Scribd
Upload
638 views18 pages

Chapter 8 - Introduction To Pervasive Controls

This document discusses pervasive controls and organizational design as key components of an organization's internal control structure. It provides an example of organizational control plans for purchasing an office table. It also discusses key control issues related to personnel management and lists common personnel control plans. Finally, it introduces COBIT, a framework for IT governance and management that defines IT control process domains and individual processes.

Uploaded by

Mark Lawrence Yusi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
638 views18 pages

Chapter 8 - Introduction To Pervasive Controls

This document discusses pervasive controls and organizational design as key components of an organization's internal control structure. It provides an example of organizational control plans for purchasing an office table. It also discusses key control issues related to personnel management and lists common personnel control plans. Finally, it introduces COBIT, a framework for IT governance and management that defines IT control process domains and individual processes.

Uploaded by

Mark Lawrence Yusi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

Chapter 8

Controlling
Information Systems:
Introduction to
Pervasive Controls
Risks

Chapter 7 Risks

Chapter 8

Chapter 9
 Pervasive Control Plans are those that relate to a
multitude of control goals and processes. The control
apply to both the manual and automated processes.

 Pervasive control plans influence the effectiveness of the


control plans at the lower levels of the control hierarchy:
business process control plans and application control plans.
Organizational design involves the creation of roles, processes and
formal reporting relationships in an organization.
Aspect of Organization design:
• Establishing departmental
relationships, including the
degree of centralization in the
organization.
• Personnel reporting structures
such as chain of command and
approval levels.

Organization design is a key


component of a company’s
internal control structure.
Summary of Organizational Control Plans
Authorizing Safeguarding
Executing Event Recording Event
Event Resources
Event Request Approval Purchase Payment Payable Asset Asset
Purchase of Requesting VP for Finance Purchasing Treasury Accounting Supplies and Supplies and
office table Department and VP for Department Department Department Property Property
Admin Management Management
Office Office

Example
KEY CONTROL ISSUES

Avoid business risks caused by:


CHECKLIST OF PERSONNEL
• Dishonest employees
• Incompetent employees
CONTROL PLANS
• Dissatisfied or disgruntled employees
• Unmotivated employees excessive employee turnover Employee
• Inadequate staffing Candidates

Personnel Management Control Plans


Selection & Hiring Control Plans
Personnel Termination • Qualified personnel including
Control Plans • Personnel Planning Control Plans technical background
-Skills, turnover, filling positions
• Procedures when an • Job Description Control Plans
employee -Job descriptions written and Retention Control Plans
voluntarily or updated • Retaining may be harder than hiring
involuntarily leaves • Supervision Control Plans
• Provide challenging work and
an organization. -Approving, monitoring, and opportunities for advancement
observing the work of others
• Personnel Security Control Plans
-Rotation of duties, forced Personnel Development Control Plans
Former vacations, bonding • Training and development
Employee
Monitoring
Control Plans
• Assessment to determine if
control plans are continuing
to function over time.
• Timely communication of
control weaknesses.
• Appropriate corrective action.
Organizational Governance
vs.
IT Governance

Organizational governance:
processes employed by organizations
to select objectives, establish
processes to achieve objectives, and
monitor performance.
IT governance: process that ensures
the enterprise’s IT sustains and
extends the organization’s strategies
and objectives.
• It is a framework created by Information
Systems Audit and Control
Association( ISACA ) for information
technology (IT) management and IT
governance.
• IT resources must be managed by IT control
processes to ensure an organization has the
information it needs to achieve its
objectives.
• Provides a framework to ensure that IT:
 is aligned with the business.
 enables the business and maximizes
benefits.
 resources are used responsibly.
 risks are managed appropriately.
IT Control Process Domains
• Plan & Organize Domain
• IT Process 1: Establish Strategic Vision for Information
Technology
• IT Process 2: Develop Tactics to Plan, Communicate, &
Manage Realization of the Strategic Vision
• Acquire & Implement Domain
• IT Process 3: Identify Automated Solutions
• IT Process 4: Develop & Acquire IT Solutions
• IT Process 5: Integrate IT Solutions into Operational
Processes
• IT Process 6: Manage Changes to Existing IT Systems
IT Control Process Domains
• Deliver & Support Domain
IT Process 7: Deliver Required IT Services
IT Process 8: Ensure Security & Continuous Service
IT Process 9: Provide Support Services
• Monitor & Evaluate Domain
IT Process 10: Monitor & Evaluate the Processes
Segregation of Duties within the IT Department
Delivering Required Services
Hacking Techniques

Schmoozing
Environmental Controls
Trust Services Principles

You might also like