140 likes | 248 Views
Chapter 17: Using Tools and Techniques in IT Operation Reviews. MBAD 7090. Objectives. Review of CAATTs Four areas System maintainance Operation system SAP ISO. Using CAATTs in the Audit. Applications: Generalized audit software Application development tools Query tools
E N D
Chapter 17: Using Tools and Techniques in IT Operation Reviews MBAD 7090 IS Security, Audit, and Control (Dr. Zhao)
Objectives • Review of CAATTs • Four areas • System maintainance • Operation system • SAP • ISO IS Security, Audit, and Control (Dr. Zhao)
Using CAATTs in the Audit • Applications: • Generalized audit software • Application development tools • Query tools • Analysis tools • IT operation testing and diagnosis tools • Examples: • Axent* for examination and review of client server controls • ACL for data extraction and analysis • Recovery PAC for assessment of disaster recovery • SSA-Name3 for data warehousing control assessment IS Security, Audit, and Control (Dr. Zhao)
Web Metrics • Computer Assisted Tools and Techniques for Evaluating and Auditing Websites • Web performance statistics • broken links, missing pages and page components • Download time, transaction time, availability • Number of commercial tools available • Work / Research done by NIST • web site (http://zing.ncsl.nist.gov/webmet/) IS Security, Audit, and Control (Dr. Zhao)
Web Metrics IS Security, Audit, and Control (Dr. Zhao)
Systems Maintenance • Systems hardware • Systems software • Database software • Applications software • Environmental areas • Network software • Network hardware IS Security, Audit, and Control (Dr. Zhao)
Systems Maintenance • Change Control • Points of change • Approval points • Changes to documentation • Review points • Continuous monitoring, use of diagnostic tools to monitor network, analyze throughput IS Security, Audit, and Control (Dr. Zhao)
Operating Systems • Operating systems control and interact with: • Systems utilities • Program library systems • File maintenance systems • Security software • Data communications systems • Database management systems IS Security, Audit, and Control (Dr. Zhao)
Operating Systems Review Points • Controlling access • Controlling changes • Monitoring changes • Verification and validation of changes • Recovery controls work IS Security, Audit, and Control (Dr. Zhao)
SAP Operational Review Points at Implementation • Understanding Corporate culture • An enterprise wide implementation • Understood and complete process change • Require reenginerring • SAP project manager competence • Project methodology • Training • Commitment to the change IS Security, Audit, and Control (Dr. Zhao)
SAP Review Points in Operation • Administrative controls • Accountability • Access controls • Confidential, integrity and security management • EDI and Internet security IS Security, Audit, and Control (Dr. Zhao)
ISO 9001 Review • Quality system in five areas • documentation • practices • records • audits • corrective actions IS Security, Audit, and Control (Dr. Zhao)