100% found this document useful (1 vote)

96 views32 pages

ManagmentControlIPB PDF

1. The document discusses various types of management control over information system (IS) functions including top management control, IS management control, system development management control, programming management control, data administration control, quality assurance management control, and security administration control. 2. It describes the responsibilities and focus of each type of management control such as top management being responsible for long-run policy decisions and IS management being responsible for planning and controls of all IS activities. 3. For each control, it discusses aspects such as approaches, models, roles, functions, organizational issues, and relationships to other functions to ensure proper management and oversight of the IS system.

Uploaded by

Meiliza Alayda Ujma

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

96 views32 pages

ManagmentControlIPB PDF

Uploaded by

Meiliza Alayda Ujma

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 32

Management Control

Page 1
Risk and Control Associated with ICT Architecture

Komputer Aplikasi

Data Sistem Komunikasi

The IT Audit
(James A. Hall, Information Technology Auditing,2011)
• Focus of IT Control is on the computer base aspects of an
organization’s information system.
Control Over IS Functions
 Management Control • Application Control
 Top Management • Boundary
 IS Management • Input
 System Development
Management • Communications
 Programming Management • Processing
 Data Administration • Database
 Quality assurance • Output
Management
 Security Administration
 Operation Management

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

9/28/11 4
2003
Control Over IS functions
IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,
9/28/11 5
2003
Assessing information technology risk

 TOP Management
 Must ensure the IS function is well managed. It
is responsible primarily for long-run policy
decisions on how information systems will be
used in the organization
 IS Management
 Has overall responsibility for the planning and
controls of all information system activities. It
also provides advice to top management in
relation to long-run policy decision making and
translate long-run policy into short-run goals and
objectives

9/28/11 IS Constrol and AUdit, ROn Weber. CISA 6

review Manual, ISACA, 2003
Assessing information technology risk
 System Development Management
 Responsible for the design,
implementation and maintenance of
application systems
 Programming management
 Is responsible for programming new
system, maintaining old systems and
providing general system supports
software

9/28/11 IS Constrol and AUdit, ROn Weber. CISA 7

review Manual, ISACA, 2003
Assessing information technology risk
 Data administration
 Responsible for addressing planning and
controls issue in relation to use an
organization data
 Quality assurance management
 Responsible for ensuring information system
development, implementation, operation, and
maintenance conform to establish quality
standard

9/28/11 IS Constrol and AUdit, ROn Weber. CISA 8

review Manual, ISACA, 2003
Assessing information technology risk

 Security administration
 Responsible for access control and physical
security over the IS function.
 Operation Management
 Responsible for planning and controlling of
the day-to-day operations of IS

9/28/11 IS Constrol and AUdit, ROn Weber. CISA 9

review Manual, ISACA, 2003
Management Control: Top Management
Control
 Must ensure the IS function is well managed. It is responsible
primarily for long-run policy decisions on how information systems
will be used in the organization.
 Mendiskusikan peran manajemen dalam perencanaan, pengorganisasian,
kepemimpinan, dan pengendalian fungsi sistem informasi

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

9/28/11 10
2003
Management Control: Top Management
Control
• Evaluating the Planning Function
• Type of Planning Function
• Contingency Approach Planning
• Role of steering Committee
• Evaluation the Organization Function
• Resources the IS Function
• Centralization VS Decentralization
• Internal Organization of IS Function
• Evaluation the Leading Function
• Motivating IS Personnel
• Matching Leadership Style win IS System
• Effective Communication with IS personnel
• Evaluation the controlling function
• Overall Control of the IS Function
• Technology diffusion and control of the IS Function
• Control over IS Activities
• Control over the user of IS Services
Management Control: Information System
Management
 Has overall responsibility for the planning and controls of all
information system activities. It also provides advice to top
management in relation to long-run policy decision making and
translate long-run policy into short-run goals and objectives
Management Control: System Development
Management Control
 Responsible for the design, implementation and maintenance of
application systems
 Provide a contingency perspective on the models of the IS system
development process that auditor can use as a basis for evidence collection
and evaluation
Management Control: System Development
Management Control
 Approach of system development
 Normative Model of the System development
 System Development Life-Cycle (SDLC)
 Sociotechnical Design Approach
 Political approach
 Prototyping approach
 Contingency approach
 Evaluation the major phases in the System development process
 Problem/opportunity definition
 Management of the change process
 Entry and feasibility assessment
 Analysis of the existing system
 Formulating strategic requirements
 Organizational and job design
 Information Processing system Design
Management Control: System Development
Management Control
 Approach of system development
 Normative Model of the System development
 System Development Life-Cycle (SDLC)
 Sociotechnical Design Approach
 Political approach
 Prototyping approach
 Contingency approach
 Evaluation the major phases in the System development process
 Problem/opportunity definition
 Management of the change process
 Entry and feasibility assessment
 Analysis of the existing system
 Formulating strategic requirments
 Organizational and job design
 Information Processing system Design
Management Control: Programming
Management Control
• Is responsible for programming new system, maintaining old systems and
providing general system supports software
• Discusses major phases in the program life cycle and the important control should
be exercised in the each phase.
• Program development life cycle
• Planning
• Control
• Design
• Coding
• Testing
• Operation and maintenance
• Organizing Programming Team
• Chief Programmer Teams
• Adaptive team
• Controlled-decentralized teams
• Managing the system programming group
Management Control: Data Administration
Control
• Responsible for addressing planning and controls issue in relation to use an
organization data
• Motivation toward the Data Administrator and Database Administrator Roles
• Function of DA and DBA
• Defining, creating, redefine, and retiring data
• Making the database available to users
• Informing and servicing users
• Maintaining database integrity
• Monitoring operation
Management Control: Data Administration
Control
• Some Organization Issues
• Placement of the DA and DBA
• Effect of decentralization of the IS Function
• Data repository System
• Basic function of DRs
• Some problem with DRs
• Audit Aspect of a DRs
• Control over DA and DBA
• Some exposure
• Some Remedial Measure
Management Control: Quality assurance
Management
 Responsible for ensuring information system development,
implementation, operation, and maintenance conform to establish
quality standard.
 Motivation of QA role
 QA function
 Developing Quality goals
 Developing, promulgating and maintenance standard for the IS Function
 Monitoring Compliance with QA standard
 Identifying area for improvement
 Reporting to Management
 Training in QA standards and procedures

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

9/28/11 19
2003
Management Control: Quality assurance
Management
 Responsible for ensuring information system development,
implementation, operation, and maintenance conform to establish
quality standard
 Organizational Consideration
 Placement of the QA Function
 Staffing the QA function
 Relationship between QA and Auditing

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

9/28/11 20
2003
Management Control: Security Management
Controls
 Responsible for access control and physical security over the IS
function.
 Conducting security programs
 Preparation of a project plan
 Identification of asset
 Threats identification
 Exposure analysis
 Control adjustment
 Report preparation
Management Control: Security Management
Controls
 Responsible for access control and physical security over the IS function.
 Major security threats and remedial measures
 Fire damage
 Water damage
 Energy variations
 Structural damage
 Pollution
 Unauthorized intrusion
 Viruses and worm
 Misuse of software, data, and services
 Hacking
 Control of last resort
 Disaster Recovery planning
 Insurance
Management Control: Operation
Management
 Responsible for planning and controlling of the day-to-day operations of IS
 Computer operation
 Operation controls
 Scheduling Control
 Maintenance control
 Network Operation
 Wide Area Networks control
 Local Area Network Control
 Data preparation and entry
 Production control
 Input/output Control
 Job scheduling control
 Management of service-level agreement
 Transfer/pricing charge out control
 Acquisition of consumable
Management Control: Operation
Management
 Responsible for planning and controlling of the day-to-day operations of IS
 File Library
 Storage of storage media
 User of storage media
 Maintenance and disposal of storage media
 Location of storage media
 Documentation and program library
 Help desk technical support
 Capacity planning and performance monitoring
 Management of outsource operation
 Financial viability of the outsourcing Vendor
 Compliance with the outsourcing contract’s term and condition
 Reliability of outsourcing vendor's control
 Outsource disaster recovery planning
Management Control: Operation
Management
 Responsible for planning and controlling of the day-to-day operations of IS

Assessing information technology risk
 It is more likely auditor evaluate management control before
application controls.
 After evaluate a management control, auditor usually do not have to
evaluate it again because it should function all across all applications.
 e.g if auditors find that an organization enforces high quality of
documentation standards, it is likely they will have review the quality
of documentation for each application system

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

9/28/11 26
2003
Identify information technology controls
• Preventive Control
• Instructions are placed on a source document to prevent clerks from
filling it out incorrectly. Notes that the control work only if the
instructions are sufficient clear and the clerks is sufficient trained to
understand the instruction. Both the clerks and instructions are
components of the system that contribute the control. The instruction
themselves are not the control

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

9/28/11 27
2003
Nature Detective
of Controls
Control
 An input program identifies incorrect data
entered in a system via terminal, again the
control is a system because part of the program
must work together to pinpoint errors
 Corrective Control
 A program uses specials codes that enable it to
correct data corrupted with error-correcting to
rectify the error

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

9/28/11 28
2003
Assessing information technology risk

 To asses the level of control risk associated with a segment of

the audit, auditors consider the reliability of both
management and application controls.
 Auditors usually identify and evaluate control in management
subsystem first. Management (subsystem) control are
fundamentals controls because they cover all application
system
 The absence of management control is a serious concern for
auditor

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

9/28/11 29
2003
Assessing information technology risk
 System Development Management
 Responsible for the design, implementation and maintenance of
application systems
 Programming management
 Is responsible for programming new system, maintaining old systems and
providing general system supports software

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

9/28/11 30
2003

Altoro Mutual Penetration Testing Report
No ratings yet
Altoro Mutual Penetration Testing Report
20 pages
ISMS - 005 Access Control Policy
No ratings yet
ISMS - 005 Access Control Policy
14 pages
IS Audit and Assurance Standards
100% (1)
IS Audit and Assurance Standards
1 page
Aligning PCI DSS With ISO 27001 - ISMS - Online
No ratings yet
Aligning PCI DSS With ISO 27001 - ISMS - Online
14 pages
Definition and Nature of Management Control
100% (2)
Definition and Nature of Management Control
4 pages
Huawei Ehs Management 2016
100% (5)
Huawei Ehs Management 2016
16 pages
AAISM Domain1 MCQs With Answers
No ratings yet
AAISM Domain1 MCQs With Answers
5 pages
Digital India
No ratings yet
Digital India
19 pages
Facilities Management in Higher Learning Institution in Tanzania.
100% (3)
Facilities Management in Higher Learning Institution in Tanzania.
66 pages
Management Information System
90% (72)
Management Information System
171 pages
Cyber Crime and Security
No ratings yet
Cyber Crime and Security
28 pages
Q7 Electrical Systems
100% (2)
Q7 Electrical Systems
62 pages
Management Perspective 1
No ratings yet
Management Perspective 1
160 pages
Cyber Crime Penalties
No ratings yet
Cyber Crime Penalties
16 pages
FDA QSIT Guideline
100% (2)
FDA QSIT Guideline
108 pages
Iso 27015-2012
100% (1)
Iso 27015-2012
39 pages
NCIIPC Cybersecurity Framework
100% (1)
NCIIPC Cybersecurity Framework
32 pages
Auditing in A Computer Information Systems Environment
100% (1)
Auditing in A Computer Information Systems Environment
72 pages
IETE-COE - PPT - Overview of Cybersecurity Threats, Vunerabilities and Attacks
No ratings yet
IETE-COE - PPT - Overview of Cybersecurity Threats, Vunerabilities and Attacks
33 pages
National Guidelines On Internal Control Systems
100% (2)
National Guidelines On Internal Control Systems
42 pages
ISO27k FAQ PDF
No ratings yet
ISO27k FAQ PDF
69 pages
SQL Fundamentals I & II Documentation
No ratings yet
SQL Fundamentals I & II Documentation
127 pages
Strategic MGMT ch13
100% (2)
Strategic MGMT ch13
31 pages
Technical Appraisal
100% (1)
Technical Appraisal
18 pages
How Can Indian Banks Comply With RBI Cybersecurity Guidelines
No ratings yet
How Can Indian Banks Comply With RBI Cybersecurity Guidelines
12 pages
CERT-IN Auditor - Guidelines
No ratings yet
CERT-IN Auditor - Guidelines
6 pages
EPM Study Materials
No ratings yet
EPM Study Materials
88 pages
Artificial Intelligence and Cybersecurity
100% (1)
Artificial Intelligence and Cybersecurity
8 pages
Cissp 6
No ratings yet
Cissp 6
67 pages
Presentation - Fundamental of CyberSecurity Risk Assessment
100% (1)
Presentation - Fundamental of CyberSecurity Risk Assessment
11 pages
Isaca: The Recognized Global Leader in IT Governance, Control, Security and Assurance
No ratings yet
Isaca: The Recognized Global Leader in IT Governance, Control, Security and Assurance
83 pages
Ethics in Cybersecurity
100% (1)
Ethics in Cybersecurity
18 pages
Actualtests - Sun.310 301.examcheatsheet.v12.28.04
No ratings yet
Actualtests - Sun.310 301.examcheatsheet.v12.28.04
48 pages
CISA Domain (Simplilearn) Simulation
No ratings yet
CISA Domain (Simplilearn) Simulation
69 pages
Compliance Audit
No ratings yet
Compliance Audit
22 pages
How To Conduct Security Audit
No ratings yet
How To Conduct Security Audit
7 pages
Chapter6 Review Question&Exercises
No ratings yet
Chapter6 Review Question&Exercises
6 pages
Dsci Advisory: Work From Home - Cyber Security Best Practices
100% (2)
Dsci Advisory: Work From Home - Cyber Security Best Practices
10 pages
Pizza Hut.. Strategic
100% (1)
Pizza Hut.. Strategic
12 pages
Customer Relationship Management in Call Centers
No ratings yet
Customer Relationship Management in Call Centers
22 pages
Cisa CH 1
No ratings yet
Cisa CH 1
156 pages
CIMA 2010 Syllabus: The Definitive Paper by Paper Guide
No ratings yet
CIMA 2010 Syllabus: The Definitive Paper by Paper Guide
24 pages
Isaca Code of Professional Ethics Is Auditing Standards Is Auditing Guidelines Tools and Techniques
No ratings yet
Isaca Code of Professional Ethics Is Auditing Standards Is Auditing Guidelines Tools and Techniques
20 pages
APAC Privacy - Australia - FINAL (2017!10!10)
No ratings yet
APAC Privacy - Australia - FINAL (2017!10!10)
14 pages
Information Systems Acquisition, Development and Implementation
No ratings yet
Information Systems Acquisition, Development and Implementation
173 pages
Isc Chapter 2
No ratings yet
Isc Chapter 2
19 pages
List of Live Aua
No ratings yet
List of Live Aua
6 pages
Chapter (4) - Modified
No ratings yet
Chapter (4) - Modified
27 pages
CISA-Item-Development-Guide Bro Eng 0219 PDF
No ratings yet
CISA-Item-Development-Guide Bro Eng 0219 PDF
15 pages
Lesson No. 12 - Controlling
No ratings yet
Lesson No. 12 - Controlling
28 pages
Financial Reporting, Planning, Performance and Control: Prepared By: Sameh.Y.El-lithy. CMA, CIA
No ratings yet
Financial Reporting, Planning, Performance and Control: Prepared By: Sameh.Y.El-lithy. CMA, CIA
28 pages
210 250
No ratings yet
210 250
28 pages
Artificial Intelligence Privacy and Ethics
No ratings yet
Artificial Intelligence Privacy and Ethics
6 pages
Management Control What Is Control
No ratings yet
Management Control What Is Control
8 pages
Bs105 05 Management Information Systems
No ratings yet
Bs105 05 Management Information Systems
20 pages
Access Control Policy 0
No ratings yet
Access Control Policy 0
20 pages
CyBOk Mapping Reference v1.1
No ratings yet
CyBOk Mapping Reference v1.1
39 pages
Class #23: Wrap-Up: AFM 482: Performance Measurement and Organizational Control Fall 2019
No ratings yet
Class #23: Wrap-Up: AFM 482: Performance Measurement and Organizational Control Fall 2019
21 pages
Logical Framework (Log Frame) Analysis
No ratings yet
Logical Framework (Log Frame) Analysis
8 pages
Quality Systems - Assignment Draft2
No ratings yet
Quality Systems - Assignment Draft2
66 pages
Module D
No ratings yet
Module D
10 pages
Effects of Aggregation On Budgeting
No ratings yet
Effects of Aggregation On Budgeting
18 pages
Mid Exam Management Control System
No ratings yet
Mid Exam Management Control System
6 pages
Data Collection
No ratings yet
Data Collection
44 pages
NYDFS Cybersecurity
No ratings yet
NYDFS Cybersecurity
14 pages
P1: Define and Compare The Different Roles and Characteristics of A Leader and A Manager
No ratings yet
P1: Define and Compare The Different Roles and Characteristics of A Leader and A Manager
35 pages
Management Accounting and Control System For Strategic Purposes
No ratings yet
Management Accounting and Control System For Strategic Purposes
26 pages
Business Expert Systems
No ratings yet
Business Expert Systems
3 pages
CISA Certification Topics
No ratings yet
CISA Certification Topics
6 pages
Cybersecurity Frameworks: Dmzcon 09.2023
No ratings yet
Cybersecurity Frameworks: Dmzcon 09.2023
22 pages
CISA Task Statements
0% (2)
CISA Task Statements
3 pages
CISA Chapter 3 - Info Systems Acquisition, Development, Implementation - Quizlet
No ratings yet
CISA Chapter 3 - Info Systems Acquisition, Development, Implementation - Quizlet
7 pages
Unit01 SSAD
No ratings yet
Unit01 SSAD
139 pages
Parul University: Seat No: - Enrollment No
No ratings yet
Parul University: Seat No: - Enrollment No
2 pages
ISO27k Model Policy On Change Management and Control
No ratings yet
ISO27k Model Policy On Change Management and Control
10 pages
CeISB Low
No ratings yet
CeISB Low
8 pages
Cyber Security: One Day Conference On
No ratings yet
Cyber Security: One Day Conference On
4 pages
Goal Congruence 1
No ratings yet
Goal Congruence 1
2 pages
Internal Auditing 02 IA Overview
No ratings yet
Internal Auditing 02 IA Overview
3 pages
Production Control Group Copy The Source Program To Production Libraries
No ratings yet
Production Control Group Copy The Source Program To Production Libraries
7 pages
IS Audit Process Chapter Overview
No ratings yet
IS Audit Process Chapter Overview
13 pages
Security Architecture Best Practice by Bob Panic Whitepaper
No ratings yet
Security Architecture Best Practice by Bob Panic Whitepaper
22 pages
Security in Cloud Computing Overview
No ratings yet
Security in Cloud Computing Overview
8 pages
Nformation Ecurity Olicy: Hapter
No ratings yet
Nformation Ecurity Olicy: Hapter
51 pages
Cyber Crime by Parthasarathi Pati
No ratings yet
Cyber Crime by Parthasarathi Pati
15 pages
Threats To Data
No ratings yet
Threats To Data
11 pages
Iso 27000
100% (1)
Iso 27000
10 pages
IT Audit Field Manual: Strengthen your cyber defense through proactive IT auditing
From Everand
IT Audit Field Manual: Strengthen your cyber defense through proactive IT auditing
Lewis Heuermann
No ratings yet
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 4
From Everand
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 4
Byte Books
No ratings yet
Qualified Security Assessor Complete Self-Assessment Guide
From Everand
Qualified Security Assessor Complete Self-Assessment Guide
Gerardus Blokdyk
No ratings yet

ManagmentControlIPB PDF

Uploaded by

ManagmentControlIPB PDF

Uploaded by

Management Control

Data Sistem Komunikasi

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

9/28/11 IS Constrol and AUdit, ROn Weber. CISA 6

9/28/11 IS Constrol and AUdit, ROn Weber. CISA 7

9/28/11 IS Constrol and AUdit, ROn Weber. CISA 8

9/28/11 IS Constrol and AUdit, ROn Weber. CISA 9

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

 To asses the level of control risk associated with a segment of

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

IS Constrol and AUdit, ROn Weber. CISA review Manual, ISACA,

You might also like