Be familiar with the responsibilities of the different IS functions. ORGANIZATIONAL CHART SHOWS HOW AN ORGANIZATION IS STRUCTURED. IS functions and Their Roles: SYSTEMS DEVELOPMENT MANAGER
o Responsible for programmers and analysts who
implement new systems and maintain existing systems PROJECT MANAGER
are responsible for planning and executing IS
projects and may report to project management office or to the development organization. play a central role in executing the vision of the IT strategy and steering committee by planning, coordinating and delivering IS projects to the enterprise. PROJECT MANAGEMENT STAFF
utilize budgets assigned to them for the delivery
of IS initiatives and report on project progress to the steering committee. SERVICE DESK (HELP DESK)
A unit within an organization that responds to technical questions
and problems faced by users
Service desk/support administration includes the following activities:
Acquiring hardware/software (HW/SW) on behalf of end users
Assisting end users with HW/SW difficulties Training end users to use HW /SW and databases Answering queries of end users Monitoring technical developments and informing end users of pertinent developments Determining the source of problems with production systems and initiating corrective actions Informing end users of problems with HW/SW or databases that could affect their control of the installation of HW/SW upgrades Initiating changes to improve efficiency END USER
Responsible for operations related to business
application services; used to distinguish the person for whom the product (generally application level) was designed from the person who programs, services or installs applications. END-USER SUPPORT MANAGER
Responsible as a liaison between the IS
department and the end users DATA MANAGEMENT / MANAGER
Responsible for the data architecture in larger IT
environments and tasked with managing data as a corporate asset QUALITY ASSURANCE (QA) MANAGER
Responsible for negotiating and facilitating
quality activities in all areas of information technology INFORMATION SECURITY MANAGEMENT
Is responsible for computer operations personnel,
including all the staff required to run the computer IPF efficiently and effectively (e.g., computer operators, librarians, schedulers and data control personnel).
Note: IPF includes the computer, peripherals,
magnetic media and the data stored on the media. It constitutes a major asset investment and impacts the organization's ability to function effectively. CONTROL GROUP
Is responsible for the collection, conversion and
control of input, and the balancing and distribution of output to the user community. SUPERVISOR OF THE CONTROL GROUP
reports to the IPF operations manager.
MEDIA MANAGEMENT / MANAGER
This is a critical function. They are required to
record, issue, received and safeguard all program and data files that are maintained on removable media. DATA ENTRY
A critical function to the information processing
activity. Data entry may take into a form of batch or online processing. SYSTEMS ADMINISTRATION
is responsible for maintaining major multiuser
computer systems, including local area networks (LANs), wireless local area networks (WLANs), wide area networks (WANs), personal area networks (PANs), storage area networks (SANs), intranets and extranets, and mid-range and mainframe systems. TYPICAL DUTIES OF A SYSTEMS ADMINISTRATOR
Adding and configuring new workstations and
peripherals. Setting up user accounts
Installing system- wide software
Performing procedures to prevent/detect/correct
the spread of viruses Allocating mass storage space SECURITY ADMINISTRATION
Ensure that the various users are complying with
the corporate security policy and controls are adequate to prevent unauthorized access to the company assets (including data, programs and equipment). FUNCTIONS OF A SECURITY ADMINISTRATOR Maintaining access rules to data and other IT resources Maintaining security and confidentiality over the issuance and maintenance of authorized user IDs and passwords Monitoring security violations and taking corrective action to ensure that adequate security is provided Periodically reviewing and evaluating the security policy and suggesting necessary changes to management Preparing and monitoring the security awareness program for all employees Testing the security architecture to evaluate the security strengths and detect possible threats Working with compliance, risk management and audit functions to ensure that SECURITY ARCHITECT
evaluate security technologies; design security
aspects of the network topology, access control, identity management and other security systems; and establish security policies and security requirements. DATABASE ADMINISTRATION
custodian of an organization's data, defines and
maintains the data structures in the corporate database system. responsible for the security of the shared data stored on database systems. responsible for the actual design, definition and proper maintenance of the corporate databases. DBA'S ROLE : Specifying the physical (computer-oriented) data definition • Changing the physical data definition to improve performance • Selecting and implementing database optimization tools • Testing and evaluating programmer and optimization tools • Answering programmer queries and educating programmers in the database structures • Implementing database definition controls, access controls, update controls and concurrency controls • Monitoring database usage, collecting performance statistics and tuning the database • Defining and initiating backup and recovery procedures APPLICATION STAFF
Responsible for developing and maintaining
applications. INFRASTRUCTURE STAFF
Responsible for maintaining the systems
software, including the operating system. NETWORK ADMINISTRATORS
Responsible for key components of this
infrastructure (routers, switches, firewalls, network segmentation, performance management, remote access, etc.). responsible for technical and administrative control over the LAN. ensuring that transmission links are functioning correctly, backups of the system are occurring, and software/hardware purchases are authorized and installed properly. SYSTEMS ANALYST
are specialists who design systems based on the
needs of the user and are usually involved during the initial phase of the system development life cycle (SDLC). interpret the needs of the user and develop requirements and functional specifications as well as high-level design documents. REVIEWING DOCUMENTATION IT STRATEGIES, PLANS AND BUDGETS
They provide evidence of planning and
management's control of the IS environment and alignment with the business strategy. SECURITY POLICY DOCUMENTATION
provides the standard for compliance.
documentation should state the position of the organization with regard to any and all security risks. documentation should identify who is responsible for the safeguarding of company assets, including programs and data, and it should state the preventive measures to be taken to provide adequate protection and actions to be taken against violators.
Note: this part of the policy document should be
treated as confidential. ORGANIZATION/FUNCTIONAL CHARTS
provide the IS auditor with an understanding of
the reporting line within a particular department or organization. illustrate a division of responsibility and give an indication of the degree of segregation of duties within the organization. JOB DESCRIPTIONS
define the functions and responsibilities of
positions throughout the organization. provide an organization with the ability to group similar jobs in different grade levels to ensure fair compensation for the workforce. give an indication of the degree of segregation of duties within the organization and may help identify possible conflicting duties. STEERING COMMITTEE REPORTS
provide documented information regarding new
system projects.
Note: The reports are reviewed by upper
management and disseminated among the various business units. SYSTEM DEVELOPMENT AND PROGRAM CHANGE PROCEDURES
provide a framework within which to undertake
system development or program change. OPERATIONS PROCEDURES
describe the responsibilities of the operations
staff. Performance measurement procedures are generally embedded in operational procedures and are periodically reported to senior management steering committees.
Note: IS auditors should ensure that these
procedures are embedded in operational procedures. HR MANUALS
provide the rules and regulations (determined by
an organization) that specify how employees should conduct themselves. QA PROCEDURES