| | Home | | Knowledge Universe | | K-Mailer Universe | | K-links Universe | | Jargon Universe | | K-Query Universe | |
   


The Magic of Management Controls

Leave your control problems to an efficient Management Control System and see the magic

In 1994, an unidentified hacker used the Internet to gain unauthorised access to General Electric Co.'s (GE) corporate computer network. GE discovered the break-in during the Thanksgiving Week and suspended Internet access for 72 hours. The hackers used GE's computer systems to launch unsuccessful attacks against other computer systems. This incident interrupted GE’S operation for 72 hours - a great loss for a giant like GE.

Bitter truths!

The findings of the UK Audit Commission's fifth triennial report on computer fraud reveals that, while computer fraud and abuse is a growth industry, many organisations do not seem to take computer security seriously. Many organisations do not have basic computer security procedures in place. Simple matters such as proper management of passwords and virus checking are often neglected.

The Management should ensure basic procedures are in place. These low-cost procedures can do much to reduce the incidence of computer fraud and thereby avoid the associated cost and inconvenience.

The Wall Street Journal suggests in recent reports that hackers may have sniffed out passwords used by members of America Online, a service with more than 3.5 million subscribers. If the reports are accurate, even the president of the service found his account security jeopardised.

Password sniffers are programs that monitor and record the name and password of network users as they log in, jeopardising security at a site. Whoever installs the sniffer can then impersonate an authorised user and log in to access restricted documents. Laws are not yet in place to adequately prosecute a person for impersonating another person on-line, but laws designed to prevent unauthorised access to information may be effective in apprehending hackers using sniffer programs

Management Controls to the rescue

Management control is the basic framework of a computer system to ensure that the management performs well. It serves as a basis to evaluate the nature and extent of detailed testing of individual application systems. Further, the quality of management control influences the quality of data processing in the future.

The importance of management control varies across situations

Consider, the audit of computer system that supports a small medical shop. If the shop does not have an information systems master plan, it is unlikely that this lacunae will have serious repercussions on maintenance of data integrity. On the other hand, imagine a large organisation with decentralised computer operations, with no master plan. This will give sleepless nights to the auditor.

However, it is the auditor’s responsibility to decide when a management control is important and when it is not. Just as any other management’s responsibility is to plan the work and work the plan, management controls assume the role of ensure the development, implementation and the operation of technology in a planned and controlled manner.

The layers of management control

According to the organisational hierarchy and the functions performed, management controls take the following forms:

Senior management: Responsible for long-term policy decisions and ensuring that the computer installation is well managed.

Information systems management: Responsible for planning and control of IT related activities and also to assist senior management in policymaking.

Systems development management: Responsible for the design, implementation and maintenance of individual application systems.

Programming management: Responsible for programming new systems, maintaining old systems and providing systems support.

Database Administration: Responsible for the control and use of company’s database.

Operations management: Responsible for the day-to-day operations of the computer system. Other responsibilities include data preparation, maintenance of hardware etc.

The chain reaction

Management controls are basic controls across all systems. If there is a weakness in Management control, it may not be useful to evaluate application control.

Related Reading:

Computer Audit Resource Materials
Communications Week, December 5,1994 p. 89
www.isaca.org/art/2a.htm
EDP Auditing by Ron Webber
K-Mailer Universe Index Top
Board

Board of Directors | Advisory board | Partners | Offices | Team | Join our team | Press
Privacy Policy | Disclaimer | Copyright | Contact us

© Copyright 2003 C & K Management Limited