Ch_05 - IT AUDIT SOLUTIONS MANUAL CHAPTER FIVE MANAGING THE...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
IT AUDIT SOLUTIONS MANUAL CHAPTER FIVE MANAGING THE IT FUNCTION DISCUSSION QUESTIONS 5.1 Discuss the business and audit risks of having the IT function improperly located in the company’s organizational structure. The business risks are that scarce valuable organizational resources consumed by the IT function will fail to address that company’s strategic initiatives, thereby sub-optimizing the company’s potential efficiency and effectiveness. The audit risks are that improper segregation of incompatible functions can threaten the integrity and security of enterprise-wide information, as well as the computing infrastructure. 5.2 What are some considerations regarding the organizational level at which the IT manager is placed? It is optimal for the IT function manager to be located at least at the same organizational level as peer functional/line managers. The internal control structure should consider the possibility of opportunistic (perhaps fraudulent) behaviors stemming from upper management brought about by an overlap of incompatible duties by instituting sound procedures and exercising vigilant oversight in this regard. In this manner, the internal control implications of locating the IT Function at or above the level of other functional/line managers can be effectively managed. Having the IT function manager report directly to the corporate controller is often considered. However. most corporate controllers perform two of the three incompatible duties: authorize and record certain transactions. If the IT function reported here, the 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
corporate controller would also maintain custody of assets, -- information databases and software applications, thereby giving all three incompatible duties to one person. Other functional/line managers normally would have insufficient knowledge of computing infrastructures, operating systems, software applications and related matters to offer effective guidance and support to IT managers. There is also the risk that a functional/line manager will prioritize the IT function to serve their own area rather than consider the long-term needs that benefit the entire organization. Also, if the IT manager reports to another functional/line manager, the IT function might receive inadequate attention from upper management and possess relatively weak power when it comes to acquiring necessary resources. 2
Background image of page 2
5.3 What is the profit center approach to funding IT operations? Discuss the advantages and disadvantages. With the profit center approach, the IT function charges internal users for IT services. The IT budget will then show a list of its customers (the company’s departments) and the anticipated intra-company billing to them, and a detailed budget of the total IT department expenses. The goal would be to have all the expenses offset by the intra- company billings to justify the IT department. Advantages:
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 9

Ch_05 - IT AUDIT SOLUTIONS MANUAL CHAPTER FIVE MANAGING THE...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online