CHAPTER 1(Concept of governance and management information system)
Enterprise Governance
Dimensions
 Corporate/ Conformance
Governance.
 Business/ Performance
Governance.
Key management practices
(required for aligning IT
strategy with Enterprises)
 Understand Enterprise’s
direction
 Assess the current
environment, capabilities,
performance
 Define the target It
capabilities.
 Conduct a gap analysis
 Define strategic plan and
road map
 Communicate it strategy
and direction.
Page -2
IT Governance GEIT IT steering Committee.
Benefit Benefits Key Function
1. Increased :- 1. It ensures that IT
Value through enterprise related decision are
it, made in line with
User satisfaction with It enterprise’s objective
services and strategy
2. Improved:- Agility in 2. It ensures it related
supporting business needs, process are overseen
effectively and
Transparency and transparently
understanding of IT
contribution, 3. It ensures that
governance
Compliances with requirement for board
relevant law and members are made.
regulation Policies,
4. It Provide a consistent
Management and approach integrated
mitigation of IT related and aligned with
Business needs enterprise governance
approach.
3. More utilization of IT 5. It confirms
resources compliances with legal
4. Better cost performance. regulatory
requirements
1. Ensure long-Run and Short
Run plan are in tune with
enterprise’s objective
2. Ensure availability of viable
communication between IT
& its User
3. Review and approve major
IT deployment project (in all
stage)
4. Review the status of IS plan
and budget and overall
performance
5. Review and approve
standards, Policies &
Procedures
6. Facilitate implementation of 
IT security within enterprises
7. Facilitate and resolve
conflicts in deployment of it.
Key metrics for Evaluation
of benefit from IT, IT cost,
Transparency, Risk
Management
 % of it enabled
investment where: -
Benefit realization is
monitored through full
economic life cycle.
Claimed benefits are
met or exceeded.
 % of It enabled services:-
Where expected benefit
realized
With Approved operational
cost and expected benefits
 % of Investment business
cases
Satisfaction survey of key
stake holders
As per COSO COBIT 5 Key principal for COBIT 5 Categories of Risk management Key management
(internal control Governance and Enablers Strategies practices for
implementing Risk
interrelated components) management of IT
i. Principles, policies and management
 Tolerate and
 Control environment 1. Meeting stake holders Framework Accepted Risk.
needs ii. Process  Collect Data
 Risk assessment  Terminate/eliminate
2. Covering enterprises End iii. Organisational structure  Analyse data
 Control activities risk
to End iv. Culture, ethics and  Maintain a risk profile
 Information and  Transfer and Share
3. Applying Single behaviours  Articulate risk
communication Risk
integrated framework v. Information  Define a risk
 Monitoring  Treat/mitigate risk
4. Enabling holistic vi. Service, infrastructure management portfolio
 Turn back
approach and application  Respond to risk
5. Separating governance vii. Skilled and
from management. competencies
COBIT-5 Key management COBIT-5 Key management practice for Assessing and Areas to be reviewed by Internal auditor for Review
practices provided For evaluating the system of internal control. of Governance, Risk and compliances.
ensuring IT compliances
1. Monitor internal control 1. Scope
 Identify external 2. Review business process control effectiveness 2. Governance
compliances requirement 3. Perform control self- assessments 3. Evaluate enterprise ethics
 Optimize response to 4. Identify and report control deficiencies 4. Risk management
external requirements 5. Ensure that assurance providers are independent and 5. Interpretation
 Confirm external qualified 6. Risk management process
compliances 6. Plan assurance initiatives 7. Evaluate risk exposures
 Obtain assurance of external 7. Scope assurance initiatives 8. Evaluate fraud and fraud risk
compliances 8. Execute assurance initiatives 9. Address adequacy risk management process.

Page-3
Role of IT in enterprises Level of Managerial activities Components in COBIT
1. Not merely for data processing but more for
strategic and competitive advantage  Strategic planning Framework
2. Not only automate but also transform the  Management control
way business process performed  Operational Control Process Description
3. Not only impacts the way internal control
implemented but also provide better and Categories/Classification of IT Control Objectives
innovative strategic services.
strategic planning
4. Aligned business strategy and ensure value Management Guidelines
creation
5. Extensive organization restructuring/  Enterprise strategic plan
Maturity & Models
business process Re-engineering  IS strategic plan
 IS requirement plan
 IS application and facilities plan

Risk management in COBIT-5 Areas of review of assessing and Terminology and short notes:-
managing risk  ASSET
Risk Assessment o Risk management ownership and  VULNERABILITY
accountability  THREAT
 Risk identification o Different kind of IT Risk (technology,  EXPOSURE
 Risk Analysis security, continuity, regularity, etc.)  LIKELIHOOD
 Risk prioritization o Define and communicate risk tolerance  ATTACK
profile  RISK
 Risk Mitigation Control o Root cause analysis and risk mitigation  COUNTERMEASURE
measures  RESIDUAL RISK
 Risk Reduction o Quantitative and qualitative risk  MATRICS OF RISK MANAGEMENT
 Risk planning measurement
 Risk monitoring o Risk assessment methodology
o Risk action plan and timely assessment
 CHAPTER 2 (Information system Concept) Page-1
Classification of system Types of information system
Operation level system :- Knowledge level system
On the basis of
Element :- Abstract, Physical TPS (1)OAS (2) Knowledge management system
Component:- Input, Benefits:- It Is the process of capturing,
Interactive Behaviour:- Open, Closed Processing, Storage, Output  Improve communication developing, sharing & effectively using
 Reduce the cycle time organizational information. It is multi-
Degree of Human :-Manual Feature/Characteristics:-  Reduce cost of Communicatn disciplined approach.
Intervention Automated @ Large volume of Data  Ensure the accuracy of info. It retrieve, stores knowledge and
@ Automation of Basic  Smooth flow of communicatn improve collaboration. It mines
Working/Output :- Deterministic operation  Make activities effective and repositories for hidden knowledge
Probabilistic @ benefits are easily efficient & simple
Characteristics of computer based measurable Name of computer base office Types of knowledge
@ source of input for other Automation system Explicit Tacit
information system
system >Easily available >Resides in a few
 Work for predetermined objectives  Text processing system
across the often in just one
 Not of sub system and interdependent  Electronic document
Key activity of TPS organization person.
 If on fails all fails management system
@ Capturing data and >It can be > Which have not
 Interact to each other to achieve goal  Electronic message
organising into files & formalized easily been captured by
 Individual system have lower priority communication system
organization
database  Teleconferencing and video
than the goal of entire system
@ processing file database conferencing system
using application software
Component of information system Implication of IS in Business Attributes of information
@ Generating information in
 People (user)  Helps in efficient decision
the form of report
 Computer (hardware and Software) @ Processing queries from making Availability, Purpose/Objective, Rate
 Data various quarters of  Able to survive in competitive Mode and format, Current/Updated
 Network organisation. environment Frequency, Completeness/Adequacy
 Right decision on right time Reliability, validity, Quality,
 Knowledge gained from IS can Transparency,
be utilized in unusual situation Value of information
 Integrated to formulate strategy
 Page-2

Management level system

MIS DSS
Characteristics of effective MIS Limitation of MIS It provide set of capabilities on that enables
 Management oriented  Quality of output is governed by quality of input managers to generate information for decision
 Management directed  MIS is not substitute for management making
 Integrated  Non flexible for quickly update Component
 Common data flow  Not provide information suitable for every type  Database,
 Heavy planning element of decision Physical level, Logical, External Level
 Sub system concept  Considers only quantitative factor  User,
 Common database  Less useful for non-programed decision  Model base
 Computerised  Not effective in hoarding information culture Characteristics
 Not effective in frequent changes in top  Support decision making
Misconception of MIS
 Help groups in decision making
 Computer base information sys is MIS management structure and operational team
 Flexible (Change as per environment)
 Any Reporting system is MIS Pre-requisition of MIS
 Easy to use (user does not require
 MIS is management technique  Database
computer knowledge)
 MIS is bunch of Technologies  Qualified system & management staff
 Solved structured problem
 Study of MIS is about use of computer  Support of top management
 User friendly
 Accuracy play vital role in reporting  Control and maintenance of MIS
 Used for decision making rather than
 MIS is implementation of organizational communicating decision and training.
system and procedures. MIS & DSS Difference
 Extensible and evolve overtime
 MIS is file structure. Basis MIS DSS
DSS in Accounting
Provides Integrated tool, Structured info.
Various constraints come in the way of 1- Cost accounting system
(Philosophy) data model, lang to end user
operating MIS 2- Capital budgeting system
to end user
1- Non availability of experts 3- Budget variance analysis
Orientation External Internal
2- Which system should be installed / 4- General decision support system
operated first Flexibility Highly Inflexible
3- Designing approach of implementation of Emphasis Tools for decis Info. Req. ERP Model Component
MIS is not standardized. Analytical More capability Little capability Software, process flow, Customer Mind-set,
4- Non-cooperation from staff Design Interactive proc. Sys devlopment Change management.
 Page-3

EIS/ESS EIS & Traditional information system Differences

Characteristics Dimensions EIS Traditional Sys
 Serves the information need of top executive Level of management For top and near top exec For lower staff
 Enable user to extract summery data and model Nature of info. access Specific issues problem Status reporting
complex problem Nature of info provide Online tool and analysis Offline status reporting
 Provide rapid excess for report and management Drill down Available Not avail
 Can excess both internal and external data Info. format Text graphics Tabular
 Provide extensive online analysis tool Nature of interface User friendly Computer operator generated
 Can easily be given as a DSS support for decision
making Expert system Properties to qualify for expert system
Business application of expert system development
Principles of MIS  Accounting and finance Availability
 Easy to understand and collect  Marketing Complexity
 Performance indicators  Manufacturing Domain
 EIS measure should be based on a balanced view  Personnel Expertise
of organization’s objective  General business Structure
 EIS Measure should encourage management and Need of expert system Tool crucial for Business Growth
staff  Expert labour is expensive and scarce Business website
 EIS info. must be available in organization  Shortage of talent in key position Internet/ intranet
 EIS measure must evolve to meet the changing  Expert can handle only one problem Software and packages
needs of organisation at a time Business intelligence
 Limitation human information Computer system, scanner, laptop etc.
Characteristics of type of information used in processing capability & rushed pace Manager should possess following knowledge
executive decision making of business for operating information system
 Lack of structure Benefits of Expert System Foundation concept
 High degree of uncertainty 1- Preserve knowledge Information technology
 Future orientation 2- Information in active form Business application
 Informal source 3- Assist as experienced professional Development process
 Low level of detail 4- Not subject of human fallings Management challenges
5- Used as strategic tool
Provide suggestions and feedback on what’s-app 9584292172 (Prashant)
Suggestion and feedback will be incorporated in next charts