IT Strategic and Operational Controls - Product Image

IT Strategic and Operational Controls

  • ID: 1861703
  • Book
  • 679 Pages
  • IT Governance
1 of 3
Vital information on how to systematically implement IT strategic and operational controls to support and enhance your organisation!

Nowadays, integrated information systems can significantly magnify the accrued benefits of a given project and greatly strengthen an organisation, but such benefits are balanced by a serious risk. If IT systems are not used in a disciplined manner they can create havoc and they frequently bring about unexpected results and catastrophe, as shown by the rise in security incidents and computer-based crimes.

- Master IT controls concepts and issues

Written with practicality and convenience in mind, this book is an ideal tool for those without specialised technical expertise seeking to understand IT controls and their design, implementation, monitoring, review and audit issues.

- Minimise risk and maximise benefits

This book provides a comprehensive guide to implementing an integrated and flexible set of IT controls in a systematic way. It can help organisations to formulate a complete culture for all areas which must be supervised and controlled; allowing them to simultaneously ensure a secure, high standard whilst striving to obtain the strategic and operational goals of the company.

Benefits to business include:

- Understand and control the associated risks of IT systems

This book contains practical advice and illustrates solutions to the tremendously complicated problems of designing, implementing and auditing new and existing systems, making use of practical and easily customisable examples.

- Increase management's aptitude to achieve operational goals

With well-controlled, integrated and robust IT systems, you can gain a comparative advantage in a competitive environment, whilst ensuring that information is relevant, accurate and timely.

- Ensure high standards within your IT systems

For each covered aspect of control, this book provides audit programmes and checklists to help management and auditors carry out reviews and audits. As an additional aid, there is an appendix comprising guidelines and examples of ‘how to enhance' IT security, IT policies and ethical code. Auditors will find reference to a large number of very relevant tools for use in auditing and reviewing IT operations.

Making use of a clear and pragmatic presentation, this book provides a thorough description of all elements of IT controls in a systematic and detailed way, allowing managers, IT professionals, practitioners and auditors to customise examples to their own specific purpose. It is a comprehensive tool for anyone who wishes to cement their understanding of IT controls and, most importantly, for those who aim to realise the full capacity of information systems, whilst rigorously controlling the concomitant risks.

What others are saying about this book ...

'John Kyriazoglou has produced a book that is very thorough, useful and a good source of information on a complex subject area ... John Kyriazoglou has a wealth of experience in this area and he has shared this well with the wider community. His book is a welcome addition to the field.'

Rob Ratcliff, UKSMA Chair

Buy this book today and discover how to control the risk of dependency on information systems, whilst raking in its associated benefits!

Customisable IT audit programmes and checklists are provided in a separate volume, Addendum to IT Strategic and Operational Controls in word format, which is available here.

About the author

John Kyriazoglou is an international management consultant with over 35 years' on-the-job practical experience with both private and public sector organisations. He was educated in Canada and the U.S. (B.A. Honours, and M.S.), is a CICA (Certified Internal Controls Auditor), has published over 20 articles in professional publications, has served on numerous scientific committees, is a member of ISACA, the Institute for Internal Controls, Inc. (USA), and other professional and cultural associations, and provides courses in IT Auditing, Security and Electronic Crime Prevention.

*This report is only available in Adobe ebook format
READ MORE
Note: Product cover images may vary from those shown
2 of 3
Chapter 1: IT ORGANISATION CONTROLS
1.1 Scope
1.2 Purpose and main types of IT organisation controls
1.3 IT department functional description controls
1.4 IT organisation controls
1.5 IT vision, mission and values statements
1.6 IT governance and control frameworks
1.7 Monitoring and review controls
1.8 IT organisation performance measures
1.9 Review and audit tools and techniques
1.10 Conclusion
1.11 Review questions

Chapter 2: IT ADMINISTRATION CONTROLS
2.1 Scope
2.2 Purpose and main types of IT administration controls
2.3 IT standards, policies and procedures
2.4 IT budget
2.5 IT asset controls
2.6 IT personnel management controls
2.7 IT purchasing controls
2.8 IT office administration controls
2.9 Monitoring and review controls
2.10 IT administration performance measures
2.11 Review and audit tools and techniques
2.12 Conclusion
2.13 Review questions

Chapter 3: ENTERPRISE ARCHITECTURE CONTROLS
3.1 Scope
3.2 Purpose and main types of Enterprise Architecture controls
3.3 Enterprise Architecture (EA) description controls
3.4 Management plan for designing and implementing an Enterprise Architecture (EA) framework
3.5 Enterprise Architecture development roles
3.6 Formulating and documenting the Enterprise Architecture elements
3.7 Other Enterprise Architecture business-related controls
3.8 Enterprise Architecture IT-related controls
3.9 Monitoring and review controls
3.10 Review and audit tools and techniques
3.11 Conclusion
3.12 Review questions

Chapter 4: IT STRATEGIC CONTROLS
4.1 Scope
4.2 Characteristics of strategy
4.3 Purpose and main types of IT strategic controls
4.4 IT strategic process controls
4.5 IT strategy implementation controls
4.6 IT strategic performance management controls
4.7 Monitoring and review controls
4.8 Review and audit tools and techniques
4.9 Conclusion
4.10 Review questions

Chapter 5: SYSTEM DEVELOPMENT CONTROLS
5.1 Scope
5.2 Purpose and main types of system development controls
5.3 Application systems development process controls
5.4 System development quality controls
5.5 Change management controls
5.6 Systems development personnel controls
5.7 Monitoring and review controls
5.8 Systems development performance measures
5.9 Review and audit tools and techniques
5.10 Conclusion
5.11 Review questions

Chapter 6: IT SECURITY CONTROLS
6.1 Scope
6.2 Purpose and main types of IT security controls
6.3 IT security governance guidelines, standards and legal frameworks
6.4 IT security plans and policies
6.5 IT security procedures and practices
6.6 Specialised IT security hardware and software protection controls
6.7 Evaluation and monitoring controls of IT security
6.8 IT security performance measures
6.9 Review and audit tools and techniques
6.10 Conclusion
6.11 Review questions

Chapter 7: DATA CENTRE OPERATIONAL AND SUPPORT CONTROLS
7.1 Scope
7.2 Purpose and main types of data centre operational and support controls
7.3 Data centre design and infrastructural controls
7.4 Data centre physical access controls
7.5 Computer hardware management controls
7.6 IT contingency planning and disaster recovery controls
7.7 Monitoring and review controls
7.8 IT operational performance measures
7.9 Review and audit tools and techniques
7.10 Conclusion
7.11 Review questions

Chapter 8: SYSTEMS SOFTWARE CONTROLS
8.1 Scope
8.2 Purpose and main types of systems software controls
8.3 Systems software operating environment controls
8.4 Database controls
8.5 Data communications controls
8.6 Audit trail log file controls
8.7 Monitoring and review controls
8.8 IT technical performance measures
8.9 Review and audit tools and techniques
8.10 Conclusion
8.11 Review questions

Chapter 9: IT APPLICATION CONTROLS
9.1 Scope
9.2 Purpose and main types of IT application controls
9.3 Input, processing and output controls
9.4 IT application database, operation, change and testing controls
9.5 End-user computing controls
9.6 Monitoring and review controls
9.7 IT application performance measures
9.8 Review and audit tools and techniques
9.9 Conclusion
9.10 Review questions

Chapter 10: USING IT CONTROLS IN AUDIT AND CONSULTING ASSIGNMENTS
10.1 Scope
10.2 Purpose
10.3 Retail operation: IT strategy case study
10.4 Trading company: applications controls case study
10.5 Public organisation: IT security case study
10.6 IT audit assignment for organisation ‘ABCXYZ'
10.7 IT policies and procedures review for company ‘ABCXXYX'
10.8 Final conclusion

APPENDICES: EXAMPLES OF POLICIES, GUIDELINES, FORMS AND METHODOLOGIES
Appendix 1: Examples of IT security policies
Appendix 2: Example of IT ethics code
Appendix 3: Monitoring IT controls checklist
Appendix 4: Examples of IT forms
Appendix 5: IT audit methodology
Appendix 6: IT audit areas
Appendix 7: Internal audit report example

FURTHER RESOURCES
Books and articles
Other resources
ITG Resources
Note: Product cover images may vary from those shown
3 of 3

Loading
LOADING...

4 of 3
Note: Product cover images may vary from those shown
Adroll
adroll