung Based on Ron’s book](https://reader035.vdocument.in/reader035/viewer/2022072015/56649ec85503460f94bd4bfd/html5/thumbnails/9.jpg)
Separation of duty
SP
SA
AP
Data Entry
Operator
DBASecurity 관리자Tape Librarian
SP
QA
****
X
X
X
SA AP
****
X
X
X
X
X
X
X
***
X
X
X
X
X
X
X
****
X
X
X
X
X
X
***
X
X
X
X
X
***
X
X
X
X
X
***
X
DE Operator DBA Security Librarian QA
***
***
X
X
X
X
X
X
X
X
X
X
X
(2) Evaluating Organizing function
X X
![Page 10: Information Systems Control & Audit(2) Shin, SooJung Based on Ron’s book](https://reader035.vdocument.in/reader035/viewer/2022072015/56649ec85503460f94bd4bfd/html5/thumbnails/10.jpg)
Location of the IS function
(2) Evaluating Organizing function
VPMarketing
VPHR
VPIS
VPF & A
CEO
VPProduction
VPMarketing
VPF & A
VPProduction
VPHR
VPIS
CEO
A Strategic organization A Support organization
![Page 11: Information Systems Control & Audit(2) Shin, SooJung Based on Ron’s book](https://reader035.vdocument.in/reader035/viewer/2022072015/56649ec85503460f94bd4bfd/html5/thumbnails/11.jpg)
- Leading is a complex management function designed to influence the behavior of an individual or group
- The purpose of leading is to achieve harmony of objectives- The process of leading requires managers to motivate subordinates, direct them, and
communicate with them
(1) Motivation: staff turnover statistics, frequent failure of projects to meet their budgets, absenteeism level
(2) Leadership style: poor leadership 의 결과확인 - staff turnover statistics, frequent failure of projects to meet their budgets
(3) Effective communication: 공식적인 source - IT 계획 , 문서화된 표준 , 정책 , 미팅시간 , 메모
비공식적인 source - 인터뷰
- Leading is a complex management function designed to influence the behavior of an individual or group
- The purpose of leading is to achieve harmony of objectives- The process of leading requires managers to motivate subordinates, direct them, and
communicate with them
(1) Motivation: staff turnover statistics, frequent failure of projects to meet their budgets, absenteeism level
(2) Leadership style: poor leadership 의 결과확인 - staff turnover statistics, frequent failure of projects to meet their budgets
(3) Effective communication: 공식적인 source - IT 계획 , 문서화된 표준 , 정책 , 미팅시간 , 메모
비공식적인 source - 인터뷰
(3) Evaluating the leading function
![Page 12: Information Systems Control & Audit(2) Shin, SooJung Based on Ron’s book](https://reader035.vdocument.in/reader035/viewer/2022072015/56649ec85503460f94bd4bfd/html5/thumbnails/12.jpg)
The controlling function involves determining when the actual activities of the IS function deviate from the planned activities.
(1) How much should the organization be spending on the IS function?- Benchmarking
(2) Is the organization getting value for money from its IS function?- the basis for performing the global assessment should be the IS strategic and operational
plans. - Actual performance should be evaluated against the long-run and short-run goals
articulated in the plans- Strategic & turnaround 조직 : IS function 이 조직이 생존하기 위한 경쟁적 이득과 조직의
변화를 가져왔는가 ? 확인- Factory & support 조직 : 현재 시스템의 포트폴리오의 효과성 및 효율성의 향상을 가져왔는가 ?
The controlling function involves determining when the actual activities of the IS function deviate from the planned activities.
(1) How much should the organization be spending on the IS function?- Benchmarking
(2) Is the organization getting value for money from its IS function?- the basis for performing the global assessment should be the IS strategic and operational
plans. - Actual performance should be evaluated against the long-run and short-run goals
articulated in the plans- Strategic & turnaround 조직 : IS function 이 조직이 생존하기 위한 경쟁적 이득과 조직의
변화를 가져왔는가 ? 확인- Factory & support 조직 : 현재 시스템의 포트폴리오의 효과성 및 효율성의 향상을 가져왔는가 ?
(4) Evaluating the control function
![Page 13: Information Systems Control & Audit(2) Shin, SooJung Based on Ron’s book](https://reader035.vdocument.in/reader035/viewer/2022072015/56649ec85503460f94bd4bfd/html5/thumbnails/13.jpg)
(4) Evaluating the control function
Time
Data p
rocessing
bu
dget
I. Initiation II. Contagion
III. Control
IV. Integration
I. Installation of computer, 컴퓨터가 주요부서에 설치되고 약간의 예산이 존재하며 , 프로젝트는 순서대로 수행됨
II. Sales-oriented management intent on showing the usefulness of computer, 데이터 처리관리자에게 높은 위치부여 , 표준없고 , 비공식적인 프로젝트 통제 , 신속한 개발
III. Control-oriented management, 여러사용자 부서에 컴퓨터 설치 , 위원회 구성 , 표준 , 프로젝트 통제 , 후 - 감사 등의 도입
IV. Resource-oriented planning and control, 데이터 처리는 독립적인 영역 , 시스템분석가와 프로그래머의 분산화 , 전문화 , 마스터플랜의 수립
I. Installation of computer, 컴퓨터가 주요부서에 설치되고 약간의 예산이 존재하며 , 프로젝트는 순서대로 수행됨
II. Sales-oriented management intent on showing the usefulness of computer, 데이터 처리관리자에게 높은 위치부여 , 표준없고 , 비공식적인 프로젝트 통제 , 신속한 개발
III. Control-oriented management, 여러사용자 부서에 컴퓨터 설치 , 위원회 구성 , 표준 , 프로젝트 통제 , 후 - 감사 등의 도입
IV. Resource-oriented planning and control, 데이터 처리는 독립적인 영역 , 시스템분석가와 프로그래머의 분산화 , 전문화 , 마스터플랜의 수립
S-curve 의 사용 : 어떠한 종류의 control 전략을 적용할 것인가 ?
![Page 14: Information Systems Control & Audit(2) Shin, SooJung Based on Ron’s book](https://reader035.vdocument.in/reader035/viewer/2022072015/56649ec85503460f94bd4bfd/html5/thumbnails/14.jpg)
(1) Policy: broad, general guidelines of behavior
(2) Standard: specific guidelines of behavior- Methods standard- Performance standard- Documentation standard- Project-control standard- Post-audit standard
(1) Policy: broad, general guidelines of behavior
(2) Standard: specific guidelines of behavior- Methods standard- Performance standard- Documentation standard- Project-control standard- Post-audit standard
(4) Evaluating the control function
Control of IS activities
![Page 15: Information Systems Control & Audit(2) Shin, SooJung Based on Ron’s book](https://reader035.vdocument.in/reader035/viewer/2022072015/56649ec85503460f94bd4bfd/html5/thumbnails/15.jpg)
Top managers must develop policies and implement procedures that provide incentives for users to employ IS services effectively and efficiently.
(1) Review committee: 사용자의 서비스 요청을 검토 - 우선순위 평가 방법 필요 - ZBB(zero-based budgeting)
(2) A transfer pricing or chargeout scheme A. IS Service- Cost center- Profit center- Investment center- Hybrid center
B. Pricing- Allocated cost: 사용자가 사용한 서비스의 비용에 근거하여 기간동안의 사용자 charge- Standard cost: 여러 서비스를 제공하는 장기적인 , 평균 비용의 계산- Dual price: 사용자에게 요청되는 가격과 서비스제공자에게 할당되는 가격이 이중구조- Negotiated price: 사용자와 공급자의 협상가격- Market price: 현재 서비스에 대한 시장가격으로 사용자 charge
Top managers must develop policies and implement procedures that provide incentives for users to employ IS services effectively and efficiently.
(1) Review committee: 사용자의 서비스 요청을 검토 - 우선순위 평가 방법 필요 - ZBB(zero-based budgeting)
(2) A transfer pricing or chargeout scheme A. IS Service- Cost center- Profit center- Investment center- Hybrid center
B. Pricing- Allocated cost: 사용자가 사용한 서비스의 비용에 근거하여 기간동안의 사용자 charge- Standard cost: 여러 서비스를 제공하는 장기적인 , 평균 비용의 계산- Dual price: 사용자에게 요청되는 가격과 서비스제공자에게 할당되는 가격이 이중구조- Negotiated price: 사용자와 공급자의 협상가격- Market price: 현재 서비스에 대한 시장가격으로 사용자 charge
(4) Evaluating the control function
Control over the users of IS services