 Hello and welcome to the session in which we will discuss the information technology department and specifically the role of this department as well as the personnel the people that work there what is the role and we'll speak briefly about the internal control so the IT department or information technology within any organization is a supporting division supporting means it does not get involved in the production of the product that we are producing whatever we are producing or selling it supports the people that's why it's a supporting division within the company not a production department the supporting division that's responsible for managing and maintaining the the company's computer systems and network now computer system means many things software hardware network storage cloud so on and so forth the IT department typically include a variety of professionals with different skills and roles in some organization and this is what we're going to be assuming the IT department could be a huge large department depending on the size of the company so what i'm going to do i'm going to look at a sample structure now this is a sample structure it doesn't have to be this way but basically we have the CEO is on the top of the chart obviously the CEO is in charge of the whole operation chief operation officer chief executive officer right underneath it we could have something called CIO or CTO depending on the company chief information officer or chief technology officer now underneath this individual again we're discussing large multi multinational organization they will have three areas one is called application development system administration or technical services and computer operation now why would we have those three areas separately well because for the purpose of internal control people in these areas should stay separate for internal control purposes so they don't you would not have a breach of data and the system would run smoothly now within the application development we're going to look at the people the titles the typical titles that you could see for example under the application development we could see that we could have a system analyst and a software developer and we're going to discuss each area and the role of the people within each area now under the system administration we could have many sub areas we could have network manager or network administrator web administrator it security administrator or administrators could be more than one it help desk and data administrator for the purpose of the session i am not going to discuss the data administrator role because i'm going to have several sessions about data and we'll discuss the data administrator role in these sessions then we're going to have computer operation and under computer operation we're going to have data entry is a separate department and data control another separate department reason i have them so the picture will fit better and we'll have a file librarian could we have more different personnel yes but those are the typical ones before we proceed any further i have a public announcement about my company forehead lectures dot com forehead accounting lectures is a supplemental educational tool that's going to help you with your cpa exam preparation as well as your accounting courses my cpa material is aligned with your cpa review course such as becker roger wiley gleam miles my accounting courses are aligned with your accounting courses broken down by chapter and topics my resources consist of lectures multiple choice questions true false questions as well as exercises go ahead start your free trial today no obligation no credit card required now for the purpose of segregation of duties we want to keep those separate and the segregation of duties ensure that the right people have access to the right resources and for the right reasons for example you don't want the programmer for example the software and the software developer the person that we're going to talk about this in a moment that writes the program be able to use the system because if they can write the program and use the system they know exactly how the system work and they could have backdoors to do malicious things it also minimizes the risk of data breaches or unauthorized access to sensitive information and each group is able to focus on exactly what their responsibilities and their task is which will lead to a more efficient and effective it departments now starting on the next slides i'm going to go over each category then the people within this category and speak about the role starting with application development this is where things are born it means created application we're developing the application now later on we're going to have another session that talks about when we purchase an application we can develop an application like a new software a new web application or we can purchase it either or we're going to have a separate department for that purpose so the application development is a functional area within the it that's responsible for creating testing and maintaining software system well they include developing of new applications and those applications could be web application mobile application for example cell phone application desktop laptop whatever mobile as well as maintenance and enhancement of the existing ones so the goal of this area is to create software that meets the need of the organization and its customers and that's what we meant by saying it is a supporting function it means everything that we do on it if you remember when you spoke about cobit we said cobit meet the organization need well all it people everything that has to do with it the reason we have it is to do what is to help us meet our need the company need and its customers so in this application development area we could have what's called system analysts now you need to know what is the overall area and what's the role what's the main role of the system analyst what are the system analysts so the system analyst bridge the gap between business requirement and it solution and the business analyst is the person that is that can speak the tech language and can speak the business language so the system analyst is a person in between those two group he or she can communicate the business need to talk people and vice versa and let tech people know let business people know what tech people are capable or not capable of so think of the system analyst as an intermediary because they know both the tech language as well as the business language system analysts help to understand the needs of the business and translate them into technical requirement how do they do that through charts through narrative so on and so forth through meetings basically it works to ensure that the new system follows the organization policies and procedure and that they meet the requirement of regulatory bodies because the system analyst is the first person basically draw the map of the new system that we're creating now once we draw the map once we have the blueprint we're going to give the blueprint to the programmer they are called software developer application developer application programmers you could see different terminology for them but the point is what do they do they work under the direction of the system analyst and they use programming language to create what we need to create so they use various programming language cc plus plus java whatever and technologies compilers to create software application that needs the need of the organization and usually they do this basically in a sandbox it means not in a live situation so initially the work done in a non-life environment so this is the first area so basically what I did and on this slide I covered this part here the people the area and the people who works in this department the second area is systems administration and programming well in this funk in this area it's a functional area as well within the IT department that's responsible for managing and maintaining the organization computer system and network remember first we create the software we create the systems now the system administrator and programming they maintain it well this include installing configuring maintaining servers storage devices network equipment so on and so forth as well as managing the organization infrastructure the goal is to do what make sure the organization computer system is running efficiently efficiently and effectively to meet the business need that's the IT part of the IT department so we're going to look now at the people the role of the people who are inside this this area this sphere they are also known as sys admins they are professional who are responsible for the day-to-day operation and maintenance of the organization computer system and network so at work if you need to have access or you need to install something a new software your network is not connecting properly you would contact the system administrator and we have many of them we could have a network manager or network administrator usually they give you access to the network those professional are responsible for the design implementation and maintenance of the computer network they manage also the network documentation provide technical support and guidance to users about the network keep up to date with new technologies and best practices for network management so on the CPA exam or on any exam professional exam remember look for the word network or something that makes sense to this to this position web administrators well guess what they maintain the web-based system and application you could have a web-based that's mobile you could have a web-based that's desktop so they maintain this also they can figure and troubleshoot any web servers application there's any problem they manage the web content whatever we need to delete add some stuff of on the website manage web analytics because we need to know how many visitors we have they keep track of that that's very important for our data analytics later manage web accessibility who can access the website internally and do the updates also manage web related software if there's any software that's on the web well they're responsible for that as well as making sure they're keeping track of documentation and of course they have to keep up to date with technologies and best practices so this is again those are individuals one two could be more than one one so on and so forth within system administrator we could have it security administrators well or administrator could we could have more than one obviously from the from the name of it it's for the it's for the purpose of protecting the organization it system from a range of threats such as hacking viruses and data breaches now if you don't know what these are we're going to learn about them but think about somebody trying to harm you it security is a critical function because think about it someone can hack you bring your system down or takes your data well no no need to function anymore as a company because you're in trouble so it security management is a is a critical function that's essential to the overall security as well as the well-being of the organization they also plan implement and oversee security measure hopefully they are preventive they want to stay though those those groups those individuals they really want to stay up to date they need to identify and assess potential it security is before they arises and develop and implement it security policies and procedure to monitor and manage that risk bring that risk to a to an acceptable level and hopefully we can eliminate that risk help desk personnel and i'm pretty sure if you're listening to me you dealt with it help desk they provide technical support to users people who are using the computer system they act as the first point of contact for users who experience technical problems who have questions about the it system and equipment now their job is to respond and hopefully they can solve the problem through a phone email or now a chat or in person like i know in college they come to your office sometime to fix whatever you need to fix to fix your printer affects your network it's not the connecting properly so on and so forth they keep track and documentation about your inquiries and issues because they can use this information to see how they can improve the system and any issues that they cannot solve they can escalate to a higher level it staff as needed again they have to keep up to date with technologies and best practices for it support so this is the second area of system administrators and i told you i'm not going to discuss data administrator because i'll be discussing that group later on when we speak about the data now we could have computer operation computer operation is also a functional area within it and this functional area is becoming less and less relevant and you will see why that's responsible for day-to-day management and maintenance of the organization computer and equipment and here you could have a data entry clerk which is basically somebody who's entering information into the system and you know that's that's not happening these days most of the entries are computerized through customers input them or scanning or some sort of a computerized system they're responsible for accurately and efficiently entering data like customer information inventory financial transaction another type of record in the organization's computer system they need to have a good understanding of the computer system the software knowledge of the business and any relevant data protection laws for example they have to protect the data for legal or regulatory purposes they need to be familiar what they need to do once they input the data how like for example the credit card information like let's assume you still fill out your credit card application and you mail it well after the input this information they have to destroy it also computer operators we could have a data control clerk and what are they responsible for they're responsible for the accuracy and integrity of the organizational data making sure it's good monitoring and verifying the accuracy of data entered into the organization so think of it as a control group for the data entry but again those roles are going away now we have more people who work on this level bring taken data out and converting the data into for analytical purposes we have those but not data entry anymore it's mostly like taking the data out and cleaning the data so making sure they're maintaining updated data record as well they could also audit and monitor data for errors and inconsistencies again they are a control data control group and update and maintain the data record as required we could also have a file librarian and a file librarian think about the library where you have the books there and if you need the book if you need to check out a book you'll go to the librarian and you'll ask them to check it out they're responsible for maintaining and organizing large collection of files and record here we're talking about even physical records sometimes they include creating and updating file system classifying cataloging files ensuring the security and accessibility of the files that's their main job you want to check out a file you'll talk to the file librarian responsible for archiving and preserving historical files and update them as necessary so this is the third area computer operation now bear in mind all these areas whether we're talking about computer operation whether we are talking about system analyst whether we are talking about system administrator all these groups involve people so in every role if you notice we spoke about people so all these positions are run by actual people so the best internal control for a company is to do what is to make sure they have the proper control for their individuals for the people who are hiring so what we do we're going to talk about something called personnel policies and procedures these are guidelines and rules set by the organization to govern the behavior and action of the employees these policies and procedures cover a wide range of topics but specifically when we're dealing with people we have to be making sure few things one is the recruitment and hiring that's the first step in bringing an employee on board so what do you have to do when you bring an employee interview them first formal interview maybe multiple interviews interview with several people background checks education criminal credit as long as it's legal in your state to do those place the person in the right position don't put them in a position where they're overqualified or in position they're underqualified if they're overqualified they will eventually they're underqualified they will do a lousy job and you're going to be spending money and training so you want to make sure they are they are placed in the right place now once you hire the individual and they're working for you you have to look at the second step in in personnel and policies procedures and that's performance evaluation and promotion you gotta give them feedback about their overall performance strength as well as their weaknesses and provide guidance for improvement reward them also we're gonna have to face disciplinary action and sometime termination in terms of disciplinary action you should apply the same rules to all individuals that work at the company and if there's any involuntary termination means the person is fired you have to disable whether voluntary or involuntary you have to disable access privilege once that individual leaves take out their username disable that their key card any access that's logical electronically or physical with keys card so on and so forth because if you don't have a good personnel policies it doesn't matter how good is your technology the people can override anything what should you do now whether you are studying for the CPA exam CMA exam CISA or accounting information system go to far hat lectures and work MCQs that's gonna help you consolidate your knowledge so you are ready to whatever you need this information for good luck everyone study safe study hard stay safe and of course invest in yourself and invest in your career good luck