Upload
hubert-sullivan
View
215
Download
0
Embed Size (px)
Citation preview
11 - 1
Chapter 11
Management Control of Information Technology
11 - 2
Control Systems
• Manager’s job - control - deviation, something wrong - indicate a serious problem
• Gauges - provided by IS– Control mechanism– Technology helps with control - also need to control IT
• The components of control systems are– Standards for performance– Sensory determination of actual conditions– Comparison of standard with actual conditions– Compensatory action if the deviation is too great
11 - 3
11 - 4
Control in the Organization
• Controls can be created through– Structure of the organization• Decentralized or centralized• More difficult time• Trust subordinates• Need new ways
– Rewards– Management committee– Budget– Direct supervision - remote work - difficult– Procedures
• Routine audits help establish control
11 - 5
11 - 6
Failure of Control
• Control breakdown - high sales - mask lack of control– Worldcom - largest bankruptcy in US history - 7/02 -
$107 billion, Enron - $63 billion– Qwest - stock options encouraged to overstate company
performance– Global Crossing - reward system led to control failure
• Reward systems for senior managers may have caused these control failures– Stock options
• IS can strengthen routine control systems though they can tend to be complex
11 - 7
Control of Systems Development
• It is difficult to predict development time and development cost for new systems– Package implementation can reduce this uncertainty
• Projects slip for a number of reasons– Lack of user input– Too few resource– Too few individuals working on the project– Lack of top management support– Poor project management
11 - 8
Control of Operations
• The Foreign Corrupt Practices Act requires publicly held companies to devise and maintain a system of internal accounting controls pertaining to the– Execution of transactions– Recording of transactions– Records of assets– Managerial sign-off on financial statements (Sarbanes-
Oxley Act)
• Control issue - all around - painfully evident - Enron, Martha Stewart - what can happen when controls do not work
11 - 9
Control of Operations
• All levels of control - organization - responsibility of management
• IT - ability to process large numbers of transactions in efficient manner - create significant control problems, challenges
• Error spread through an immense number of transactions very quickly
• Numerous opportunities for error
11 - 10
Vulnerability of Systems to Transaction Processing Errors
1. Errors and intrusion of the operating system for clients and servers
2. Application programs errors
3. Database security
4. Network operating system reliability and security
5. Adequate control of manual procedures
6. Organizational control
7. Network connectivity
8. Misuse by external users
11 - 11
11 - 12
Control and Electronic Commerce
• Security of transmitted credit card information• Encryption of data• Secure electronic transmission• Secure payment schemes
11 - 13
Security
• Manager - not expected to develop all controls - incredibly complex
• Managers establish environment - encourages control - allocate resources to it - tell network designer - what is needed
• Internet - myriad of opportunities - disrupt• Firewalls
– Corporate firewalls– Host based firewalls
• Monitoring programs– Virus checking
• Monitoring firms– Can examine connectivity logs to determine hostile threats to the
organization
11 - 14
Auditing Information Systems
• Auditors examine– Databases – Transactions– Processing logic– Controls of critical information systems
• Audit IS - most concerned with those systems that affect financial statements
• Internal auditors - continually examine IS• Control - fundamental responsibility of
management - safeguard assets - protect against errors, fraud, attack
• Need backup - continue operating if major problem
11 - 15
Management Issues
• Backup - off-site data storage
• Security - because so accessible
• Budget - cannot afford to buy everything
• Project management - system
• Data control - accuracy of data - important management consideration