Assess the impact human behavior can have on IT changes, indicating how the impact should be managed. Create a strategy to minimize the risk or the negative impact of human intervention.
Quite a lot is known about human performance and the way it applies to system interaction. Several classes of human error have been identified and studied and conditions that increase the likelihood of error can be specified in advance . Communication systems can be designed to be error-tolerant and error-detecting or correcting. In a similar way, we could devise a science of error-tolerant, detecting or minimization interactions with human operators.
Many advances have been made in our understanding of the hardware and software of information processing systems, but one major gap remains: the inclusion of the human operator into the system analysis. The behavior of an information processing system is not a product of the design specifications: it is a product of the interaction between the human and the system. The designer must consider the properties of all the system components -- including the humans -- as well as their interactions. The various technical publications of the field attest to a concern with software and hardware, but emphasis on human functionality and capability is lacking. Many failures of information systems are attributed to human error rather than to the design. We are going to suffer continued failures until we learn to change our approach
Sourses: http://www.jnd.org/dn.mss/commentary_human_er.html JND.org
Evaluate the risks associated with designing IT systems and how they may be managed to ensure the effective integration of segregation of duties related to installing networks, operating systems, and data management systems. Provide support for your evaluation.
STRUCTURE OF THE INFORMATION TECHNOLOGY FUNCTION - The organization of the IT function has implications for the nature and effectiveness of internal controls, which, in turn, has implications for the audit. In this section, some im-portant control issues related to IT structure are examined. These are illustrated through two extreme organizational models—the centralized approach and the distributed ap-proach.
The centralized data processing model, all data processing is performed by one or more large computers housed at a central site that serves users throughout the organization.
Database Administration - Centrally organized companies maintain their data resources in a central location that is shared by all end users. In this shared data arrangement, an independent group headed
by the database administrator (DBA) is responsible for the security and integrity of the database.
Data Processing - Database Administration Centrally organized companies maintain their data resources in a central location that is shared by all end users. In this shared data arrangement, an independent group headed
by the database administrator (DBA) is responsible for the security and integrity of the database. The data processing group manages the computer resources used to perform the day-to-day processing of transactions. It consists of the following organizational functions: data conversion, computer operations, and the data library.
Data Conversion. The data conversion function transcribes transaction data from hard-copy source documents into computer input. For example, data conversion could-involve keystroking sales orders into a sale order application in modern systems, or transcribing data into magnetic media (tape or disk) suitable for computer processing in legacy type systems.
Computer Operations. The electronic files produced in data conversion are later processed by the central computer, which is managed by the computer operations groups. Accounting applications are usually executed according to a strict schedule that is controlled by the central computer’s operating system.
Data Library. The data library is a room adjacent to the computer center that provides safe storage for the off-line data files The data processing group manages the computer resources used to perform the day-to-day processing of transactions. It consists of the following organizational functions: data conversion, computer operations, and the data library.