Top Management and Information Systems Management Controls:
Functions are:
- Planning – determining the function of the information systems;
- Organizing – gathering, allocating, and coordinating the resources needed to accomplish the goals;
- Leading – motivating, guiding, and communicating with personnel; and
- Controlling – comparing actual performance with planned performance.
There are two types of plans :Strategic plan and an Operational plan.
- Systems Development Management Controls: System development controls are to ensure proper controls in each phase of analyzing, designing, building, implementing, and maintaining information system. These are given as follows:
- System Authorization Activities: All new system development must be properly authorized and feasible.
- User Specification Activities: Users must be actively involved in the systems development process. All User needs must be satisfied by the system.
- Technical Design Activities: The technical design activities in the SDLC translate the user specifications into a set of detailed technical specifications of a system that meets the user's needs.
- Internal Auditor’s Participation: The internal auditor should play an important role in the control of systems development activities .
- Program Testing: All program modules must be thoroughly tested before they are implemented.
- User Test and Acceptance Procedures: Just before implementation, system must be tested by system users also.
- Programming Controls: The primary objectives is to produce or acquire and to implement high-quality programs.
Phases of Program Development Life Cycle
–Planning
- Design
- Coding
- Testing: Unit, Integration, Whole-of-Program Testing
- Operation and Maintenance: Corrective, Adaptive and Perfective.
- Data Resource Management Controls: Many organizations now recognize that data is a critical resource that must be managed properly.
The control activities involved in maintaining the integrity of the database is as under:
- Backup Controls: Backup controls ensure the availability of system in the event of data loss.
- Access Controls: Access controls are designed to prevent unauthorized access of data. Controls are established in the following manner:
— User Access Controls through passwords, tokens and biometric Controls; and
—Data Encryption: Keeping the data in database in encrypted form.
- Update Controls: These controls restrict update of the database by addition, deletion or change to authorized users only.
- Quality Controls: These controls ensure the accuracy, completeness, and consistency of data maintained in the database.
•Quality Assurance Management Controls:
Quality Assurance management is concerned with ensuring that Development, implementation, operation and maintenance of Information systems comply with a set of quality standards.
The reasons for the emergence of Quality assurance in many organizations are as follows:
- Organizations are increasingly producing safety-critical systems
- users are becoming more demanding in terms of the quality of the software
- Organizations are undertaking more ambitious projects when they build software.
- Organizations are becoming more concerned about their liabilities if they produce and sell defective software.
- Security Management Controls: For ensuring that information systems assets are secure. Some of the major threats to the security of information systems are:
- Fire
- Water
- Energy Variations (Voltage Fluctuation)
- Structural Damage
- Pollution
- Unauthorized Intrusion
- Viruses and Worms