perations Management
perations Management
OM is responsible for
the daily running of
hardware and software
facilities so that:
production application
systems can accomplish
their work
development staff can
develop, implement , and
maintain application
systems
perations Management
Changes in the operations function:
Ø Automation of tasks
Ø Decentralized
Ø Cheap hardware – more demanding users
Ø Outsourcing
OM may handle facility security
Consequences of poor performance
operator overrides program controls
inefficient job mix can undermine
software performance
Our objective is to understand good practice
perations Management
1. Computer Operations
2. Communications and Network
Control
3. Data Preparation and Entry
4. Production Control
5. File Library / Archives
6. Documentation and Program
Library
7. Help desk / Technical Support
8. Performance Monitoring
omputer Operations
Controls over computer
operations govern the
activities that support
the day-to-day execution
of either test or production
systems
Types of controls:
1. Operator protocols: Functions of operators and
applications
2. Machine Utilization / Job Schedules
3. Hardware Maintenance
ommunications Network
Managing the daily running of the wide area or
local network
Control over network control workstations and
software used to control access, privileges, and
monitoring of operations
Secure file servers – access controls
ata Preparation / Entry
Facilities designed to:
Promote speed and accuracy
Protect well-being of operators
Provide Training
Ensure Backup
roduction Work Flow Control
Transfer Pricing /
Receipt and of
Acquisition
Job Scheduling
•Billing users for consumption
•Authorized production jobs of
dispatchlevel
Service of input
Charge-out control IS resources,
• Authorized Sources control
•Establish and test job
computer - •Collecting receipts
•Timely submission of input
agreements
and output with
consumables files
•Paper and supplies
•Monitor compliance with
users •Follow-up output recipients
•Authorized on complaints
agreements
Organization
User
Data Control Computer
Preparation Section Room
Service bureau
ile-Library Function
Stored in a secure and
clean environment
Management of
Used for Authorized
machine-readable
purposes
storage media
Maintained in good
working order
Backup and retention of files
on-site and off site
ocumentation Library
Maintain documentation needed to support
computer operations and inventory of
acquired software.
Kept up-to-date
Authorized use only
Software not lost or stolen,
not illegally copied,
properly licensed and
backed-up
Help desk / Technical Support
1. Help end-users to employ hardware and software:
1. Microcomputers
2. Spreadsheets / databases / networks
2. Providing technical
support for production
systems by assisting
with problem resolution
1. Adequately trained staff
2. Logging and reporting
mechanisms
erformance Monitoring
high quality system design and implementation
measurement of hardware/software performance
suitable hardware/software configuration
system tuning and optimization
acceptable response times
statistics
utsourcing Contracts
1. Ongoing evaluation of the financial viability
of the outsourcing vendor
2. Ensuring compliance with
the outsourcing contract’s
terms and conditions
3. Ensuring the ongoing
reliability of controls in
the outsourcing vendor’s
operations
4. Maintaining procedures for disaster
recovery with the outsourcing vendor
icrocomputer Operations
Operations functions are dispersed
Education and standards for users
Establish standards
Promulgate standards
Enforce standards
Computer Operations -
Activities
Program Start / Defragment disks
Termination Backup (Routine)
Load Storage Media Organize Disks and
Load Forms and Structure (folders)
Documents Recover Files and
System
Retrieve and Distribute
Emergency shutdown
Output machines
Service Machines
Automation of Operations
1. Fixed storage media Auditor concerns
with AOF
2. Robotic media retrieval
parameters
3. Automated operations •Design
facilities (AOF) •Standards
•Secure file
•Testing
•Monitoring
•Documentation
•Backup
perator Protocols
Standards manual
methods and performance standards for computer
operators
procedures startup and closing
down hardware
descriptions of prohibited
activities
prescribed work flow patterns
action’s during system crash
disaster procedures
perator Protocols
Standards Manual
Standard times for mounting
and dismounting storage media
Multi-user environment
Provided by systems vendor
Developed by the installation
Application Run Manuals
Procedures - production run
Resource consumption expected
perator Protocols
Audit concerns
existenceand enforcement of standards
prevent operator from unauthorized
modifications to programs and data
weak separation of duties
access controls may be weak
perator Protocols
Compensating controls
high quality staff
careful checking of control
totals by users
if the person who developed
the system operates the system
- there is little incentive to
improper activities
nternal control
no access to file and documentation libraries
prohibited from using system resources
that enable “fixes”
restrict to running programs -
not correcting programs
monitor activities - operating system log
two or more operators per shift
rotation of operator duties
compulsory vacations
achine Utilization
machines used only for authorized purposes
Who authorizes systems runs?
provision for systems reruns, system
crashes, program development
production systems run
according to a predetermined
schedule
special problems of
microcomputers
reporting functions
aintenance
balance the mix of preventive and remedial to
minimize cost and disruption
preventive
regular testing
inspections
replacement of components
remedial
repair when component fails
performed by outside party?
Tradeoff between preventive
and remedial maintenance
Remedial Preventive Total
800
700
600
500
Cost
400
300
200
100
0
1 2 3 4 5 6 7 8
Frequency
aintenance Engineers
Operations manager review reports
Downtime vs Maintenance time
Control problems
hire consulting engineer to review work
protection of sensitive data and programs
repair tools - integrity violations
non disclosure agreements
background checks
rotation of duties
ommunications Network
Managing the daily running of the network
Network control workstation and software
Functions performed by the operator
Profiling groups, workstations, users
Starting / terminating lines and processes
Monitoring / Renaming / Statistics
Queue lengths / Backup frequency
Systems status / Warning messages
Examining data
ommunications Network
Control of devices connected
Startingup / terminating
workstation rights
Enquire workstation status
Downloading programs and data
Remote maintenance of workstation
Control totals / warnings and
error messages
ommunications Network
Workstation/Terminal Identification file
Control over data, access and logs
network control software
audit trail and review
event reporting
user profiles /group profiles
workstation profiles
Control over operator actions
training, rotation of duties,
Control over actions of engineers
ata Preparation
Keying tasks/environment
duration of task
adequate lighting
acoustic environment
layout uncluttered
ergonomically designed
productivity / health
Operator training / Equipment maintenance
Backup / recovery / Retention of media
uality Assurance
Facilitate the orderly flow of data
receive source documents from users
scanning for reasonableness,
completeness
checking control totals
log data - send to data preparation
collect data after entry
and check control totals
periodically conduct in-depth
quality assurance program
uery Answering
Answering queries about the status of work
users
DP personnel
Problems
lostinput or output
error messages
ineffective reports
need for a new schedule
poor turnaround time
ransfer Pricing
billing users harge-out
collecting receipts
Control
following up unpaid accounts
accurate, complete and understandable bills
alert management when transfer pricing is
not motivating users to use computer
resources efficiently and effectively
accuracy of outside charges
ile Library
Use of files
Maintenance of files
Backup and retention of files
se of Files
Maintenance of records of access and use (logs)
Scheduling of retrieval, use, and backup
Procedures for storing and retrieval
Destruction and recycling of media
Functions of librarian packages
Correct control and use of files
Physical storage environment
Protection of storage media
Audit of file libraries
Archiving
aintenance of Files
Cleaning and recertification
number / location / files stored
serial
maintenance instructions / history of errors
maintenance record / history of uses
File management reports
of media requiring maintenance
list
media experiencing abnormal errors
media that should be retired
Computer support
ackup and retention of files
Security administration -formulates
the backup and recovery plan
File library section
- implements this plan
backup decision for each type and
class of file and specific files
suitable off-site storage
secure method of transport
retention plan for each file
evaluate adequacy regularly
documentation Library
documentation for all systems
application systems documentation
program documentation
operator run manuals
user manuals
standards manuals
records of memorandum
books and journals
documentation
microcomputer problems / stored securely
issuing to authorized personnel only
adequate backup for documentation
online documentation
facilitates amendments and production of revsed hard copy
accessibility improved if on-line
if distributes on line - adequacy of communication controls
audit trail of changes to documentation
automation of controls over documentation
performance
Monitoring
high quality system design and implementation
measurement of hardware/software performance
suitable hardware/software configuration
system tuning and optimization
acceptable response times
statistics