Analyzing General Management and Application Controls in BIS
VerifiedAdded on 2023/06/08
|9
|2572
|70
Essay
AI Summary
This essay provides a detailed analysis of business information systems, focusing on the differences between general management controls and application controls. Application controls are defined as security practices that restrict unauthorized applications, ensuring data integrity, availability, and co...
Running Head: Business Information System 0
Business Information Systems
Difference b/w General management controls and Application Controls
7/28/2018
Business Information Systems
Difference b/w General management controls and Application Controls
7/28/2018
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Business Information Systems 1
Introduction
Business Information Systems
Business Information System is the group of procedures that are inter-related. These systems are
required in the IT infrastructure of the Organizations to disseminate required information. These
systems are designed to support the decision making of the employees in the organizations
towards the attainment of the objectives. It is an systematized system of storage, collection,
communicating and organizing information. Information Systems are the study of corresponding
sources that are used by the organizations and the people to filter, process, create, distribute and
collect data. They emphasis only on the internal information system such as software, data,
business process and hardware that increases management and the efficiency of the
organizations. The aim of the Information Systems is the decision-making, support management
and the operations in organizations. The organization uses this system as the information and
communication technology. The software is used by the organization to analyze data. The main
purpose of this software is to convert raw information into appropriate information that is useful
for the organization in their decision making process. The different types of information systems
are executive information System, Decision Support System, Management Information System
and Transaction Information System. The information system is termed as environmental
controlling system and the telephonic switching system. This system requires resources for
processing information and the trained employees for managing the software. The information
system is prepared according to the requirement of the different levels of department in the
organizations (Yourarticlelibrary, 2018).
Difference between General Management control and Application control
Application Control:
Application control in Information System is a practice of security that restricts and blocks
unofficial applications from implementing in methods that puts facts at risk. The functions of
Application control depends on the purpose of the business of specific application. The major
objective of the application control is to ensure the security of files that is used by applications.
This control function includes identification, validity checks, authentication, input controls,
forensic controls and authorization. Application controls ensures integrity, availability of data
and confidentiality of data. This function helps the organization in reducing the threats and the
risk associated with the usage of application that puts the organization data at risk. Companies
are becoming dependent on the application control for the regular business operations. Business
organizations have to face the challenge of controlling security threats of data because of the use
of cloud-based, third party and the web-based applications in the business operations. With the
use of Application control in all type of company it can reduce the risk caused by illegal,
malicious and unauthorized network access. Application Control is classified as Processing
Control, Input Controls and Output controls. The types of Application control are control tools,
Introduction
Business Information Systems
Business Information System is the group of procedures that are inter-related. These systems are
required in the IT infrastructure of the Organizations to disseminate required information. These
systems are designed to support the decision making of the employees in the organizations
towards the attainment of the objectives. It is an systematized system of storage, collection,
communicating and organizing information. Information Systems are the study of corresponding
sources that are used by the organizations and the people to filter, process, create, distribute and
collect data. They emphasis only on the internal information system such as software, data,
business process and hardware that increases management and the efficiency of the
organizations. The aim of the Information Systems is the decision-making, support management
and the operations in organizations. The organization uses this system as the information and
communication technology. The software is used by the organization to analyze data. The main
purpose of this software is to convert raw information into appropriate information that is useful
for the organization in their decision making process. The different types of information systems
are executive information System, Decision Support System, Management Information System
and Transaction Information System. The information system is termed as environmental
controlling system and the telephonic switching system. This system requires resources for
processing information and the trained employees for managing the software. The information
system is prepared according to the requirement of the different levels of department in the
organizations (Yourarticlelibrary, 2018).
Difference between General Management control and Application control
Application Control:
Application control in Information System is a practice of security that restricts and blocks
unofficial applications from implementing in methods that puts facts at risk. The functions of
Application control depends on the purpose of the business of specific application. The major
objective of the application control is to ensure the security of files that is used by applications.
This control function includes identification, validity checks, authentication, input controls,
forensic controls and authorization. Application controls ensures integrity, availability of data
and confidentiality of data. This function helps the organization in reducing the threats and the
risk associated with the usage of application that puts the organization data at risk. Companies
are becoming dependent on the application control for the regular business operations. Business
organizations have to face the challenge of controlling security threats of data because of the use
of cloud-based, third party and the web-based applications in the business operations. With the
use of Application control in all type of company it can reduce the risk caused by illegal,
malicious and unauthorized network access. Application Control is classified as Processing
Control, Input Controls and Output controls. The types of Application control are control tools,
Business Information Systems 2
edit cheeks, computer matching, run control totals and Report Distribution logs (Digital
Guardian, 2017).
Benefits of Application Control:
It observes the application present in the IT environment and finds out which application to add.
This software is trusted by the business organization in the detection of the risks and fraud in
their data.
The application control software improves the network stability in the organizations.
It identifies the application operating within the environment.
Application controls provides information to the organizations and the company about the
important areas related to web traffic, dada patterns, threats and unauthorized applications
(Encyclopedia Britannica, 2018).
With the use of Application control, business organization gets information about the security
rules, zones, destination and traffic source to obtain the information about the usage pattern of
application. This function helps an organization in making informed decisions in securing their
data from threats and risks.
This control function has the capability of whitelisting and the blacklisting of the applications in
the organizations (Management Study Guide, 2018).
General Management Control:
General Management Control is the software that governs the security of data in business, design
and the use of programs in computer in the organizations software. It applies to all the
computerized applications in the organization. This control includes change management,
physical security and logical access. The combination of hardware, manual procedures and
software creates a control environment. General Management control includes hardware
controls, software controls, data security control, administrative control and computer operation
control (EDELKOORT, 2016).
Benefits of General Management Control:
The software control in the general management control monitors the usage of software in the
business organization and reduces the unauthorized use of the computer programs, system
software and the software programs. System software is the key area, as it performs the overall
function of the program.
edit cheeks, computer matching, run control totals and Report Distribution logs (Digital
Guardian, 2017).
Benefits of Application Control:
It observes the application present in the IT environment and finds out which application to add.
This software is trusted by the business organization in the detection of the risks and fraud in
their data.
The application control software improves the network stability in the organizations.
It identifies the application operating within the environment.
Application controls provides information to the organizations and the company about the
important areas related to web traffic, dada patterns, threats and unauthorized applications
(Encyclopedia Britannica, 2018).
With the use of Application control, business organization gets information about the security
rules, zones, destination and traffic source to obtain the information about the usage pattern of
application. This function helps an organization in making informed decisions in securing their
data from threats and risks.
This control function has the capability of whitelisting and the blacklisting of the applications in
the organizations (Management Study Guide, 2018).
General Management Control:
General Management Control is the software that governs the security of data in business, design
and the use of programs in computer in the organizations software. It applies to all the
computerized applications in the organization. This control includes change management,
physical security and logical access. The combination of hardware, manual procedures and
software creates a control environment. General Management control includes hardware
controls, software controls, data security control, administrative control and computer operation
control (EDELKOORT, 2016).
Benefits of General Management Control:
The software control in the general management control monitors the usage of software in the
business organization and reduces the unauthorized use of the computer programs, system
software and the software programs. System software is the key area, as it performs the overall
function of the program.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Business Information Systems 3
The hardware control in the general Management control ensures that the company system is
physically secure and ensures that there is no equipment malfunction. It protects the computer
equipment against humidity, fires and from rising temperature. (Linfordco, 2017).
The computer operation control features of General management control check the work of
computer department in the organization to ensures that the scheduled programs are correctly
applied to the processing and the storage of data in the organization
The data security control function of General Management Control ensures that the important
business data on tape or disk should be free from unauthorized change, destruction and access at
the time of their use or storage (Mindmeister, 2009).
The implementation control function of this software the development process of the system at
different levels to confirm that the system is properly managed and controlled in the
organization. The audit conducted for the system development process also ensures the existence
of formal analyses of the management and the users at the development stages. The audit looks
for the usage of conversion, control techniques for the development of programs, testing and for
the operations documentation (Pressbooks, 2018).
The administrative control feature formalizes the procedures, standards, control disciplines and
rules to ensure that the General Management controls in the organization is properly enforced.
Information System Risk Management techniques
Risk management in the information system is the process of the management of the risk
connected with the application of information technology in the business process. It includes
assessing, treating and identifying risk to the availability, integrity, confidentiality and security
of the asset of organizations. The last step in this process of risk management is the treatment of
risk with an overall organizational risk tolerance. The company to focus on their system security
to achieve the organizational objectives adopts the risk management techniques. This will help
an organization to understand the potential risks in their system. The programs for asset
management, configuration management and change management support the risk in information
system (Rapid7, 2018). The companies should use these techniques for the security of the digital
business process in the organization:
Managing the link between business and security: The most important goal of the security
program in the organization is the protection of the business. Business Stakeholders should be
actively engage in the security process. Strong understanding of the technical domain is
necessary for managing the link between business and security. Security executives in the
organization should have security strategies that are easily learned by the leaders in the
organization. This results in changing the view of the organization for the security function
(TechTarget, 2018).
The hardware control in the general Management control ensures that the company system is
physically secure and ensures that there is no equipment malfunction. It protects the computer
equipment against humidity, fires and from rising temperature. (Linfordco, 2017).
The computer operation control features of General management control check the work of
computer department in the organization to ensures that the scheduled programs are correctly
applied to the processing and the storage of data in the organization
The data security control function of General Management Control ensures that the important
business data on tape or disk should be free from unauthorized change, destruction and access at
the time of their use or storage (Mindmeister, 2009).
The implementation control function of this software the development process of the system at
different levels to confirm that the system is properly managed and controlled in the
organization. The audit conducted for the system development process also ensures the existence
of formal analyses of the management and the users at the development stages. The audit looks
for the usage of conversion, control techniques for the development of programs, testing and for
the operations documentation (Pressbooks, 2018).
The administrative control feature formalizes the procedures, standards, control disciplines and
rules to ensure that the General Management controls in the organization is properly enforced.
Information System Risk Management techniques
Risk management in the information system is the process of the management of the risk
connected with the application of information technology in the business process. It includes
assessing, treating and identifying risk to the availability, integrity, confidentiality and security
of the asset of organizations. The last step in this process of risk management is the treatment of
risk with an overall organizational risk tolerance. The company to focus on their system security
to achieve the organizational objectives adopts the risk management techniques. This will help
an organization to understand the potential risks in their system. The programs for asset
management, configuration management and change management support the risk in information
system (Rapid7, 2018). The companies should use these techniques for the security of the digital
business process in the organization:
Managing the link between business and security: The most important goal of the security
program in the organization is the protection of the business. Business Stakeholders should be
actively engage in the security process. Strong understanding of the technical domain is
necessary for managing the link between business and security. Security executives in the
organization should have security strategies that are easily learned by the leaders in the
organization. This results in changing the view of the organization for the security function
(TechTarget, 2018).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Business Information Systems 4
Governance and Data protection: Social, Cloud and Mobile networking solutions have created
business value by the enterprise implementation. These solutions have changed the traditional
ownership of Information system. Universal access to the application and system are demanded
by the organizations today and they permit their employees to have access to their own laptops
and smartphones. The information system security helps in the protection of data in the
organizations system (Kim, 2016).
Design Secure System: Hackers exposure should be reduced by limiting their access to the
technology infrastructure of the organization. Reasons of failure are minimized by reducing
unnecessary access to the software and hardware of the organization, unique set of logins,
domain names, servers and email address of each user should be set to reduce the damage in the
system (Entrepreneur, 2011)
Provide training: Threats in the security system of organization is the result of the carelessness of
the employees. Organization should build a corporate culture that focus on the security of
computer.
Avoid Unidentified Email attachments: Email attachment that includes Trojan Programs, viruses
and computer worms are not open by the employees. They should contact with the sender for the
confirmation (Enisa, 2018).
Keep delicate data confidential: cost saving and many benefits are offered by the cloud
computing to the businesses but these services also pose threats as the data operated by third
parties having their security issues. It is beneficial for the organization to keep their data
confidential in their own networks (TechTarget, 2018).
Stay Paranoid: Everything should be secured in the organizations including addresses, logos of
banks and vendors and the corporate names. Passwords of the system should be changed
regularly to maintain the privacy in the organization.
Communication: the decision of the treatment of risk should be communicated to all the
employees in the organization. The stakeholders should understand the cost related to the
treatment or not treatment of the risk and the reason related to the decision. Accountability and
the responsibility in the organization should be clearly defined within the individuals in the
company to ensure that the right employees are working for the right jobs in the organizations
(Pressbooks, 2018).
Monitoring: the plan choose by the organization requires proper implementation and control.
This plan requires continuous monitoring by the security executives of the organization
(Katsikas, 2016).
Backup: Backup plan is the important component for the information security in the
organization. The supervisors in the organization should teach their employees the importance of
Governance and Data protection: Social, Cloud and Mobile networking solutions have created
business value by the enterprise implementation. These solutions have changed the traditional
ownership of Information system. Universal access to the application and system are demanded
by the organizations today and they permit their employees to have access to their own laptops
and smartphones. The information system security helps in the protection of data in the
organizations system (Kim, 2016).
Design Secure System: Hackers exposure should be reduced by limiting their access to the
technology infrastructure of the organization. Reasons of failure are minimized by reducing
unnecessary access to the software and hardware of the organization, unique set of logins,
domain names, servers and email address of each user should be set to reduce the damage in the
system (Entrepreneur, 2011)
Provide training: Threats in the security system of organization is the result of the carelessness of
the employees. Organization should build a corporate culture that focus on the security of
computer.
Avoid Unidentified Email attachments: Email attachment that includes Trojan Programs, viruses
and computer worms are not open by the employees. They should contact with the sender for the
confirmation (Enisa, 2018).
Keep delicate data confidential: cost saving and many benefits are offered by the cloud
computing to the businesses but these services also pose threats as the data operated by third
parties having their security issues. It is beneficial for the organization to keep their data
confidential in their own networks (TechTarget, 2018).
Stay Paranoid: Everything should be secured in the organizations including addresses, logos of
banks and vendors and the corporate names. Passwords of the system should be changed
regularly to maintain the privacy in the organization.
Communication: the decision of the treatment of risk should be communicated to all the
employees in the organization. The stakeholders should understand the cost related to the
treatment or not treatment of the risk and the reason related to the decision. Accountability and
the responsibility in the organization should be clearly defined within the individuals in the
company to ensure that the right employees are working for the right jobs in the organizations
(Pressbooks, 2018).
Monitoring: the plan choose by the organization requires proper implementation and control.
This plan requires continuous monitoring by the security executives of the organization
(Katsikas, 2016).
Backup: Backup plan is the important component for the information security in the
organization. The supervisors in the organization should teach their employees the importance of
Business Information Systems 5
the backup of data on the regular basis. The employees should also conduct the test by restoring
some data.
Firewall: It is another important method that is used by an organization to increase their
network’s security. It can exist both as a software and a hardware. It protects all the computers
and the server of the company from the stopping packets from the outside network of the
organization. It also prevents the employees from having illegal use of computers in the
organization.
the backup of data on the regular basis. The employees should also conduct the test by restoring
some data.
Firewall: It is another important method that is used by an organization to increase their
network’s security. It can exist both as a software and a hardware. It protects all the computers
and the server of the company from the stopping packets from the outside network of the
organization. It also prevents the employees from having illegal use of computers in the
organization.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Business Information Systems 6
Conclusion
This can be concluded from the above essay that the Information system contains network of
integrated networks like software, network, people, hardware and network. These components
combine and convert the documents into information. This system helps the employees in the
organization in the decision-making. In this essay, the difference between General Management
control and the Application Control is discussed. The application control in the Information
Systems performs the function of identification, validity checks, authentication, input controls,
forensic controls and authorization in the organization. This control function helps in reducing
the risk related to the use of data in the organization. The General Management control function
in the Information System ensures the security of data in the computer systems of the
organization. It performs the function of change management, logical access and the physical
security. Risk Management in the Information System is necessary for securing the data of the
company from the external users. Risk Management is essential for maintaining the
confidentiality, integrity of the information system and the availability of the data in the
organization. The companies have to adopt techniques for improving the security of the digital
process of the organization. The techniques discussed in this essay are managing the link
between business and security, governance of data protection, proper training to its employees,
keeping data confidential and many more.
Conclusion
This can be concluded from the above essay that the Information system contains network of
integrated networks like software, network, people, hardware and network. These components
combine and convert the documents into information. This system helps the employees in the
organization in the decision-making. In this essay, the difference between General Management
control and the Application Control is discussed. The application control in the Information
Systems performs the function of identification, validity checks, authentication, input controls,
forensic controls and authorization in the organization. This control function helps in reducing
the risk related to the use of data in the organization. The General Management control function
in the Information System ensures the security of data in the computer systems of the
organization. It performs the function of change management, logical access and the physical
security. Risk Management in the Information System is necessary for securing the data of the
company from the external users. Risk Management is essential for maintaining the
confidentiality, integrity of the information system and the availability of the data in the
organization. The companies have to adopt techniques for improving the security of the digital
process of the organization. The techniques discussed in this essay are managing the link
between business and security, governance of data protection, proper training to its employees,
keeping data confidential and many more.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Business Information Systems 7
References
Digital Guardian. (2017) What is Application control?. [online] Available from:
https://digitalguardian.com/blog/what-application-control [Accessed 30/07/2018]
EDELKOORT. (2016) IT general controls and IT Application Controls. [online] Available from:
https://es-cpas.com/sox/it-general-controls-and-it-application-controls-what-businesses-really-
needs-to-know [Accessed 30/07/2018]
Encyclopedia Britannica. (2018) Information System. [online] Available from:
https://www.britannica.com/topic/information-system [Accessed 30/07/2018]
Enisa. (2018) Risk Management & Information Security Management system. [online] Available
from: https://www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-
risk/risk-management-inventory/rm-isms [Accessed 30/07/2018]
Entrepreneur. (2011) 10 ways to keep IT systems secure. [online] Available from:
https://www.entrepreneur.com/article/219954 [Accessed 30/07/2018]
Katsikas S. (2016) Information System Security: Facing the Information society of the 21st
century. UK: Springer.
Kim, D., and Solomon, MG. (2016) Fundamentals of Information System Security. United States
of America: Jones & Bartlett Publishers.
Linfordco. (2017) Types of Controls. [online] Available from: https://linfordco.com/blog/types-
of-controls/ [Accessed 30/07/2018]
Management Study Guide. (2018) Types of Information System. [online] Available from:
https://www.managementstudyguide.com/types-of-information-systems.htm [Accessed
30/07/2018]
Mindmeister. (2009) 5 types of Information System. [online] Available from:
https://www.mindmeister.com/37310006/5-types-of-information-systems [Accessed 30/07/2018]
Pressbooks. (2018) Chapter 6: Information System Security. [online] Available from:
https://bus206.pressbooks.com/chapter/chapter-6-information-systems-security/ [Accessed
30/07/2018]
Pressbooks. (2018) Information Systems for Business and beyond. [online] Available from:
https://bus206.pressbooks.com/chapter/chapter-1/ [Accessed 30/07/2018]
Rapid7. (2018) Information Security risk management. [online] Available from:
https://www.rapid7.com/fundamentals/information-security-risk-management/ [Accessed
30/07/2018]
References
Digital Guardian. (2017) What is Application control?. [online] Available from:
https://digitalguardian.com/blog/what-application-control [Accessed 30/07/2018]
EDELKOORT. (2016) IT general controls and IT Application Controls. [online] Available from:
https://es-cpas.com/sox/it-general-controls-and-it-application-controls-what-businesses-really-
needs-to-know [Accessed 30/07/2018]
Encyclopedia Britannica. (2018) Information System. [online] Available from:
https://www.britannica.com/topic/information-system [Accessed 30/07/2018]
Enisa. (2018) Risk Management & Information Security Management system. [online] Available
from: https://www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-
risk/risk-management-inventory/rm-isms [Accessed 30/07/2018]
Entrepreneur. (2011) 10 ways to keep IT systems secure. [online] Available from:
https://www.entrepreneur.com/article/219954 [Accessed 30/07/2018]
Katsikas S. (2016) Information System Security: Facing the Information society of the 21st
century. UK: Springer.
Kim, D., and Solomon, MG. (2016) Fundamentals of Information System Security. United States
of America: Jones & Bartlett Publishers.
Linfordco. (2017) Types of Controls. [online] Available from: https://linfordco.com/blog/types-
of-controls/ [Accessed 30/07/2018]
Management Study Guide. (2018) Types of Information System. [online] Available from:
https://www.managementstudyguide.com/types-of-information-systems.htm [Accessed
30/07/2018]
Mindmeister. (2009) 5 types of Information System. [online] Available from:
https://www.mindmeister.com/37310006/5-types-of-information-systems [Accessed 30/07/2018]
Pressbooks. (2018) Chapter 6: Information System Security. [online] Available from:
https://bus206.pressbooks.com/chapter/chapter-6-information-systems-security/ [Accessed
30/07/2018]
Pressbooks. (2018) Information Systems for Business and beyond. [online] Available from:
https://bus206.pressbooks.com/chapter/chapter-1/ [Accessed 30/07/2018]
Rapid7. (2018) Information Security risk management. [online] Available from:
https://www.rapid7.com/fundamentals/information-security-risk-management/ [Accessed
30/07/2018]
Business Information Systems 8
TechTarget. (2018) Information Security risk management: Understanding the componenets.
[online] Available from: https://searchsecurity.techtarget.com/tip/Information-security-risk-
management-Understanding-the-components [Accessed 30/07/2018]
TechTarget. (2018) Three Techniques for measuring information systems risk. [online] Available
from: https://searchsecurity.techtarget.com/tip/Three-techniques-for-measuring-information-
systems-risk [Accessed 30/07/2018]
Yourarticlelibrary. (2018) Business Information System: Meaning, Features and Components.
[online] Available from:
http://www.yourarticlelibrary.com/management/information-system/business-information-
system-meaning-features-and-components/70319 [Accessed 30/07/2018]
TechTarget. (2018) Information Security risk management: Understanding the componenets.
[online] Available from: https://searchsecurity.techtarget.com/tip/Information-security-risk-
management-Understanding-the-components [Accessed 30/07/2018]
TechTarget. (2018) Three Techniques for measuring information systems risk. [online] Available
from: https://searchsecurity.techtarget.com/tip/Three-techniques-for-measuring-information-
systems-risk [Accessed 30/07/2018]
Yourarticlelibrary. (2018) Business Information System: Meaning, Features and Components.
[online] Available from:
http://www.yourarticlelibrary.com/management/information-system/business-information-
system-meaning-features-and-components/70319 [Accessed 30/07/2018]
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.