Académique Documents
Professionnel Documents
Culture Documents
Step 2. Understanding the rules/regulations under which enterprise needs to comply with?
✓ internal corporate policies,
✓ external industry regulations and
✓ local, state and central laws.
Controls in BPA
Control is defined as policies, procedures, practices and organization structure that are designed to provide reasonable
assurance that business objectives are achieved and undesired events are prevented or detected and corrected.
Control Objectives
1. Authorization - ensures that all transactions are approved before the transaction is recorded.
2. Completeness -ensures that no valid transactions have been omitted.
3. Accuracy - ensures that all valid transactions are accurate, consistent, and recorded in a timely manner.
4. Validity - ensures that all recorded transactions are lawful in nature, and have been executed in accordance with
management's general authorization.
5. Physical Safeguards and Security - ensures that access to physical assets are controlled and properly restricted to
authorized personnel.
6. Error Handling - ensures that errors detected at any stage of processing are recorded and corrected.
7. Segregation of Duties - ensures that duties are assigned to individuals in a manner that ensures that no one
individual can control both the recording function and the procedures relative to processing a transaction.
Controls: Both the plans need to be reviewed regularly and updated as the need arises.
➢ APPLICATION CONTROLS:
Application controls are classified into the following types;
Boundary Input Communication Process Output Database
Controls Controls controls Controls Controls Controls
Reasonablen
Line Error Logging of Output Ensure all records on files
Access Control data coding ess
Controls Program Executions are processed
verification
Report
Field
Digital Validation Link Controls Distribution &
Initialization
Signature Collection Controls
Internetworking
Controls
Information Processing
▪ Information is data that has been processed into a form that is meaningful to the recipient.
▪ The effort to create the information from raw data is known as Information Processing.
▪ Classification of Information is based on level of human/computer intervention, as follows:
1. Manual Information Processing Cycle
2. Computerized Information Processing Cycle
As the level of human intervention is very high the quality of information generated from these systems is
prone to flaws such as delayed information, inaccurate information, incomplete information and low levels of
details.
Storage
Feedback
▪ As the processing is computerized the quality of information generated from these systems is timely,
accurate, fast and reliable.
▪ Traditional manual systems are being replaced by computerized systems.
▪ Consumer attitude towards business is directed by the level of computerization businesses have adopted.
▪ Consumers prefer to reach those people who are fast, accurate and timely.
▪ The consumer behavior has impacted the way businesses operate.
Virtualization
- In IT, Virtualization is the process of creating logical computing resources from available physical resources.
- This is accomplished using virtualization software to create a layer of abstraction between workloads and the
underlying physical hardware.
- Once installed, the resources (memory, CPUs, network, storage, etc) can all be pooled and provisioned to workloads
without regard for physical location within a data center.
- This behavior allows administrators to improve network traffic control and security.
Major applications of the concepts of the virtualization are given as follows:
1. Server Consolidation: Virtual machines are used to consolidate many physical servers into fewer servers. This is
also known as “Physical-to-Virtual” or 'P2V' transformation.
2. Disaster Recovery: Virtual machines can be used as "hot standby" environments for physical production servers. It
provides backup images for a production server experiencing an outage.
3. Testing and Training: Hardware virtualization can give root access to a virtual machine. This can be very useful
such as in kernel development and operating system courses.
4. Portable Applications: Portable applications are needed when running an application from a removable drive,
without installing it on the system's main disk drive.
5. Portable Workspaces: Recent technologies have used virtualization to create portable workspaces on devices like
iPods and USB memory sticks.
2. Network Virtualization: Network virtualization is a method of combining the available resources in a network by
splitting up the available bandwidth into channels, each of which is independent from the others, and each of which
can be assigned (or reassigned) to a particular server or device in real time.
✓ This allows a large physical network to be provisioned into multiple smaller logical networks and conversely
allows multiple physical LANs to be combined into a larger logical network.
✓ Network virtualization is offered by combining any of the hardware such as switches, NICs, firewalls, storage
devices, telecommunications devices, etc.
✓ Network virtualization involves platform virtualization, often combined with resource virtualization.
✓ It is intended to optimize network speed, reliability, flexibility, scalability, and security.
3. Storage Virtualization: Storage virtualization is the pooling of data from multiple storage devices, even different
types of storage devices, into what appears to be a single device that is managed from a central console. Storage
virtualization helps the storage administrator perform the tasks of backup, archiving, and recovery more easily -- and
in less time. The servers connected to the storage system aren’t aware of where the data really is. Storage
virtualization is sometimes described as “abstracting the logical storage from the physical storage.