2.5 IS Systems and Governance
Terms in this set (18)
What is an IT architecture?
Information Technology Architecture - it is the basic framework for all the computers, systems and information management that support organization services
Who usually is responsible for the IT architecture in a company?
What should the IT archecture "blue print" provide?
Provide and overview that helps people in the organization better understand current investments in technology and plan for changes
It usually considers organizational objectives, business processes, databases, information flows, operating systems, applications and software.
Name a popular method for organizing IT architecture?
Zachman Framework - divides systems into 2 dimensions
One is based on six reasons for communication (what data, how function, where network, who people, when time, why motivation)
The other is based on stakeholder groups - Planner, Owner Designer, Builder, Implementer
In the Zachman Framework for It Architecture, what are the six reasons for communication?
six reasons for communication:
1. what - data
2. how - function
3. where - network
4. who - people
5. when - time
6. why - motivation
In the Zachman Framework for It Architecture, what are the 5 stakeholder groups?
What is the process of matching organizational objectives with IT architecture referred to as?
It alignment is recognized as being important why is it so difficult?
Effective alignment requies an organization to have a climate that supports the sharing of domain knowledge and common business practices
Communication between Business and IT executives is the most important indicator of alignment. Successful companies find ways to share knowledgte and frustruations between the IT department and the business functions
What is governance?
Company has the ability to decide on expectations for performance, to authorize resourse and power to meet expectations. In business organizations, governance is often designed to work toward the development of consistent, cohesive management policies and verifiable internal processes
What were the two pieces of legislation put into place in US and Canada as a result of Enron and Worldcom?
In the U.S. - Sarbanes-Oxley (SOX) Act
In Canada - Bill 198 - the Budget Measures Act
What does the SOX Act and Budget Meausres Act intend to do
Require management to create internal controls sufficient to produce reliable financial statements and to protect the organization's assets.
Mgmt is further required to issue a statement indicating it has done so.
External auditor must also issue an opnion on the quality of the internal controls and credibility of management's statement.
Exposes management and external auditor to financial and potential criminal liability if events show the internal controls were defective
What is an example of internal controls that need to be in place?
Separation of Duties and Authroities.
In an account payable system, three separate individuals are required, one to authorize the expense, one to issue the cheque and one to account for the transaction.
No one person should perform two or more of these actions
What is ISACA?
the Information Systems Audit and Control Association - an organization formed by group of individuals in charge of auditing controls
What is CISA?
the Certified Information Systems Auditor (CISA).
What is COBIT?
Control Objectives for Information and Related Technology (COBIT) - it is the framework of best practices designed for IT management. Framework provides board members, manages, auditors and IT users a set of generally accepted measures, indicators, processes and best practices to assist them in getting the best for org IT investments
What has the implications of the SOX Act had on the IS expenses for large companies?
More than 15% of the entire IS budget is diverted towards SOX compliance
The COBIT framework addresses issues of control over what 3 dimensions?
In the COBTI framework, what are the 7 categores reviewed for Business objectives?