Information technology as a risk management tool: case of NWPD (Finance Department)

Abstract

This mini dissertation considers the Information Technology as a management tool: case of NWPG (Finance department). The dissertation reveals the perception of IT officials regarding the roles of IT portfolio, characteristics, success and Intervention that can be applied by IT management. Though the period of study is wide in scope, this research investigates those factors which contribute to IT as a risk management tool. The central focus is only those aspects that contribute to IT. The dissertation also focusing on security controls which plays an important role as a main influence on risk management and is also vital to minimise business risk in fulfillment of the managements need for a going concern concept and how they can be implemented to address risks. Such security controls include formulated security policies and procedures that have to be complied with by all members of the organisation having access to all financial and other applications systems within that organisation. The system and information owners are responsible for ensuring that proper controls are in place to address integrity, confidentiality and availability of the IT systems and data they own. Typically the system and information owners are responsible for changes to their IT systems. The lack of security controls may lead to anyone within the organisation, acting as he or she deems fit. This can automatically lead to poor management decisions being made based on incomplete and inaccurate information created at the absence of access controls. Lack of security controls within a technological business environment enhances the possibility for fraudulent activities Attention is also paid to the involvement of IT management staff that plays a vital and crucial role in IT planning processes that are designed by management that adequately includes operational resources to support the automated line business. It also includes the step process model that can help elevate the IT risk conversation to the appropriate business executive, aiding the decision making process regarding IT risk posture those steps are that you must identify and classify your IT asserts and once you have identify you can then assign controls to them and mitigate IT risk to acceptable levels. The other step is that you must remediate IT risk and you must also manage risk. The Department of Finance in North-West Provincial Government has a legal responsibility to build risk management capacity in the public sector. Furthermore, The National Treasury has a legal responsibility to assist the Department of Finance in province in monitoring and addressing the systems of risk management in Provincial Departments and assisting with building risk management capacity in Provincial Departments. In executing its own mandate, The National Treasury takes acknowledgement of the mandate of the Provincial Treasury which is the Department of Finance as set out in the PFMA. It is also important to acknowledge the manner in which the legislation is written, sometimes it creates overlapping responsibilities for National Treasury.