baa-ais-organizational roles and responsibilities

    IT/IS Organizational Roles andResponsibilities


    Winston Phethi

    Organizational structure charts are importantitems for all employees to have since theyprovide a clear denition of the department’shierarchy and authorities.

    Additionally, job description provide !"#department employees a clear directionregarding their roles and responsibilities.

     !he # auditor should spend time in anauditees area to observe and determine$hether the job description and structures areade%uate.

    IT/IS Organizational Roles andResponsibilities -Outline

    As a committee of the board, it assists theboard in overseeing the enterprise&s !'related matters by ensuring that the boardhas the internal and e(ternal information itre%uires for e)ective ! governance decisionma*ing.

    IT Strategy Committee

     !his committee might have more than onename+ t might be referred to as an ! steeringcommittee or an ! strategy committee.

     !he steering committee is tas*ed $ithensuring that the ! department is properlyaligned $ith the goals of the business.

     !his is accomplished by using the committeeas a conduit to move information andobjectives from senior business managementto ! management.

    IT Steering Committee

    Systems development manager -esponsible for programmers and analysts $hoimplement ne$ systems and maintain e(istingsystems

    Projet manager -esponsible for planning and e(ecuting ! projectsand may report to a project management oceror to the development organization

    Project manager play a central role in e(ecutingthe vision of the ! strategy and steeringcommittee by planning, coordinating anddelivering # projects to the enterprise.



    Servie des% &'elp des%( t is unit $ithin an organization that responds to

    technical %uestions and problems faced by users. A procedure to record the problems reported,

    solved and escalated should be in place foranalysis of the problems"%uestions

    "nd user -esponsible for operations related to business

    application services/ used to distinguish theperson for $hom the product $as designed fromthe person $ho programs, services, or installsapplications.


    IT/IS RO!"S A#$R"SPO#SIBI!ITI"S)*Cont*

    "nd-user support manager

    -esponsible as a liaison bet$een the #department and the end users

    $ata manager

    -esponsible for the data architecture in larger !environments and tas*ed $ith managing data as acorporate asset

    +uality Assurane &+A( manager

    responsible for negotiating and facilitating %ualityactivities in all areas of information technology

    IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S)Cont*

    Operations ,anager-esponsible for computer operations personnel, including all sta)re%uired to run the data center eciently and e)ectively.

    Control group

    -esponsible for the collection, conversion and control of input, andthe balancing and distribution of output to the user community.

     !he control input"output control group should be in a separate area$here only authorized personnel are permitted since they handlesensitive data

     !hey usually report to the Operations 0anager

    ,edia managerresponsible for recording, issuing, receiving, and safeguarding allprogram and data les that are maintained on removable media

    IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S-Inrastruture Operations and,aintenane

    $ata "ntry !he process of getting information into a

    database, usually done by people typing it in by$ay of data'entry forms designed to simplify the

    process. ts is critical to the information Processing activity

    Systems administrator

    -esponsible for maintaining major multi'user

    computer systems, including 1A2s, W1A2s, WA2s,PA2s, #A2s, intranets and e(tranets, and mid'range and mainframe systems

    IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S -Inrastruture Operations and ,aintenane)Cont*

    Systems administrator typical duties include/

    3. Adding and conguring ne$ $or*stations andperipherals.


    #etting up user accounts5. nstalling system $ide soft$are

    6. Performing procedures to prevent"detect"correct the spread of viruses

    7. Allocating mass storage space#mall organisations may have just one systemsadministrator $hereas larger enterprises usuallyhave a team of systems administrators.

    IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S -Inrastruture Operations and ,aintenane)Cont*

    Seurity Administrator -esponsible for ensuring that the various users are

    complying $ith the corporate security policy andcontrols are ade%uate to prevent unauthorized access

    to the company assets. !he seurity Administrator.s function usually include/

    3. 0aintaining security rules to data and other !resources

    4. 0aintaining security and condentiality over theissuance and maintenance of authorized user 8s andpass$ords.

    5. 0onitoring security violations and ta*ing correctiveaction to ensuring ade%uate security is provided.


    IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S -Inrastruture Operations and,aintenane)Cont*

    6. Periodically revie$ing and evaluating thesecurity policy and suggesting necessarychanges to management

    7. Preparing and monitoring the security

    a$areness program for all employees9.  !esting the security architecture to evaluate the

    security strength and detect possible threats.

    :. Wor*ing $ith compliance, ris* management and

    audit functions to ensure that security isappropriate designed and updated based onaudit feedbac* or testing

    T'e Seurity Administrator.suntions)Cont*

    +uality assurane personnel usuallyperform t$o distinct tas*s /

    +uality Assurane &+A(

    ;elps the # department to ensure thatpersonnel are follo$ing prescribed %ualityprocesses.

    +uality Control &+C(

    -esponsible for conducting tests or revie$s toverify and ensure that soft$are is free from

    defects and meets user e(pectations.

    IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S -+uality Assurane

    $atabase Administrator &$BA(

    $BA.s roles inlude

    7. mplementing database denition controls,access controls, update controls andconcurrency.

    9. 0onitoring database usage, collectingperformance statistics and tuning thedatabase

    :. 8ening and initiating bac*up and recoveryprocedures

    ?. Ans$ering programmer %ueries andeducating programmers in the database


    $atabase Administrator.s role)Cont*

    Systems analyst #pecialist $ho designs systems based on the

    needs of the user and are usually involvedduring the initial phase of the systemdevelopment life cycle =#81

     !hese individuals interpret the needs of the

    user and develop re%uirements and

    functional specications as $ell as high'leveldesign documents. !hese documents enable programmers to

    create a specic application.

    IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S)Cont*

    Seurity ar'itet -esponsible for evaluating security technologies/

    design security aspects of the net$or* topology,access control identity management and other

    security systems/ and establish security policiesand security re%uirements.

    #ecurity Architects should also $or* $ith

    compliance, ris* management and audit functionsto incorporate their re%uirements andrecommendations for security into the securitypolicies and architecture.

    IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S)Cont*

    Appliations sta0 -esponsible for developing and maintaining applications/

    should $or* in a test'only environment 8evelopment can include developing ne$ code or

    changing the e(isting setup or conguration of theapplication.

    #ta) develop the programs or change the applicationsetup that $ill ultimately run in a production environment.

     !herefore management must ensure that sta) cannot

    modify production programs or application or applicationdata. #ta) should $or* in a test'only environment and turn their

    $or* to another group to move programs and applicationchanges into the production environment.

    IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S -Appliation $evelopment and,aintenane

    Inrastruture sta0 -esponsible for maintaining the systems

    soft$are, including the operating system.

     !his function may re%uire sta) to have broadaccess to the entire system. # management must closely monitor

    activities by re%uiring that electronic logs

    capture this activity and are not susceptible toalteration @sage of domain administration and super'

    user accounts should be tightly controlled and


    IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S -Appliation $evelopment and ,aintenane)Cont*

    #et1or% administrator -esponsible for *ey components of the infrastructure

    =routers, s$itches, re$alls, net$or* segmentation,performance management, remote access, etc.>/ report tothe director of the nformation Processing acility =P> oran end'user manager.

     !his position is responsible for technical andadministrative control over the 1A2.

     !his includes ensuring that transmission lin*s are

    functioning correctly, bac*ups of the system areoccurring, and soft$are"hard$are purchases areauthorized and installed properly.

     !he 1A2 administrator should have no applicationprogramming responsibilities but may have systems

    programming and end'user responsibilities.

    IT/IS RO!"S A#$ R"SPO#SIBI!ITI"S -#et1or% ,anagement

    Avoids the possibility that a single personcould be responsible for diverse and criticalfunctions in such a $ay that errors ormisappropriations could occur and not bedetected in a timely manner an in the normalcourse of business process.

    S"2R"2ATIO# O3 $4TI"S 5IT6I# IS/IT

