AUDIT SISTEM INFORMASI MUHAMMAD BAGIR, MTI

Transcription

1 AUDIT SISTEM INFORMASI MUHAMMAD BAGIR, MTI

2 CONTENTS INFORMATION SYSTEM H/W INFORMATION SYSTEM ARCHITECTURE & SOFTWARE INFORMATION SYSTEM NETWORK INFRASTRUCTURE INFORMATION SYSTEM OPERATION AUDITING INFRASTRUCTURE & OPERATIONS

3 INFORMATION SYSTEM HARDWARE COMPUTER HARDWARE COMPONENTS AND ARCHITECTURES PROCESSING COMPONENTS INPUT/OUTPUT COMPONENTS TYPES OF COMPUTERS UNIVERSAL SERIAL BUS MEMORY CARDS RADIO FREQUESNCY IDENTIFICATION (RFID) HARDWARE ACQUISITION HARDWARE MAINTENANCE PROGRAM HARDWARE MONITORING PROCEDURES CAPACITY MANAGEMENT

4 HARDWARE ACQUISITION Selection of Computer H/w and S/w environment frequently requires the preparations of a specification for distribution to h/w and s/w vendors and criteria for evaluating vendor proposals. This specification is sometimes presented to vendors in the form of an invitation to tender(itt), also known as request for proposal (RFP)

5 HARDWARE ACQUISITION (CONT D) For acquiring a system the ITT, or specification, should include the following: Organizational description Information processing requirements Hardware requirements System software applications Support requirements Adaptability requirements Constraints Conversion requirements

6 ACQUISITION STEPS Testimonials or visits with other users Provisions for competitive bidding Analysis for bids against requirements Comparison of bids against each other Analysis of vendor financial conditions Analysis of vendor capability Review of delivery schedule against requirements Analysis of h/w / s/w upgrade capability Analysis of security and control facilities Evaluation of performance against requirements Review and negotiation of price Preparation of a formal written report summarizing

7 INFORMATION SYSTEM ARCHITECTURE & SOFTWARE OPERATING SYSTEMS Software Control Features or Parameters Software Integrity Issues Activity logging and Reporting Options Access Control Software DATA COMMUNICATION SOFTWARE DATA MANAGEMENT File Organizations DATABASE MANAGEMENT SYSTEM PROGRAM LIBRARY MANAGEMENT SYSTEMS TYPE AND RISK MANAGEMENT SYSTEMS JOB SCHEDULING SOFTWARE UTILITY PROGRAMS SYSTEM SOFTWARE ACQUISITION SYSTEM SOFTWARE IMPLEMENTATION SYSTEM SOFTWARE CHANGE CONTROL PROCEDURES

8 INFORMATION SYSTEM NETWORK INFRASTRUCTURE ENTERPRISE NETWORK ARCHITECTURES TYPES OF NETWORK NETWORK SERVICES NETWORK STANDARDS AND PROTOCOLS OSI ARCHITECTURE APPLICATION OF THE OSI MODEL IN NETWORK ARCHITECTURES

9 INFORMATION SYSTEM OPERATION COMPUTER OPERAIONS MANAGEMENT OF IS OPERATIONS Control Functions IT SERVICE MANAGEMENT Service Management JOB ACCOUNTING SCHEDULING MONITORING USE OF RESOURCES PROBLEM MANAGEMENT Detection, Documentation, Control, Resolution and Reporting of Abnormal Conditions PROGRAM CHANGE CONTROL QUALITY ASSURANCE SUPPORT/HELP DESK

10 AUDITING INFRASTRUCTURE & OPERATIONS HARDWARE REVIEWS OPERATINGS SYSTEM REVIEWS DATABASE REVIEWS LOCAL AREA NETWORK REVIEWS NETWORK OPERATING CONTROL REVIEWS IS OPERATION REVIEWS Computer Operations File Handling Procedures Data Entry Control LIGHT-OUT OPERATIONS PROBLEM MANAGEMENT REPORTING REVIEWS HARDWARE AVAILABILTY AND UTILIZATION REPORTING REVIEWS SCHEDULING REVIEWS