CHAPTER 1(Concept of governance and management information system)

Enterprise Governance IT Governance GEIT IT steering Committee. Key metrics for Evaluation
of benefit from IT, IT cost,
Dimensions Benefit Benefits Key Function Transparency, Risk
Management
 Corporate/ Conformance 1. Increased :- 1. It ensures that IT 1. Ensure long-Run and Short
Governance. Value through enterprise related decision are Run plan are in tune with  % of it enabled
 Business/ Performance it, made in line with enterprise’s objective investment where: -
Governance. User satisfaction with It enterprise’s objective Benefit realization is
services and strategy 2. Ensure availability of viable monitored through full
Key management practices 2. Improved:- Agility in 2. It ensures it related communication between IT economic life cycle.
(required for aligning IT supporting business needs, process are overseen & its User
strategy with Enterprises) effectively and Claimed benefits are
Transparency and transparently 3. Review and approve major met or exceeded.
 Understand Enterprise’s understanding of IT IT deployment project (in all
direction contribution, 3. It ensures that stage)  % of It enabled services:-
 Assess the current governance Where expected benefit
environment, capabilities, Compliances with requirement for board 4. Review the status of IS plan realized
performance relevant law and members are made. and budget and overall
 Define the target It regulation Policies, performance With Approved operational
capabilities. 4. It Provide a consistent cost and expected benefits
 Conduct a gap analysis Management and approach integrated 5. Review and approve
 Define strategic plan and mitigation of IT related and aligned with standards, Policies &  % of Investment business
road map Business needs enterprise governance Procedures cases
 Communicate it strategy approach. 6. Facilitate implementation of  Satisfaction survey of key
and direction. 3. More utilization of IT 5. It confirms IT security within enterprises stake holders
resources compliances with legal 7. Facilitate and resolve
4. Better cost performance. regulatory conflicts in deployment of it.
requirements
Page -2
As per COSO COBIT 5 Key principal for COBIT 5 Categories of Risk management Key management
(internal control Governance and Enablers Strategies practices for
implementing Risk
interrelated components) management of IT
i. Principles, policies and management
 Tolerate and
 Control environment 1. Meeting stake holders Framework Accepted Risk.
needs ii. Process  Collect Data
 Risk assessment  Terminate/eliminate
2. Covering enterprises End iii. Organisational structure  Analyse data
 Control activities risk
to End iv. Culture, ethics and  Maintain a risk profile
 Information and  Transfer and Share
3. Applying Single behaviours  Articulate risk
communication Risk
integrated framework v. Information  Define a risk
 Monitoring  Treat/mitigate risk
4. Enabling holistic vi. Service, infrastructure management portfolio
 Turn back
approach and application  Respond to risk
5. Separating governance vii. Skilled and
from management. competencies
COBIT-5 Key management COBIT-5 Key management practice for Assessing and Areas to be reviewed by Internal auditor for Review
practices provided For evaluating the system of internal control. of Governance, Risk and compliances.
ensuring IT compliances
1. Monitor internal control 1. Scope
 Identify external 2. Review business process control effectiveness 2. Governance
compliances requirement 3. Perform control self- assessments 3. Evaluate enterprise ethics
 Optimize response to 4. Identify and report control deficiencies 4. Risk management
external requirements 5. Ensure that assurance providers are independent and 5. Interpretation
 Confirm external qualified 6. Risk management process
compliances 6. Plan assurance initiatives 7. Evaluate risk exposures
 Obtain assurance of external 7. Scope assurance initiatives 8. Evaluate fraud and fraud risk
compliances 8. Execute assurance initiatives 9. Address adequacy risk management process.

Page-3
Role of IT in enterprises Level of Managerial activities Components in COBIT
1. Not merely for data processing but more for
strategic and competitive advantage  Strategic planning Framework
2. Not only automate but also transform the  Management control
way business process performed  Operational Control Process Description
3. Not only impacts the way internal control
implemented but also provide better and Categories/Classification of IT Control Objectives
innovative strategic services.
strategic planning
4. Aligned business strategy and ensure value Management Guidelines
creation
5. Extensive organization restructuring/  Enterprise strategic plan
Maturity & Models
business process Re-engineering  IS strategic plan
 IS requirement plan
 IS application and facilities plan

Risk management in COBIT-5 Areas of review of assessing and Terminology and short notes:-
managing risk  ASSET
Risk Assessment o Risk management ownership and  VULNERABILITY
accountability  THREAT
 Risk identification o Different kind of IT Risk (technology,  EXPOSURE
 Risk Analysis security, continuity, regularity, etc.)  LIKELIHOOD
 Risk prioritization o Define and communicate risk tolerance  ATTACK
profile  RISK
 Risk Mitigation Control o Root cause analysis and risk mitigation  COUNTERMEASURE
measures  RESIDUAL RISK
 Risk Reduction o Quantitative and qualitative risk  MATRICS OF RISK MANAGEMENT
 Risk planning measurement
 Risk monitoring o Risk assessment methodology
o Risk action plan and timely assessment
 CHAPTER 2 (Information system Concept) Page-1
Classification of system Types of information system
Operation level system :- Knowledge level system
On the basis of
Element :- Abstract, Physical TPS (1)OAS (2) Knowledge management system
Component:- Input, Benefits:- It Is the process of capturing,
Interactive Behaviour:- Open, Closed Processing, Storage, Output  Improve communication developing, sharing & effectively using
 Reduce the cycle time organizational information. It is multi-
Degree of Human :-Manual Feature/Characteristics:-  Reduce cost of Communicatn disciplined approach.
Intervention Automated @ Large volume of Data  Ensure the accuracy of info. It retrieve, stores knowledge and
@ Automation of Basic  Smooth flow of communicatn improve collaboration. It mines
Working/Output :- Deterministic operation  Make activities effective and repositories for hidden knowledge
Probabilistic @ benefits are easily efficient & simple
Characteristics of computer based measurable Name of computer base office Types of knowledge
@ source of input for other Automation system Explicit Tacit
information system
system >Easily available >Resides in a few
 Work for predetermined objectives  Text processing system
across the often in just one
 Not of sub system and interdependent  Electronic document
Key activity of TPS organization person.
 If on fails all fails management system
@ Capturing data and >It can be > Which have not
 Interact to each other to achieve goal  Electronic message
organising into files & formalized easily been captured by
 Individual system have lower priority communication system
organization
database  Teleconferencing and video
than the goal of entire system
@ processing file database conferencing system
using application software
Component of information system Implication of IS in Business Attributes of information
@ Generating information in
 People (user)  Helps in efficient decision
the form of report
 Computer (hardware and Software) @ Processing queries from making Availability, Purpose/Objective, Rate
 Data various quarters of  Able to survive in competitive Mode and format, Current/Updated
 Network organisation. environment Frequency, Completeness/Adequacy
 Right decision on right time Reliability, validity, Quality,
 Knowledge gained from IS can Transparency,
be utilized in unusual situation Value of information
 Integrated to formulate strategy
 Page-2

Management level system

MIS DSS
Characteristics of effective MIS Limitation of MIS It provide set of capabilities on that enables
 Management oriented  Quality of output is governed by quality of input managers to generate information for decision
 Management directed  MIS is not substitute for management making
 Integrated  Non flexible for quickly update Component
 Common data flow  Not provide information suitable for every type  Database,
 Heavy planning element of decision Physical level, Logical, External Level
 Sub system concept  Considers only quantitative factor  User,
 Common database  Less useful for non-programed decision  Model base
 Computerised  Not effective in hoarding information culture Characteristics
 Not effective in frequent changes in top  Support decision making
Misconception of MIS
 Help groups in decision making
 Computer base information sys is MIS management structure and operational team
 Flexible (Change as per environment)
 Any Reporting system is MIS Pre-requisition of MIS
 Easy to use (user does not require
 MIS is management technique  Database
computer knowledge)
 MIS is bunch of Technologies  Qualified system & management staff
 Solved structured problem
 Study of MIS is about use of computer  Support of top management
 User friendly
 Accuracy play vital role in reporting  Control and maintenance of MIS
 Used for decision making rather than
 MIS is implementation of organizational communicating decision and training.
system and procedures. MIS & DSS Difference
 Extensible and evolve overtime
 MIS is file structure. Basis MIS DSS
DSS in Accounting
Provides Integrated tool, Structured info.
Various constraints come in the way of 1- Cost accounting system
(Philosophy) data model, lang to end user
operating MIS 2- Capital budgeting system
to end user
1- Non availability of experts 3- Budget variance analysis
Orientation External Internal
2- Which system should be installed / 4- General decision support system
operated first Flexibility Highly Inflexible
3- Designing approach of implementation of Emphasis Tools for decis Info. Req. ERP Model Component
MIS is not standardized. Analytical More capability Little capability Software, process flow, Customer Mind-set,
4- Non-cooperation from staff Design Interactive proc. Sys devlopment Change management.
 Page-3

EIS/ESS EIS & Traditional information system Differences

Characteristics Dimensions EIS Traditional Sys
 Serves the information need of top executive Level of management For top and near top exec For lower staff
 Enable user to extract summery data and model Nature of info. access Specific issues problem Status reporting
complex problem Nature of info provide Online tool and analysis Offline status reporting
 Provide rapid excess for report and management Drill down Available Not avail
 Can excess both internal and external data Info. format Text graphics Tabular
 Provide extensive online analysis tool Nature of interface User friendly Computer operator generated
 Can easily be given as a DSS support for decision
making Expert system Properties to qualify for expert system
Business application of expert system development
Principles of MIS  Accounting and finance Availability
 Easy to understand and collect  Marketing Complexity
 Performance indicators  Manufacturing Domain
 EIS measure should be based on a balanced view  Personnel Expertise
of organization’s objective  General business Structure
 EIS Measure should encourage management and Need of expert system Tool crucial for Business Growth
staff  Expert labour is expensive and scarce Business website
 EIS info. must be available in organization  Shortage of talent in key position Internet/ intranet
 EIS measure must evolve to meet the changing  Expert can handle only one problem Software and packages
needs of organisation at a time Business intelligence
 Limitation human information Computer system, scanner, laptop etc.
Characteristics of type of information used in processing capability & rushed pace Manager should possess following knowledge
executive decision making of business for operating information system
 Lack of structure Benefits of Expert System Foundation concept
 High degree of uncertainty 1- Preserve knowledge Information technology
 Future orientation 2- Information in active form Business application
 Informal source 3- Assist as experienced professional Development process
 Low level of detail 4- Not subject of human fallings Management challenges
5- Used as strategic tool
Provide suggestions and feedback on what’s-app 9584292172 (Prashant)
Suggestion and feedback will be incorporated in next charts