Business Process Library Q Business Process Management

IT Control

From Q-BPM
Jump to: navigation, search

Information technology control (IT control) is to use and maintain information systems in a company in a sound manner by means of IT.

Contents

Overview of IT Control

IT control is defined in "Execution criteria of evaluation and supervision concerning internal control over financial reports" (Financial Service Agency, Japan).

"Adaptation to IT," which is one of the "Six components of internal control" is met by

  • "Adaptation to IT environment"
  • "Use of IT and control over it"

In addition, "use of IT and control over it" is achieved by "five viewpoints concerning use of IT" and "two viewpoints concerning IT control."

<Use of IT>

  • "Use of IT to guarantee effectiveness of control environment"
  • "Use of IT to guarantee effectiveness of risk assessment and responses"
  • "Use of IT to guarantee effectiveness of controlling activities"
  • "Use of IT to guarantee effectiveness of information and communication"
  • "Use of IT to guarantee effectiveness of monitoring"


<Control over IT>

  • "Objectives of IT control to achieve organization goal"
  • "Establishment of IT control"

According to the definitions, IT control is to set objectives for realizing effective internal control, and to manage information systems in companies by taking advantage of IT. IT control is basically automated control activities, and therefore, it includes access control to the mission-critical system or management of IDs or passwords, which effectively functionalizes the access control etc.

Objectives of IT Control to Accomplish Organization Goal

"IT control objectives" are set by the manager to effectively functionalize IT control. The manager sets objectives in order to assure credibility of financial statements, as well as to execute effective business activities. "IT control objectives" are as follows:

  • Effectiveness/efficiency: Information should be effectively and efficiently offered upon business execution.
  • Compliance: Information should be processed in conformity with related acts, accounting criteria, company policy, etc.
  • Reliability: Information should be approved based on the organization intentions/purposes, and it is to be completely and accurately recorded and processed.
  • Availability: Information should be available when necessary.
  • Confidentiality: Information should be protected to allow accesses from authorized people only.

Establishment of IT Control

The manager carries out "establishment of IT control" to accomplish "objectives of IT control." Activities for "establishment of IT control" include general control and application control, and it is important that they both work together.

General Control of IT

General control is management to ensure environments in which application control effectively functions.

  • Management of information systems development and maintenance
  • Operation and administration of information systems
  • Guarantee of security of information systems such as access control
  • Management of contracts regarding outsourcing of information systems

Application Control of IT

Application control is control over proper processing and storing of tasks in systems controlling business, and it is built in business processes.

  • Management of completeness, accuracy, validity of input information
  • Correction and re-processing of errors
  • Maintenance of master data
  • Access control, e.g., authentication for use of systems, limitation of operating range

Related Articles

Reference

Retrieved from "http://en.q-bpm.org/mediawiki/index.php/IT_Control"
Search

 
Toolbox
What links here
Related changes
Upload file
Special pages
Printable version
Permanent link
Questetra BPM Suite
Workflow Sample:Hints on Defining Workflows for Business Analysts and Managers.

Catetory
General nouns | Proper nouns | General-purpose business process | Core business process | Business process for support administration
Q-BPM This website was started by Questetra, Inc. for businesspeople all over the world, who are interested in BPM, but spend a great amount of time on the search of a lot of books, documents, and difficult terms. By saving the trouble of looking up a number of related terms or the time of searching documents, Questetra, Inc. hopes to contribute to businesspeople, interested in BPM, all over the world. Questetra Inc. Q-BPM exemplifies various Sample Processes regarding Business Flow in companies, and support Business Flow Diagram making. (* Business Flow Diagram: Business Flow Chart/Business Diagram/Business Process Diagram) This is Cloud-Source type information sending website that invites collaborators all over the world. In principle, contents in this website are public on the basis of the license called “CC-By SA,” which means “possible to copy under specific conditions.”

Powered by MediaWiki CreativeCommons By SA