Information Technology Reference
In-Depth Information
The IT operations team also provides centralised services such as backing up data on serv-
ers and workstations and maintenance of all hardware in the data centre and computers
used by staff.
a) Does the enterprise have an IT operations manual?
The IT operations manual describes various procedures used to run and support automated
business processes in the enterprise. The manual might include the use of operating sys-
tems, application systems, network systems, telephone systems, and supporting systems
such as disaster recovery procedures, systems monitoring, information security, and backup
procedures.
Manuals would normally include detailed procedures which can be kept in manual or elec-
tronic form in a central location where all authorised users can access them. These manuals
are essentially used to ensure that staff adhere to procedures when carrying out operations
and minimize incidents of breaching procedures and expose the enterprise to various risks.
In big corporations, IT operations can be a huge operation with a large number of support-
ing staff. The work of the IS auditor might also require a good number of assistants to per-
form a meaningful audit.
The IS auditor would be required to test various systems on the IT infrastructure, and sup-
porting evidence can be collected from IT operations activities such as operations reports,
monitoring tools, online systems, and operations manuals used by IT operations staff. It
would be important when reviewing the various documents and systems to focus on sys-
tems which are covered in the operations manuals. It is important that procedure manuals
are up to date and can provide sufficient guidance to IT staff.
b) How does the enterprise ensure that IT staff adhere to operations procedures?
Adherence to IT operations procedures ensures that all work is carried out according to es-
tablished procedures. Not following procedures could result in increased risk to the enter-
prise.
The enterprise can ensure that IT staff adhere to operational procedures by embedding IT
procedures into business processes and insisting that all processes are conducted according
to established procedures. Where there are no systems which ensure adherence to proced-
ures, the IS auditor should report to management and make recommendations on the need
to have such systems in place.
The IS auditor can obtain evidence from audit trails and other logs which record how sys-
tems are operated. Monitoring tools can also be implemented which can be manual or auto-
mated to help with checking use of IT systems. Physical observation is one other way the
IS auditor can use to check adherence to procedures by IT staff.
Search WWH ::
Custom Search