Establishing IT Controls


Published on

Establishment of IT controls

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Establishing IT Controls

  1. 1. Christy Cirino, Dir IT & Business Process Aug 2011 IT Organization and Controls
  2. 2. Service Delivery Management Methodology & Governance Selection ProductivityCentre ArchitectureLab ManagementSuite StrategyForum Result Station Program Program Project 1 Project 3 Project 5 Program X Y W Z Q 1 3 5 2 4 ! ? @ Benefits Solution Vision Mission Objectives Reality Organization Resources Market Product Target Organization Resources Market Product Dynamics (Services) Structure (Resources) Dynamics (Services) Structure (Resources) Current Capabilities Target Capabilities X Y Z Q W Direction Solution Solution Solution Project Change Blueprint 1 2 3 5 4 Change Initiatives Team Leader Project Team Solution Architect Program and Project Managers Business System Manager Upper Mgmt Enterprise Architect Operational Management Organization
  3. 3. Service Delivery Management Methodology & Governance
  4. 4. Service Management Process Framework IT Service Management Process Framework Service Desk IT Manager System Manager Business Users Incident Management Problem Management Change Management Configuration Management Release Management
  5. 5. Incident Management Level2 Legends Level1 Receive Call Record Incident Knowledge Base Classify incident Prioritize on impact & urgency Provide solution Escalate to L2 Solution Available? <ul><li>Incident details </li></ul><ul><li>Analysis </li></ul><ul><li>Related info </li></ul><ul><li>Workaround, if any </li></ul>Solution Satisfactory? Y N Confirm resolution with Customer Log details <ul><li>Incident detail log </li></ul><ul><li>Customer satisfaction log </li></ul><ul><li>Time & effort log </li></ul>Close Incident N Analyze incident and its details Check for similar incidents in the past Design solution Software change required? N Implement solution / Inform L1 Y Initiate Change Management Incident detection & recording Classification & initial support Investigation and diagnosis Resolution and recovery Incident ownership, monitoring, tracking and communication Config Mgmt DB Check against problems, known errors or recurrence Y Level3
  6. 6. Incident Management Process Flow Incident detection and recording Classification and initial support Service Request Investigation and diagnosis Resolution and recovery Incident closure Service Request Procedure Ownership, monitoring, tracking and communication
  7. 7. Problem Management Process Flow Problem Control Problem identification and recording Problem Classification Problem Investigation and diagnosis RFC, Problem Resolution and closure Tracking and monitoring Problems Error Control Error identification and recording Error Assessment Record error resolution Close error and associated problem(s) Tracking and monitoring Errors RFC Change successfully implemented
  8. 8. Process for Change and Configuration Management Change Management Release Management Configuration Management Request for Change Filter, Record & Identify Prepare for Change Classification & Planning Release Change built, tested Implementation Change implemented Evaluation Closure End Release & Distribution of new documented software versions Reports and Audit Information Reports Update CI Details Update CMDB & DSL. Release from DSL Verify CMDB Configuration Management DB (CMDB) Definitive Software Library (DSL)
  9. 9. Regular Tool Update & Interaction with other Service towers <ul><li>Locations: </li></ul><ul><li>Globally </li></ul>Requirements Gathering Change Review Board Approved Requests Define Test Build Deploy Close Test Break-Fix Level 1: Help Desk Severity 1 Calls & Multi-User Outages Severity 1 Problem Plan End Users Minor/Major Enhancements SW Vendor Escalation Severity 1 Problem L3 Support Analyze & Fix Enhancement Lifecycle Fix Release RCA Level 4: Application Support Escalation Onsite Coordinator / Team Level 3: Application Support ERP + Reporting Preventative Maintenance & Monitoring Change Request Process Critical Situation Team
  10. 10. Some Sample Templates Requirements Management Process for SAP Change Management Process Coding Standards (SAP – ABAP) SDLC Controls during AMS projects Information Security Process
  11. 11. Source Code / Document Version Control <ul><li>Source Code will be Used Standard SAP Tools Provided in SAP – Solution Manager </li></ul><ul><li>Document Version Control will be implemented using Microsoft Share Point </li></ul>
  12. 12. Application Controls <ul><li>Completeness checks - controls that ensure all records were processed from initiation to completion. </li></ul><ul><li>- Validity checks - controls that ensure only valid data is input or processed. </li></ul><ul><li>- Identification - controls that ensure all users are uniquely and irrefutably identified. </li></ul><ul><li>- Authentication - controls that provide an authentication mechanism in the application system. </li></ul><ul><li>- Authorization - controls that ensure only approved business users have access to the application system. </li></ul><ul><li>- Input controls - controls that ensure data integrity fed from upstream sources into the application system. </li></ul>