Milan S. Markovich
Independent Systems Consultants For World Class Business Solutions
|
Milan S. Markovich Independent Systems Consultants For World Class Business Solutions |
|
|
IT Controls Review, Computer Installation Effectiveness Review (CIER)
CIER You can think of this type of review as you would a health physical for yourself. All facets of IT operations and management are reviewed for potential improvements. They are also measured against the business plans and objectives they are to meet, and how they are satisfying those objectives. Suggestions for improvement are grouped into critical, recommended and optional categories. If desired, implementation plans are also delivered to the client to put these changes into place and monitor their effects over time. Adequate system capacity and room for growth in conjunction with business plans are analyzed. Any potential shortcomings or bottlenecks are identified and discussed in the final report.
Controls Review This type of review focuses on internal controls of the IT function. Separation of duties among staff such as no access to production data by IT personnel, controlled access to production programs only by authorized IT personnel, etc. Security policies are reviewed for effectiveness and compliance. Application access by appropriate users and their duties and policies regarding terminated employees' passwords are also reviewed. Plans for disaster recovery, onsite and offsite system backup policies and procedures, power protection and facilities security are reviewed. This type of review is analogous to the controls review provided by outside auditors as part of their financial review by an EDP specialist. Since most CPA firms are now divesting themselves of their management consulting operations, we are doing more of these in conjunction with CPA firms, or independent of them at management's request.
|
|
Copyright © 2004
Independent Systems Consultants
|
