Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Computer Operations

advertisement 
Information Systems
Operations
IS Operations (Chapter 9)
Practicum: Cendant Corporation
Schedule
Week
Topic
Readings
Practicum
12-Sep-05
Identifying Computer Systems
Chapter 2
Evaluating IT Benefits and
Risks
Jacksonville
Jaguars
19-Sep-05
IS Audit Programs
Chapter 3
The Job of the Staff Auditor
A Day in the Life of
Brent Dorsey
26-Sep-05
IS Security
Chapter 4
Recognizing Fraud
The Anonymous
Caller
Utility Computing and IS Service
Organizations
Chapter 5
Evaluating a Prospective
Audit Client
Ocean
Manufacturing
10-Oct-05
Physical Security
Chapter 6
Inherent Risk and Control
Risk
Comptronix
Corporation
17-Oct-05
Logical Security
Chapter 7 & 8
Evaluating the Internal
Control Environment
Easy Clean
24-Oct-05
IS Operations
Chapter 9
Fraud Risk and the Internal
Control Environment
Cendant
Corporation
31-Oct-05
Controls Assessment
Chapter 10
IT-based vs. Manual
Accounting Systems
St James Clothiers
Encryption and Cryptography
Chapter 11
Materiality / Tolerable
Misstatement
Dell Computer
14-Nov-05
Computer Forensics
Chapter 12
Analytical Procedures as
Substantive Tests
Burlington Bees
21-Nov-05
New Challenges from the Internet: Privacy,
Piracy, Viruses and so forth
Chapter 13
Information Systems and
Audit Evidence
Henrico Retail
28-Nov-05
Auditing and Future Technologies
Chapter 16
Flowcharting Transaction
Cycles
Southeast Shoe
Distributor
3-Oct-05
7-Nov-05
Changes to our Schedule

Because we are one week behind



I want to drop the 28 Nov 2005 class
And move each of the prior classes back a week
Dropped:
Topic: Auditing and Future Technologies
Chapter: 16
Practicum: Flowcharting Transaction Cycles (Southeast Shoe Distributor)

This material will be integrated into the existing
lectures
What are ‘Operations’
Development
and Test
Production
Outsourcing
and Utility Computing
Two Components

Or you might consider them two sides to one system

Business Operations


All the tangible physical things that go on in a corporation
Computer Operations
Transactions
Business Operations
External Real
World Entities
and Events that
Create and
Destroy Value
Internal
Operations
of the Firm
Transactions
'Owned' Assets
and Liabilities
Corporate Law
g
osting Postin
ent / P nt /
urem easurme
Meas
M
Audit
Program
Internal Control Review
Over Operations
The Parallel (Logical)
World of Computer Operations

Internal Control
Memo
Computer
Systems
Ledgers:
Databases
Journal Entries
Reports:
Statistics
Business &
Computer
Operations
Transactions
External Real
World Entities
and Events that
Create and
Destroy Value
Internal
Operations
of the Firm
The Physical World
Transactions
Corporate Law
Substantive T
ts
Analytical Tes
Audit Report /
Opinion
Tests of Transactions
Audit
Program
tation
Attes
Auditing
ests
'Owned' Assets
and Liabilities
Accounting
Systems
The Parallel (Logical)
World of Accounting
Ledgers:
Databases
Journal Entries
Reports:
Statistics
Look Familiar?
Computer Operations

Only a subset of business operations are computerized
(automated)

Computers do the following well:




High-speed arithmetic operations
Storage and search of massive quantities of data
Standardization of repetitive procedures
All other Business Operations require human intervention
Human Intervention

Even computer operations require human
intervention at some level


E.g., turning the computer on and off
In both business and computer operations

Human interventions demand the most auditing
Computerized procedures

Fully automated (computerized) procedures


Can be audited once with a small data set
And these results can be considered to hold over time
@ Boeing?
The ‘Glass House’
Mass Storage

Z Microsystems
TranzPacs






Shared chassis - shared peripherals.
Less space, less weight, less power, less cost.
Hot-swappable sealed computer modules
(SCM) and disk modules.
Mix & match platforms and OS's.
Independent stand-alone systems.
Shared peripheral clusters.

Mass Storage at NASA
Server Farms
Systems Life Cycle
Production
Release
Requirements
Specification
Time
Replacement
Design &
Programming
Audit Here!
Resource Use
Testing
Operations Objectives
What to look for in an audit





Production jobs are completed in time
Output (information) are distributed on time
Backup and recovery procedures are adequate
(requires risk analysis)
Maintenance procedures adequately protect
computer hardware and software
Logs are kept of all changes to HW & SW
Automation & Operations Objectives




Operations should be about following predetermined
procedures
The appeal rests largely on the ability to reduce or alter the
role of people in the process
The intent is to take people out of the loop entirely,
Or to increase the likelihood that people will do what they are
supposed to do, and that they do it accurately



People are flexible and clever
We sometimes don’t want to take people out of the loop on a lot
of systems
The problem is when a lot of things break at the same time.

There’ll probably be a few things that are hard to fix, a cascade of effects.
Case Study: Manual
versus Automated
Scheduling
pp.
187-189
Question: Why is automation important?
Backup and Recovery Objectives
Best Practices

Determination of appropriate recovery and resumption objectives for
activities in support of critical markets.


Core organizations should develop the capacity to recover and resume activities within
the business day on which the disruption occurs.
The overall goal is to resume operations within two hours


Maintenance of sufficient geographic dispersion of resources to meet
recovery and resumption objectives.



back-up sites should not rely on the same infrastructure components used by the
primary site, and
back-up operations should not be impaired by a wide-scale evacuation or
inaccessibility of staff that services the primary site
Routine use or testing of recovery and resumption arrangements.


Testing should not only cover back-up facilities of the firm,
 but connections with the markets,
 third party service providers
 and customers
Connectivity, functionality and volume capacity should be covered.
How Does Backup & Recovery
Fit into your Risk Assessment Framework?

Your Toolkit:
Computer Inventory, Risk Assessment Matrix, Dataflow Diagrams and
Systems Components Hierarchy
Asset (Ex 2.1)
Risk Assessment (Ex. 2.2 with improvements)
Asset Value
($000,000 to
Owner)*
Transaction Flow
Description
Total Annual Transaction
Value Flow managed by
Asset($000,000)*
Primary OS
Owner
Applicati
on
Win XP
Receiving
Dock
A/P
0.002
RM Received from
Vendor
23
Theft
Win XP
Receiving
Dock
A/P
0.002
RM Received from
Vendor
23
Obsolescence
and spoilage
Audit Objectives
Reporting Risks
(External Audit)
Control Process Risks
(Internal & External
Audits)
Transaction Flows
Business Application
Systems
Operating Systems
(including DBMS, network
and other special systems)
Hardware Platform
Physical and Logical
Security Environment
Asset Loss Risks
(Internal Audits)
Risk Description
Cost of
single
occurrence
($)
Probability of
Occurrence (# per
Year)
Expected
Loss
100
100
10000
35
350
12250
Prioritizing Backup & Recovery
Tasks



Find the critical transactions (High value; High
volume)
Identify the critical applications for processing these
transactions
Identify the critical personnel


including those you may not have hired or defined jobs for
Who are essential to processing these transactions
Case Study: NYSE after 9/11
CNET interview with NYSE's chief technology officer Roger Burkhardt

Were most of the trading firms in the area that connect with your systems all up and running by 9:30 am on Monday
(September 17)? Were there any from outside or in the area unable to participate in trading that morning?
We had lost a lot of telephone lines that bring in data to our computer centers and also voice lines to the floor, which would have
meant that we would not have had full access by all members. That raised some public policy issues, particularly for the retail
investor; if their broker-dealer is the one who doesn't have connectivity, they would be disadvantaged.

"I think September 11 was the biggest challenge that our technical team has had to face in recent years." So NYSE
faced a connectivity issue on a uniquely massive scale?
There was a connectivity issue that affected not just our market, but all markets. There was also the fact that there were a
number of firms that were scrambling to get into their back-up facilities. A number of large firms like Morgan Stanley and Merrill
Lynch were affected. And then there were firms like Goldman Sachs, just down the street from here, who were like us in that
their building was undamaged. In fact, the Merrill Lynch building was also undamaged, but they were just not allowed to come in
because the authorities quite rightly wanted to focus on rescue operations. That affected all the markets. Clearly, if you want a
market, you want it to be a fair market, with breadth of access. You don't want one retail investor to not be able to get through to
sell or buy.

So by Monday, how did you manage to connect all the firms that connect to your systems?
We worked with member firms for the balance of that week to help them re-establish connectivity. We worked very closely with
Verizon, whose staff did a tremendous job. We have a subsidiary called Securities Industry Automation Corporation. It's been
around for over 25 years and provides data processing and communications capabilities for the securities industry. It was initially
set up by the NYSE and the American Stock Exchange, but also provides services to a broader part of the industry--for
example, market data systems for equities and options. It also is the collection point for all the post trade information for all
instruments. What is important about that is that because so many of us use them, they have telephone lines coming in from
everybody. They play this hub role where they can effectively use communications set up for one purpose in an emergency to
recover something else.

"With the potential for cyber threats, the advice I get is, 'Don't tell anyone about anything we are using.'" What other
platforms are you using?
I just used that as an example that we are not a trailing edge adopter. And I am a little sad about this because I enjoy talking
about a bunch of technologies here from many great companies like HP, IBM and others. But with the potential for cyberthreats,
the advice I get is, "Don't tell anyone about anything we are using. “
Business Operations
Computer Operations are a subset of
business operations
Case Studies
CS
9.3 to 9.7 pp. 195-202
Question: Can you recognize the control
weaknesses
What is the ‘Risk’ from inadequate control in each.
Practicum:
Fraud Risk &
The Internal Control Environment
Cendant Corporation
Related documents
Marketing Plan Rubric
Marketing Plan Rubric
TH INSTITUTE OF CHARTERED ACCOUNTANTS OF
TH INSTITUTE OF CHARTERED ACCOUNTANTS OF
CIS 349 – Information Technology Audit and Control
CIS 349 – Information Technology Audit and Control
Internal Auditor Job Description
Internal Auditor Job Description
COVER LETTER SAMPLE
COVER LETTER SAMPLE
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Job Title: IT Audit Senior
Job Title: IT Audit Senior
example_of_final_project
example_of_final_project
Download
advertisement