Saturday, October 15, 2011

IT STRATEGIC AND OPERATIONAL CONTROLS


IT STRATEGIC AND OPERATIONAL CONTROLS*

           By John KYRIAZOGLOU, CICA, M.S., B.A (Hon.)

  *This is summary of the following book

 ==== TITLE: 'IT STRATEGIC AND OPERATIONAL CONTROLS’ =====

PRINTED VERSION:                    www.itgovernance.co.uk/products/3066

E-BOOK FORMAT VERSION:    www.itgovernance.co.uk/products/3067

ADDENDUM TO THE BOOK (Customisable IT Audit Programmes and Checklists

                     (WORD FORMAT): www.itgovernance.co.uk/products/3143

 These can also be purchased from www.itgovernanceusa.com,  

itgovernanceasia.com and other major world distributors (e.g. AMAZON), etc.) and bookstores in several countries (England, India, Switzerland, Italy, Germany, Poland, Brazil, Canada, Australia, Japan, etc.).

 Author: John Kyriazoglou, Publisher: IT Governance Publishing

ISBN: 978-1-84928-061-7, Pages: 686, Format: Softcover, Date: 2 September 2010

 BOOK SYNOPSIS

 This book is about Information Technology (IT) Strategic and Operational Controls. IT controls (policies, procedures, forms, practices, audit programs, and checklists, etc.) enable and support all management levels of the organization (top, middle, and lower) to accomplish the IT strategic and operational goals of the organization. The book covers all the IT areas, such as: IT Organization Controls, IT Administration Controls, Enterprise Architecture Controls, IT Strategic Controls, System Development Controls, IT Security Controls, Data Center Operational and Support Controls, Systems Software Controls, Computerized Application Controls, and Using IT Controls in Audit and Consulting Assignments. Also the Appendix of the book contains examples of IT Security Policies, several examples of IT Forms, an IT Audit Methodology, a list of IT Audit Areas, an Internal Audit Report example, etc.

ADDENDUM to IT STRATEGIC AND OPERATIONAL CONTROLS

ISBN 978-1-84928-075-4. This separate volume contains Customisable IT audit programmes and checklists in word format.

 BENEFITS OF THE BOOK

 This book can guide, facilitate, enable, support and assist Organizations, Senior Executives, Boards, Managers, Professors, IT Professionals, and Auditors:  (1) in organizing, managing, controlling, dealing with, reviewing and improving IT operations and activities is the areas of Organization, Administration, Strategy, Contingency Planning and Disaster Recovery, System Development, Software Quality, Data Center Operations, etc.), (2) in Internal and External IT AUDITING activities including possible aversion and detection of ECONOMIC AND HIGH-TECH CRIMES,  (3) in UNIVERSITY EDUCATIONAL and Professional Training Programs for the areas of IT, BUSINESS ADMINISTRATION, MANAGERIAL ACCOUNTING AND CONTROL, COMPUTER SCIENCE, Information Management, Commerce, Finance, Accounting, Banking, Operations Management, etc., and (4) in CERTIFYING PROFESSIONALS IN IT CONTROLS and IT AUDITING.

 ENDORSEMENTS OF THE BOOK AND THE AUTHOR
'I wholeheartedly recommend this book to senior and operations managers who are the ultimate users of IT and who need to ensure that the information they receive is relevant, accurate, timely and, more importantly, the result of systems which are well controlled. Both internal and external auditors will find reference to a large number of very relevant tools for use in auditing and reviewing IT operations. I also highly recommend this book to any students studying for a degree that includes an auditing and IT module as part of their programme."

Professor Georges M Selim, Emeritus Professor and Former Head of the Faculty of Management, Cass Business School, London, U.K. (See also ‘FOREWORD’ Section in the book)

"John is highly experienced IT professional with extensive practical and theoretical knowledge. He is capable of managing complex engagements and maintains excellent relations with clients and peers. He is also a distinguished writer of both technical books as well as literature. Working with John is a professional and personal pleasure."

George Raounas, Partner, KPMG Advisory Services, Greece.



"Mr John Kyriazoglou is a multi-talented personality. His technical and managerial skills together with his deep knowledge and expertise, can guarantee the successful completion of any IT project. He is a writer of technical as well of philosophical books being capable of balancing hi tech expertise with humanities. I have the pleasure of knowing him and working with him for many years. He has always been a teacher to me, providing me with his expertise, as well as his advice and care."

 Michael Hadjiefthymiou, IT Audit Manager at a major Greek Bank

 SUMMARY OF BOOK CHAPTERS

 Chapter 1: IT Organization Controls  

This chapter describes the main IT Organization Controls, such as: IT Department Functional Description Controls, IT Organizational Controls, IT Vision, Mission and Values, Monitoring and Review Controls, IT Control Frameworks, and IT Organization Performance Measures. Also examples of (a) IT terms of reference, (b) the contents of four IT control frameworks (COBIT, ITIL, ISO/IEC 38500, and  The Calder-Moir IT Governance Framework), and (c) IT organization performance measures, are presented.

In addition to these a set of audit programs and checklists are described, such as: IT Terms of Reference Checklist, IT Organizational Assessment Audit Program, IT Functional Assessment Audit Program, etc.

Chapter 2: IT Administration Controls

 This chapter describes the main IT Administration Controls, such as: IT Standards, Policies and Procedures, IT Budget, IT Asset Controls, IT Personnel Management Controls, IT Purchasing Controls, IT Management Reporting, and IT Administration Performance Measures. Also examples of (a) an IT budget, (b) IT personnel job descriptions of a Chief Information Officer, Business Systems Analyst, Application Systems Analyst, etc., and (c) IT administration performance measures, are presented. In addition to these the following audit programs and checklists are described: IT Personnel Management Controls Audit Program, IT Procedures Audit Program, Standards Checklist and Segregation of Duties Checklist.

 Chapter 3: Enterprise Architecture Controls

This chapter describes the main Enterprise Architecture Controls, such as: Enterprise Architecture Frameworks, Enterprise or Operating Model of the Organization, Business Process Narratives, Enterprise Architecture Repository, etc., and Enterprise Architecture Performance Measures. Also examples of (a) strategies, general goals, and objectives, (b) mission, vision, and values statements, and (c) a corporate ethics policy are presented.

In addition to these a set of audit checklists are described, such as: Enterprise Architecture Framework Checklist, Corporate Vision, Mission, and Values Statements Checklist, and Corporate Strategic Plan Checklist.

 Chapter 4: IT Strategic Controls

This chapter describes the main IT Strategic Controls, such as: IT Strategic Process Controls, IT Strategy Implementation and Monitoring Controls, and IT Strategic Performance Management Controls. Also examples of (a) an IT Strategy Analysis Methodology, (b) an IT Strategy Implementation Action Plan, (c) the contents of an IT strategic plan and an IT Performance Management Policy, and (d) an IT Balanced Scorecard and IT strategic performance measures, are presented.

In addition to these the following audit programs and checklists are described: IT Strategic Planning Checklist, IT BSC Implementation Checklist, IT Strategic Controls Implementation Checklist, IT Performance Assessment Audit Program, and CIO Business Plan Assessment Audit Program.

Chapter 5: System Development Controls

This chapter describes the main IT System Development Controls, such as: Application Development Controls, IT Systems Testing Methodology, End User Application Development Controls, Audit Trails, Software Package Controls, and System Development Quality Controls. Also examples of:
(a) methodologies for systems development,
(b) the contents of a feasibility study, a systems analysis and design document, an application documentation set, an audit trail, an IT acceptance procedure and an IT application test plan,
(c) the contents of test forms,
(d) the contents of the documents of a software package purchase process, and (e) system development performance measures, are presented.
In addition to these the following audit programs and checklists are described: IT Data Management Controls Checklist, Documentation Checklist, System Development Strategy Checklist, System Development and Maintenance Checklist, End User Application Development Checklist, Software Requirements Specification Checklist, and Software Feasibility Approval Checklist.

 Chapter 6: IT Security Controls
This chapter describes the main IT Security Controls, such as: IT Security Guidelines and Standards, IT Security Policies and Plans, Computer Operations Controls, Personnel Security Management Controls, End User Security Administration Controls, Social Engineering Controls, Password Controls, IT Technical Protection Controls, Other Management Controls, Security Organizational Controls, and IT Security Performance Measures.
Also examples of: (a) the contents of an IT security management plan,
(b) the contents of a systems development security plan, and a site security handbook
(c) the contents of a physical and environmental security program, and
(d) IT security performance measures, are presented.
In addition to these the following audit program and checklists are described: IT Security Audit Program, IT Security Policy Checklist, and Logical Security Controls Checklist.

 Chapter 7: Data Center Operational and Support Controls

This chapter describes the main Data Center Operational and Support Controls, such as: Data Centre Controls, IT Contingency Planning and Disaster Recovery Controls, Hardware Controls, and Personal Computers Controls. Also examples of (a) an IT contingency planning methodology, (b) a personal computers use policy and safe operations procedure, (c) the contents of a vital records package and an IT disaster recovery plan, (d) a set of forms to manage various IT issues, and (e) IT operational performance measures, are presented.

In addition to these the following audit checklists are described: Physical Security Checklist, Environmental Issues Checklist, Production Environment Issues Checklist, Data Centre Management Checklist, Backup and Recovery Checklist, IT Disaster Recovery Checklist, and Personal Computers Checklist.

 Chapter 8: Systems Software Controls

 This chapter describes the main Systems Software Controls, such as: Systems Operating Environment Controls, Data Base Controls, Data Communications Controls, Audit Trail Controls, and Operating System, Data Base and Data Communications software Change Management Controls.

Also examples of (a) the software suppliers maintenance procedure, (b) the system software management process, (c) the contents of a data communications management plan, and an audit trail record, (d) a set of forms to manage the changes to system software, and (e) IT technical performance measures, are presented.

In addition to these the following audit programs and checklists are described: Systems Software Management Audit Program, System Software Acquisition Checklist, Systems Software Operation Checklist, Data Management Checklist, Data Base and Data Communications Checklist, Data Base Management System Checklist, Data Networking Audit Program, and Data Communications Checklist.

 Chapter 9: Computerized Application Controls

 This chapter describes the main Computerized Application Controls, such as: Input Controls, Processing Controls, Output Controls, Database Controls, Change Controls, and Testing Controls. Also examples of (a) a test methodology, (b) a test plan and an application audit trail record, (c) an organizational structure for application software testing, (d) a set of forms to manage the application software development and testing process, and (e) computerized application performance measures, are presented.

In addition to these the following audit programs are described: Computerized Application Controls Audit Program, Computerized Application Quality Audit Program, Post Implementation Review Audit Program, Web Applications Checklist, and Monitoring IT Application Controls Checklist.

 Chapter 10: Using IT Controls in Audit and Consulting Assignments

 This chapter contains three case studies and one IT audit assignment to improve the understanding of the IT controls contained in chapter 1 to 9 and the appendix of this book. These are: Retail Operation: IT Strategy Case Study, Trading Company: Applications Controls Case Study, Public Organization: IT Security Case Study, and IT Audit Assignment for Organization ‘ABCXYZ’.

APPENDICES

 Appendix 1: Examples of IT Security Policies

Appendix 2: IT Ethics Code-Example

Appendix 3: Monitoring IT Controls Checklist

Appendix 4: Examples of IT Forms

Appendix 5: IT Audit Methodology

Appendix 6: IT Audit Areas

Appendix 7: Internal Audit Report-Example

Appendix 8: Review Questions and Answers (for each chapter of this book)

Appendix 9. List of Governance and Control Frameworks.

 GLOSSARY

BIBLIOGRAPHY



Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)