ICAB - ITA Chapter 5 class 9-10 - Controls and Standards
-
Upload
mohammad-abdul-matin -
Category
Education
-
view
94 -
download
7
description
Transcript of ICAB - ITA Chapter 5 class 9-10 - Controls and Standards
IT APPLICATIONSProfessional Stage Application Level, ICABTeacher: Mohammad Abdul Matin
Chapter 5Controls and Standards
Chapter Outline Information System Security Controls Physical Security Controls Logical Security Controls Control and Standard for Information Integrity Control and Standard for Information Access Control Control and Standard for Computer Audit Control and Standard for System
Implementation Phase Control and Standard for System Maint. and
Evaluation Risks of IT Systems Controls for Personal Systems
Syllabus In the examination, candidates may be required to
a. explain the controls and standards which are applied during the system implementation phases of installation, testing, training, documentation, file conversion and changeover, and post-implementation review
b. explain the controls and standards which are applied to system maintenance and evaluation (system maintenance, evaluation, computer based monitoring, system performance)
c. describe the controls that are applied to personal systems to ensure processing integrity, security and safeguarding of IT resources, and availability/continuity provisions (backup and recovery) for IT resources
Systems’ Purpose & Components• Capital management • Foundation of doing business • Productivity • Strategic opportunity and advantage
Typical Enterprise System
Control & Standards for System Implementation Phases
System Installation System Testing Documentation
TrainingConversion & Change Over
Control in ERP Implementation
Training & Practice
System Tests
Develop To-Be
Phase 2: Business Blueprint
Go Live
Phase 3: Realization
Project Close
Phase 1: Project
Preparation
Project Kickoff
Understand As-Is
Overview Training
Phase 4: Final
Preparation
Configure System
Training Materials
User Support
Phase 5:Go Live & Support
March April May JuneW1 W2 W3 W4 W5 W6 W7 W8 W9 W10 W11 W12 W13 W14 W15 W16 W15 W16
Cutover
System Selection
Implementation ReadinessBusiness Readiness: business PROCESSES are seen through and
documented competent PEOPLE are in right places process CHAMPIONS are identified
Technology Readiness: robust IT INFRASTRUCTURE is in place right HARDWARE is selected, ordered and delivered right SOFTWARE is selected and licenses are ordered competent SYSTEM INTEGRATOR is selected and
engaged An agreed PROJECT PLAN is finalized
Planning (High Level)Broad Activities Sep Oct Nov Dec Jan Feb Apr Jun Jul
BUSINESS READINESS
TECHNOLOGY READINESS :
- Infra. & ERP resources recruitment
- Secured Data Center preparation
- Project Office & Training Facility set up
- Network Review & Redundancy set up
- ERP solution finalization
- Hardware sizing, ordering & delivery
- System Integrator selection
- Scope of Work finalization
- Project Plan finalization
PROJECT KICK OFF (Start)
ERP IMPLEMENTATION (As per Project Plan)
GO LIVE 1st August 2012
1st February 2012
Project Team
System Development Lifecycle
System Implementation
Prepare for System Implementation
Deploy System
SystemInitiation
Requirement Analysis
System Design
System Construction
SystemAcceptance
System Preparation
Transition to Performing Organization
Transition
Control & Standards for System Implementation Phases (cont.)
System Installation– Implementation plan, milestones, stakeholder
engagement, communication, approval, issue handling and back out plan
System Testing– Scheduled, planned testing with defined criteria,
scope, expectation, scenarios and records– User Acceptance Testing (UAT)
Documentation– System / Process Description– System Documentation– System File Layout / Architecture Documentation
Control & Standards for System Implementation Phases (cont.)
Training– Administration / MDM training– User Training– TOT Approach
File Conversion and Change-over– New System Implementation
• Data preparation, go-live
– Manual System to Automation• Data preparation, parallel run, cut-over
– Old System to New System• Data conversion & transfer, cut-over
Risks in Implementation
Expectation & Experience Curve
Risks to IT Systems Computer Viruses
– Protection and Updating– Checking and Cleaning– Awareness of Risks (Internet, removable disks)– Recovery from Losses
Computer Hackers (Intrusion)– Implement Firewall– Develop and Apply Policy– Antivirus, Antispyware and Intrusion Prevention
Software– Address vulnerabilities– Conduct Tests
Controls for Personal Systems Sensitivity of information is much higher
than any other systems in an organization– HRIS– Personal information– Salary information
Needs to be protected from both external and internal users
Sometimes needs separating HRIS and Payroll at Admin levels
Controls for Personal Systems (cont.) General Controls
– Access, data, program, physical security– Software development and change control– Data center operation– Disaster recovery
Application Controls– Input controls– Authorization– Validation– Error notification and correction– Processing controls– Output controls
Questions How the security requirements can be
implemented in developing a new accounting system?
Thank You