• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • HomePage
  • About
  • Syllabus
  • Schedule
    • First Half of Semester
      • Week 1: IT Governance
      • Week 2: IT’s Role and the Control Environment
      • Week 3: Business / IT Alignment
      • Week 4: Enterprise Architecture and IT Strategy
      • Week 5: Project Portfolio Management
      • Week 6: Monitoring & Evaluating IT
      • Week 7: Policy
    • Second Half of Semeter
      • Week 8: IT Services and Quality
      • Week 9: IT Outsourcing
      • Week 10: Cloud Computing
      • Week 11: IT Risk
      • Week 12: IT Security
      • Week 13: Disaster Recovery & Business Continuity
  • Assignments
    • Project #1
      • P Sample 1
      • P Sample 2
    • Project #2
      • AP Sample 1
      • AP Sample 2
  • Webex Session
  • Harvard Readings

MIS 5202 IT Governance

Temple University

Richard Flanagan

Quiz for Week 2 Results

September 11, 2017 by Richard Flanagan Leave a Comment

As a class you did rather well on the first quiz.  If you didn’t do well don’t worry.  You will be taking eleven quizzes and I will only use ten to calculate your final grade.   If you struggled with this quiz or any of the topics, call me and let’s discuss it – 910 880 1254.

Two questions seemed to raise some problems:

  1. Which of the following controls would an IS auditor look for in an environment where duties cannot be appropriately segregated? – The right answer is  a Compensating Control because you would have preferred to segregate the duties but couldn’t.  The best example of this that I’ve seen was at our small plants around the world.  Each plant employed less that 20 workers over multiple shifts so there just weren’t enough people to handle all the roles that needed to be done on a daily basis.  People had to be assigned conflicting roles with someone at another site looking over their electronic paperwork trail to ensure the correct handling of everything.
  2. What does an organization want from its IT systems and organization?  For example, a company wants its IT systems to be available. – I was looking for the COSO list of seven attributes.  Most of you gave me the Confidential, Integrity, Availability and some form of Efficient.  Effective was often missing although some wrote in terms of adding value which I accepted. Compliant and Reliable were the two that were most often missing.

As I said, overall well done.

Alternative Link to Week 3 Lecture Video

September 8, 2017 by Richard Flanagan 2 Comments

Since we don’t seem to be able to get this video working on the site, here is an alternative link to video so that you can download it and play it on your own machine.  Sorry for all this bother.  

https://drive.google.com/open?id=0B8S2SZTC04VibnZpNVVKS2NzSnM

Vince identified a problem with playing the lecture for this weeks topic.  I have tried everything I can think of to no luck.  I have tech support working on it now.  I’ll let you all know as soon as its working.

Weekend Quiz Reminder

September 7, 2017 by Richard Flanagan Leave a Comment

Please remember to look  on Blackboard for your first 15 minute quiz  this coming weekend (9-10 Sept).  Call me at 910 880 1254 if you have any problems.

Week 3: Reading Questions & Activity

September 7, 2017 by Richard Flanagan 152 Comments

Readings

  1. What is a compensating control?  When would you use one? Why? Can you give an example?
  2. If you had to rank the importance of the basic IT controls, how would you do it?  Which is most important, which least?
  3. What is segregation of duties and how does it play into basic administrative controls?  Give an example of two IT roles that should be segregated?
  4. What do you consider to be the most important personnel hiring controls for an organization?
  5. How are budgets handled (ie created monitored,re-forecast, etc.) in your organization?

Your Neighborhood Grocer Case

Consider the following questions about the YNG case and post your responses.  Ignore the questions at the end of the case.

  1. YNG has grown through acquisition resulting in a mess of systems.  Why did this happen and what controls can Larry put into place to ensure that it doesn’t continue into the future?
  2. Business application procurement seems to be a big problem.  IT buys stuff the businesses’ don’t want and many of the business’ purchases have been outright failures.  Why?  What controls can Larry put into place to ensure that it doesn’t continue into the future?
  3. The most recent IT Audit will produce a finding about the sorry state of access control in the company.  What controls should Larry be ready to recommend to reduce the impact of this finding?

Rich

Week 2 Wrap-up: Control Environment

September 7, 2017 by Richard Flanagan Leave a Comment

To be effective any organization needs to establish a certain structure, responsibilities and a strong sense of how they will operate.  A company’s board of directors is there to hold its most senior management accountable in terms of performance, compliance and managing risk.  They represent the shareholders and are there to ensure the continued success of the company.  They are not there to directly manage it.  Thus, the tone for how the corporation will behave starts at the top with the board of directors and flows down through senior management.

Companies need information systems to operate, so they create an IT organization.  To be effective, that sub-organization (IT) needs certain things:

  • Terms of Reference or a Charter – What is its mission? Why is it there?  What is it trying to achieve?  On this last point, the COSO list of objectives for an IT organization (Confidentiality, Integrity, Availability and so on) is a good list.  You should learn it.
  • A basic organizational structure, arranged to insure that the work required to satisfy the Terms of Reference will get done.  This implies that resources are allocated to different tasks and that someone is responsible for leading each area of work.
  • Monitoring – there needs to be a “culture” of monitoring, each leader should be monitoring his/her people and each level should be monitoring the work of the level below in order to make sure the required work is being done.  Monitoring also implies that when problems arise, they are addressed.
  • Performance Metrics – You can only monitor if you can tell a good job from a bad job and you can only tell that if you have some way of measuring success.

If you have these things, you are off to a good start.  This coming week we will look at another level of administrative controls that all organizations have, not just IT organizations (things like budgets, HR policies, etc.)

As for DentDel, I hope you all got the point.  Even the most basic governance controls like assigning responsibilities and monitoring were missing.  Yes the CIO picked a technology without doing due diligence, but why?  Because there was no expectation set that due diligence should be done on every project being initiated.  Note that they didn’t ask the client (in this case Sales) what they needed.  There was a much better project out there, but it never got visibility because there was no process to check.  Its all too easy to assume that governance at this level is being done correctly, but it often isn’t.  Always ask the basic questions first and then follow where they lead.

Rich

Interesting MIT Article on Compliance Published Today

September 6, 2017 by Richard Flanagan 1 Comment

Check out this article from MIT that talks about the problems with compliance programs (ie control environments), the rationalizations people use when circumventing them, and some ideas on how to overcome those rationalizations.

https://drive.google.com/a/temple.edu/file/d/0B8S2SZTC04ViSE5lbGZ6a3BPQzg/view?usp=sharing

Weekly Posts and Deadlines

September 3, 2017 by Richard Flanagan 2 Comments

I want to go over your weekly activities a second time to make sure there is no confusion.  Each Thursday morning, you will find a post with the upcoming week’s Reading and Case Questions.  Once you have finished the readings you should answer  all of the Reading questions in a comment to out original post. You can also comment on someone else’s answer, so long as your contribution is substantive in nature.  I expect that members of my section will submit a minimum of five substantive posts weekly.

You should then turn your attention to the weekly case or activity.  For our four Harvard Cases, you will need to prepare answers to all of the case questions in preparation for our online discussion.  For ISACA cases, you should submit your answers to the case questions online.

Finally, there will be a quiz on each week’s material the weekend after class.  There will be five multiple choice questions on each quiz, mostly CISA & CISSP practice exam questions.  The quiz will be available from Saturday at 6:00 am until Sunday at midnight.  You will have 15 minutes to complete the quiz but can take it anytime that weekend.  Once you start, you must finish in 15 minutes so be sure you have the time to finish it.

Rich

Example of bad “tone” from today’s WSJ

September 1, 2017 by Richard Flanagan 6 Comments

This update on the Wells Fargo sales scandle is a great example of how executives set the “tone” of an organization.  Unfortunately, in this case the “tone” was that sales were more important than ethics.

WSJ, 9/1/17

” Wells Fargo WFC -0.56% & Co. said its sales-practices scandal was far broader than it had previously acknowledged, ensuring that the bank will continue to face scrutiny about a problem that has weighed on it for nearly a year.”

Team Assignments

August 31, 2017 by Richard Flanagan Leave a Comment

Here are the random team assignments that I promised you last night.

 

Student Name Email Team
Allison, Pascal C. tuh39584@temple.edu 5
Bonds, Monique O. tud27923@temple.edu 3
Butler, Jerry M. tuh40703@temple.edu 5
Cheung, Heiang Y. tub55844@temple.edu 2
Collura, Michelangelo tue95899@temple.edu 1
DeStefano, Patrick R. tuc50677@temple.edu 1
Dheskali, Dorjan tuc16056@temple.edu
Dong, Shi Yu tuf08626@temple.edu
Duani, Jonathan tuc34780@temple.edu 2
Gibbons, Michael tuh39712@temple.edu 4
Hagerman, Carl tui37159@temple.edu 5
Hladik, Brent tuh21245@temple.edu 2
Hoxhaj, Donald tud46174@temple.edu 5
Jiles, Lezlie M. ljiles@temple.edu 1
Kelly, Vince tuj17357@temple.edu 3
Mackowsky, Brandan tuf09767@temple.edu 1
Mays, Jason M. tuf73558@temple.edu 3
Needle, Paul R. tue82889@temple.edu 4
Nguyen, Duy N. tud35778@temple.edu 3
Pitter, Tamekia tuh31407@temple.edu 4
Quitugua, Anthony tuh42002@temple.edu 2
Syed, Mohammed H. tuh40379@temple.edu 1
Wang, Dongjie tuf25551@temple.edu
Williams, Bilaal T. tue65626@temple.edu 4
Wu, Zhengshu tug36321@temple.edu 2

Week 2: Reading and Case Questions

August 31, 2017 by Richard Flanagan 104 Comments

Readings

  1. In your own words, how would you define a control environment?
  2. Define the three kinds of common controls and give two examples of each from your everyday life.
  3. What is the role of the board of directors in IT governance?
  4. Which of the EDM processes do you think is most important and why?
  5. If you’re working, have you seen examples of active IT governance in your organization?

The DentDel Case

Think about the following questions before class next week.

  1. What processes were ineffective and allowed this situation to occur.
  2. Where could stronger  IT governance have helped DentDel avoid this situation?

Rich

  • « Go to Previous Page
  • Page 1
  • Page 2
  • Page 3
  • Page 4
  • Page 5
  • Go to Next Page »

Primary Sidebar

Weekly Discussions

  • Class Administration (10)
  • Week 01: IT Governance (3)
  • Week 02: IT's Role & the Control Environment (5)
  • Week 03: IT Administrative Controls (3)
  • Week 04: Enterprise Architecture (3)
  • Week 05:IT Strategy (3)
  • Week 06: Project Portfolio Management (2)
  • Week 07: Policy Documents & Video (6)
  • Week 08: IT Services & Quality (2)
  • Week 09: IT Outsourcing & Cloud Computing (2)
  • Week 10: Monitoring & Evaluating IT (2)
  • Week 11: IT Risk (2)
  • Week 12: IT Security (3)
  • Week 13: Disaster Recovery & Business Continuity (1)
  • Week 14: Regulations, Standards, and Maturity Models (4)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in