How these parts of IT fit together

How these parts of IT fit together Handout Network perimeter Outsourced IT Local area network Application element User PCs Data centre Server or Mainframe mainframe Firewall Platform Domain Internet controller Operating Interface system Batch Application scheduler Application Interface Local area Wide area Database Application network network Database network Database Interface Data store Data Application Data Date Pricewaterhouse. Coopers LLP Slide 1

What does ITGC include? IT General Controls Program Computer Program Access to programs and data development operations changes Date Pricewaterhouse. Coopers LLP Slide 2

Systems development? IT General Controls Program Computer Program Access to programs and data development operations changes Initiation, analysis and design Construction Pw. C Audit guide - 6023: Testing “To ensure that systems are developed, configured, and Data conversion implemented to achieve management's application control Implementation objectives”. Documentation and training Which means: Systems that are developed Segregation of duties actually work as required. Date Pricewaterhouse. Coopers LLP Slide 3

Computer operations IT General Controls Systems Computer Program Access to programs and data development operations changes Batch processing Pw. C Audit guide - 6023 Interface processing “To ensure that production systems are processed completely and Monitoring of computer processing accurately in accordance with management's control objectives, Backups and that processing problems are Computer centre identified and resolved completely operations and accurately to maintain the integrity of financial data”. Which means: Systems process data as intended, and where they don’t, this is identified and corrected. Date Pricewaterhouse. Coopers LLP Slide 4

Program changes IT General Controls Systems Computer Program Access to programs and data development operations changes Pw. C Audit guide - 6023 Specification and authorisation “To ensure that changes to Construction programs and related infrastructure components are Testing requested, authorized, performed, tested, and Implementation implemented to achieve Documentation and management's application training control objectives”. Segregation of duties Which means: Report integrity Changes to systems and data do not adversely affect their integrity, availability or confidentiality. Date Pricewaterhouse. Coopers LLP Slide 5

Access to programs and data IT General Controls Systems Computer Program Access to programs and data development operations changes Application security Database Pw. C Audit guide - 6023: administration Operating system Direct data access via security administration App/Network /OS/Util. “To ensure that only authorized access is granted to programs and Network / connection security administration data upon authentication of a user's identity”. Application logical security Operating system Which means: logical security Systems and data are protected Network logical from invalid changes. security Application powerful accounts Operating system powerful accounts Network powerful Date accounts Pricewaterhouse. Coopers LLP Slide 6

The complete picture IT General Controls Systems Computer Program Access to programs and data development operations changes Initiation, analysis and Specification and Application security Database Batch processing design authorisation administration Operating system Direct data access via Construction Interface processing Construction security administration App/Network /OS/Util. Monitoring of computer Network / connection Testing processing security administration Application logical Data conversion Backups Implementation security Computer centre Documentation and Operating system Implementation operations training logical security Documentation and Network logical Segregation of duties training security Application powerful Segregation of duties Report integrity accounts Operating system powerful accounts Network powerful Date accounts Pricewaterhouse. Coopers LLP Slide 7