Spelling suggestions: "subject:"computer auditing"" "subject:"computer auditingu""
1 |
A taxonomy of risks in rapid application development (RAD) projectsDunseith, Roy H. 16 April 2014 (has links)
M. Com. (Computer Auditing) / Please refer to full text to view abstract
|
2 |
An analysis of the impact of emerging technology on organisations’ internal controls11 September 2013 (has links)
M.Comm. (Computer Auditing) / This study presents an evaluation of emerging information communication technology (ICT) solutions to the security internal control systems in South African organisations. Information systems have enabled companies to communicate more efficiently, gain competitive advantage and get a larger market share. These information systems therefore need to be protected securely as they are the vehicles and containers for critical information assets in decision-making processes. Therefore, this research study seeks to provide an overview of the emerging ICT solutions used to conduct business transactions, and share and communicate information. It identifies and analyses the new security risk associated with the emerging technology, and, finally, outlines the ICT security frameworks that can be used to identify, assess and evaluate organisations‟ security internal controls.
|
3 |
B2B and the supplier : preventing repudiation of orders in an open account systemButler, Rika, Boshoff, W. 12 1900 (has links)
Thesis (MAcc)--University of Stellenbosch, 2003.
|
4 |
Bridging the Information Technology (IT) gap in South Africa through a step by step approach to IT governanceBotha, David Petrus 04 1900 (has links)
Thesis (Mcomm)--Stellenbosch University, 2014. / ENGLISH ABSTRACT: The focus of this research was to compile a practical, step by step approach that can be followed by those persons charged with the governance of enterprises in South Africa to successfully bridge the information technology gap.
The King Code of Corporate Governance for South Africa and the King Report on Corporate Governance for South Africa (together KINGIII) was identified as a starting point for the compilation of the approach. KINGIII is the corporate governance standard in South Africa and in the introduction to KINGIII it is recommended that the principles contained in the Code should be implemented by all entities. KINGIII is the third report on governance issued by the King Committee and introduced governance principles for Information Technology (IT). The Code contains seven IT governance principles and 24 recommended practices.
The application of the IT governance principles of KINGIII, as well as the related recommended practices, is a complicated endeavour. This is partly because IT in itself is complex and also partly because the governance of IT is a relatively new area of corporate governance.
Through a detailed study of the seven IT governance principles of KINGIII, as well as the related recommended practices and narrative discussions, it was identified that in order to successfully implement IT governance, a company has to establish and implement an IT governance framework which includes relevant structures, processes and mechanisms to enable IT to deliver value to the business. It was also identified that the IT governance framework has to facilitate and enhance the company’s ability to reach its stated objectives by ensuring that the most appropriate decisions are made in respect of the incorporation of IT into the operations of the business. Lastly, it was identified that a company must acquire and use appropriate technology and people to support its business.To address the requirement for the establishment and implementation of relevant structures, processes and mechanisms, a framework of 33 IT governance practices was identified, mapped to the IT governance principles of KINGIII and an analysis performed. Through this analysis the IT governance practices that can be utilised to implement the IT governance principles of KINGIII were identified and discussed.
To address the requirement of ensuring that the framework facilitates that the most appropriate decisions are made in respect of the incorporation of IT into the operations of the business, five key decisions that have to be made in respect of IT was identified and discussed. The five decisions were mapped to (1) the KINGIII principles to demonstrate which of the IT governance principles are addressed by each of the decisions and (2) the IT governance structures identified in the framework above to demonstrate which of the IT governance structures can be used to provide input into taking the relevant decision and which can be used to take the decision.
Finally, to address the requirement that a company must acquire and use appropriate people and technology to support its business, a framework of organizational competencies required in small and medium-sized enterprises (SME’s) was identified and mapped to (1) the KING III principles to demonstrate which of the IT governance principles could be addressed by each of the relevant competencies and (2) to the five key IT decisions identified above to demonstrate which of the competencies can be utilised to make each of the five key decisions.
Based on the findings of the research conducted as set out above, the practical, step by step approach was compiled. / AFRIKAANSE OPSOMMING: Die fokus van hierdie navorsing was die samestelling van ‘n praktiese, stapsgewyse benadering wat gebruik kan word deur daardie persone wat verantwoordelik is vir die korporatiewe beheer van ondernemings in Suid Afrika om suksesvol die inligtings tegnologie (IT) gaping te oorbrug.
Die King Code of Corporate Governance for South Africa en die King Report on Corporate Governance for South Africa (gesamentlik KINGIII), was geidentifiseer as ‘n beginpunt vir die samestelling van die benadering. KINGIII is die korporatiewe beheer standaard in Suid Afrika en in die inleiding tot KINGIII word alle ondernemings aanbeveel om die korporatiewe beheer beginsels en gepaardgaande aanbeveelde praktyke te implementeer. KINGIII is die derde verslag oor korporatiewe beheer wat deur die King Komitee uitgereik is en het korporatiewe beheer beginsels met betrekking tot IT bekend gestel. KINGIII bevat sewe koporatiewe beheer beginsels wat met IT verband hou, asook 24 aanbeveelde korporatiewe beheer praktyke.
Die toepassing van die IT korporatiewe beheer beginsels van KINGIII, asook die aanbeveelde praktyke, is ‘n ingewikkelde onderneming. Dit is gedeeltelik omdat IT self kompleks is, maar ook omdat die korporatiewe beheer van IT ‘n relatiewe nuwe area van korporatiewe beheer is.
Deur middel van ‘n in diepte studie van die sewe korporatiewe beheer beginsels van KINGIII, insluitend die aanbeveelde korporatiewe beheer praktyke en besprekings, is daar geïndetifiseer dat ‘n IT korporatiewe beheer raamwerk saamgestel en geimplementeer moet word as deel van die implementering van korporatiewe beheer oor IT. Hierdie IT korporatiewe beheer raamwerk moet relevante strukture, prosesse en meganismes bevat wat IT daartoe instaat sal stel om waarde toe te voeg tot die onderneming. Dit is ook geïdentifiseer dat die IT korporatiewe beheer raamwerk die onderneming se vermoeë om sy doelstellings te bereik moet verbeter deur te verseker dat die mees gepaste besluite geneem word met betrekking tot die integrasie van IT in die bedrywighede van die onderneming. Laastens is daar geïdentifiseer dat ‘n maatskappy toepaslike tegnologie en mense moet bekom en aanwend om die bedrywighede van die onderneming te ondersteun.
Om die vereiste vir die samestelling en implementering van relevante strukture, prosesse en meganismes aan te spreek, is ‘n raamwerk van 33 IT korporatiewe beheer praktyke geïdentifiseer, kruisverwys na die IT korporatiewe beheer beginsels van KINGIII en verder ontleed. Deur hierdie ontleding is die IT koporatiewe beheer praktyke wat aangewend kan word om die IT korporatiewe beheer beginsels te implementeer geïdentifiseer en bespreek.
Om die vereiste aan te spreek dat die raamwerk fasiliteer dat die mees gepaste besluite geneem word met betrekking tot die integrasie van IT in die bedrywighede van die onderneming, is vyf sleutel besluite wat in verband met IT geneem moet word geïdentifiseer en bespreek. Die vyf besluite is (1) kruisverwys na die IT korporatiewe beheer beginsels van KINGIII om te demonstreer watter IT korporatiewe beheer beginsels deur elke besluit aangespreek word en (2) na die IT korporatiewe beheer strukture wat in die bogenoemde raamwerk geidentifiseer is om aan te dui watter IT korporatiewe beheer strukture gebruik kan word om insette te verskaf vir die neem van die vyf sleutel besluite en watter strukture gebruik kan word om die besluite te neem.
Laastens, om die vereiste aan te spreek dat ‘n maatskappy toepaslike tegnologie en mense moet bekom en aanwend om sy bedrywighede te ondersteun, is ‘n raamwerk van organisatoriese bevoegdhede wat benodig word in klein tot medium-groote ondernemings (SME’s) geïdentifiseer en kruisverwys na (1) die KINGIII korporatiewe beheer beginsels om aan te dui watter IT korporatiewe beheer beginsels deur die relevante bevoegdhede aangespreek word en (2) na die vyf sleutel besluite wat hierbo geïdentifiseer is om aan te dui watter van die bevoegdhede aangewend kan word om elkeen van die vyf sleutel besluite te neem.
Die stapsgewyse benadering tot die korporatiewe beheer van IT is gevolglik saamgestel met verwysing na die bevindinge van die navorsing wat uitgevoer is soos hierbo uiteengesit.
|
5 |
An information technology governance framework for the public sectorTerblanche, Judith 12 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2011. / ENGLISH ABSTRACT: Information technology (IT) has an impact on the accomplishments of the entity
(Kaselowski, 2008:83). Traditionally, public sector entities struggle to gain any value
from the IT environment and regularly overspend on IT projects.
In South Africa the Third King Report on Corporate Governance (King III) introduced
‘The governance of IT’ (IODSA, 2009) applicable to both private and public sector
entities.
Although generic IT frameworks such as ITIL and COBIT exist and are used by
private and public entities to govern the IT environment, public sector entities require
a specific IT governance framework suited to the unique characteristics and
business processes of the public sector entity. Taking into account the unique nature
of the public sector entity, the purpose of this study was to assist public sector
entities in their IT governance efforts through the development of a framework to be
used to govern IT effectively, since sufficient guidance for the public sector does not
exist.
Leopoldi (2005) specifically pointed out that a top-bottom framework could be limiting
for entities operating in a diverse field and having complicated organisational
structures, both characteristics integral to the public sector environment. Since a topbottom
and a bottom-top approach fulfil different purposes, both are needed for IT
governance in the public sector entity.
By combining the two approaches and focusing on the unique environment of the
public sector entity, a governance framework can be established. This will ensure
that insight has been gained into the IT environment and the business processes
and that true alignment between the business and the IT environment for the public
sector entity has been achieved. This framework developed will assist the public sector entity in governing the IT
environment unique to this industry and will equip public sector management with a
framework to govern IT more effectively, while under pressure of public scrutiny. / AFRIKAANSE OPSOMMING: Informasietegnologie (IT) het 'n impak op die prestasies van 'n entiteit (Kaselowski, 2008:83).
Openbare sektor entiteite sukkel tradisioneel om enige voordeel uit die IT-omgewing te
behaal en oorspandeer gereeld op IT-projekte.
Die Derde King Verslag oor Korporatiewe Beheer (King III) het beheerbeginsels vir IT
omskryf wat vir beide die private en openbare sektor entiteite in die Suid-Afrikaanse konteks
toepaslik is (IODSA, 2009).
Alhoewel generiese IT raamwerke, soos ITIL en COBIT, deur beide private en openbare
sektor entiteite gebruik word om die IT-omgewing te beheer, benodig openbare sektor
entiteite 'n toepaslike IT-beheerraamwerk wat die unieke eienskappe en besigheidsprosesse
van die openbare sektor entiteit ondersteun. Die fokus van hierdie navorsing was gerig op
die identifisering van ’n IT-beheerraamwerk vir die openbare sektor, om openbare sektor
entiteite te ondersteun in die beheer van IT. Aangesien die aard van ’n openbare sektor
entiteit verskil van dié van ’n private sektor entiteit, moet die beheer wat toegepas word ook
verskillend van aard wees en geen toepaslike riglyne vir die openbare sektor is tans
beskikbaar nie.
Entiteite wat in 'n diverse omgewing bedryf word en aan 'n komplekse organisatoriese
struktuur blootgestel is, mag moontlik deur gebruik te maak van 'n top-bodem
beheerraamwerk beperk word (Leopoldi, 2005). Beide hierdie eienskappe is integraal tot
openbare sektor entiteite. 'n Top-bodem en bodem-top beheerraamwerk vervul
verskillende funksies en in die openbare sektor is beide aanslae noodsaaklik vir die beheer
van IT.
Deur gebruik te maak van ’n gekombineerde aanslag en op die unieke eienskappe verwant
aan die openbare sektor entiteite te fokus, kan effektiewe beheerraamwerk ontwikkel
word. Dit sal verseker dat insig in die IT-omgewing en die besigheidsprosesse verkry is en
dat belyning tussen die besigheid en die IT-omgewing vir die openbare sektor bereik is. Die beheerraamwerk wat ontwikkel is sal die openbare sektor entiteit ondersteun om die IT omgewing,
uniek aan die sektor, doeltreffend te beheer. Die openbare sektor is blootgestel
aan skrutinering en bestuur sal nou toegerus wees met 'n beheerraamwerk om die IT
omgewing meer effektief te bestuur.
|
6 |
An investigation to determine incremental risks to software as a service from a user’s perspectiveIpland, Frederick Ferdinand 12 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2011. / ENGLISH ABSTRACT: Software as a Service (SaaS) – which is a deployment model of cloud computing – is a
developing trend in technology that brings with it new potential opportunities and
consequently potential risk to enterprise. These incremental risks need to be identified in order
to assist in risk management and therefore information technology (IT) governance.
IT governance is a cornerstone of enterprise-wide corporate governance. For many entities
corporate governance has become a statutory requirement, due to the implementation of
legislation such as Sarbanes-Oxley Act of the United States of America.
The research aims to assist in the IT governance of SaaS, by identifying risks and possible
controls.
By means of an in-depth literature review, the study identified 30 key risks relating to the use
and implementation of SaaS from the user’s perspective. Different governance and risk
frameworks were considered, including CobiT and The Risk IT Framework. In the extensive
literature review, it was found that CobiT would be the most appropriate framework to use in
this study. Mapping the risks and technologies from the user's perspective to one or more of
the processes of the CobiT framework, the research found that not all processes where
applicable. Merely 18 of 34 CobiT processes where applicable.
The study endeavoured to identify possible controls and safeguards for the risks identified. By
using the technologies and risks that were mapped to the CobiT processes, a control framework
was developed which included 11 key controls to possibly reduce, mitigate or accept the risks
identified. Controls are merely incidental if it is not linked to a framework. / AFRIKAANSE OPSOMMING: Software as a Service (SaaS) – ‘n ontplooiingsmodel van cloud computing – is ‘n ontwikkelende
tegnologiese tendens wat verskeie moontlikhede, maar daarby ook verskeie risiko’s vir
ondernemings inhou. Hierdie addisionele risiko’s moet geïdentifiseer word om te help met die
bestuur van risiko’s en daarom ook die beheer van Informasie Tegnologie (IT).
IT beheer is ‘n belangrike deel van die grondslag van ondernemingswye korporatiewe beheer.
As gevolg van die implimentering van wetgewing soos die Sarbanes-Oxley wetsontwerp van die
Verenigde State van Amerika, het korporatiewe beheer ‘n statutêre vereiste geword vir
verskeie ondernemings.
Hierdie studie poog om die IT beheer van SaaS by te staan, deur risiko’s en moontlike
beheermaatreëls te identifiseer.
Deur middel van ‘n indiepte literatuur ondersoek het die studie 30 sleutelrisiko’s geïdentifiseer
wat verband hou met die gebruik en implimentering van SaaS vanuit ‘n gebruikersoogpunt.
Verskeie korporatiewe- en risiko raamwerke, insluitende CobiT en The Risk IT Framework, was
oorweeg. Die literatuur ondersoek het egter bevind dat CobiT die mees toepaslikste raamwerk
vir dié studie sal wees. Deur die risiko’s en tegnologieë vanuit ‘n gebruikers perspektief te laat
pas met een of meer CobiT prosesse, het die navorsing bevind dat nie alle prosesse in CobiT van
toepassing is nie. Slegs 18 van die 34 prosesse was van toepassing.
Die studie het ook gepoog om moontlike beheer- en voorsorgmaatreëls vir die risiko’s te
identifiseer. Deur die tegnologieë en risiko’s te gebruik wat gepas is teen die CobiT prosesse, is
‘n beheer raamwerk ontwikkel wat 11 sleutel beheermaatreëls insluit, wat die geïdentifiseerde
risiko’s kan verminder, temper of aanvaar. Beheermaatreëls is slegs bykomstig as dit nie direk
aan ‘n raamwerk gekoppel is nie.
|
7 |
The right to privacy : how the proposed POPI Bill will impact data security in a cloud computing environmentBasson, Benhardus 04 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2014. / ENGLISH ABSTRACT: The growing popularity and continuing development of cloud computing services is ever evolving and is slowly being integrated into our daily lives through our interactions with electronic devices. Cloud Computing has been heralded as the solution for enterprises to reduce information technology infrastructure cost by buying cloud services as a utility. While this premise is generally correct, in certain industries for example banking, the sensitive nature of the information submitted to the cloud for storage or processing places information security responsibilities on the party using the cloud services as well as the party providing them. Problems associated with cloud computing are loss of control, lack of trust between the contracting parties in the cloud relationship (customer and cloud service provider) and segregating data securely in the virtual environment.
The risk and responsibilities associated with data loss was previously mainly reputational in nature but with the promulgation and signing by the South African Parliament of the Protection of Personal Information Bill (POPI) in August 2013 these responsibilities to protect information are in the process to be legislated in South Africa. The impact of the new legislation on the cloud computing environment needs to be investigated as the requirements imposed by the Bill might render the use of cloud computing in regard to sensitive data nonviable without replacing some of the IT infrastructure cost benefits that cloud computing allows with increased data security costs.
In order to investigate the impact of the new POPI legislation on cloud computing, the components and characteristics of the cloud will be studied and differentiated from other forms of computing.
The characteristics of cloud computing are the unique identifiers that differentiate it from Grid and Cluster computing. The component study is focused on the service and deployment models that can be associated with cloud computing. The understanding obtained will be used to compile a new definition of cloud computing. By utilizing the cloud definition of what components and processes constitute cloud computing the different types of data security processes and technical security measures can be implemented are studied. This will include information management and governance policies as well as technical security measures such as encryption and virtualisation security. The last part of the study will be focussed on the Bill and the legislated requirements and how these can be complied with using the security processes identified in the rest of the study. The new legislation still has to be signed by the State President after which businesses will have one year to comply and due to the short grace period businesses need to align their business practices with the proposed requirements. The impact is wide ranging from implementing technical information security processes to possible re-drafting of service level agreements with business partners that share sensitive information. The study will highlight the major areas where the Bill will impact businesses as well as identifying possible solutions that could be implemented by cloud computing users when storing or processing data in the cloud. / AFRIKAANSE OPSOMMING: Die groei in gewildheid en die ontwikkeling van wolkbewerking dienste is besig om te verander en is stadig besig om in ons daaglikse lewens geintegreer te word deur ons interaksie met elektroniese toestelle. Wolkbewerking word voorgehou as ‘n oplossing vir besighede om hul inligtings tegnologie infrastruktuur kostes te verminder deur dienste te koop soos hulle dit benodig. Alhoewel die stelling algemeen as korrek aanvaar word, kan spesifieke industrië soos byvoorbeeld die bankwese se inligting so sensitief wees dat om die inligting aan wolkbewerking bloot te stel vir berging en prosesseering dat addisionele verantwoodelikhede geplaas op die verantwoordelike partye wat die wolk dienste gebruik sowel as die persone wat dit voorsien. Probleme geassosieër met wolk- bewerking is die verlies aan beheer, gebrekkige vertroue tussen kontakteurende partye in die wolk verhouding (verbruiker en wolk dienste verskaffer) en die beveiliging van verdeelde inligting in die virtuele omgewing.
Die risiko’s en verantwoordelikhede geassosieër met inligtings verlies was voorheen grootliks gebasseer op die skade wat aan die besigheid se reputasie aangedoen kan word, maar met die publiseering en ondertekening deur die Suid-Afrikaans Parliament van die Beskerming van Persoonlike Inligting Wet (BVPI) in Augustus 2013 is hierdie verantwoordelikhede in die proses om in wetgewing in Suid Afrika vas gelê te word. Die impak van die nuwe wetgewing op die wolkbewering omgewing moet ondersoek word omdat die vereistes van die Wet die gebruik van wolkbewerking in terme van sensitiewe inligting so kan beinvloed dat dit nie die moeite werd kan wees om te gebruik nie, en veroorsaak dat addisionele verminderde IT infrastruktuur koste voordele vervang moet word met addisionele inligting beveiligings kostes.
Om die impak van die nuwe BVPI wetgewing op wolkbewerking te ondersoek moet die komponente en karakter eienskappe van die wolk ondersoek word om vas te stel wat dit uniek maak van ander tipes rekenaar bewerking. Die karakter eienskappe van wolkbewerking is die unieke aspekte wat dit apart identifiseer van Rooster en Groep rekenaar bewerking. Die komponente studie sal fokus op die dienste en implimenterings modelle wat geassosieer word met wolkbewerking. Die verstandhouding wat deur voorsafgaande studie verkry is sal dan gebruik word om ‘n nuwe definisie vir wolkbewerking op te stel. Deur nou van die definisie gebruik te maak kan die inligtings sekuriteit prosesse en tegniese sekuriteits maatreëls wat deur die verantwoordelike party en die wolkbewerkings dienste verskaffer gebruik kan word om die komponente en prosesse te beveilig bestudeer word. Die studie sal insluit, inligtings bestuur prosesse en korporatiewe bestuur asook tegniese beveiligings maatreels soos kodering en virtualisasie sekuriteit. Die laaste deel van die studie sal fokus op die BVPI wetgewing en die vereistes en hoe om daaraan te voldoen deur die sekuritiets maatreëls geidentifiseer in die res van die studie te implimenteer. Die nuwe wetgewing moet nog deur die Staats President onderteken word waarna besighede ‘n jaar sal he om aan die vereistes te voldoen en omdat die periode so kort is moet besighede hulself voorberei en besigheid prosesse aanpas. Die impak van die wetgewing strek baie wyd en beinvloed van tegnise inligtings beveiligings prosesse tot kontrakte aangaande diens lewering wat dalk oor opgestel moet word tussen partye wat sensitiewe inligting uitruil. Die studie sal die prominente areas van impak uitlig asook die moontlike oplossings wat gebruik kan word deur partye wat wolkbewerking gebruik om inligting te stoor of te bewerk.
|
8 |
Addressing application software package project failure : bridging the information technology gap by aligning business processes and package functionalityKruger, Wandi 12 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2011. / ENGLISH ABSTRACT: An application software package implementation is a complex endeavour, and as such it
requires the proper understanding, evaluation and redefining of the current business
processes to ensure that the project delivers on the objectives set at the start of the
project.
Numerous factors exist that may contribute to the unsuccessful implementation of
application software package projects. However, the most significant contributor to the
failure of an application software package project lies in the misalignment of the
organisation’s business processes with the functionality of the application software
package. Misalignment is attributed to a gap that exists between the business processes
of an organisation and what functionality the application software package has to offer to
translate the business processes of an organisation into digital form when implementing
and configuring an application software package. This gap is commonly referred to as
the information technology (IT) gap.
The purpose of this assignment is to examine and discuss to what degree a supporting
framework such as the Projects IN Controlled Environment (PRINCE2) methodology
assists in the alignment of the organisation’s business processes with the functionality of
the end product; as so many projects still fail even though the supporting framework is
available to assist organisations with the implementation of the application software
package.
This assignment proposes to define and discuss the IT gap. Furthermore this
assignment will identify shortcomings and weaknesses in the PRINCE2 methodology
which may contribute to misalignment between the business processes of the
organisation and the functionality of the application software package.
Shortcomings and weaknesses in the PRINCE2 methodology were identified by:
• Preparing a matrix table summarising the reasons for application software
package failures by conducting a literature study; Mapping the reasons from the literature study to those listed as reasons for project
failure by the Office of Government Commerce (the publishers of the PRINCE2
methodology); • Mapping all above reasons to the PRINCE2 methodology to determine whether
the reasons identified are adequately addressed in the PRINCE2 methodology.
This assignment concludes by proposing recommendations for aligning the business
processes with the functionality of the application software package (addressing the IT
gap) as well as recommendations for addressing weaknesses identified in the PRINCE2
methodology. By adopting these recommendations in conjunction with the PRINCE2
methodology the proper alignment between business processes and the functionality of
the application software package may be achieved. The end result will be more
successful application software package project implementations. / AFRIKAANSE OPSOMMING: Toepassingsprogrammatuurpakket implementering is komplekse strewe en vereis
daarom genoegsame kennis, evaluasie en herdefiniëring van die huidige
besigheidsprosesse om te verseker dat die projek resultate lewer volgens die doelwitte
wat aan die begin van die projek neergelê is.
Daar bestaan talryke faktore wat kan bydrae tot die onsuksesvolle implementering van
toepassingsprogrammatuurpakket projekte. Die grootste bydrae tot die mislukking van
toepassingsprogrammatuurpakket lê egter by die wanbelyning van die organisasie se
besigheidsprosesse met die funksionaliteit van die toepassingsprogrammatuurpakket.
Wanbelyning spruit uit gaping tussen die besigheidsprosesse van `n organisasie en
die funksionaliteit wat die toepassingsprogrammatuur kan aanbied om die
besigheidsprosesse van 'n organisasie om te skakel in digitale formaat wanneer `n
toepassingsprogrammatuurpakket geimplementeer en gekonfigureer word. Daar word
gewoonlik na hierdie gaping verwys as die informasie tegnologie (IT) gaping.
Die doel van hierdie opdrag is om te evalueer en bespreek in watter mate
ondersteunende raamwerk soos die PRojects IN Controlled Environment (PRINCE2)
metodologie kan help om die organisasie se besigheidsprosesse in lyn te bring met die
funksionaliteit van die eindproduk; aangesien so baie projekte steeds misluk ten spyte
van die ondersteunende raamwerke wat beskikbaar is om organisasies by te staan met
die implementering.
Die opdrag beoog om die IT gaping te definieer en te bepreek. Verder sal hierdie opdrag
die swakhede in die PRINCE2 metodologie, wat moontlik die volbringing van behoorlike
belyning tussen die besigheidsprosesse en die funksionaliteit van die
toepassingsprogrammatuurpakket belemmer, identifiseer. Swakhede en tekortkominge in die PRINCE2 metodologie is as volg geïdentifiseer:
• Voorbereiding van matriks-tabel wat die redes vir
toepassingsprogrammatuurpakket mislukking deur middel van die uitvoering van
literatuurstudie opsom
• Koppeling van die redes bekom deur middel van die literatuurstudie met die redes
vir projek mislukking geidentifiseer deur die Office of Government Commerce
(uitgewers van die PRINCE2 metodologie)
• Koppeling van al die bogenoemde redes na die PRINCE2 metodologie om vas te
stel of die redes wat geïdentifiseer is voldoende deur die PRINCE2 metodologie
aangespreek word.
Die opdrag sluit af met aanbevelings om die besigheidsprosesse in lyn te bring met die
funksionaliteit van die toepassingsprogrammatuurpakket en aanbevelings vir swakhede
wat in die PRINCE2 metodologie geïdentifiseer is aan te spreek. Behoorlike belyning
tussen besigheidsprosesse en die funksionaliteit van toepassingsprogrammatuurpakket
kan behaal word indien hierdie aanbevelings aangeneem word en tesame met die
PRINCE2 metodologie gebruik word. Die eindresultaat is meer suksesvolle
implementering van toepassingsprogrammatuurpakket projekte.
|
9 |
Cloud computing : COBIT-mapped benefits, risks and controls for consumer enterprisesEnslin, Zacharias 03 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2012. / ENGLISH ABSTRACT: Cloud computing has emerged as one of the most hyped information technology topics of the decade. Accordingly, many information technology service offerings are now termed as cloud offerings. Cloud computing has attracted, and continues to attract, extensive technical research attention. However, little guidance is given to prospective consumers of the cloud computing services who may not possess technical knowledge, or be interested in the in-depth technical aspects aimed at information technology specialists. Yet these consumers need to make sense of the possible advantages that may be gained from utilising cloud services, as well as the possible incremental risks it may expose an enterprise to.
The aim of this study is to inform enterprise managers, who possess business knowledge and may also be knowledgeable on the main aspects of COBIT, on the topic of cloud computing. The study focuses on the significant benefits which the utilisation of cloud computing services may bring to a prospective consumer enterprise, as well as the significant incremental risks this new technological advancement may expose the enterprise to. Proposals of possible controls that the prospective consumer enterprise can implement to mitigate the incremental risks of cloud computing are also presented. / AFRIKAANSE OPSOMMING: “Cloud computing” (wolkbewerking) het na vore getree as een van die mees opspraakwekkende inligtingstegnologieverwante onderwerpe van die dekade. Gevolglik word talle inligtingstegnologie-dienste nou as “cloud”-dienste aangebied. Uitgebreide aandag in terme van tegnologiese navorsing is en word steeds deur “cloud computing” ontlok. Weinig aandag word egter geskenk aan leiding vir voornemende verbruikers van “cloud”-dienste, wie moontlik nie tegniese kennis besit nie, of nie belangstel in die diepgrondige tegniese aspekte wat op inligtingstegnologie-spesialiste gemik is nie. Tog moet hierdie verbruikers sin maak van die moontlike voordele wat die gebruik van “cloud”-dienste mag bied, asook die moontlike inkrementele risiko’s waaraan die onderneming blootgestel mag word.
Die doel van hierdie studie is om die bestuurders van ondernemings, wie besigheidskennis besit en moontlik ook kundig is oor die hoof aspekte van COBIT, in te lig oor wat “cloud computing” is. Die studie fokus op die beduidende voordele wat die benutting van “cloud computing”-dienste aan die voornemende verbruikersonderneming mag bied, asook die beduidende inkrementele risiko’s waaraan die onderneming blootgestel mag word as gevolg van hierdie tegnologiese vooruitgang. Voorstelle van moontlike beheermaatreëls wat die voornemende verbruikersonderneming kan implementeer ten einde die inkrementele risiko’s van “cloud computing” teë te werk word ook aangebied.
|
10 |
The development of an integrated framework in order to implement information technology governance principles at a strategic and operational level for medium-to-large sized South African businessGoosen, Riana 03 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2012. / ENGLISH ABSTRACT: In today's technologically advanced business environments, Information Technology (IT) has become the centre of most, if not all businesses' strategic and operational activities. It is for this reason that the King III report has dedicated a chapter to IT governance principles, in effect making the board of directors and senior management responsible for implementing such principles. King III's guidance on these principles is only described in broad terms and lack sufficient detail as how to implement these principles. Though various guidelines, in the form of IT control frameworks, -models and -standards exist, it remains highly theoretical in nature and companies tend to view these control frameworks, -models and -standards on an individual basis, implementing them in an ad hoc manner, resulting in the implementation of an inefficient IT governance system, that does not address the key strategic areas and risks in a business.
The purpose of this study is to develop an IT best practices integrated framework which can assist management in implementing an effective IT governance system at both a strategic and operational level. The integrated framework was developed by performing a detailed literature review of a best practice control framework, -model and -standard, including its underlying processes.
By combining and aligning the relevant processes of the control framework, -model and -standard to the business' imperatives, a framework was developed to implement IT governance principles at a strategic level. The integrated framework is extended to provide guidance on how to implement good IT controls at an operational level. The control techniques, of the applicable processes identified at a strategic level, are implemented as well as the controls around a company's various access paths, which are affected by a company's business imperatives. These access paths are controlled through the implementation of applicable configuration controls. By making use of the integrated framework which was developed, an effective and efficient IT governance system can be implemented, addressing all applicable IT risks relevant to the key focus areas of a business. / AFRIKAANSE OPSOMMING: In vandag se tegnologies gevorderde besigheids omgewings het Informasie Tegnologie (IT) die middelpunt geraak van die meeste, indien nie elke onderneming se strategiese en operasionele aktiwiteite nie. Dit is vir hierdie rede dat die King III verslag 'n hoofstuk aan die beginsels van IT korporatiewe beheer wy. Dié verslag hou die direkteure en bestuur verantwoordelik vir die implementering van hierdie beginsels. Die King III verslag verskaf egter slegs in breë trekke leiding in verband met die implementering van hierdie beginsels en 'n gebrek aan meer gedetailleerde beskrywings bestaan. Alhoewel verskeie riglyne, in die vorm van IT kontrole raamwerke, -modelle en -standaarde bestaan, bly dit steeds teoreties van aard en is maatskappye geneig om hierdie riglyne op 'n individuele vlak te hanteer en op 'n willekeurige wyse te implementeer. Hierdie proses lei tot die implementering van 'n ondoeltreffende IT korporatiewe beheerstelsel.
Die doel van hierdie studie is om 'n geïntegreerde beste praktykraamwerk te ontwikkel wat deur die direkteure en bestuur van 'n onderneming gebruik kan word om op beide 'n strategiese en operasionele vlak 'n doeltreffende IT korporatiewe beheermaatstelsel in plek te stel. 'n Geïntegreerde raamwerk is ontwikkel deur 'n volledige literatuurstudie uit te voer, gebaseer op 'n beste praktyk IT kontrole raamwerk, -model en -standaard en die gepaardgaande prosesse.
Deur die toepaslike prosesse van hierdie kontrole raamwerk, -model en -standaard te kombineer en te belyn met 'n besigheid se besigheidsimperatiewe, word IT korporatiewe beheerbeginsels op 'n strategiese vlak in plek gestel. Die geïntegreerde raamwerk sluit riglyne in om goeie IT kontroles op 'n operasionele vlak te implementeer. Die kontrole tegnieke, wat verbind word met die gepaardgaande prosesse wat tydens die strategiese vlak geïdentifiseerd is, word geimplementeer asook die die toepaslike konfigurasie kontroles oor die verskeie toegangspaaie wat beïnvloed word deur 'n besigheids se besigheidsimperatiewe. Deur gebruik te maak van die ontwikkelde geïntegreerde raamwerk kan alle geaffekteerde IT risikos nou aangespreek word en 'n doeltreffende IT korporatiewe beheerstelsel in plek gestel word.
|
Page generated in 0.0671 seconds