IT Strategic and Operational Controls

IT Strategic and Operational Controls

JOHN KYRIAZOGLOU
Copyright Date: 2010
Published by: IT Governance Publishing
Pages: 679
https://www.jstor.org/stable/j.ctt5hh6d1
  • Cite this Item
  • Book Info
    IT Strategic and Operational Controls
    Book Description:

    IT Strategic and Operational Controls provides a comprehensive guide to implementing an integrated and flexible set of IT controls in a systematic way. It can help organisations to formulate a complete culture for all areas which must be supervised and controlled; allowing them to simultaneously ensure a secure, high standard, whilst striving to obtain the strategic and operational goals of the company. Written with practicality and convenience in mind, this book is an ideal tool for those without specialised technical expertise seeking to understand IT controls and their design, implementation, monitoring, review and audit issues.

    eISBN: 978-1-84928-062-4
    Subjects: Technology, Business

Table of Contents

  1. Front Matter
    (pp. 1-4)
  2. FOREWORD
    (pp. 5-6)
    Georges M Selim

    For the past 40 years or more, the use of information technology in and between organisations has become increasingly pervasive in the developed and developing world. Yet how many large-scale information technology initiatives can claim to have been fully successful? Although numbers vary, most commentators agree that a majority of projects fail to meet end users’ expectations; in many cases, projects may be completed but are over time, over budget and provide fewer features than promised, while between 20% and 30% have so many issues that they have to be cancelled. Highly publicised cases which spring to mind include public...

  3. PREFACE
    (pp. 7-15)
    John Kyriazoglou
  4. ABOUT THE AUTHOR
    (pp. 16-17)
  5. ACKNOWLEDGEMENTS
    (pp. 18-19)
    John Kyriazoglou
  6. Table of Contents
    (pp. 20-24)
  7. CHAPTER 1: IT ORGANISATION CONTROLS
    (pp. 25-83)

    Organisations invest funds and effort, hire and use people and commit other critical resources for developing the information systems they need. They need an IT organisation (unit or function) and a set of required controls for this purpose.

    IT organisation controls establish the good operating environment for IT (infrastructure and systems) and ensure the successful execution of the daily activities and operational transactions of the IT systems of the organisation.

    A set of main IT organisation controls, with examples, are provided: IT department functional description controls, IT organisational controls, IT vision, mission and values statements, IT control frameworks, monitoring and...

  8. CHAPTER 2: IT ADMINISTRATION CONTROLS
    (pp. 84-138)

    Once you have established an IT organisation and its controls, you design and implement the basic IT administration policies and procedures for IT to operate and accomplish its mission. IT administration controls are designed and deployed with the main purpose of facilitating and enabling the proper execution of all the other IT controls.

    Establishing these controls to serve the needs of the given organisation may be done by the formal IT committee, or the IT management and its senior staff, or some other corporate work team or group, or a combination of these. It would be useful, however, and as...

  9. CHAPTER 3: ENTERPRISE ARCHITECTURE CONTROLS
    (pp. 139-188)

    After the establishment of an IT organisation and its administrative controls, you need to plan what you want IT to do.

    To this purpose you design a new, or improve your existing, business or Enterprise Architecture to enable the IT strategic process.

    Enterprise Architecture controls enable and support the alignment of IT (infrastructure and systems) with the business functions of the organisation, and support the successful execution of the daily activities and operational transactions of the IT systems.

    A set of main Enterprise Architecture controls are explained with examples provided in some cases. These controls include: Enterprise Architecture frameworks, enterprise...

  10. CHAPTER 4: IT STRATEGIC CONTROLS
    (pp. 189-245)

    After the IT function is set up with a structure, personnel, administration, and the Enterprise Architecture is designed or improved, an IT strategy is crafted and aligned with the business functions of the organisation.

    Controls at this level enable and support the future roadmap for IT infrastructure and systems, and facilitate and support the successful execution of the daily activities and operational transactions of the IT systems of the organisation. These controls include: IT strategic process controls, IT strategy implementation and monitoring controls and IT strategic performance management controls, with examples provided in some cases.

    In addition to these, a...

  11. CHAPTER 5: SYSTEM DEVELOPMENT CONTROLS
    (pp. 246-300)

    After the IT function is set up with an organisational structure, personnel, administration, a well-linked Enterprise Architecture for IT systems and an IT strategy, it is ready to create quality IT products and services, by developing IT application systems.

    Controls at this level establish a good operating environment for the development of IT systems and ensure the successful testing and preparation of these systems for serving the business purposes of the organisation. They also facilitate and support the successful execution of the daily activities and operational transactions of the IT systems.

    A set of IT system development controls are described...

  12. CHAPTER 6: IT SECURITY CONTROLS
    (pp. 301-359)

    The main aim of IT is, once it has been set up properly (structure, personnel, administration, strategy, etc.), to design and develop high-quality IT application systems, and protect both the systems themselves, as well as the data and the infrastructural elements upon which these systems operate, in the most secure and safe way.

    Controls at this level establish the secure operating environment for the development and operation of IT systems and services, and ensure the safe processing of data and successful operation of these systems and services for serving the business purposes of the organisation.

    IT security controls include: IT...

  13. CHAPTER 7: DATA CENTRE OPERATIONAL AND SUPPORT CONTROLS
    (pp. 360-417)

    To run the IT application systems developed according to the IT strategy of the organisation and provide services across all levels and locations of the organisation and the wider community, including other interconnecting parties, you need to create and operate a physical infrastructure and obtain services from specialised external providers.

    Controls at this level ensure that the IT facilities and equipment can remain in good operational status, and ensure the safe and successful operation of the IT infrastructure and systems for serving the business purposes of the organisation.

    A set of main data centre operational and support controls are presented...

  14. CHAPTER 8: SYSTEMS SOFTWARE CONTROLS
    (pp. 418-477)

    IT application systems, whether developed by IT in house, or acquired from an external party, are normally run in a secure data centre facility.

    These systems are made up of application software which cannot be run alone, but must have system software upon which they achieve their tasks.

    System software, such as database management systems, data communications and network software, etc. must be installed, configured and controlled. Controls at this level ensure that the operating system, database and data communications software can remain in good operational status, and ensure the safe and successful operation of the IT infrastructure and systems...

  15. CHAPTER 9: IT APPLICATION CONTROLS
    (pp. 478-532)

    IT application systems are made up of individual programs that receive data of occurring business transactions, check them for errors, process and store them in computerised files, and provide reports and results to all approved users of these systems. As these programs need to accomplish their tasks with the highest level of accuracy, quality and safety, effective management controls must be exercised.

    Controls at this level ensure that the computer programs of a particular computerised application, process the business transactions according to a set of predefined rules, and store the processed data in computerised files and databases, in a safe...

  16. CHAPTER 10: USING IT CONTROLS IN AUDIT AND CONSULTING ASSIGNMENTS
    (pp. 533-590)

    The IT strategic and operational controls contained in the previous chapters have been applied in establishing and reviewing IT controls, and in auditing and evaluating controls of IT application systems, networks and IT infrastructure, in several organisations (private and public), in various countries and corporate cultural environments.

    The purpose of this chapter is to give the reader an idea of how the controls presented have been used in actual practice. This is attempted by three case studies, one IT audit assignment and one IT policies and procedures review assignment.

    The names of the private companies and public organisations and their...

  17. APPENDICES: EXAMPLES OF POLICIES, GUIDELINES, FORMS AND METHODOLOGIES
    (pp. 591-658)
  18. FURTHER RESOURCES
    (pp. 659-676)
  19. ITG RESOURCES
    (pp. 677-679)