CHAPTER 5 – ORGANIZATIONAL

STRUCTURE AND RESPONSIBILITIES

Learning Objectives:

Be able to identify different IS functions.

Be familiar with the responsibilities of the different
IS functions.
ORGANIZATIONAL CHART SHOWS HOW
AN ORGANIZATION IS STRUCTURED.
IS functions and
Their Roles:
SYSTEMS DEVELOPMENT MANAGER

o Responsible for programmers and analysts who

implement new systems and maintain existing
systems
PROJECT MANAGER

 are responsible for planning and executing IS

projects and may report to project management
office or to the development organization.
 play a central role in executing the vision of the
IT strategy and steering committee by planning,
coordinating and delivering IS projects to the
enterprise.
PROJECT MANAGEMENT STAFF

 utilize budgets assigned to them for the delivery

of IS initiatives and report on project progress to
the steering committee.
SERVICE DESK (HELP DESK)

 A unit within an organization that responds to technical questions

and problems faced by
users

Service desk/support administration includes the following activities:

 Acquiring hardware/software (HW/SW) on behalf of end users

 Assisting end users with HW/SW difficulties
 Training end users to use HW /SW and databases
 Answering queries of end users
 Monitoring technical developments and informing end users of
pertinent developments
 Determining the source of problems with production systems and
initiating corrective actions
 Informing end users of problems with HW/SW or databases that could
affect their control of the installation of HW/SW upgrades
 Initiating changes to improve efficiency
END USER

 Responsible for operations related to business

application services; used to distinguish the
person for whom the product (generally
application level) was designed from the person
who programs, services or installs applications.
END-USER SUPPORT MANAGER

 Responsible as a liaison between the IS

department and the end users
DATA MANAGEMENT / MANAGER

 Responsible for the data architecture in larger IT

environments and tasked with managing data as
a corporate asset
QUALITY ASSURANCE (QA) MANAGER

 Responsible for negotiating and facilitating

quality activities in all areas of information
technology
INFORMATION SECURITY MANAGEMENT

 Is responsible for computer operations personnel,

including all the staff required to run the
computer IPF efficiently and effectively (e.g.,
computer operators, librarians, schedulers and
data control personnel).

Note: IPF includes the computer, peripherals,

magnetic media and the data stored on the
media. It constitutes a major asset
investment and impacts the organization's
ability to function effectively.
CONTROL GROUP

 Is responsible for the collection, conversion and

control of input, and the balancing and
distribution of output to the user community.
SUPERVISOR OF THE CONTROL
GROUP

 reports to the IPF operations manager.

MEDIA MANAGEMENT / MANAGER

 This is a critical function. They are required to

record, issue, received and safeguard all program
and data files that are maintained on removable
media.
DATA ENTRY

 A critical function to the information processing

activity. Data entry may take into a form of
batch or online processing.
SYSTEMS ADMINISTRATION

 is responsible for maintaining major multiuser

computer systems, including local area networks
(LANs), wireless local area networks (WLANs),
wide area networks (WANs), personal area
networks (PANs), storage area networks (SANs),
intranets and extranets, and mid-range and
mainframe systems.
TYPICAL DUTIES OF A SYSTEMS
ADMINISTRATOR

 Adding and configuring new workstations and

peripherals.
 Setting up user accounts

 Installing system- wide software

 Performing procedures to prevent/detect/correct

the spread of viruses
 Allocating mass storage space
SECURITY ADMINISTRATION

 Ensure that the various users are complying with

the corporate security policy and controls are
adequate to prevent unauthorized access to the
company assets (including data, programs and
equipment).
FUNCTIONS OF A SECURITY
ADMINISTRATOR
 Maintaining access rules to data and other IT
resources
 Maintaining security and confidentiality over the
issuance and maintenance of authorized user IDs and
passwords
 Monitoring security violations and taking corrective
action to ensure that adequate security is provided
 Periodically reviewing and evaluating the security
policy and suggesting necessary changes to
management
 Preparing and monitoring the security awareness
program for all employees
 Testing the security architecture to evaluate the
security strengths and detect possible threats
 Working with compliance, risk management and
audit functions to ensure that
SECURITY ARCHITECT

 evaluate security technologies; design security

aspects of the network topology, access control,
identity management and other security systems;
and establish security policies and security
requirements.
DATABASE ADMINISTRATION

 custodian of an organization's data, defines and

maintains the data structures in the corporate
database system.
 responsible for the security of the shared data
stored on database systems.
 responsible for the actual design, definition and
proper maintenance of the corporate databases.
DBA'S ROLE :
 Specifying the physical (computer-oriented) data definition
 • Changing the physical data definition to improve
performance
 • Selecting and implementing database optimization tools
 • Testing and evaluating programmer and optimization
tools
 • Answering programmer queries and educating
programmers in the database structures
 • Implementing database definition controls, access
controls, update controls and concurrency controls
 • Monitoring database usage, collecting performance
statistics and tuning the database
 • Defining and initiating backup and recovery procedures
APPLICATION STAFF

 Responsible for developing and maintaining

applications.
INFRASTRUCTURE STAFF

 Responsible for maintaining the systems

software, including the operating system.
NETWORK ADMINISTRATORS

 Responsible for key components of this

infrastructure (routers, switches, firewalls,
network segmentation, performance
management, remote access, etc.).
 responsible for technical and administrative
control over the LAN.
 ensuring that transmission links are functioning
correctly, backups of the system are occurring,
and software/hardware purchases are authorized
and installed properly.
SYSTEMS ANALYST

 are specialists who design systems based on the

needs of the user and are usually involved during
the initial phase of the system development life
cycle (SDLC).
 interpret the needs of the user and develop
requirements and functional specifications as
well as high-level design documents.
REVIEWING DOCUMENTATION
IT STRATEGIES, PLANS AND BUDGETS

 They provide evidence of planning and

management's control of the IS environment and
alignment with the business strategy.
SECURITY POLICY DOCUMENTATION

 provides the standard for compliance.

 documentation should state the position of the
organization with regard to any and all security risks.
 documentation should identify who is responsible for
the safeguarding of company assets, including
programs and data, and it should state the preventive
measures to be taken to provide adequate protection
and actions to be taken against violators.

 Note: this part of the policy document should be

treated as confidential.

ORGANIZATION/FUNCTIONAL CHARTS

 provide the IS auditor with an understanding of

the reporting line within a particular department
or organization.
 illustrate a division of responsibility and give an
indication of the degree of segregation of duties
within the organization.
JOB DESCRIPTIONS

 define the functions and responsibilities of

positions throughout the organization.
 provide an organization with the ability to group
similar jobs in different grade levels to ensure
fair compensation for the workforce.
 give an indication of the degree of segregation of
duties within the organization and may help
identify possible conflicting duties.
STEERING COMMITTEE REPORTS

 provide documented information regarding new

system projects.

Note: The reports are reviewed by upper

management and disseminated among the
various business units.
SYSTEM DEVELOPMENT AND PROGRAM
CHANGE PROCEDURES

 provide a framework within which to undertake

system development or program change.
OPERATIONS PROCEDURES

 describe the responsibilities of the operations

staff.
 Performance measurement procedures are
generally embedded in operational procedures
and are periodically reported to senior
management steering committees.

Note: IS auditors should ensure that these

procedures are embedded in operational
procedures.
HR MANUALS

 provide the rules and regulations (determined by

an organization) that specify how employees
should conduct themselves.
QA PROCEDURES

 provide framework and standards that can be

followed by the IS department.