Extensive summary of the course IT in Control. This document includes extensive notes on the screencasts and summarized papers, excluding one, which I think was only relevant for the group assignment.
Document primarily written in English. Some dutch comments may be there though.
Screencast discuss the most important things from the book.
July 4, 2020
109
2019/2020
Summary
Subjects
msc
risk
saas
iaas
paas
it
rug
Connected book
Book Title:
Author(s):
Edition:
ISBN:
Edition:
More summaries for
Test Bank for Accounting Information Systems 14th Edition Marshall B. Romney, Paul J. Steinbart.
Test Bank for Accounting Information Systems 15th Edition Marshall B. Romney, Paul J. Steinbart
Accounting Information Systems - Chapter 13 The Expenditure Cycle: Purchasing to Cash disbursements - Summary
All for this textbook (14)
Written for
Rijksuniversiteit Groningen (RuG)
Accountancy
IT in Control
All documents for this subject (3)
Seller
Follow
rugstudent2020
Reviews received
Content preview
IT in Control
Summary + notes
1
,Inhoud
Lecture 1 Notes .............................................................................................................................................................. 4
1.1 Introduction ......................................................................................................................................................... 4
1.2 Strategy ................................................................................................................................................................ 5
Selig - Chapter 1: Introduction to IT/Business Alignment, Planning, Execution and Governance .................... 5
Selig - Chapter 3: Business/IT Alignment, Strategic Planning and Portfolio Investment Management
Excellence (Demand Management) .................................................................................................................... 11
Henderson, J.C.; Venkatraman, N. (1993) .......................................................................................................... 14
Sabherwal, R.; Hirschheim, R.; Goles, T. (2001) ................................................................................................. 17
Henderson, J.C.; Venkatraman, N. (1993). Strategic Alignment, Leveraging Information technology for
transforming organizations ..................................................................................................................................... 18
Strategic alignment: the emerging concept ....................................................................................................... 18
Four dominant alignment perspectives.............................................................................................................. 20
Key issues and management challenges ............................................................................................................ 23
Sabherwal, R.; Hirschheim, R.; Goles, T. (2001). The Dynamics of Alignment, Insights from a Punctuated
Equilibrium Model ................................................................................................................................................... 25
Abstract ................................................................................................................................................................ 25
Theoretical development .................................................................................................................................... 25
1.3 Governance ........................................................................................................................................................ 29
Selig - Charter 2: Overview of Integrated IT Governance and Management Framework and Selection of
current and emerging Best Practice Frameworks, Standards and Guidelines ................................................. 31
Selig - Chapter 6: IT Service Management (ITSM) Excellence (Execution Management) ................................ 37
Hardy, G. (2006). Using IT Governance and COBIT to deliver Value with IT and respond to Legal, Regulatory
and Compliance Challenges .................................................................................................................................... 43
What is IT governance? ....................................................................................................................................... 43
IT governance and compliance ........................................................................................................................... 44
How does CobiT help? ......................................................................................................................................... 44
Governance via COBIT ......................................................................................................................................... 44
Creating value through IT governance and COBIT ............................................................................................. 45
Kerr, D.; Murthy, U.S. (2013). The importance of the COBIT Framework IT Processes for Effective Internal
Control over Financial Reporting in Organizations, an International Survey........................................................ 46
Introduction ......................................................................................................................................................... 46
Background and research questions................................................................................................................... 46
Method ................................................................................................................................................................. 47
Results .................................................................................................................................................................. 48
Summary, implications, and conclusion ............................................................................................................. 49
Lecture 2 Notes ............................................................................................................................................................ 50
2.1 Cybercrime ......................................................................................................................................................... 50
Chapter 5 Computer Fraud Romney & Steinbart ............................................................................................... 50
Chapter 6 Computer Fraud and Abuse Techniques Romney & Steinbart ........................................................ 55
2.2 Security............................................................................................................................................................... 62
Romney & Steinbart, Chapter 7: Control and Accounting Information Systems ............................................. 62
2
, Romney & Steinbart, Chapter 8: Controls for information Security (IC Basics) ............................................... 65
Fanning, K.; Centers, D.P. (2016). Blockchain and Its Coming Impact on Financial Services ............................... 74
Lecture notes 3............................................................................................................................................................. 77
3.1 Outsourcing........................................................................................................................................................ 77
Chapter 7: Strategic Sourcing, Outsourcing and Vendor Management Excellence ......................................... 78
Chapter 9: Cloud Computing, Data Management and Governance Issues, Opportunities, Considerations and
Approaches .......................................................................................................................................................... 81
Julisch, K.; Hall, M. (2010). Security and Control in the Cloud. ............................................................................. 85
Introduction to cloud computing ........................................................................................................................ 85
State of the art in cloud security ......................................................................................................................... 85
The “conventional” ISMS ..................................................................................................................................... 86
Responsibility for controls in cloud computing .................................................................................................. 86
The virtual ISMS ................................................................................................................................................... 88
Lecture 4 ....................................................................................................................................................................... 89
4.1 Privacy ................................................................................................................................................................ 89
Romney & Steinbart - Chapter 9: Confidentiality and Privacy Controls (IC Basics) .......................................... 93
Romney & Steinbart - Chapter 10: Processing Integrity and Availability Controls........................................... 98
4.2 Analytics ........................................................................................................................................................... 100
Romney & Steinbart - Chapter 4: Relational Databases .................................................................................. 101
Romney & Steinbart - Chapter 11: Auditing Computer-Based Information Systems .................................... 105
Chan, D.Y.; Vasarhelyi, M.A. (2011). Innovation and practice of continuous auditing ...................................... 108
Debrecenya, R.; Gray, G.L. (2001). The production and use of semantically rich accounting reports on the
Internet XML and XBRL .......................................................................................................................................... 109
3
, Lecture 1 Notes
Read in the book:
H1: 1.5 & 1.6
H3: 3.2.3, 3.2.4, 3.2.7, 3.3.1 t/m 3.3.3
Both papers important
1.1 Introduction
Course objectives
› Upon completion of the course the student is able to:
- Recognize, distinguish and assess how organizations have organized their IT infrastructure, IT
applications, IT management and IT strategy domain on a strategic, tactical and operational level (B);
- Identify and explain the effects of changes in the IT infrastructure, IT applications, IT management and
IT strategy, related to the reliability of financial reporting, the effectiveness and efficiency of operations
and compliance with relevant laws and regulations (A);
- Design a set of preventive and detective IT controls to mitigate cyber risks and outsourcings risks
(cloud- computing), related to the reliability of financial reporting, effectiveness and efficiency of
operations and compliance with relevant laws and regulations (B);
- Determine the suitability of applied (data) analysis and reporting tools and technics for management
information and external reporting purpose (C);
- Assess and advise about the reliability of automated information (C).
Course description
› Strategy: Business IT Alignment,the Strategic Alignment Model(SAM) and the Amsterdam Information Model
(AIM), Demand- and Supply Management, the role of the CIO, Business Information Manager and Business
Analyst.
› Governance: Enterprise Governance of IT (COBIT) and other more tactical and operational frameworks like
BiSL, ASL and ITIL.
› Outsourcing: types of outsourcing (IaaS,PaaS,SaaS(cloud- computing) and obtaining assurance (SLA’s, SLR’s,
ISO27001-certifying, ISAE3402-reporting, SOC1, SOC2 and SOC3).
› Cybercrime:types of cyberthreats (ransomware,cryptoware,CEO fraud, identity fraud, man-in-the-middle) and
designing preventive, detective and corrective IT controls for mitigating these cyber risks.
› Security: securing data in motion(end-to-endencryption,SSL,HTTPS, VPN) and securing data at rest
(encryption, MFA, SSO), cryptocurrencies like Bitcoin and FinTech developments like Blockchain.
› Privacy: CIA triad or in Dutch‘BIV-classificatie’,relevant laws and regulations like ‘Wetgeving Meldplicht
Datalekken’ and ‘Europese Algemene Verordening Gegevensbescherming’ (EAVG) or General Data Protection
Regulation (GDPR).
› Analytics: Data Quality, Data Analysis, Standardization (API,EDI,XML, XBRL), Big Data, reporting tools and
technics (CAATS), Continuous Data Assurance.
4
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller rugstudent2020. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.56. You're not tied to anything after your purchase.
