Prepared by Coby Harmon University of California, Santa Barbara Westmont College Chapter 6-1 IT Governance Chapter 6-2 Accounting Information Systems, 2nd Edition Study Study Objectives Objectives An introduction to IT governance and its role in strategic management An overview of the system development life cycle (SDLC) The elements of the systems planning phase of the SDLC The elements of the systems analysis phase of the SDLC The elements of the systems design phase of the SDLC The elements of the systems implementation phase of the SDLC The elements of the operation and maintenance phase of the SDLC The critical importance of IT governance in an organization Ethical considerations related to IT governance Chapter 6-3 Introduction Introduction to to IT IT Governance Governance How does a company decide, ► which IT systems are appropriate? ► which accounting software package to buy? ► when it has outgrown its accounting software or when to upgrade the software? ► whether to use IT systems to sell products on the web? ► whether to establish a data warehouse for analyzing data such as sales trends? ► whether to use ERP systems or customer relationship management (CRM) software? Chapter 6-4 SO An overview of IT governance and its role in strategic management Introduction Introduction to to IT IT Governance Governance IT systems must be strategically managed Strategic management is the process of ► determining the strategic vision for the organization, ► developing the long-term objectives, ► creating the strategies that will achieve the vision and objectives, and ► implementing those strategies Chapter 6-5 SO An overview of IT governance and its role in strategic management Introduction Introduction to to IT IT Governance Governance Proper management, control, and use of IT systems is IT governance IT Governance is defined as: [A] structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over and its processes IT governance provides the structure that links IT processes, IT resources and information to enterprise strategies and objectives Chapter 6-6 IT SO An overview of IT governance and its role in strategic management Introduction Introduction to to IT IT Governance Governance Management must focus on the following activities: ► aligning IT strategy with the business strategy ► cascading strategy and goals down into the enterprise ► providing organizational structures that facilitate the implementation of strategy and goals ► insisting that an IT control framework be adopted and implemented ► measuring IT’s performance Chapter 6-7 SO An overview of IT governance and its role in strategic management Introduction Introduction to to IT IT Governance Governance The board and top management must ensure that the organization has processes to accomplish the following: Continually evaluate the match of strategic goals to the IT systems in use Identify changes or improvements to the IT system Prioritize the necessary changes to IT systems Develop the plan to design and implement those IT changes that are of high priority Implement and maintain the IT systems Continually loop back to step Chapter 6-8 SO An overview of IT governance and its role in strategic management Introduction Introduction to to IT IT Governance Governance Company should have an ► IT governance committee and ► a formal process to select, design, and implement IT systems (system development life cycle, or SDLC) Chapter 6-9 SO An overview of IT governance and its role in strategic management Introduction Introduction to to IT IT Governance Governance Question IT governance includes all but which of the following responsibilities? a Aligning It strategy with the business strategy b Writing programming code for IT systems c Insisting that an IT control framework be adopted and implemented d Measuring IT’s performance Chapter 6-10 SO An overview of IT governance and its role in strategic management Systems Systems Design Design Phase Phase of of SDLC SDLC When evaluating each proposal, the IT governance committee should consider: Price of software or software modules Match of system and user needs to features of the software Technical, operational, economic, and schedule feasibility Technical support provided by the vendor Reputation and reliability of the vendor Usability and user friendliness of the software Testimonials from other customers Chapter 6-27 SO The elements of the systems design phase of the SDLC Systems Systems Design Design Phase Phase of of SDLC SDLC In-House Design Chapter 6-28 Exhibit 6-6 System Design Process Map for In-House Design SO The elements of the systems design phase of the SDLC Systems Systems Design Design Phase Phase of of SDLC SDLC Conceptual Design Involves identifying the alternative conceptual design approaches to systems that will meet the needs identified in the system analysis phase Chapter 6-29 SO The elements of the systems design phase of the SDLC Systems Systems Design Design Phase Phase of of SDLC SDLC Evaluation and Selection Feasibility assessments are: Technical feasibility Operational feasibility Economic feasibility Schedule feasibility In most cases, the cost–benefit analysis is the most important of the four tests Chapter 6-30 SO The elements of the systems design phase of the SDLC Systems Systems Design Design Phase Phase of of SDLC SDLC Detailed Design The purpose of the detailed design phase is to create the entire set of specifications necessary to build and implement the system The various parts of the system that must be designed are the  outputs,  data storage, and  inputs,  internal controls  Processes, Chapter 6-31 SO The elements of the systems design phase of the SDLC Systems Systems Design Design Phase Phase of of SDLC SDLC Question A request for proposal (RFP) is used during the? a Phase-in period b Purchase of software c Feasibility study d In-house design Chapter 6-32 SO The elements of the systems design phase of the SDLC Systems Systems Implementation Implementation Phase Phase Exhibit 6-7 Implementation and Operation Process Map Parallel Direct cutover Phase-in Pilot Chapter 6-33 SO The elements of the systems implementation phase of the SDLC Systems Systems Implementation Implementation Phase Phase Question Which of the following steps within the systems implementation phase could not occur concurrently with other steps, but would occur at the end? a Employee training b Data conversion c Software programming d Post-implementation review Chapter 6-34 SO The elements of the systems implementation phase of the SDLC Systems Systems Implementation Implementation Phase Phase Question Each of the following are methods for implementing a new application system except a Direct cutover conversion b parallel conversion c Pilot conversion d Test method conversion Chapter 6-35 SO The elements of the systems implementation phase of the SDLC Operational Operational and and Maintenance Maintenance Phase Phase Management should receive regular reports regarding the performance of the IT system Examples of reports are: ► IT performance  IT load usage and excess capacity  Downtime of IT systems  Maintenance hours on IT systems ► IT security and number of security breaches or problems ► IT customer satisfaction, from both internal and external customers Chapter 6-36 SO The elements of the operation and maintenance phase of the SDLC Operational Operational and and Maintenance Maintenance Phase Phase Question The use of the SDLC for IT system changes is important for several reasons Which of the following is not a part of the purposes of the SDLC processes? a As a part of strategic management of the organization b As part of the internal control structure of the organization c As part of the audit of an IT system d As partial fulfillment of management’s ethical obligations Chapter 6-37 SO The elements of the operation and maintenance phase of the SDLC Critical Critical Importance Importance of of IT IT Governance Governance Three major purposes are served by the continual and proper use of the IT governance committee and the SDLC: The strategic management process of the organization The internal control structure of the organization The fulfillment of ethical obligations Chapter 6-38 SO The critical importance of IT governance in an organization Ethical Ethical Considerations Considerations IT IT Governance Governance Management has an ethical obligation to maintain a set of processes and procedures that assure accurate and complete records and protection of assets Employees should not subvert the process Consultants have at least four ethical obligations: Bid the engagement fairly, and completely disclose the terms of potential cost increases Bill time accurately to the client Do not oversell unnecessary services or systems Do not disclose confidential or proprietary information Chapter 6-39 SO Ethical considerations related to IT governance Ethical Ethical Considerations Considerations IT IT Governance Governance Question Confidentiality of information is an ethical consideration for which of the following party or parties? a Management b Employees c Consultants d All of the above Chapter 6-40 SO Ethical considerations related to IT governance Copyright Copyright Copyright © 2013 John Wiley & Sons, Inc All rights reserved Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc The purchaser may make back-up copies for his/her own use only and not for distribution or resale The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein Chapter 6-41 ... the IT system? a Systems planning b Systems analysis c Systems design d Systems implementation Chapter 6-25 SO The elements of the systems analysis phase of the SDLC Systems Systems Design Design... risk versus return over and its processes IT governance provides the structure that links IT processes, IT resources and information to enterprise strategies and objectives Chapter 6-6 IT SO An... upgrades Chapter 6-13 SO The elements of the systems planning phase of the SDLC Systems Systems Planning Planning Phase Phase of of SDLC SDLC Exhibit 6-3 System Planning Process Map Chapter 6-14