Page 202 - Courses
P. 202

IT Essentials — Computer Operations

                 Distributed Platform Model — Due to acquisition and merger, cost/budget, or functionality,
                   many organizations have established a distributed model. Organizations utilizing this model
                   may use an inventory module within their financial or procurement system for inventory
                   tracking, a hardware vendor’s software tool for configuration management, a home-grown or
                   vendor-purchased change and problem management tool, a SharePoint list for knowledge
                   management data, and the vulnerability scanning tool for incident management. Though
                   each of these systems perform their required function, integration using an additional
                   application program interface (API) is required.
                 Ad hoc Platform Model — Smaller organizations — or those with limited in-house IT services
                   — may have to utilize an ad hoc model. In this model, asset management may occur within a
                   spreadsheet, or be limited to maintaining the detailed invoices. When problems occur, the
                   user is typically instructed on how to obtain the necessary configuration data from the
                   device. Change, incident, and problem ticketing systems may have been written in-house or
                   could be an inexpensive ticketing system with limited or no integration capabilities.
                   Sometimes, the ticketing system is nothing more than a series of emails, stored in an inbox
                   subdirectory. Knowledge management is generally a series of physical documents in three-
                   ring binders or Word Documents/PDFs, placed electronically on a network drive. Typically, no
                   integration exists in the ad hoc model.

             TOPIC 6: AUDITING COMPUTER OPERATIONS

            The Internal Auditor’s Role in Service Delivery

            An organization is unlikely to meet its objectives without effective service delivery mechanisms.
            Internal auditors have a unique insight and are well-placed to assess the policies, procedures, and
            operations in place to monitor the achievement of the organization’s objectives and to identify and
            manage the risks. According to The IIA’s GTAG “Information Technology Outsourcing, 2nd Edition,”
            the internal auditor may:

              Provide assurance by reviewing management’s systems for identifying and effectively managing
               the risks to service delivery.
              Provide assurance by frequently carrying out comprehensive reviews of the management of
               service delivery.
              Provide assurance by reviewing performance reporting systems and the systems used to track
               and manage the attainment of targets.
              Gain assurance by relying on the other assurance providers.
              Play a more proactive advisory role across various aspects of the whole service delivery process.

            The IIA’s GTAG “Auditing IT Governance” suggests that some of the key areas of IT governance
            internal auditors should address should include:
              Evaluating existing IT performance monitoring and reporting metrics, including financial
               management of computer operations and projects.
              Ensuring day-to-day computer operations are delivered efficiently and without compromise.




            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   197   198   199   200   201   202   203   204   205   206   207