8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
1/24
IT/IS Organizational Roles andResponsibilities
BAA-AISBy
Winston Phethi
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
2/24
Organizational structure charts are importantitems for all employees to have since theyprovide a clear denition of the department’shierarchy and authorities.
Additionally, job description provide !"#department employees a clear directionregarding their roles and responsibilities.
!he # auditor should spend time in anauditees area to observe and determine$hether the job description and structures areade%uate.
IT/IS Organizational Roles andResponsibilities -Outline
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
3/24
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
4/24
As a committee of the board, it assists theboard in overseeing the enterprise&s !'related matters by ensuring that the boardhas the internal and e(ternal information itre%uires for e)ective ! governance decisionma*ing.
IT Strategy Committee
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
5/24
!his committee might have more than onename+ t might be referred to as an ! steeringcommittee or an ! strategy committee.
!he steering committee is tas*ed $ithensuring that the ! department is properlyaligned $ith the goals of the business.
!his is accomplished by using the committeeas a conduit to move information andobjectives from senior business managementto ! management.
IT Steering Committee
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
6/24
Systems development manager -esponsible for programmers and analysts $hoimplement ne$ systems and maintain e(istingsystems
Projet manager -esponsible for planning and e(ecuting ! projectsand may report to a project management oceror to the development organization
Project manager play a central role in e(ecutingthe vision of the ! strategy and steeringcommittee by planning, coordinating anddelivering # projects to the enterprise.
IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
7/24
Servie des% &'elp des%( t is unit $ithin an organization that responds to
technical %uestions and problems faced by users. A procedure to record the problems reported,
solved and escalated should be in place foranalysis of the problems"%uestions
"nd user -esponsible for operations related to business
application services/ used to distinguish theperson for $hom the product $as designed fromthe person $ho programs, services, or installsapplications.
IT/IS RO!"S A#$R"SPO#SIBI!ITI"S)*Cont*
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
8/24
"nd-user support manager
-esponsible as a liaison bet$een the #department and the end users
$ata manager
-esponsible for the data architecture in larger !environments and tas*ed $ith managing data as acorporate asset
+uality Assurane &+A( manager
responsible for negotiating and facilitating %ualityactivities in all areas of information technology
IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S)Cont*
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
9/24
Operations ,anager-esponsible for computer operations personnel, including all sta)re%uired to run the data center eciently and e)ectively.
Control group
-esponsible for the collection, conversion and control of input, andthe balancing and distribution of output to the user community.
!he control input"output control group should be in a separate area$here only authorized personnel are permitted since they handlesensitive data
!hey usually report to the Operations 0anager
,edia managerresponsible for recording, issuing, receiving, and safeguarding allprogram and data les that are maintained on removable media
IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S-Inrastruture Operations and,aintenane
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
10/24
$ata "ntry !he process of getting information into a
database, usually done by people typing it in by$ay of data'entry forms designed to simplify the
process. ts is critical to the information Processing activity
Systems administrator
-esponsible for maintaining major multi'user
computer systems, including 1A2s, W1A2s, WA2s,PA2s, #A2s, intranets and e(tranets, and mid'range and mainframe systems
IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S -Inrastruture Operations and ,aintenane)Cont*
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
11/24
Systems administrator typical duties include/
3. Adding and conguring ne$ $or*stations andperipherals.
4.
#etting up user accounts5. nstalling system $ide soft$are
6. Performing procedures to prevent"detect"correct the spread of viruses
7. Allocating mass storage space#mall organisations may have just one systemsadministrator $hereas larger enterprises usuallyhave a team of systems administrators.
IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S -Inrastruture Operations and ,aintenane)Cont*
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
12/24
Seurity Administrator -esponsible for ensuring that the various users are
complying $ith the corporate security policy andcontrols are ade%uate to prevent unauthorized access
to the company assets. !he seurity Administrator.s function usually include/
3. 0aintaining security rules to data and other !resources
4. 0aintaining security and condentiality over theissuance and maintenance of authorized user 8s andpass$ords.
5. 0onitoring security violations and ta*ing correctiveaction to ensuring ade%uate security is provided.
IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S -Inrastruture Operations and,aintenane)Cont*
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
13/24
6. Periodically revie$ing and evaluating thesecurity policy and suggesting necessarychanges to management
7. Preparing and monitoring the security
a$areness program for all employees9. !esting the security architecture to evaluate the
security strength and detect possible threats.
:. Wor*ing $ith compliance, ris* management and
audit functions to ensure that security isappropriate designed and updated based onaudit feedbac* or testing
T'e Seurity Administrator.suntions)Cont*
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
14/24
+uality assurane personnel usuallyperform t$o distinct tas*s /
+uality Assurane &+A(
;elps the # department to ensure thatpersonnel are follo$ing prescribed %ualityprocesses.
+uality Control &+C(
-esponsible for conducting tests or revie$s toverify and ensure that soft$are is free from
defects and meets user e(pectations.
IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S -+uality Assurane
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
15/24
$atabase Administrator &$BA(
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
16/24
$BA.s roles inlude
7. mplementing database denition controls,access controls, update controls andconcurrency.
9. 0onitoring database usage, collectingperformance statistics and tuning thedatabase
:. 8ening and initiating bac*up and recoveryprocedures
?. Ans$ering programmer %ueries andeducating programmers in the database
structures.
$atabase Administrator.s role)Cont*
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
17/24
Systems analyst #pecialist $ho designs systems based on the
needs of the user and are usually involvedduring the initial phase of the systemdevelopment life cycle =#81
!hese individuals interpret the needs of the
user and develop re%uirements and
functional specications as $ell as high'leveldesign documents. !hese documents enable programmers to
create a specic application.
IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S)Cont*
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
18/24
Seurity ar'itet -esponsible for evaluating security technologies/
design security aspects of the net$or* topology,access control identity management and other
security systems/ and establish security policiesand security re%uirements.
#ecurity Architects should also $or* $ith
compliance, ris* management and audit functionsto incorporate their re%uirements andrecommendations for security into the securitypolicies and architecture.
IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S)Cont*
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
19/24
Appliations sta0 -esponsible for developing and maintaining applications/
should $or* in a test'only environment 8evelopment can include developing ne$ code or
changing the e(isting setup or conguration of theapplication.
#ta) develop the programs or change the applicationsetup that $ill ultimately run in a production environment.
!herefore management must ensure that sta) cannot
modify production programs or application or applicationdata. #ta) should $or* in a test'only environment and turn their
$or* to another group to move programs and applicationchanges into the production environment.
IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S -Appliation $evelopment and,aintenane
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
20/24
Inrastruture sta0 -esponsible for maintaining the systems
soft$are, including the operating system.
!his function may re%uire sta) to have broadaccess to the entire system. # management must closely monitor
activities by re%uiring that electronic logs
capture this activity and are not susceptible toalteration @sage of domain administration and super'
user accounts should be tightly controlled and
monitored
IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S -Appliation $evelopment and ,aintenane)Cont*
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
21/24
#et1or% administrator -esponsible for *ey components of the infrastructure
=routers, s$itches, re$alls, net$or* segmentation,performance management, remote access, etc.>/ report tothe director of the nformation Processing acility =P> oran end'user manager.
!his position is responsible for technical andadministrative control over the 1A2.
!his includes ensuring that transmission lin*s are
functioning correctly, bac*ups of the system areoccurring, and soft$are"hard$are purchases areauthorized and installed properly.
!he 1A2 administrator should have no applicationprogramming responsibilities but may have systems
programming and end'user responsibilities.
IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S -#et1or% ,anagement
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
22/24
Avoids the possibility that a single personcould be responsible for diverse and criticalfunctions in such a $ay that errors ormisappropriations could occur and not bedetected in a timely manner an in the normalcourse of business process.
S"2R"2ATIO# O3 $4TI"S 5IT6I# IS/IT
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
23/24
8/16/2019 BAA-AIS-Organizational Roles and Responsibilities
24/24