Intro into IT Governance

IT systems can improve
efficiency and effectiveness
reduce costs
the process of determining the strategic vision for the organization
developing long term objectives
creating the strategies that will achieve the vision and objections and
implementing those strategies is referred to as
strategic management
a structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk verses return over IT and its processes is called
IT Governance
To fulfill the management obligations that are inherent in IT governance management must focus on the following activities
aligning IT strategy with business strategy
cascading strategy and goals down into the enterprise
providing organizational structure that facilitate the implementation of strategy and goals
insisting that an IT control framework be adopted and implemented
measuring IT's performance
3 popular models of an IT control framework
Informational Systems Audit and Control Associations (ISACA) control objectives for IT (COBIT)
The international organization of standardization (ISO) 27002, Code of Practice for Information Security Management
The information technology of infrastructure library (ITIL)
A group of senior managers (CIO CEO top managers from User departments) selected to oversee the strategic management of IT is called
IT Governance
The board and top management must ensure that the organization has processes to accomplish the following
1. continually evaluate the match of strategic goals to the IT system in use
2. identify changes or improvements to the IT System
3. Prioritize the necessary changes to IT Systems
4. Develop the plan to design and implement those IT changes that are of high priority
5. Implement and maintain the IT systems
6. Continually loop back to step 1
The formal process that many organizations use to select design and implement IT systems is the
Systems Development Life Cycle SDLC
The phases of SDLC
1. system planning
2. system analysis
3. system design
4. systems implementation
5. operation and maintenance
This phase of SDLC involves the planning and continuing oversight of the design. implementation and use of the IT Systems / the evaluation of long-term strategic objectives and prioritization of the IT systems in order to assist the organizations in achieving its objectives
Systems planning
This phase of SDLC requires the collection of data about the system and the careful scrutiny of those data to determine areas of the system that can be improved/the study of the current system to determine the strengths and weakness and the user needs of that system
Systems Analysis
The creation of the system that meets user needs and incorporates the improvements identified by the systems analysis phase is called
systems design
The set of steps undertaken to program tests and activate the IT system as designed in the system design phase is called
Systems implementation
During this phase of the SDLC management should request and receive ongoing reports about the performance of the IT system/the regular ongoing functioning of the IT system and the process to fix smaller problems or bugs in the IT system
Operation and Maintenance
Various phases of the SDLC (expanded)
Conceptual Design
Evaluation and Selection
Detailed Design
The process of matching alternatives systems models to the needs identified in the system analysis phase is called
Conceptual Design
The process of assess the feasibility and fir of each of the alternative conceptual approaches and selecting the one that best meets the organization's needs is termed
Evaluation and Selection
The process of designing the outputs inputs user interfaces databases manual procedures security and controls and documentation of the new system is refereed to as
Detailed Design
IT governance committee must monitor the IT system through feedback about network utilization security breaches and reports on the operation of the system
IT governance committee should consider
the assessment off IT systems and their match to strategic organizational objectives and

the feasibility of each of the requested modifications or upgrades
The need to match IT systems to organizational objectives emphasizes the need for the IT governance committee to include top management as its members because
these managers establish strategic objectives and are in the best position to assess the fit of the IT systems to those objectives

these managers are in a position to allocate resources and or time to the projects
The realistic possibility of affording implementing and using the IT systems being considered is referred to as
The four feasibility factors
The assessment of the realism of the possibility that technology exists to meet the need identified in the proposed change to the IT system is called
Technical Feasibility
The assessment of the realism of the possibility that the current employees will be able to operate the proposed IT system is referred to as
Operational Feasibility
The assessment of the costs and benefits associated with the proposed IT system is referred to as
Economic Feasibility
The assessment of the realistic possibility that the proposed IT system can be implemented within a reasonable amount of time is called
Schedule Feasibility
Next phases of the SDLC
1. Formally announce the project
2. Assign the project team that will begin the next phase the system analysis
3. Budget the funds necessary to complete the SDLC
4. Continue oversight and management of the project team and proposed IT changes
Typical steps within the systems analysis phase of the SDLC
Preliminary Investigation
Survey of the Current System
Determination of User Information Needs
Analyze Data
BRP/Conduct BRP
The purpose of this step in the systems analysis phase is to determine whether the problem or deficiency in the current system really exists and to make a go or a no go decision
preliminary investigation
A detailed study of the current system to identify weaknesses to improve upon and strengths that should be maintained is referred to as
Systems survey
A systems survey requires collecting data about the current system including the following:
data storage
transaction volumes
Data collection methods:
documentation review
Watching the steps that employees take as they process transactions in the system is referred to as
the detailed examination of documentation that exists about the system to gain an understanding of the system under study is called a(n)
documentation review
to gain a complete understanding of the system under study the project team should not only observe and review documentation but
also seek the opinion and thoughts of those who use the systems
face to face (advantage) verbal questioning of users of an IT system to determine facts of beliefs about the system are called
Questions can be
structured unstructured or a mixture of both
this type of question is designed such that the format and range of the answer is known ahead of time
structured question
this type of question is completely open ended and the respondent is free to answer in any that he/she feels addresses the question
unstructured question
A written rather than an oral form or questioning of users to determine facts or beliefs about a system is referred to as an
(can include structured and unstructured questions anonymity is an advantage and efficiency)
the purpose of this phase is to question the current approaches in the system and to think about better ways to carry out the steps and processes of the system (critical thinking phase and can lead to BRP)
analysis of systems survery
the fundamental rethinking and radical redesign of business processes to bring about dramatic improvements in performance is called
business processes reengineering
BRP should
leverage the capabilities of IT to improve the efficiency of processes
The last step in the systems analysis phase
Systems Analysis Report
The systems analysis report is composed of
results of the systems survey
user needs determination
recommendations regarding the continuation of the project
Systems designed phase
hire consultant if needed
send RFP
evaluate RFP's and Software
Select Software
purchase selected software
determine modification
design change specifications
this document is sent to each software vendor offering a software package that meets the user and system needs and is sent to solicit proposals
Request for proposal
when a vendor returns a request for proposal it will include
price of software or software modules
match of system and user needs to features of software
technical operational economic and schedule feasibility
technical support provided by the vendor
reputation and reliability of the vendor
usability and user friendliness of the software
testimonials from other customers
purchasing software
is less costly
more reliable
has a shorter implementation time than software designed in house
purchasing software advantages have these advantages because
it is written by the software vendor
its cost is spread over several clients
and the coding and testing are already complete when a customer buys the software
hiring a consultant
special expertise of consulting firms is most benefical in the design and implementations of accounting system software
the phase of the system design for in-house development of software involves the identifying the alternative approaches to systems that will meet the needs identified in the systems analysis phase ("brainstorming phase")
conceptual design
the process of assessing the feasibility and fit of each of the alternative conceptual approaches and selecting the one that best fits the organization's needs is called
evaluation and selection
During this process the project team must consider the number of employees their capabilities and expertise and any supporting systems necessary to operate each alternative design
operational feasibility
the purpose of this analysis is to determine which of the alternative designs is the most cost effective (most important)
economic feasibility
in this feasibility the project team must estimate the total amount of time necessary to implement the each alternative design
schedule feasibility
the purpose of this phase of systems design is to create the entire set of specifications necessary to build and implement the system
detailed design
in the detailed design stage of systems design it is necessary that the various parts of the system to be designed such as
data storage
internal controls
screens or electronic means used to put data into the accounting system
income statements
aged accounts receivable listings
inventory status reports
sales by products
checks invoices
Methods of data input
Bar code scanning
Electronic Data Interchange
Keying in data with a keyboard from data on a paper form
Magnetic Ink Character Recognition
Internet Commerce
Implementation and Operation Process
software programming
train employees/ software testing/document system
data conversion
system conversion
user acceptance
post implementation review
System conversion
old to new system
"go live" date when new system available
a system conversion method in which the old and new systems are operated simultaneously for a short time
Parallel conversion
Parallel conversion advantages/disadvantages
less risky/ most costly/time consuming
A system conversion method in which on a chosen date the old system operation is terminated and all processing begins on the new system
direct cutover conversion
A system conversion method in which the system is broken into modules or parts which are phased in incrementally and over a longer period
phase-in conversion
phase in conversion advantages/disadvantages
low risk approach
time consuming
when the manager of the primary users of the system is satisfied with the system, an acceptance agreement will be signed, the enforcement of which makes it much more likely that project teams will seek user input and that the project team will work hard to meet user need
user acceptance
a review of feasibility assessments and other estimates made during the projects the purpose of which is to help the organization learn from any mistakes that we made and help the company avoid those same errors in the future
post implementation review
Three major purposes are served by the continual and proper use of IT governance committee and the SDLC
1. the strategic management process of the organization
2. the internal control structure of the organization
3.. fulfillment of ethical obligation
the careful and responsible oversight and use by management of the assets entrusted to management is called
Management ethical considerations:
must be role models
Employees ethical considerations
consultants ethical considerations
1. bid the engagement fairly and completely disclose the terms of potential cost increases
2. bill time accurately to the client and do no inflate the bill
3. do not oversell unnecessary services just to inflate earnings on the consult engagement
4. do not disclose confidential info from the company to other clients