Information Technology - Business Liaison
Effectiveness and efficiency of operations
A. Responsibilities of IT personnel are defined and communicated.
- Has information technology (IT) organizational chart been developed and continually updated?
- Is adequate supervision exercised, at appropriate levels, in each IT functional area? (Examples of functional IT areas may include applications development, IT user and technical support, networking services, and IT policy and administration.)
- Are adequate qualifications stressed in the hiring policies for IT personnel?
- Has an integrated personnel training and development program been established in the IT department and its importance recognized?
- Have policy manuals been developed and continually updated? (Examples of areas requiring policy manuals include network administration, IT security, contingency planning, systems operations and maintenance, technical support, file backup and archiving, hardware selection and acquisition, and software selection and acquisition.)
B. Incompatible duties among IT personnel are segregated.
- Have adequate segregation of duties between operations, systems, programming, applications programming, and data control been delegated?
- Do programmers and developers not approve or initiate changes to master file data or "live" data?
- Do IT personnel not have other duties in other departments? (For example, an IT programmer who creates the purchasing system would not also act as a purchasing agent for the University.)
- Has IT department been instructed to prepare reports covering the activities of its personnel? (Examples include time reports or Gantt charts highlighting the time element for specific projects.)
- Are sensitive files and programs required to be write-protected, password-protected,
or encrypted, and access limited to authorized personnel
only?