Financial Accounting and Accounting Standards

Chapter
6-1
IT Governance
Chapter
6-2
Accounting Information Systems, 1st Edition
Study Objectives
1. An overview of IT governance and its role in strategic
management
2. An overview of the system development life cycle (SDLC)
3. The elements of the systems planning phase of the SDLC
4. The elements of the systems analysis phase of the SDLC
5. The elements of the systems design phase of the SDLC
6. The elements of the systems implementation phase of the SDLC
7. The elements of the operation and maintenance phase of the
SDLC
8. The critical importance of IT governance in an organization
9. Ethical considerations related to IT governance
Chapter
6-3
Introduction to IT Governance
How does a company decide,
 which IT systems are appropriate?
 which accounting software package to buy?
 when it has outgrown its accounting software or when to
upgrade the software?
 whether to use IT systems to sell products on the web?
 whether to establish a data warehouse for analyzing
data such as sales trends?
 whether to use ERP systems or customer relationship
management (CRM) software?
Chapter
6-4
SO 1 An overview of IT governance and its role in strategic management
Introduction to IT Governance
IT systems must be strategically managed.
Strategic management is the process of
 determining the strategic vision for the organization,
 developing the long-term objectives,
 creating the strategies that will achieve the vision and
objectives, and
 implementing those strategies.
Chapter
6-5
SO 1 An overview of IT governance and its role in strategic management
Introduction to IT Governance
Proper management, control, and use of IT systems is
IT governance. IT Governance is defined as:
[A] structure of relationships and processes to direct and
control the enterprise in order to achieve the enterprise’s
goals by adding value while balancing risk versus return over
IT and its processes. IT governance provides the structure
that links IT processes, IT resources and information to
enterprise strategies and objectives.
Chapter
6-6
SO 1 An overview of IT governance and its role in strategic management
Introduction to IT Governance
Management must focus on the following activities:
 aligning IT strategy with the business strategy
 cascading strategy and goals down into the enterprise
 providing organizational structures that facilitate the
implementation of strategy and goals
 insisting that an IT control framework be adopted and
implemented
 measuring IT’s performance
Chapter
6-7
SO 1 An overview of IT governance and its role in strategic management
Introduction to IT Governance
The board and top management must ensure that the
organization has processes to accomplish the following:
1. Continually evaluate the match of strategic goals to the
IT systems in use.
2. Identify changes or improvements to the IT system.
3. Prioritize the necessary changes to IT systems.
4. Develop the plan to design and implement those IT
changes that are of high priority.
5. Implement and maintain the IT systems.
6. Continually loop back to step 1.
Chapter
6-8
SO 1 An overview of IT governance and its role in strategic management
Introduction to IT Governance
Company should have an
 IT governance committee and
 a formal process to select, design, and implement
IT systems (system development life cycle, or
SDLC).
Chapter
6-9
SO 1 An overview of IT governance and its role in strategic management
Introduction to IT Governance
Concept Check
IT governance includes all but which of the following
responsibilities?
a. Aligning It strategy with the business strategy.
b. Writing programming code for IT systems.
c. Insisting that an IT control framework be
adopted and implemented.
d. Measuring IT’s performance.
Chapter
6-10
SO 1 An overview of IT governance and its role in strategic management
An Overview of SDLC
The systems development life cycle (SDLC) is a
systematic process to manage the acquisition, design,
implementation, and
Operation and
use of IT systems.
Maintenance
Exhibit 6-1
An Overview of the Systems
Development Life Cycle
Chapter
6-11
System Planning
System
Implementation
System Analysis
System Design
SO 2 An overview of the system development life cycle (SDLC)
An Overview of SDLC
Exhibit 6-2
Process Map of the System
Development Life Cycle
(SDLC)
Chapter
6-12
SO 2 An overview of the system development life cycle (SDLC)
Elements of Systems Planning Phase of SDLC
IT governance committee must monitor the IT system
through feedback about network utilization, security
breaches, and reports on the operation of the system.
IT governance committee should consider:
1) the assessment of IT systems and their match to
strategic organizational objectives, and
2) the feasibility of each of the requested
modifications or upgrades.
Chapter
6-13
SO 3 The elements of the systems planning phase of the SDLC
Elements of Systems Planning Phase of SDLC
Exhibit 6-3
System Planning Process Map
Chapter
6-14
SO 3 The elements of the systems planning phase of the SDLC
Elements of Systems Planning Phase of SDLC
Feasibility Study
IT governance committee should evaluate the
feasibility of each competing proposal.
Four feasibility aspects
1. Technical
2. Operational
3. Economic
4. Schedule feasibility
Chapter
6-15
SO 3 The elements of the systems planning phase of the SDLC
Elements of Systems Planning Phase of SDLC
Planning and Oversight of Proposed Changes
IT governance committee must decide which of the
changes can be undertaken at the current time.
Next phases of the SDLC:
1.
Formally announce the project.
2.
Assign the project team that will begin the next
phase, the systems analysis.
3.
Budget the funds necessary to complete the SDLC.
4.
Continue oversight and management of the project
team and proposed IT changes.
Chapter
6-16
SO 3 The elements of the systems planning phase of the SDLC
Elements of Systems Planning Phase of SDLC
Concept Check
Which of the following feasibility aspects is an
evaluation of whether the technology exists to meet
the need identified in the proposed change to the IT
system?
a. Technical feasibility.
b. Operational feasibility.
c. Economic feasibility.
d. Schedule feasibility.
Chapter
6-17
SO 3 The elements of the systems planning phase of the SDLC
Elements of Systems Planning Phase of SDLC
Concept Check
The purpose of the feasibility study is to assist in?
a. Selecting software.
b. Designing internal controls.
c. Designing reports for the IT system.
d. Prioritizing IT requested changes.
Chapter
6-18
SO 3 The elements of the systems planning phase of the SDLC
Elements of Systems
Analysis Phase of SDLC
Exhibit 6-4
System Analysis
Process Map
Preliminary Investigation
The purpose of the preliminary
investigation is to determine
whether the problem or
deficiency in the current
system really exists.
“go” or “no-go” decision
Chapter
6-19
SO 4 The elements of the systems analysis phase of the SDLC
Elements of Systems Analysis Phase of SDLC
System Survey
A systems survey requires collecting data about the
current system, including the following:
Inputs
Data storage
Outputs
Transaction volumes
Processes
Errors
Controls
Chapter
6-20
SO 4 The elements of the systems analysis phase of the SDLC
Elements of Systems Analysis Phase of SDLC
Determination of User Requirements
To gain a complete understanding of the system
under study, the project team should not only
observe and review documentation, but also seek the
opinions and thoughts of those who use the system.
 Interviews
 Questionnaires
Chapter
6-21
SO 4 The elements of the systems analysis phase of the SDLC
Elements of Systems Analysis Phase of SDLC
Analysis of the System Survey
Analysis phase is the critical-thinking stage.
In many cases, the analysis phase may lead to business
process reengineering (BPR).
“
fundamental rethinking and radical
redesign of business processes to bring about dramatic
improvements” in performance.
Chapter
6-22
SO 4 The elements of the systems analysis phase of the SDLC
Elements of Systems Analysis Phase of SDLC
System Analysis Report
The report to inform the IT governance committee of
the results of the systems survey, user needs
determination, and BPR.
Chapter
6-23
SO 4 The elements of the systems analysis phase of the SDLC
Elements of Systems Analysis Phase of SDLC
Concept Check
Which phase of the system development life cycle
includes determining user needs of the IT system?
a. Systems planning.
b. Systems analysis.
c. Systems design.
d. Systems implementation.
Chapter
6-24
SO 4 The elements of the systems analysis phase of the SDLC
Elements of Systems Design Phase of SDLC
Purchased
Software
Exhibit 6-5
System Design
Process Map for
Purchased
Software
Chapter
6-25
SO 5 The elements of the systems design phase of the SDLC
Elements of Systems Design Phase of SDLC
When evaluating each proposal, the IT governance
committee should consider:
1.
Price of software or software modules
2. Match of system and user needs to features of the
software
3.
Technical, operational, economic, and schedule feasibility
4.
Technical support provided by the vendor
5.
Reputation and reliability of the vendor
6.
Usability and user friendliness of the software
7.
Testimonials from other customers
Chapter
6-26
SO 5 The elements of the systems design phase of the SDLC
Elements of Systems Design Phase of SDLC
In-House
Design
Chapter
6-27
Exhibit 6-6
System Design Process
Map for In-House Design
SO 5 The elements of the systems design phase of the SDLC
Elements of Systems Design Phase of SDLC
Conceptual Design
Involves identifying the alternative conceptual design
approaches to systems that will meet the needs
identified in the system analysis phase.
Chapter
6-28
SO 5 The elements of the systems design phase of the SDLC
Elements of Systems Design Phase of SDLC
Evaluation and Selection
Feasibility assessments are:
1. Technical feasibility
2. Operational feasibility
3. Economic feasibility
4. Schedule feasibility
In most cases, the cost–benefit analysis is the most
important of the four tests.
Chapter
6-29
SO 5 The elements of the systems design phase of the SDLC
Elements of Systems Design Phase of SDLC
Detailed Design
The purpose of the detailed design phase is to create
the entire set of specifications necessary to build and
implement the system.
The various parts of the system that must be designed
are the
 outputs,
 data storage, and
 inputs,
 internal controls.
 Processes,
Chapter
6-30
SO 5 The elements of the systems design phase of the SDLC
Elements of Systems Design Phase of SDLC
Concept Check
A request for proposal (RFP) is used during the?
a. Phase-in period.
b. Purchase of software.
c. Feasibility study.
d. In-house design.
Chapter
6-31
SO 5 The elements of the systems design phase of the SDLC
Elements of Systems Implementation Phase
Exhibit 6-7
Implementation and
Operation Process Map
Parallel
Direct cutover
Phase-in
Pilot
Chapter
6-32
SO 6 The elements of the systems implementation phase of the SDLC
Elements of Systems Implementation Phase
Concept Check
Which of the following steps within the systems
implementation phase could not occur concurrently with
other steps, but would occur at the end?
a. Employee training.
b. Data conversion.
c. Software programming.
d. Post-implementation review.
Chapter
6-33
SO 6 The elements of the systems implementation phase of the SDLC
Elements of Systems Implementation Phase
Concept Check
Each of the following are methods for implementing a
new application system except
a. Direct cutover conversion.
b. parallel conversion.
c. Pilot conversion.
d. Test method conversion.
Chapter
6-34
SO 6 The elements of the systems implementation phase of the SDLC
Elements of the Operation and Maintenance Phase
Management should receive regular reports regarding the
performance of the IT system.
Examples of reports are:
 IT performance
 IT load usage and excess capacity
 Downtime of IT systems
 Maintenance hours on IT systems
 IT security and number of security breaches or problems
 IT customer satisfaction, from both internal and external
customers.
Chapter
6-35
SO 7 The elements of the operation and maintenance phase of the SDLC
Elements of the Operation and Maintenance Phase
Concept Check
The use of the SDLC for IT system changes is
important for several reasons. Which of the following
is not a part of the purposes of the SDLC processes?
a. As a part of strategic management of the
organization.
b. As part of the internal control structure of the
organization.
c. As part of the audit of an IT system.
d. As partial fulfillment of management’s ethical
obligations.
Chapter
6-36
SO 7 The elements of the operation and maintenance phase of the SDLC
Critical Importance of IT Governance
Three major purposes are served by the continual and
proper use of the IT governance committee and the
SDLC:
1. The strategic management process of the
organization
2. The internal control structure of the organization
3. The fulfillment of ethical obligations
Chapter
6-37
SO 8 The critical importance of IT governance in an organization
Ethical Considerations Related to IT Governance
Management has an ethical obligation to maintain a set of
processes and procedures that assure accurate and
complete records and protection of assets.
Employees should not subvert the process.
Consultants have at least four ethical obligations:
1.
Bid the engagement fairly, and completely disclose the
terms of potential cost increases.
2. Bill time accurately to the client.
3. Do not oversell unnecessary services or systems.
4. Do not disclose confidential or proprietary information.
Chapter
6-38
SO 9 Ethical considerations related to IT governance
Ethical Considerations Related to IT Governance
Concept Check
Confidentiality of information is an ethical
consideration for which of the following party or
parties?
a. Management.
b. Employees.
c. Consultants.
d. All of the above.
Chapter
6-39
SO 9 Ethical considerations related to IT governance
Copyright
Copyright © 2008 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted
in Section 117 of the 1976 United States Copyright Act without
the express written permission of the copyright owner is
unlawful. Request for further information should be addressed
to the Permissions Department, John Wiley & Sons, Inc. The
purchaser may make back-up copies for his/her own use only
and not for distribution or resale. The Publisher assumes no
responsibility for errors, omissions, or damages, caused by the
use of these programs or from the use of the information
contained herein.
Chapter
6-40