Posted by: Robert Davis
Control Environment, Control Evaluation, Control Processes, Governance Tree, Internal Control Systems, IT Controls, IT Governanace, IT Management, Roles and Responsibilities
Processes modify system elements deployed to assist in achieving IT program goals. When pursuing identification, process maps are a standard method to document all pertinent system information. Developmentally, process maps should include data, timing, methods, personnel, material, equipment, environment, inputs, outputs, and other relevant factors. Subsequently, each identified IT process must be defined to enable event expectation and causation analysis.
While documenting entity processes, internal as well as external responsibilities should be examined for synchronization to the IT mission. Depending on the control environment; control processes can range from top-heavy responsibility concentration with inaccurate measurements and employee opposition to widespread responsibility with accurate measurements and no employee opposition. Entity-IT organizational alignment determination, with processes identified, permits inefficient or ineffective IT units consolidation and/or elimination.
“View Part I of the Right-sizing IT Controls series here“