You are on page 1of 12

Latest Updates Final Paper 6 ISCA

Latest Updates in Information Systems and Control Audit


Chapter 1BTypes of Information Systems
Type

Level / Sublevels / Functional aspects


Strategic Level System
5Years
Budget 5Year Sale Trend Profit
Forecasting
Forecasting
Planning

Used by

ESS

5Years
Operating Plan

MIS

Management Level System(MLS) / Management Support System (MSS)


Sale
Annual
Capital
Relocation
Management
Inventory Control
Budgeting
Investment
Analysis

DSS
EIS

Sales Analysis
by
product,
area+, etc.

KMS

Engineering Workstations

Knowledge Level System


Graphics Workstations

Managerial Workstations

OAS

Word Processing

Document Imaging

Electronic Calendars

TPS

Order Tracking
Order
Processing
Sales and
Marketing

Production
Scheduling

Cost Analysis

Profitability
Analysis

Operations Support System (OSS)


Machine Control
Securities
Payroll
Plant Scheduling
Trading
Account Payable
Material Movement
Control

Cash
Management

Manufacturing

Finance

Account
Receivable
Accounting

Manpower
Planning

Contract
Analysis

Cost

Compensation
Training
&
Development
Employee
Record Keeping
Human
Resource

Senior
Managers

Middle
Managers

Knowledge
and Data
Workers

Operational
Managers

Function

Knowledge Management (KM)


1.

2.

Knowledge Management (KM):It is the process of


capturing, developing, sharing, and effectively using
organizational knowledge.
Knowledge Management System (KM)
(a) KMS is a multidisciplined approach to achieve
Knowledge Management System (KMS) Entitys
organizational objectives by making the best use
ofknowledge.
(b) KMS treats the knowledge component of
anEntitys activities as an explicit concern
reflected inStrategy, Policy, and Practice at all
levels of the Entity.
(c) KMS is the effect of a set of structural changes,
due
to
increased
Knowledge
Processing
awareness.

Stores and
Retrieves
Knowledge.

Improves
Collaboration

Locates
Knowledge
Sources

Knowledge
Management
System

Mines
Repositories for
hidden
Knowledge.

Captures and
Uses
Knowledge.

Enhances the
KM Process.

Need for Knowledge Management System (KMS)


1.

Adoption of Better CostManagementmeasures by Entities.

2.

Recognition ofIntangible Resources(like knowledge, technology, competencies, abilities to innovate, etc.)as assets.
1

Shree Guru Kripas Institute of Management


3.

Obtaining Competitive Gain by knowledge processing i.e. what an Entity knows, how it uses & how fast it can know
something new.

4.

Treating knowledge (KM) as an important factor of production like Land, Labour, Capital, etc.

Types of Knowledge Explicit vs Tacit


Particulars

Explicit Knowledge

Tacit Knowledge

Meaning

It represents Codified Knowledge found in


Documents, Databases etc.

It represents Intuitive Knowledge & KnowHowresiding


in the minds of Individuals in an organization.

Availability

It can be formalized easily and is thus easily


available across the organization.

It resides in a few (sometimes just one) person(s) and


has not been captured by the organization. It is not
made available to others.

Representation

It is articulated, and represented as spoken words,


written material and compiled data.

It is unarticulated and represented as intuition,


perspective, beliefs, andvalues that individuals form
based on their own experiences.

Documentation

It is codified, easy to document, transfer and


reproduce.

It is personal, experimentaland contextspecific. It is


difficult to document and communicate.

Examples

Online Tutorials, Policy Documents


Standard Operating Procedures, etc.

Handon skills,
Experiences, etc.

Transmission

Through training program, manuals etc.

Through socialization, mentoring, understudy, etc.

Role of IT

Easily handled by IT enabled tools.

Cannot be handled well through IT tools as such.

and

Special

KnowHow,

Employee

Specialized Systems
1.

2.

Components of ERP:
(a) Software
Component

It consists of modules like Finance, HR, Supply Chain Management, Supplier Relationship
Management, Customer Relationship, and Business Intelligence. Software Component is the
most visible part of ERP.

(b) Process Flow

It illustrates the flow of Information among different modules within an ERP system. This
helps to understand the working of ERP.

(c) Customer
Mindset

To make ERP implementation to succeed, theCompany should eliminate Negative Value or


Belief carried by the Users. Users include Employees, Vendors, Customer, Consultants, etc.

(d) Change
Management

In ERP implementation, change should bemanaged at several levels like User attitude,
resistance to change, andBusiness Process Changes.

Benefits of ERP
1.

Single Integrated System is used in streamlining processes and workflows.

2.

Sharing of Information across various departments.

3.

Uniform Processesbased on recognized bestbusiness practices.

4.

Single point data capture, and hence reduction in redundant data entry and processes.

5.

Improved workflow, efficiency, ontime delivery, quality, delivery times resulting in Customer Satisfaction.

6.

Reduced Inventory Costs resulting from better planning, trackingand forecasting of requirements.

7.

Speedy collections from customers due to better visibility into accounts andfewer billing, delivery errors.

8.

Decrease in Vendor Pricing due to better advantage of quantitybreaks and tracking vendor performance.

9.

TrackingActual Costs of activities usingActivity Based Costing.

10. Consolidated picture of Sales, Inventory and Receivables.

Latest Updates Final Paper 6 ISCA

Core Banking System (CBS)


1.

Core Banking:
(a) Core Banking refers to Banking services provided by a group of networked Bank Branches where customers may
access their Bank Account and perform transactions from any of the Member Branch Offices.
(b) Core Banking functions include transactions of accounts, loans, mortgages and payments.
(c) CBS Services can be used across multiple channels like ATMs, Internet Banking, and Branches.

2.

Core Banking Systems (CBS):


(a) CBS is a backend system that processes daily banking transactions, and posts updates to accounts and other
financial records.
(b) It includes Deposit, Loan and Credit processing capabilities, with interfaces to General Ledger Systems and
reporting tools.
(c) Some examples of CBS products are Finacle by Infosys, FinnOne by Nucleus and Flexcube by Oracle.

3.

Elements of CBS include


(a) Opening new accounts.
(b) Processing of Cash Deposits/ Withdrawals.
(c) Making and Servicing Loans.
(d) Processing Payments and Cheques
(e) Calculating Interest
(f) Customer Relationship Management (CRM) activities.
(g) Establishing criteria for Minimum Balances, Interest Rates, Number of Withdrawals allowed etc.
(h) Establishing Interest Rates.
(i)

Maintaining records for all the transactions of the Bank.

Managerial Controls & Application Controls based on IS Audit Functions


Controls based on IS Audit Functions:
Particulars
Managerial Controls

Application Controls

1.

Meaning

Managerial Controls must be performed to ensure


the development, implementation, operation and
maintenance of information systems in a planned
and controlled manner in an Entity.

2.

Objective

To provide a stable infrastructure in which


information systems canbe built, operated, and
maintained on a daytoday basis.

3.

Aspects
covered

(a) Planning determining the goals of the IS


function and themeans of achieving these
goals, through both Strategic & Operational
plans.
(b) Organizing gathering, allocating, and
coordinating
the
resources
needed
toaccomplish the goals,
(c) Leading motivating, guiding, and
communicating with personnel, and
(d) Controlling comparing actual performance
with planned performance for taking any
corrective actions, if any.

4.

Subsystems

See Separate Table below


3

Any activity that works to ensure the processing


accuracy of the application can be considered
an Application Control. These include the
Programmatic Routines within the Application
Program Code.
To ensure that data remains complete,
accurate and valid during its input, update
and storage.

(a)
(b)
(c)
(d)
(e)
(f)
(g)

Form Design,
Source Document Controls,
Input,Processing and Output Controls,
Media Identification,
Data Movement and LibraryManagement,
Data backup and Recovery,
Authentication
and
Integrity,
Legal
andRegulatory requirements.

See Separate Table below

Shree Guru Kripas Institute of Management


Table A: Types of Management Subsystem and their description
Management Subsystem
Responsible for
Management of IS Functions.
Top Management
Devising longrun policy decisions on using Information Systems
Overall responsibility for the planning and control of all IS Activities.
Information Systems Management
To advise top management for longrun policy decision making
Translating longrun policies into shortrun goals and objectives.
Systems Development Management
Design, implementation, and maintenance of Application Systems.
Programming New System.Maintainingold system.Providing general
Programming Management
systems support software.
Data Administration
Planning and Control Aspectsfor use of an Entitysdata.
Ensuring IS Development, Implementation, Operation, and Maintenance to
Quality Assurance
conform withQuality Standards.
Security Administration
Access Controls and Physical Security over IS function.
Operations Management
Planning and Control of daytoday operations of Information Systems.
Application Subsystem
Boundary
Input
Communication
Processing
Database
Output

Table B: Types of Application Subsystem and their description


Components
Establishes the interface between the User and the System.
Capture, Prepare, and Enter commands and data into the System.
Transmit Data among Subsystems and Systems.
Performing Decision Making, Computation, Classification, Ordering, and Summarization of Data.
Define, add, access, modify, and delete data in the System.
Retrieve and present Data to Users of the system.

Communication Controls
Three major types of exposure arise in the Communication subsystem:
(a) Transmission Impairments leading to difference between the Data Sent and the DataReceived,
(b) Corruption / Loss of Data through component failure, and
(c) Subversion of Data that is transmitted through thesubsystem, by a Hostile Party.
Controls to mitigate these types of exposure in Communication subsystem include:
1.

Physical Component Controls: Physical Components can affect the reliability of Communication Subsystem.
Control over Physical Components can mitigate the possible effects of exposures.
Component
Control Aspect
It is a physical path along which a signal can be transmitted between a Sender and a Receiver.
Transmission Media are classified as
Transmission
(a) Guided/Bound Media in which the signals are transported through enclosed physical
Media
path. (Twisted pair, Coaxial Cable, and Optical Fiber, etc.)
(b) Unguided Media, in which the signals propagate via freespace emission. (e.g. Satellite
Microwave, Radio Frequency, Infrared, etc.)
Communication
The reliability of Data transmission can be improved by choosing a Private (Leased)
Lines
Communication line rather than a Public Communication line.
(a) Increases the speed with which data can be transmitted over a communication line.
Modem
(b) Reduces the number of Line Errors arising due to distortion in equalization process, and
due to noise.
(a) This performs various Security functions to authenticate Users.
Port Protection
Devices
(b) It is used to mitigate exposures associated with dialup access to a computer system.
(a) It enhances the effectiveness of bandwidth/ capacity of a communication line can be
enhanced.
Multiplexers and
Concentrators
(b) These share the use of a highcost transmission line among many messages,that arrive at
the Multiplexer or Concentration Point from multiple low cost source lines.

Latest Updates Final Paper 6 ISCA


2.

Line Error Control:Error due to data transmission may be due to attenuation distortion, or noise that occurson the
Communication line. These errors must be detected and corrected through the following manner,
(a) Error Detection Detection using a Loop (Echo) Check orRedundancy Check into the message transmitted.
(b) Error Correction Correctionusing Forward Error Correcting Codes or Backward Error Correcting Codes.

3.

Flow Controls:These controls are required because two nodes in a network candiffer in terms of the rate at which
they can send, received, and process data.
Example:A Mainframe transmits data to a Microcomputer Terminal. Due to speed variations, theMicrocomputer cannot
display data on its screen at the same rate the data arrives fromthe Mainframe. Also, the Microcomputer will have
limited buffer space. Thus, itcannot continue to receive data from the mainframe and to store the data in its
bufferpending display of the data on its screen. Flow Controls will be used, toprevent the Mainframe swamping the
Microcomputer.

4.

Link Controls: In Wide Area Networks, Line Error Control and Flow Control are important functions whichmanages
the link between two nodes in a Network. The LinkManagement Components mainly use two common protocols HDLC
(Higher Level DataLink Control) and SDLC (Synchronous Data Link Control).

5.

Topological Controls: Communication Network Topology specifies the location ofnodes within a Network. It also
specifies the ways in which these nodes will be linked, datatransmission capabilities of the links,etc.Following are
different types of Network Topologies:
Topology

Features

Implement
ation

6.

Local Area Network (LAN) Topologies


Privately owned Networks,
Highspeed communication among nodes,
Confined to limited Geographic areas (e.g.
Single Floor or Building or Locations within a
few Kilometers, etc.)
Implemented using 4 basic types of topologies:
(1) Bus Topology, (2) Tree Topology, (3) Ring
Topology, and (4) Star Topology. Hybrid
topologies like the StarRing Topology and the
StarBus Topology are also used.

Wide Area Network (WAN) Topologies


Components are owned by other parties
(e.g. a Telephone Company),

Relatively
LowSpeed
Communication
among nodes,

Large Geographic Areas are covered.

Except Bus Topology, all other Topologies that


are used to implement LANs can also be used to
implement WANs.

Channel Access Controls: When two different nodes in a Network compete to use a Communication Channel,
Channel Access Control Techniques are used to resolve the conflict. These techniques involve
(a) Polling(NonContention): This technique establishes the order in which a Node can gain access to the
Channel capacity.
(b) Contention Methods: In this technique, Nodes in a network must competewith each other to gain access to a
Channel. Each Node is given immediate right ofaccess to the Channel. Accessing of Channels by Nodes depends on
the actions of other Nodes connected to the Channel.

7.

Internetworking Controls: Internetworking is the process of connecting two ormore communication networks
together to allow the Users of one network tocommunicate with the Users of other Networks. The Networks connected
to may or may not use same hardwaresoftware platform.Three types of devices are used to connect subnetworks
which is described below:
Device
Bridge

Router

Gateway

Functions
A Bridge connects similar Local Area Networks (e.g. one Token Ring Network to another Token Ring
Network).
A Router performs all the functions of a Bridge. In addition, it can (a) connect heterogeneous LANs
(e.g. a Bus Network to a Token Ring Network) (b) Network Traffic over the fastest channel between
two Nodes that reside in different subnetworks. (e.g. by examining traffic patterns within a Network
and between different Networks to determine channel availability.)
(a) Gateway performsProtocol Conversion to allow different types of communication architectures to
communicate with another.
(b) Gateway maps the functions performed in an application on one computer to the functions
performed by a different application with similar functions on another computer.
5

Shree Guru Kripas Institute of Management

Processing Controls
The Processing subsystem is responsible for computing, sorting, classifying, and summarizing data. Its components are

Central Processor Programs are executedhere [Note: Processor comprises (a) Control Unit which fetches programs
from memory and determines their type, (b) Arithmetic andLogical Unit, which performs operations, and (c) Registers,
which are used to storetemporary results and control information.

Real or Virtual Memory (Program Instructions and Data are Stored)

Operating System (Manages System Resources)

Application Programs (Executes instructions to achieve specific User requirements.)

1.

Some Controls to reduce expected losses from errors and irregularities associated with Central Processors are
Control

Explanation

Error Detection
and Correction

(a) Processors may malfunction due to design errors, manufacturing defects, damage,
electromagnetic interference, and ionizing radiation.
(b) Various types of Error Detection and Correction Strategies must be used.

Multiple
Execution
States

(a) Determination of number and nature of the execution states enforced by the Processor is very
critical for the auditors.
(b) They help to determine unauthorized activities, such as gaining access to sensitive data
maintained in memory regions assigned to the operating system or other user processes, etc.

Timing
Controls

An Operating System might get stuck in an infinite loop. In the absence of any control, the
program will not allow the Processorto function and prevent other programs from performing.

Component
Replication

Failure of Processor can result in significant losses. Redundant Processors allow errors to be
detected and corrected. If processor failure is permanent in multicomputer or multiprocessor
architectures, the system might reconfigure itself to isolate the failed processor.

2.

Real Memory Controls:


(a) It comprises of fixed amount of primary storage inwhich programs or data must reside to carry out the Instructions
from the Central Processor.
(b) It also tries to detect and correct errors that occur inmemory cells and to protect areas of memory assigned to a
program from illegal accessby another program.

3.

Virtual Memory Controls:


(a) Virtual Memory exists when the addressable storagespace is larger than that of the available Real Memory Space.
(b) To achieve this outcome, a Control Mechanism is used to map Virtual Memory Addresses into Real Memory Addresses.

Chapter 6 Information Systems Security COBIT


Components in COBIT
1.

Framework: It organizesIT governance objectives & good practices and to link them to Business Requirements.

2.

Process Descriptions: It acts as a reference process model &common language foreveryone in an organization. The
processes map to responsibility areas of Plan,Build, Run and Monitor.

3.

Control Objectives:It providesa complete set of highlevel requirements to beconsidered by management for
effective Control of each IT process.

4.

Management Guidelines: It helpsto assign Responsibilities, to agree on Objectives, to measurePerformance, and to


illustrate Interrelationship with other processes.

5.

Maturity Models:This helps to assess the maturity and capability of process, and to addressgaps.

Latest Updates Final Paper 6 ISCA

Governance & Management Processes in COBIT 5


1.

2.

The COBIT 5 Process Reference Model incorporates both Risk IT and Val IT Frameworks. The complete COBIT 5
Enabler Model comprises of 37 Governance and Management Processes as under
Process Type
Description of Domains
Process Sequence
No. of Processes
Governance Processes Evaluate, Direct & Monitor Practices (EDM) EDM01 to EDM05
05
Align, Plan and Organize (APO)
APO 01 to APO 13
13
Build,
Acquire
and
Implement
(BAI)
BAI
01
to
BAI
10
10
Management
Processes
Deliver, Service and Support (DSS)
DSS01 to DSS06
06
Monitor, Evaluate and Assess (MEA)
MEA01 to MEA03
03
Total
37
Linkage of Processes:
Particulars
Governance Processes
Governance Process: This Process ensures
(a) Evaluating Stakeholders needs and
available options, to determine balanced,
agreedon enterprise objectives to be
achieved,
Scope
(b) Setting Direction through prioritization
and decision making, and
(c) Performance monitoring for compliance
and to reach the agreedon objectives.
Evaluate
Domain
Direct

Business
Needs

Management Processes
Management Process: These domains provides end
toend coverage of IT in alignment with the direction
set by the Governance Body to achieve the Enterprise
objectives.

Plan

Monitor

i.e. APO

Build

BAI

Run

DSS

Monitor

MEA

Feedback

Chapter 6Information Systems Security ISO 27001


2013 Revision of ISO27001
ISO/IEC 27001 wasextensively revised in 2013, bringing it into line with the other ISO certified managementsystems
standards and dropping the Plan Do Check Act (PDCA)concept.
1. Revised ISO/IEC 27001:2013 specifies therequirements for establishing, implementing, maintaining and
continuallyimproving anISMS within the context of theorganization.
2. ISO27001 includes requirements for the assessment and treatment ofIS risks tailored to the needs of the organization.
Therequirements set out in ISO/IEC 27001:2013 are generic, and are intended to beapplicable to all
organizations, regardless of type, size or nature.
2005 Standard
More emphasis on PDCA Cycle.
Not much reference to IT Outsourcing.
133 Controls are listed under 11 Categories.
Designed to be independent.

2013 Standard
More emphasis on Information Security, Risk Assessment. PDCA Cycle
is no longer mandated.
Provides guidance on Outsourcing, since many Entities rely on third
parties to provide IT related services.
114 Controls are structured under 14 categories.
Has many common features with other management standards such as
ISO 9000 and ISO 20000. Other continuous improvement processes
like Six Sigmas DMAIC method also be implemented.

Structure of ISO/IEC 27001:


7

Shree Guru Kripas Institute of Management


It has ten short clauses, with a long Annexure. Aspects covered in these Clauses and Annexures are as follows:
Clause No.

Coverage

Clause No.

Coverage

Clause 1

Scope

Clause 6

Planning

Clause 2

Normative references

Clause 7

Support

Clause 3

Terms and Definitions

Clause 8

Operation

Clause 4

Context of the organization

Clause 9

Performance evaluation

Clause 5

Leadership

Clause 10

Improvement

Annexure This specifies 114 controls in 14 groups (A.5 to A.18) as follows:


Annex

Coverage

No. of Controls

A.5

Information Security Policy

02

A.6

Organization of Information Security

07

A.7

Human Resource Security

06

A.8

Asset Management

10

A.9

Access Control

14

A.10

Cryptography

02

A.11

Physical and Environmental Security

15

A.12

Operations Security

14

A.13

Communications Security

07

A.14

Information Systems Acquisition, Development and Maintenance

13

A.15

Relationship with External Parties

05

A.16

Information Security Incident Management

07

A.17

Information Security in Business Continuity Management

04

A.18

Compliance with Legal &Contractual Requirements

08

Key Changes from the 2005 Standard


This new standard emphasizes on Measuring and Evaluatingthe performance of ISMS in an organization. It does not
emphasize the PDCA Cycle.Moreattention is paid to the Information Security, and RiskAssessment.
Major changes to the standard are:
1. Annex A has been revised and restructured,with 114 controls under 14categories when compared to the previous
version of 133 controls under 11 categories.
2.

The PlanDoCheckAct Cycle (PDCA) is no longer mandated.

Chapter 6Information Systems Security ITIL


Components of ITIL Volumes
Inclusions under each of the Framework Volume
1.

Service Strategy:

Latest Updates Final Paper 6 ISCA


Aspect

2.

Description

(a) IT Service
Generation

Implementation & Management of QualityITServices,performed by IT Service Providers


through (i) People,(ii) Process and (iii) Information Technology.

(b) Service Portfolio


Management

Application of Systematic Management to the Investments, Projects and Activities of


Enterprise Information Technology (IT) Departments.

(c) Financial
Management

Accurate and Cost Effective Stewardship of IT Assets and Resources,which is used in


providing IT Services.

(d) Demand
Management

Planning Methodology used to manage and forecast the demand of Products and Services.

(e) Business
Relationship
Management

Approach to understand, define, and support business activities relating to providing and
consuming knowledge and servicesthrough Networks.

Service Design:
Aspect
(a) Service
Catalogue
Management

(b) Service Level


Management

Description

(c) Availability
Management

(d) Capacity
Management

(e) IT
Service
Continuity
Management
(f) Information
Security
Management

(g) Supplier
Management

3.

Service Catalogue should contain accurate details, dependencies and interfaces of all
services made available to Customers.
Information like Customer Ordering, Processing of Requests, Prices, Deliverables and
Contract Points are maintained.
It is the primary interface with the customer.
It is responsible for ensuring services are delivered when and where they are supposed to
be, interfacing with Availability Management, Capacity Management, Incident Management
and Problem Management.
It provides for continual identification, monitoring and review of the levels of IT services in
accordance with ServiceLevel Agreements (SLAs).
This helps the Entities to ensure the IT ServiceAvailability to support the Business at a
Justifiable Cost.
Activities comprise (a) realizing availability requirements, (b) compiling availability
plan, (c) monitoring availability and (d) maintenance of obligations.
This area addresses many IT component abilities like Reliability, Maintainability,
Serviceability, Resilience and Security to perform at an agreed level.
This helps to match the Entitys IT Resources to Business Demands, resulting in optimum
and costeffective provision of IT Services.
Activities include (a) Application Sizing, (b) Workload Management, (c) Demand
Management, (d) Modelling, (e) Capacity Planning, (f) Resource Management and (g)
Performance Management.

It is a process to ensure IT Services can recover and continue, even after a serious
incident.

It seeks to ensure adequate Information Security, i.e.protection of Information Assets


against risks, resulting in retainment of their value.
It aims to ensureConfidentiality, Integrity and Availability of Information Assets, along with
related properties or goals such as Authenticity, Accountability, NonRepudiation and Reliability.

Service Transition:
(a) Service Transition
Planning & Support

It seeks to obtain Value for Money from Suppliers and Contracts.


It ensures contracts and agreements align with business needs.
It monitors the process of identification of business needs, evaluation of Suppliers,
establishing contracts, their categorization, management, termination, etc.

This ensures orderly transition,byincorporating the Service Design & Operational


Requirements within its Transition Planning.
9

Shree Guru Kripas Institute of Management

(b) Change
Management
Evaluation

and

(c) Service Asset and


Configuration
Management
(d) Release and
Deployment
Management
(e) Service Validation
and Testing
(f) Knowledge
Management

4.

A change is an event that results in a new status of one or more Configuration


Items (CIs).

Change should (i) be approved by the management,(ii) result in cost


effectiveness, enhancement in Business Process with a minimum risk to IT
infrastructure.

Standardized Methods and Procedures are used for efficient handling of all changes.

It seeks tomaintain information (i.e. configurations) about Configuration Items (i.e.


Assets) required todeliver an IT service.

It helps in tracing every aspect of a configuration from beginning to end.

It is used by the Software Migration Team, for platformindependent and automated


distribution of software and hardwareincluding License Controls.

This process ensures availability of licensed, tested, and versioncertified software


and hardware.

It ensures that theReleases and the Services meet the expectations of customer.

It also verifies whether IT operations are able to support the new service.

It is the process of capturing, developing, sharing, and effectively using


organisational knowledge.

It is a multidisciplined approach to achieving organisational objectives by making


the best use of knowledge.

Service Operation

(a) Service Desk

(b) Application
management

It is one of four ITIL functions,(It is primarily associated with the Service Operation Life
Cycle Stage.)

Service Desk Functions include (i) handling incidents&requests, and (ii) providing an
interface for other IT processes.

Features include Single Point of Contact (SPOC), Single Point of Entry and Exit, etc.
which is easier for customers due to streamlined communication channel.

It is aset of Best Practices to improve the overall quality of IT Software Development and
Support through SDLC, particularly fordefining requirements to meet Business Objectives.

IT Operations primarily works based on documented processes and procedures.

(c) IT Operations

It isconcerned with specific subprocesses, such as (i) Output Management, (ii) Job
Scheduling, (iii) Backup and Restore, (iv) Network Management, (v) System Management,
(vi)Database Management and (vii) Storage Management, etc.

(d) IT Technical
Support

It provides functions like Research & Evaluation, (i) Market Intelligence, (ii) Proof of Concept
and Pilot Engineering, (iii) Specialist Technical Expertise, Documentation, etc.

(e) Incident
Management

It aims to restore normal service operations quickly and minimizes the adverse effect on
business operations, by ensuring best possible levels of service quality and availability.

(f) Request
Fulfillment

Request Fulfillment (or Request Management) focuses on fulfilling Service Requests, e.g.
requests to change a Password or requests for information by the User.

(g) Access
Management

This manager access issues and privileges based on user Rights.

(h) Event
Management
(i)

Problem
Management

An Event may indicate that something is not functioning correctly, leading to an incident
being logged.

Event Management generates and detects notifications. It monitors and checks the
functioning of components, even when no events are occurring.

This seeks to identify notifications and problem areas therein and initiate processor for
handling them.

Latest Updates Final Paper 6 ISCA


Service Strategy

Service Design

Service Transition

Service Operation

IT Service Generation

Service Catalogue
Management

Service Transition
Planning and
Support

Service Desk
Functions

Service PortfolioManagement

Service Level
Management

Change
Management&
Evaluation

Application
Management

FinancialManagement

Availability
Management

Service Asset and


Configuration
Management

IT Operations

DemandManagement

Capacity
Management

Release &
Deployment
Management

IT Technical
Support

BusinessRelationshipManagement

IT Service
Continuity
Management

Service Validation
and Testing

Incident
Management

Information
Security
Management

Knowledge
Management

Request
Fulfillment

Supplier
Management

Access
Management
Event
Management
Problem
Management

Continual Service Improvement

11

Shree Guru Kripas Institute of Management


STUDENTS NOTES