Chayuth Singtongthumrongkul

Size: px
Start display at page:

Download "Chayuth Singtongthumrongkul"

Transcription

1 IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional Center Co., Ltd.

2 COBIT 5 is the latest edition of ISACA s globally accepted IT governance framework that ISACA has officially released by on April 12, COBIT is a registered trademark of ISACA. All other trademarks and company names mentioned are the property of their respective owners. ISACA All rights reserved. Reference: This presentation is excerpted and modified from ISACA s COBIT and all related documents. Source: ACIS Research, All have been modified from ISACA s COBIT 5 and all related documents Copyright, ACIS Professional Center Company Limited, All rights reserved 2

3 COBIT 5 is a major strategic improvement which provides the next generation of ISACA guidance on the governance and management of enterprise information and technology (IT) assets. Building on more than 15 years of practical application, ISACA designed COBIT5 to meet the needs of stakeholders, and to align with current thinking on enterprise governance and management techniques as they relate to Information and related Technology. COBIT 5 integrates all existing related ISACA guidance (COBIT 4.1, Val IT, Risk IT, BMIS) and aligns with the latest relevant other standards and frameworks, and thus provides the unique overarching framework. Copyright, ACIS Professional Center Company Limited, All rights reserved 3

4 COBIT 5 provides an end-to-end business view of the governance of enterprise IT (GEIT), reflecting the central role of both information and technology in creating value for the business. The principles, practices, analytical tools and models found in COBIT 5 embody thought leadership and guidance from global business and IT leaders and governance experts. Business analysts should become familiar with this framework if they are not already, as this framework embodies the same key principle of business analysis, which is delivering value the business Copyright, ACIS Professional Center Company Limited, All rights reserved 4

5 Copyright, ACIS Professional Center Company Limited, All rights reserved 5

6 Copyright, ACIS Professional Center Company Limited, All rights reserved 6

7 Copyright, ACIS Professional Center Company Limited, All rights reserved 7

8 Copyright, ACIS Professional Center Company Limited, All rights reserved 8

9 Copyright, ACIS Professional Center Company Limited, All rights reserved 9

10 Copyright, ACIS Professional Center Company Limited, All rights reserved 10

11 Copyright, ACIS Professional Center Company Limited, All rights reserved 11

12 Copyright, ACIS Professional Center Company Limited, All rights reserved 12

13 Evolution of scope 360 o IT Management : COBIT 5 and IT Governance Trends COBIT 5: Now One Complete Business Framework for Governance of Enterprise IT IT Governance Management Val IT 2.0 (2008) Control Audit Risk IT (2009) COBIT1 COBIT2 COBIT3 COBIT4.0/4.1 COBIT / An business framework from ISACA, at ISACA All rights reserved. Copyright, ACIS Professional Center Company Limited, All rights reserved 13

14 COBIT 5 Product Family - Includes Implementation Guidance - Source: COBIT 5 Implementation, figure ISACA All rights reserved. Copyright, ACIS Professional Center Company Limited, All rights reserved 14

15 COBIT 5 Product Family - Includes Implementation Guidance - Documents have been officially released by April 2012 COBIT 5 Framework COBIT 5 Enabling Processes COBIT 5 Implementation Copyright, ACIS Professional Center Company Limited, All rights reserved 15

16 COBIT 5 Product Family A set of resources to help you implement COBIT 5 effectively in your enterprise. - COBIT 5 Toolkit and Materials, Documents under development - COBIT 5 for Information Security COBIT 5 for GRC COBIT 5 for Risk COBIT Translations COBIT 5 for Assurance COBIT 5 Online COBIT Assessment Programme Other Professional Guides Copyright, ACIS Professional Center Company Limited, All rights reserved 16

17 COBIT 4.1 and COBIT 5 Copyright, ACIS Professional Center Company Limited, All rights reserved 17

18 IT GOVERNANCE AND GRC Governance, Risk Management, Compliance IN COBIT 5 Copyright, ACIS Professional Center Company Limited, All rights reserved 18

19 A GRC Model Example Copyright, ACIS Professional Center Company Limited, All rights reserved 19

20 Integrated GRC Framework Strategy Copyright, ACIS Professional Center Company Limited, All rights reserved 20

21 ISO/IEC 38500:2008 Corporate Governance of Information Technology ITG Framework Principles: Principle 1: Responsibility Principle 2: Strategy Principle 3: Acquisition Principle 4: Performance Principle 5: Conformance Principle 6: Human Behavior ITG Model: a) Evaluate b) Direct c) Monitor Copyright, ACIS Professional Center Company Limited, All rights reserved 21

22 Implementing Governance The integration of the implementation of the GRC activities within an enterprise requires a systemic approach for reliably achieving the business goals of its stakeholders. Such approaches are typically based on enablers of various types (e.g., principles, policies, models, frameworks, organiational structures). Copyright, ACIS Professional Center Company Limited, All rights reserved 22

23 IT Governance Defined Integration of Governance and Management Distinction between Governance & Management often misunderstood Effective integration of these two element is critical for successful IT Governance in any enterprise or organization IT Governance is NOT responsible for rending IT infrastructure IT Governance IS responsible for oversight of the management processes that render IT infrastructure Copyright, ACIS Professional Center Company Limited, All rights reserved 23

24 The Relationship Board of Directors IT Oversight IT Governance Business Management Business/IT Requirements IT Management IT Management IT Processes IT Resources COBIT, ITIL, CMMI, ISO 27001/ISO 27002, etc. IT Assets Management Copyright, ACIS Professional Center Company Limited, All rights reserved 24

25 Copyright, ACIS Professional Center Company Limited, All rights reserved 25

26 Governance and Management Processes Copyright, ACIS Professional Center Company Limited, All rights reserved 26

27 Separating Governance and Process Reference Model Management Divides governance and management processes into two primary domains: - Governance (1 Domain, 5 Processes) Within each process, evaluate, direct, and monitor practices are defined. - Management (4 Domains, 32 Processes) In line with responsibility areas of plan, build, run and monitor, provide an end-to-end coverage of IT Management. The Process cover the full spectrum of business and IT activities related to governance and management of enterprise IT thus making the process model truly enterprise-wide Copyright, ACIS Professional Center Company Limited, All rights reserved 27

28 New GEIT Principles in COBIT 5 COBIT 5 Principles Source: COBIT 5, figure ISACA All rights reserved. Copyright, ACIS Professional Center Company Limited, All rights reserved 28

29 Governance (and Management) in COBIT 5 Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed direction and objectives (EDM). Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM). Exercising governance and management effectively in practice requires appropriately using all enablers. The COBIT process reference model allows us to focus easily on the relevant enterprise activities.

30 Governance in COBIT 5 (cont.) Source: COBIT 5, figure ISACA All rights reserved.

31 Risk Management in COBIT 5 The GOVERNANCE domain contains five governance processes, one of which focuses on stakeholder risk-related objectives: EDM03 Ensure risk optimisation. Process Description Ensure that the enterprise s risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of IT is identified and managed. Process Purpose Statement Ensure that IT-related enterprise risk does not exceed risk appetite and risk tolerance, the impact of IT risk to enterprise value is identified and managed, and the potential for compliance failures is minimised.

32 Risk Management in COBIT 5 (cont.) The MANAGEMENT Align, Plan and Organise domain contains a risk-related process: APO12 Manage risk. Process Description Continually identify, assess and reduce IT-related risk within levels of tolerance set by enterprise executive management. Process Purpose Statement Integrate the management of IT-related enterprise risk with overall ERM, and balance the costs and benefits of managing IT-related enterprise risk.

33 Risk Management in COBIT 5 (cont.) Source: COBIT 5, figure ISACA All rights reserved.

34 Risk Management in COBIT 5 (cont.) In addition to activities, COBIT 5 suggests accountabilities, and responsibilities for enterprise roles and governance/management structures (RACI charts) for each process. These include risk-related roles. Source: COBIT 5: Enabling Processes, page ISACA All rights reserved.

35 Compliance in COBIT 5 The MANAGEMENT Monitor, Evaluate and Assess domain contains a compliance focused process: MEA03 Monitor, evaluate and assess compliance with external requirements. Process Description Evaluate that IT processes and IT-supported business processes are compliant with laws, regulations and contractual requirements. Obtain assurance that the requirements have been identified and complied with, and integrate IT compliance with overall enterprise compliance. Process Purpose Statement Ensure that the enterprise is compliant with all applicable external requirements.

36 Compliance in COBIT 5 (cont.) Source: COBIT 5, figure ISACA All rights reserved.

37 Compliance in COBIT 5 (cont.) Legal and regulatory compliance is a key part of the effective governance of an enterprise, hence its inclusion in the GRC term and in the COBIT 5 Enterprise Goals and supporting enabler process structure (MEA03). In addition to MEA03, all enterprise activities include control activities that are designed to ensure compliance not only with externally imposed legislative or regulatory requirements but also with enterprise governancedetermined principles, policies and procedures.

38 Compliance in COBIT 5 (cont.) In addition to activities, COBIT 5 suggests accountabilities, and responsibilities for enterprise roles and governance/management structures (RACI charts) for each process. These include a compliance-related role. Source: COBIT 5: Enabling Processes, page ISACA All rights reserved.

39 Summary GRC in COBIT 5 The COBIT 5 framework includes the necessary guidance to support enterprise GRC objectives and supporting activities: Governance activities related to GEIT (5 processes) Risk management process and supporting guidance for risk management across the GEIT space Compliance a specific focus on compliance activities within the framework and how they fit within the complete enterprise picture Inclusion of GRC arrangements within the business framework for GEIT helps enterprises to avoid the main issue with GRC arrangements silos of activity!

40 INFORMATION SECURITY IN COBIT 5 Copyright, ACIS Professional Center Company Limited, All rights reserved 40

41 COBIT 5: Value Creation Delivering enterprise stakeholder value requires good governance and management of IT assets including information security arrangements. External legal, regulatory and contractual compliance requirements (sometimes covering information security requirements) related to enterprise use of information and technology are increasing, threatening value if breached. COBIT 5 provides a comprehensive framework that assists enterprises to achieve their goals and deliver value through effective governance and management of enterprise IT providing a sound basis for information security arrangements. 41

42 COBIT 5 Integrates BMIS Components COBIT 5 has also taken the valuable holistic, interrelated component model approach from the Business Model for Information Security (BMIS) work and incorporated it into the framework components. Copyright, ACIS Professional Center Company Limited, All rights reserved 42

43 COBIT 5 Integrates BMIS Components Several of the BMIS components are now integrated within COBIT 5 as interacting enablers that support the enterprise in achieving its business goals and create stakeholder value: Organisation Process People Human Factors Technology Culture Copyright, ACIS Professional Center Company Limited, All rights reserved 43

44 COBIT 5 Product Family Includes an Information Security Member Copyright, ACIS Professional Center Company Limited, All rights reserved 44

45 ITG IMPLEMENTATION APPROACH IN COBIT 5 Copyright, ACIS Professional Center Company Limited, All rights reserved 45

46 Concepts for New ITG Framework Implementation Life Cycle Implementing and Continually Implementing IT Governance consist of: Create the right environment Programme Management /Project Management Change Enablement Continual Improvement Life Cycle Copyright, ACIS Professional Center Company Limited, All rights reserved 46

47 COBIT 5 Product Family Includes Implementation Guidance Copyright, ACIS Professional Center Company Limited, All rights reserved 47

48 COBIT 5 Goals Cascade Overview ACIS Professional Center Company Limited, All rights reserved 48

49 Stakeholder Needs Internal Stakeholders Board, CEO, chief financial officer (CFO), chief information officer (CIO), business executives, business process owners, business managers, risk managers, security managers, service managers, HR managers, internal audit, privacy officers, IT users, IT managers, etc. External Stakeholders Business partners, suppliers, shareholders, regulators/government external users, customers, standardisation organisations, external auditors, consultants, etc. ACIS Professional Center Company Limited, All rights reserved 49

50 Stakeholder Needs Internal Stakeholder Needs How do I get value from IT? How do I manage performance of IT? How can I best exploit new technology for new strategic opportunities? How do I know whether I m compliant with all applicable regulations? How do I best build and structure my IT department? What are (control) requirements for Information? Did I address all IT related risks? Am I running an efficient and resilient IT operation? How do I control cost of IT? ACIS Professional Center Company Limited, All rights reserved 50

51 Stakeholder Needs Internal Stakeholder Needs (cont.) How do I use IT resources in the most effective and efficient manner? What are the most effective and efficient sourcing options? Do I have enough people for IT? How do I develop and maintain their skills, and how do I manage their performance? How do I get assurance over IT? Is the information I am processing well secured? How do I improve business agility through a more flexible IT environment? Is it clear what IT is doing? How often do IT projects fail to deliver what they promised? How critical is IT to sustaining the enterprise? ACIS Professional Center Company Limited, All rights reserved 51

52 Stakeholder Needs External Stakeholder Needs How do I know my business partner s operations are secure and reliable? How do I know the organisation is compliant with applicable rules and regulations? How do I know the enterprise is maintaining an effective system of internal control? ACIS Professional Center Company Limited, All rights reserved 52

53 Enterprise Goals Mapped to Governance Objectives Copyright, ACIS Professional Center Company Limited, All rights reserved 53

54 IT Related Goals Copyright, ACIS Professional Center Company Limited, All rights reserved 54

55 Mapping COBIT 5 Enterprise Goals to IT Related Goals Copyright, ACIS Professional Center Company Limited, All rights reserved 55

56 Mapping COBIT 5 IT Related Goals to COBIT 5 Processes Copyright, ACIS Professional Center Company Limited, All rights reserved 56

57 Mapping COBIT 5 IT Related Goals to COBIT 5 Processes Copyright, ACIS Professional Center Company Limited, All rights reserved 57

58 Mapping COBIT 5 Enterprise Goals to Stakeholders Needs Copyright, ACIS Professional Center Company Limited, All rights reserved 58

59 Mapping COBIT 5 Enterprise Goals to Stakeholders Needs Copyright, ACIS Professional Center Company Limited, All rights reserved 59

60 Thank You Copyright, ACIS Professional Center Company Limited, All rights reserved 60

61 Social Networking Security and Mobile Computing Security Conference Cyber Defense Initiative Conference 2012 CDIC 2012

62 Thailand Information Security Association ACIS Professional Center Co., Ltd. Facebook : Twitter:

COBIT 5 Introduction. 28 February 2012

COBIT 5 Introduction. 28 February 2012 COBIT 5 Introduction 28 February 2012 COBIT 5 Executive Summary 2012 ISACA. All rights reserved. 2 Information! Information is a key resource for all enterprises. Information is created, used, retained,

More information

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com COBIT 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com 1 Copyright Notice COBIT is 1996, 1998, 2000, 2005 2012 ISACA and IT Governance Institute.

More information

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA

More information

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview COBIT 5 IACA s new framework for IT Governance, Risk, ecurity and Auditing An overview M. Garsoux COBIT 5 Licensed Training rovider Introduction rinciples rocesses Implementation upporting roducts Questions

More information

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP Presented by Denis Darveau CISM, CISA, CRISC, CISSP Las Vegas ISACA Chapter, February 19, 2013 2 COBIT Definition Control Objectives for Information and Related Technology (COBIT) is an IT governance framework

More information

COBIT Helps Organizations Meet Performance and Compliance Requirements

COBIT Helps Organizations Meet Performance and Compliance Requirements DISCUSS THIS ARTICLE COBIT Helps Organizations Meet Performance and Compliance Requirements By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert,

More information

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell. COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that

More information

Enabling Information PREVIEW VERSION

Enabling Information PREVIEW VERSION Enabling Information These following pages provide a preview of the information contained in COBIT 5: Enabling Information. The main benefit of this publication is that it provides COBIT 5 users with a

More information

Understanding COBIT 5. based on ISACA Materials www.isaca.org/cobit. Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant

Understanding COBIT 5. based on ISACA Materials www.isaca.org/cobit. Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant Understanding COBIT 5 based on ISACA Materials www.isaca.org/cobit ISACA Silicon Valley Chapter Spring 1 Why COBIT is important

More information

for Information Security

for Information Security for Information Security The following pages provide a preview of the information contained in COBIT 5 for Information Security. The publication provides guidance to help IT and Security professionals

More information

CLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE

CLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE CLOUD SECURITY THROUGH COBIT, ISO 27001 ISMS CONTROLS, ASSURANCE AND COMPLIANCE Indranil Mukherjee Singapore ISC Pte Ltd Session ID: CLD T02 Session Classification: Intermediate Cloud Computing from a

More information

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net

More information

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE 1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH

More information

Revised October 2013

Revised October 2013 Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience

More information

Roles, Activities and Relationships

Roles, Activities and Relationships and in COBIT 5 Objective: Value Creation Benefits Realisation Risk Resource Enablers Scope Roles, Activities and Relationships Source: COBIT 5, figure 8 Key Roles, Activities and Relationships Roles, Activities

More information

COBIT The comprehensive IT governance. framework that addresses every aspect of IT and integrates all of the main global IT standards.

COBIT The comprehensive IT governance. framework that addresses every aspect of IT and integrates all of the main global IT standards. COBIT The comprehensive IT governance framework that addresses every aspect of IT and integrates all of the main global IT standards. COBIT4.1 Does your enterprise s IT support the business? Is it aligned

More information

INFORMATION TECHNOLOGY FLASH REPORT

INFORMATION TECHNOLOGY FLASH REPORT INFORMATION TECHNOLOGY FLASH REPORT ISACA Releases COBIT 5: Updated Framework for the Governance and Management of IT May 18, 2012 In April, ISACA released COBIT 5 as a replacement for its current globally

More information

White Paper. COBIT 5 & BiSL

White Paper. COBIT 5 & BiSL White Paper COBIT 5 & BiSL This paper compares the scope and perspective of COBIT 5 and BiSL and shows how these two frameworks can be used in conjunction to assure that business information management

More information

IS Audit and Assurance Guideline 2202 Risk Assessment in Planning

IS Audit and Assurance Guideline 2202 Risk Assessment in Planning IS Audit and Assurance Guideline 2202 Risk Assessment in Planning The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards

More information

IT Governance Charter

IT Governance Charter Version : 1.01 Date : 16 September 2009 IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za info@itgovernance.co.za 0825588732 IT Governance Network, Copyright 2009 Page 1 1 Terms

More information

Risk IT A set of guiding principles and. the first framework to help enterprises identify, govern and effectively manage IT risk.

Risk IT A set of guiding principles and. the first framework to help enterprises identify, govern and effectively manage IT risk. Risk IT A set of guiding principles and the first framework to help enterprises identify, govern and effectively manage IT risk. In business today, risk plays a critical role. Almost every business decision

More information

Information Security Management Systems

Information Security Management Systems Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector

More information

IT Governance Implementation Workshop

IT Governance Implementation Workshop IT Governance Implementation Workshop 3 Full day power packed workshop facilitated by Mr. Gary Allan Banister and Mr. Sreechith Radhakrishnan About the Programme Information is created, used, retained,

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

Auditors Need to Know June 13th, 2012. ISACA COBIT 5 for Assurance

Auditors Need to Know June 13th, 2012. ISACA COBIT 5 for Assurance COBIT 5 What s New, What Auditors Need to Know June 13th, 2012 Anthony Noble Viacom Inc. ISACA COBIT 5 for Assurance Task Force Chair Special thanks to Derek Oliver & ISACA for supplying material for this

More information

Governance and Management of Information Security

Governance and Management of Information Security Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information

More information

IS Audit and Assurance Guideline 2402 Follow-up Activities

IS Audit and Assurance Guideline 2402 Follow-up Activities IS Audit and Assurance Guideline 2402 Activities The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards that apply

More information

IT Compliance 24.09.2007. After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM)

IT Compliance 24.09.2007. After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM) IT Compliance 24.09. AHS After Hours Seminar Zurich Improving IT Risk & Compliance Management (RCM) Bruno J. Wiederkehr Member of the Board ISACA Switzerland Chapter Agenda 1. Understanding the RCM Requirements

More information

CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK

CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK HERU NUGROHO Telkom University, Telkom Applied Science School, Department of Information Technology, Bandung E-mail: herunugroho@telkomuniversity.ac.id,

More information

COBIT 4.1 TABLE OF CONTENTS

COBIT 4.1 TABLE OF CONTENTS COBIT 4.1 TABLE OF CONTENTS Executive Overview....................................................................... 5 COBIT Framework.........................................................................

More information

Increasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy

Increasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy Increasing IT Value and Reducing Risk More for Less with COBIT5 Copyright 2012 ITpreneurs. All rights reserved. 1 COBIT 5 the Next Evolution 2 COBIT 5 Released in April 2012 COBIT5 is the eagerly awaited

More information

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza Information Security Management System (ISMS) Overview Arhnel Klyde S. Terroza May 12, 2015 1 Arhnel Klyde S. Terroza CPA, CISA, CISM, CRISC, ISO 27001 Provisional Auditor Internal Auditor at Clarien Bank

More information

SABPP IT GOVERNANCE COMMITTEE TERMS OF REFERENCE

SABPP IT GOVERNANCE COMMITTEE TERMS OF REFERENCE SABPP IT GOVERNANCE COMMITTEE TERMS OF REFERENCE PREAMBLE The purpose of the IT Governance Committee is to ensure that IT is effectively governed at SABPP in accordance with the King III Code of Governance

More information

2.1 MBI Framework 2.2 ITIL 2.3 COBIT

2.1 MBI Framework 2.2 ITIL 2.3 COBIT Extending MBI Model using ITIL and COBIT Processes DOI: 10.20470/jsi.v6i4.244 Sona Karkoskova 1, George Feuerlicht 1,2 1 Faculty of Informatics and Statistics University of Economics, Prague 2 Unicorn

More information

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Importance of Effective Internal Controls and COSO COSO

More information

Trends in Information Technology (IT) Auditing

Trends in Information Technology (IT) Auditing Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan

More information

S11 - Implementing IT Governance An Introduction Debra Mallette

S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Introduction to IT Governance Implementation using COBIT and Val IT Speaker: Debra Mallette, CGEIT, CISA, CSSBB Session Objectives

More information

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER MAY 2012 INDEX 1 Introduction... 1 2 Contextual background... 3 2.1 The CobiT 5 framework (2012)... 4 2.2 The ISO 27000 series (2005,

More information

IT Governance Regulatory. P.K.Patel AGM, MoF

IT Governance Regulatory. P.K.Patel AGM, MoF IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation

More information

Phil Marshall Black Duck Software. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved.

Phil Marshall Black Duck Software. 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved. Open Source Component Governance and Management Using COBIT Phil Marshall Black Duck Software 2012 ISACA Webinar Program. 2012 ISACA. All rights reserved. Welcome Type in questions using the Ask A Question

More information

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 AGENDA IT s Changing Landscape ISACA s Response Vision and Mission COBIT 5

More information

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory

More information

IT Governance: framework and case study. 22 September 2010

IT Governance: framework and case study. 22 September 2010 IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT

More information

Public Service Corporate Governance of Information and Communication Technology Policy Framework

Public Service Corporate Governance of Information and Communication Technology Policy Framework Public Service Corporate Governance of Information and Communication Technology Policy Framework December 2012 i EXECUTIVE SUMMARY Government transformation is, at a strategic level, informed by government-wide

More information

IT Charter and IT Governance Framework

IT Charter and IT Governance Framework IT Charter and IT Governance Framework Status: Custodian: Approved Director: Information Technology Date approved: 2013-12-04 Implementation date: 2013-12-05 Decision number: SAQA 02102/13 Due for review:

More information

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 IT Vendor Due Diligence Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 Carolinas HealthCare System (CHS) Second largest not-for-profit healthcare system

More information

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION. ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION. Table of contents 1 Introduction...3 2 Architecture Services...4 2.1 Enterprise Architecture Services...5 2.2 Solution Architecture Services...6 2.3 Service

More information

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process Proceedings of FIKUSZ 13 Symposium for Young Researchers, 2013, 67-76 pp The Author(s). Conference Proceedings compilation Obuda University Keleti Faculty of Business and Management 2013. Published by

More information

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation

More information

Moving Forward with IT Governance and COBIT

Moving Forward with IT Governance and COBIT Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

COBIT 5 Foundation Workshop. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute

COBIT 5 Foundation Workshop. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute COBIT 5 Foundation Workshop COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute COBIT 5: A Business Framework for the Governance and Management

More information

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Accounting and Management Information Systems Vol. 11, No. 1, pp. 44 55, 2012 ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Pavel NĂSTASE 1 and Simona Felicia UNCHIAŞU

More information

Feature. Developing an Information Security and Risk Management Strategy

Feature. Developing an Information Security and Risk Management Strategy Feature Developing an Information Security and Risk Management Strategy John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC. He has designed and implemented enterprisewide

More information

CIO, CISO and Practitioner Guidance IT Security Governance

CIO, CISO and Practitioner Guidance IT Security Governance CIO, CISO and Practitioner Guidance IT Security Governance June 2006 (Revision 1, August 2007) 1 CIO, CISO and Practitioner Guidance Whatever your business, security and privacy are key matters that affect

More information

COBIT 5: an evolutionary framework and only framework to address the governance and management of enterprise IT

COBIT 5: an evolutionary framework and only framework to address the governance and management of enterprise IT COBIT 5: an evolutionary framework and only framework to address the governance and management of enterprise IT Slindile Khanyile 64 Jasper Hill, 309 1 st Road Midrand, 1686 +2772 026 2656 41998669@mylife.unisa.ac.za

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

TITOLO V - Capitolo 9 - LA CONTINUITÀ OPERATIVA Accountable: Board 3 8 14

TITOLO V - Capitolo 9 - LA CONTINUITÀ OPERATIVA Accountable: Board 3 8 14 TITOLO V - Capilo 9 - LA CONTINUITÀ OPERATIVA 3 8 14 GdR BI 263 TITOLO V - Capilo 9 - LA CONTINUITÀ OPERATIVA Mappatura COBIT 5 Elenco per Accountability 1 TITOLO V - Capilo 9 - LA CONTINUITÀ OPERATIVA

More information

treasury risk management

treasury risk management Governance, Concise guide Risk to and Compliance treasury risk management KPMG is a leading provider of professional services including audit, tax and advisory. KPMG in Australia has over 5000 partners

More information

Compliance Policy AGL Energy Limited

Compliance Policy AGL Energy Limited Compliance Policy AGL Energy Limited November 2013 Table of Contents 1. About this Document... 3 2. Policy Statement... 4 3. Purpose... 4 4. AGL Compliance Context... 4 5. Scope... 5 6. Objectives... 5

More information

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA Quality and security in application development Round Table Meeting/Discussion Group Wednesday 23rd May 2007 Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA 1 The International

More information

fs viewpoint www.pwc.com/fsi

fs viewpoint www.pwc.com/fsi fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a

More information

Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks

Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks 2ο InfoCom Security Conference Anestis Demopoulos, Vice President ISACA Athens Chapter, & Senior Manager, Advisory Services, Ernst

More information

This article describes how these seven enablers have contributed towards better information security management at HDFC Bank.

This article describes how these seven enablers have contributed towards better information security management at HDFC Bank. Information Security Management at HDFC Bank: Contribution of Seven Enablers By Vishal Salvi, CISM, and Avinash W. Kadam, CISA, CISM, CGEIT, CRISC, CBCP, CISSP, CSSLP HDFC Bank was incorporated in August

More information

CIO, CISO and Practitioner Guidance IT Security Governance

CIO, CISO and Practitioner Guidance IT Security Governance June 2006 (Revision 1, August 2007) () 1 CIO, CISO and Practitioner Guidance Whatever your business, security and privacy are key matters that affect your enterprise and those dependent upon you. There

More information

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK INDEX 1 Introduction... 2 Contextual background... 2.1 The CobiT 5 framework (2012)... 2.2 The ISO 27000 series (2005, 2011)... 2.3 The Risk IT

More information

The Governance of Enterprise Information and Information Technology Challenges and Approaches

The Governance of Enterprise Information and Information Technology Challenges and Approaches The Governance of Enterprise Information and Information Technology Challenges and Approaches Dr. Ronald Hale Ph.D., CISM ISACA Chief Knowledge Officer Accelerated Change Accelerated Information Risk http://blog.qmee.com/qmee-online-in-60-seconds/

More information

COBIT & ITIL usage for SOX current and future

COBIT & ITIL usage for SOX current and future COBIT & ITIL usage for SOX current and future Robert E Stroud International Vice President ISACA Evangelist ITSM & IT Governance CA, Inc. Japan, November 8, 2007 Trademark Notice ITIL is a registered trademark

More information

IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP

IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP 1 An executive view of governance Based on 2009 Survey of 255 Non-IT CEOs/Executives 50% Ranked ITG as very important 75% of

More information

A GOOD PRACTICE GUIDE FOR EMPLOYERS

A GOOD PRACTICE GUIDE FOR EMPLOYERS MITIGATING SECURITY RISK IN THE NATIONAL INFRASTRUCTURE SUPPLY CHAIN A GOOD PRACTICE GUIDE FOR EMPLOYERS April 2015 Disclaimer: Reference to any specific commercial product, process or service by trade

More information

COBIT 5 Implementation Certifi cate. Training Course & Exam

COBIT 5 Implementation Certifi cate. Training Course & Exam COBIT 5 Implementation Certifi cate Training Course & Exam Introduction The COBIT 5 Implementation Certifi cate is a Practitioner Level Training Course that focuses on how to apply COBIT 5 (The Framework

More information

Information Security: Business Assurance Guidelines

Information Security: Business Assurance Guidelines Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies

More information

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia MARIO SPREMIĆ, Ph.D., CGEIT, Full Professor Faculty of Economics and Business Zagreb, University of Zagreb

More information

Chief Information Security Officer

Chief Information Security Officer Principles Vision Purpose Statement Chief Information Security Officer healthalliance Purpose, Vision and Principles healthalliance provides shared services to benefit NZ health organisations. We will

More information

ISACA Roundtable. Cobit and Grab@Pizza 7 september 2015

ISACA Roundtable. Cobit and Grab@Pizza 7 september 2015 1 ISACA Roundtable 7 september 2015 ISACA Roundtable Cobit and Grab@Pizza 7 september 2015 2015 KPN Corporate Market B.V. ISACA, is a registered trademark of the Information Systems Audit and Control Association

More information

IT Management & Governance Diagnostic Program

IT Management & Governance Diagnostic Program IT & Governance Diagnostic Program Prepared for Sample IT Company This report was prepared by Info-Tech Research Group for Sample IT Company on 2015-05-20. Data is comprised of 6 responses. IT & Governance

More information

What s Driving Adop2on of IT Governance? ISACA North Texas Chapter. Aus2n Hu@on Hu@on Consul2ng October 11, 2012

What s Driving Adop2on of IT Governance? ISACA North Texas Chapter. Aus2n Hu@on Hu@on Consul2ng October 11, 2012 What s Driving Adop2on of IT Governance? ISACA North Texas Chapter Aus2n Hu@on Hu@on Consul2ng October 11, 2012 Learning Objec2ves Overview of the history of IT Governance The rela2onship to corporate

More information

IMPLEMENTATION GUIDELINE FOR CORPORATE GOVERNANCE OF INFORMATION AND COMMUNICATION TECHNOLOGY POLICY FRAMEWORK. Version 2

IMPLEMENTATION GUIDELINE FOR CORPORATE GOVERNANCE OF INFORMATION AND COMMUNICATION TECHNOLOGY POLICY FRAMEWORK. Version 2 IMPLEMENTATION GUIDELINE FOR CORPORATE GOVERNANCE OF INFORMATION AND COMMUNICATION TECHNOLOGY POLICY FRAMEWORK Version 2 February 2014 1 Executive Summary Information and Communication Technology (ICT)

More information

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen.

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see www.vanharen. COBIT 5 A Management Guide Other publications by Van Haren Publishing Van Haren Publishing (VHP) specializes in titles on Best Practices, methods and standards within four domains: - IT and IT Management

More information

Recommendation for IT Governance Using the COBIT 4.1 Framework

Recommendation for IT Governance Using the COBIT 4.1 Framework Recommendation for IT Governance Using the COBIT 4.1 Framework William F. Slater, III, MBA, M.S., PMP, CISSP, CISA Week 7 Assignment CYBR 615 Cybersecurity Governance and Compliance January 27, 2013 January

More information

Using COSO Small Business Guidance for Assessing Internal Financial Controls

Using COSO Small Business Guidance for Assessing Internal Financial Controls Using COSO Small Business Guidance for Assessing Internal Financial Controls By János Ivanyos, Memolux Ltd. (H), IIA Hungary Introduction New generation of general models referring to either IT or Internal

More information

Training Catalogue 2015-16

Training Catalogue 2015-16 Training Catalogue 2015-16 Table of Content Page Company Profile Training Overview.. Training Catalogue... GRC Fundamentals, Strategy & Implementation Workshop Anti Bribery Management System Implementation

More information

Information Governance

Information Governance WHITE PAPER Information Governance Irrelevant, overhead or central to survival? Setting the information governance agenda Table of Contents Introduction... 1 Defining the importance of information governance...

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

March 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve

March 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve March 12th, 2009 Chapter Meeting - HIPAA, SOX, PCI, GLBA Presented by LogiSolve HIPAA, SOX, PCI, GLBA...In today's corporate environment, businesses are facing increasing regulation affecting the corporation

More information

Blending Corporate Governance with. Information Security

Blending Corporate Governance with. Information Security Blending Corporate Governance with Information Security WHAT IS CORPORATE GOVERNANCE? Governance has proved an issue since people began to organise themselves for a common purpose. How to ensure the power

More information

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013 Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

ISO 21500: Did we need it? A Consultant's Point of View after a first experience. Session EM13TLD04

ISO 21500: Did we need it? A Consultant's Point of View after a first experience. Session EM13TLD04 ISO 21500: Did we need it? A Consultant's Point of View after a first experience Session EM13TLD04 Maria Cristina Barbero, MBA, PMI-ACP, PMP Nexen SPA PMI is a registered trade and service mark of the

More information

IS Audit and Assurance Guideline 2401 Reporting

IS Audit and Assurance Guideline 2401 Reporting IS Audit and Assurance Guideline 2401 Reporting The specialised nature of information systems (IS) audit and assurance and the skills necessary to perform such engagements require standards that apply

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

Domain 5 Information Security Governance and Risk Management

Domain 5 Information Security Governance and Risk Management Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association

More information

White Paper. Enterprise Information Governance. Date Released: September 2014. Author/s: Astral Consulting. www.astral.com.au.

White Paper. Enterprise Information Governance. Date Released: September 2014. Author/s: Astral Consulting. www.astral.com.au. White Paper Enterprise Information Governance Date Released: September 2014 Author/s: Astral Consulting Disclaimer This White Paper is published for general information purposes only. Nothing in the White

More information

INFORMATION SECURITY & GOVERNANCE SYSTEMS AND IT INFRASTRUCTURE INFOSEC & TECHNOLOGY TRAINING. forebrook

INFORMATION SECURITY & GOVERNANCE SYSTEMS AND IT INFRASTRUCTURE INFOSEC & TECHNOLOGY TRAINING. forebrook INFORMATION SECURITY & GOVERNANCE SYSTEMS AND IT INFRASTRUCTURE INFOSEC & TECHNOLOGY TRAINING forebrook Forebrook offers a range of information security, governance, IT systems and infrastructure related

More information

Course Catalogue 2015

Course Catalogue 2015 Course Catalogue 2015 Brussels Luxembourg Paris Version V1R0 Released on 5 th November 2014 0 Foreword Dear Reader, I am very pleased that I can present you the Course Catalogue 2015 of D&H Academy. It

More information

G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING

G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING IS AUDITING GUIDELINE G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply

More information

CHAPTER 2: IT ENABLED SERVICES AND EMERGING TECHNOLOGIES... 2 PART 1: IT ASSURANCE SERVICES AND ROLE OF CAs IN BPO-KPO... 2 Learning Objectives...

CHAPTER 2: IT ENABLED SERVICES AND EMERGING TECHNOLOGIES... 2 PART 1: IT ASSURANCE SERVICES AND ROLE OF CAs IN BPO-KPO... 2 Learning Objectives... CHAPTER 2: IT ENABLED SERVICES AND EMERGING TECHNOLOGIES... 2 PART 1: IT ASSURANCE SERVICES AND ROLE OF CAs IN BPO-KPO... 2 Learning Objectives... 2 1.1 Introduction... 2 1.2 Opportunities for CAs... 3

More information

1. IT STRATEGY, GOVERNANCE AND RISK TRAINING PROGRAM

1. IT STRATEGY, GOVERNANCE AND RISK TRAINING PROGRAM 1. IT STRATEGY, GOVERNANCE AND RISK TRAINING PROGRAM Many organisations fail to realise optimum business value from their investment in IT. Our series of webinars and management forums aim to provide a

More information

JOB DESCRIPTION. IT & facilities management functions CONTEXT OF THE ROLE

JOB DESCRIPTION. IT & facilities management functions CONTEXT OF THE ROLE JOB DESCRIPTION StreetGames UK Limited Job Title: Finance Director Responsible to: Deputy Chief Executive Location: Manchester Grade/Salary: Up to 55,000 per annum Responsible for: Staff within the Finance,

More information