- Organizations and their IT departments division of responsibilities

Organizations and their IT departments division of responsibilities

Organization of segregation of duties in the allocation of responsibilities within the organization to be considered an important issue. Clear division of responsibilities contribute to the effective functioning of the various functions, and provide monitoring and control functions. Especially for large-scale financial systems, and other important system to monitor than subordinates need to assume more responsibilities. IT departments with the other departments of information and the independence of segregation of duties within the system are equally important. Below the division of tasks in a number of areas for further note:
1. Authorization transaction authorization is the responsibility of the user departments. In fact authorized by the authorized officer also means that degree of responsibility. Management and information systems auditors must be regularly detection of unauthorized transactions.
2. Reconciliation reconciliation is the responsibility of users. In some organizations, the data also control the use of "total reconciliation" with the balance applied to the reconciliation process, the independent testing, to users on the application of the operating procedures and data accuracy are more confident.
3. Companies must decide custody of assets and the assets assigned to the appropriate custodian. When users are assigned to a "data owners" should be expressly set out responsibility. Data owners responsible for the decision to protect data security authorization levels, and data security management team are often responsible for the security system installation and implementation.
4. Access to data physical environment must be adequate security to prevent unauthorized persons to access various mainframe of the physical equipment. System and application security to prevent unauthorized persons visiting another security control. In addition, external access to internal data of the Internet, the emergence of new problems. Therefore, the system administrator need to strengthen the protection of information assets responsibility.
5. License forms to the user department managers electronic or printed forms duly authorized, the right to visit their definition, that is, who can access what forms must be authorized management's approval. Normally, all users should be in written form to apply for a special system for access. Large companies or remote units, authorized signature, the signature of the application should be filed, in order to verify to ensure that authorized the application is correct. In addition, the procedures should also require regular inspections for access to users to confirm the competence and functions match, and to keep updated.
6. Authorized users table
IT departments use the data in the authorization form to the establishment and maintenance of user authorization form. Definition of who is authorized to update, modify, delete or view data. These rights were in the system, transactions, and other levels of definition. In addition, the authorization form itself to be encrypted or password protected to prevent unauthorized access. Control log shall keep detailed records of all users, and, where appropriate, competent to inspect all accident cases should be investigated.
7. Anomaly report unusual event should be reported to the management deal with the proper treatment to stay evidence that the signature on the report that the anomalies have been properly dealt with. Management should also cope with the aftermath of abnormal tracking to ensure that all anomalies have been resolved in a timely manner.
8. Audit trail audit trail information system auditors in the course of re-described transactions "map." The audit of the auditors audit trail by tracking is to examine the economic business and the collection of audit evidence. In the traditional business activities, each transaction for each link or written records (such as handling signature), the audit trail is very clear. Auditors from the original documents, tracking the transactions until statements until statements can be from the beginning, has been traced back to the original documents, formed with the investigation, audit methodology such as inverse search.
For information system, the audit trail is that from the data input system, the data is validated and communicated to other subsystems far, during this period of time of all the incidents recorded. After the realization of electronic and traditional audit trail completely disappeared, replaced paper documents and books and statements of the electromagnetic of accounting information. These magnetic media is no longer the information directly identifiable to the naked eye, may be deleted without leaving traces, thus substantially increasing the audit risk. If the system design of ill-considered, may audit found only leave when processing is not traceable to the outcome of its source. Therefore, the audit trail for tracking and data processing records, a well-designed system is an essential component.
Audit trail can help IT departments and auditors to provide retroactive transaction records, information systems can help auditors to re-create an actual flow of transactions, that is, from the initial state of the updated document. Lack of segregation of duties in the circumstances, the audit trail can be used as a compensation control. Information system auditors who should be able to judge the implementation of the transaction, the transaction time, data entry, in the form of input, which includes transactions in the area of data, as well as updated document.
9. ITL transaction log using manual or automated methods can be. Artificial log in the data processing ago by the manual on a record of the transaction (or sub-groups). Automatic logging of all deal with a record of the transaction is completed through computer systems and retention.

Information System segregation of duties
IT departments and other departments need for effective segregation of duties. At the same time, to ensure the successful development and implementation of the new system, needs to key personnel involved in the system development methodology, these need to be involved in the development process also requires the major role of a clear division of responsibilities, the main participants and the following are the main responsibilities are as follows Several aspects:
1. Executives completion of the project approved by the necessary resources, and high-level managers to the need for staff to participate in and complete the project.
2. Project managers and end-users of all systems, responsible for their subordinates qualified representatives to the information system project team involved in needs analysis, and final acceptance testing and user training. System administrators need to define users completed the review and approval of standard delivery system. They mainly concern the following issues:
? Designated functional software is available
Software reliability
? The efficiency of software
Software is easy to use
Software to other environmental transplant ease of
3. Project steering committee for the project and provide overall direction to ensure that the interests of all parties to achieve. Primarily responsible for all the costs and schedule. The Committee consists of the new system involves senior representatives of the various departments, each have the right to decide on behalf of their respective departments affected the system design. Project management gets is a member of the Commission, under certain circumstances, responsible person. Project Steering Committee functions as follows:
? Periodically review progress of the project (and a half months or one month), when necessary to convene an urgent meeting.
? As coordinator and recommendations, members of the Commission to answer questions, and systems and procedures designed to make the relevant decisions.
? Commission can assess progress and take the necessary corrective actions, as well as the proposed changes in the relevant staff. If necessary, be included in the design and planning goals, objectives change the system. The Committee also will be able to handle the project level can not deal with the risk, in exceptional circumstances, the Committee may recommend suspension of the project.
4. Projects funded data and applications, was appointed as the owner of the funded projects. Primary function is to provide funding for the project, and in close cooperation with project managers, the definition of how to measure project, the key is to measure transformed into measurable, quantitative indicators. Project financing is usually responsible for the application will have to support the main functions of the senior managers.
5. System software and hardware development environment for managers, technical support, including development, installation and operating systems. Assurance systems and organizational computing environment consistent with the strategic direction, operational support and maintenance activities after installation.
6. Project managers to provide day-to-day management of the project to ensure that projects remain consistent with the overall direction of the project in accordance with local standards, the quality of delivery of goods is qualified products. At the same time coordinating the interests of all parties, the solution of the conflict between the development team monitoring costs. If the project staff are all committed to the project, the project manager should be responsible for the staff.
7. Systems development project team to complete the assigned tasks involved in the development process, according to the local standards, effective and user communications, and project managers can be recommended to carry out the necessary plans to adjust and improve.
8. User project team to complete the assigned task, and system developers to effectively communicate, through participation in the development process, follow local standards, suggesting that the project managers between the expected and actual development of deviation.
9. Assured members of the safety and support of process control system provides an effective protection, in line with company safety policy on the basis of the classification of data, security and measurable indicators integrated into the system. Responsible for the review of the security tests, prior to the implementation of the reporting at the same time assess the security-related documents, the report system security effectiveness, in the process of monitoring the system effectiveness.
10. Quality assurance review of the results of the implementation of each stage in line with the demand. Review points depending on the condition of systems development life-cycle methodology, the significance and potential impact of the deviation several factors. Also concerned about each process management and related technical activities, or specific use of the software engineering process, which is software process capability maturity to have a very important role.