IT Audit Process. Prof. Mike Romeu. September 9, 2015

Similar documents
Roles, Activities and Relationships

ISACA Roundtable. Cobit and 7 september 2015

COBIT Helps Organizations Meet Performance and Compliance Requirements

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK

Revised October 2013

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

COBIT 5 Introduction. 28 February 2012

for Information Security

Was muss ein Unternehmen im Griff haben, wenn es IT einsetzt? Jimmy Heschl

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

Governance. as a tool for Architects. Tuesday, 6 November, 12

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview

Chayuth Singtongthumrongkul

INFORMATION TECHNOLOGY FLASH REPORT

CLOUD SECURITY THROUGH COBIT, ISO ISMS CONTROLS, ASSURANCE AND COMPLIANCE

Information Security and Risk Management

WHITE PAPER IT SERVICE MANAGEMENT IT SERVICE DESIGN 101

Intelligent Customer Function (ICF)

Setting goals and measuring the value of Enterprise IT Architecture using COBIT 5 framework

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

White Paper. COBIT 5 & BiSL

Auditors Need to Know June 13th, ISACA COBIT 5 for Assurance

Certified Information Security Manager (CISM)

Understanding COBIT 5. based on ISACA Materials Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant

ESKITP Implement procedures and standards relating to metrics for IT service delivery

TITOLO V - Capitolo 9 - LA CONTINUITÀ OPERATIVA Accountable: Board

Roles & Grades Rate Cards and Applicable SFIA Skills

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK

IS Audit and Assurance Guideline 2402 Follow-up Activities

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER

AN APPROACH TO DESIGN SERVICES KEY PERFORMANCE INDICATOR USING COBIT5 AND ITIL V3

CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK

Chapter 2 INDUSTRIAL BUYING BEHAVIOUR: DECISION MAKING IN PURCHASING

ESKITP Manage IT service delivery performance metrics

Terms of Reference for an IT Audit of

Increasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy

Job Description. Job Title Branch Business Group Reporting to Location. Purpose. Key Tasks

RMBC s Governance Framework for Significant Partnerships

International Journal of Computer Theory and Engineering, Vol. 8, No. 2, April 2016

IT Governance Charter

COBIT 5 Foundation Workshop. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute

Sound Transit Internal Audit Report - No

Copyright protected. Use is for Single Users only via a VHP Approved License. For information and printed versions please see

SITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

COBIT 5 Process Assessment Method (PAM) Debra Mallette, CGEIT, CISA, CSSBB Governance Risk and Compliance -G22

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA

IT Governance Regulatory. P.K.Patel AGM, MoF

Introduction to ITIL for Project Managers

1 What does the 'Service V model' represent? a) A strategy for the successful completion of all service management projects

PwC Luxembourg. Models for the governance of your investments with Portfolio Management September 2009

IT Charter and IT Governance Framework

Quality Manual ISO 9001:2015 Quality Management System

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

Shared Services: Driving Success using Cost Chargeback Model

Location of the job: CFO Revenue Assurance

Public Service Corporate Governance of Information and Communication Technology Policy Framework

IS Audit and Assurance Guideline 2202 Risk Assessment in Planning

Enterprise Security Architecture

IT Governance Implementation Workshop

Somewhere Today, A Project is Failing

Architecture Governance

The IT Infrastructure Library (ITIL)

CIO, CISO and Practitioner Guidance IT Security Governance

Altius IT Policy Collection Compliance and Standards Matrix

Quality Management Standard BS EN ISO 9001:

HOW COBIT CAN COMPLEMENT ITIL TO ACHIEVE BIT

ITIL. Lifecycle. ITIL Intermediate: Continual Service Improvement. Service Strategy. Service Design. Service Transition

CIO, CISO and Practitioner Guidance IT Security Governance

Control Design & Implementation Week #5 CRISC Exam Prep ~ Domain #4. Bill Pankey Tunitas Group. Job Practice

The Asset Management Landscape

ISO 14001:2004 EMS Internal Audit Guidance

COBIT 5 IMPLEMENTATION SYLLABUS

Benchmark of controls over IT activities Report. ABC Ltd

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

GDCMTM. Global DataCenter Management. nlytetm. nlyte the next generation datacenter management system

Focus on ITIL The importance linking business management with a CMS and process management

Kenya Revenue Authority (KRA)

ESKITP Assist in the preparation of change management plans and assignments for IT enabled systems 1

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT

Asset Management Excellence Utilising the AMCL Asset Management Excellence Model (AMEM) to achieve world class Asset Management.

Business Analysis In Agile A Differentiated Narrative

This article describes how these seven enablers have contributed towards better information security management at HDFC Bank.

Using COSO Small Business Guidance for Assessing Internal Financial Controls

NOS for Network Support (903)

ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting

ESKITP5023 Software Development Level 3 Role

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Recommendation for IT Governance Using the COBIT 4.1 Framework

ISEB MANAGER S CERTIFICATE IN ITIL INFRASTRUCTURE MANAGEMENT. Guidelines for candidates who are taking the ICT Infrastructure Examination

Preliminary Reference Guide for Software as a Service (SaaS)

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Transcription:

September 9, 2015 1

COBIT 5 Principles 1. Meeting Stakeholder Needs 5. Separating Governance From Management COBIT 5 Principles 2. Covering the Enterprise End to end 4. Enabling a Holistic Approach 3. Applying a Single Integrated Framework 3

COBIT 5 Principles: Meeting Stakeholder Needs Stakeholder Needs Benefits Realisation Risk Optimisation Resource Optimisation Enterprise Goals Goals Cascade: Translates Stakeholder needs into specific, actionable and customized goals within the context of the enterprise, IT related goals and enable goals IT Related Goals Enabler Goals 4

IT Assurance and COBIT 5 Enablers 2. Processes 3. Organizational Structures 4. Culture, Ethics and Behaviour 1. Principles, Policies and Frameworks 5. Information 6. Services, Infrastructure and Applications Resources 7. People, Skills and Competencies 5

IT Assurance and COBIT 5 Definition: Assurance Means that, pursuant to an accountability relationship between two or more parties, an IT audit and assurance professional bay be engaged to issue a written communication expressing a conclusion about the subject matters to the accountable party (ISACA Glossary). (ISACA, COBIT 5 for Assurance, USA, 2013) 1. Three Party Relationship a. Accountable Party (Auditee) b. User of Assurance Report c. Assurance Professional 2. Subject Matter 3. Suitable Criteria 4. Assurance Process 5. Conclusions and Recommendations 6

IT Assurance and COBIT 5 Assurance Process A. Determine Scope of the Assurance Initiative B. Understand Enablers, Set Suitable Criteria and Perform the Assessment C. Communicate the Results of the Assessment 7

IT Assurance and COBIT 5 Assurance Process A. Determine Scope of the Assurance Initiative A 1 Determine the stakeholders of the assurance initiative and their stake. A 2 Determine Assurance Objectives based on assessment of internal/external environment and of the relevant risk and opportunities A 3 Determine the enablers in scope and the instance(s) of the enablers in scope: Principles, Policies and Frameworks Processes Organisational Structures Culture, Ethics and Behaviour Information Services, Infrastructure and Applications People, Skills and Competencies 8

IT Assurance and COBIT 5 Assurance Process B. Understand Enablers, Set Suitable Assessment Criteria and Perform Assessment B 1 Agree on metrics and criteria for enterprise goals and IT related goals. Assess enterprise goals and IT related goals B 2 Obtain understanding of the Principles, policies and frameworks in scope. Assess principles, policies and frameworks in scope. B 3 Obtain understanding of the processes in scope and set suitable assessment criteria. Assess the processes. B 4 Obtain understanding of the organizational structures in scope. Assess the organizational structures. B 5 obtain understanding of culture, ethics and behavior in scope. Assess culture, ethics and behavior B 6 Obtain understanding of the information items in scope. Assess information. B 7 Obtain understanding of the services, infrastructure and applications in scope. Assess services, infrastructure and applications. B 8 obtain understanding of the people, skills and competencies in scope. Assess people, skills and competencies. 9

Process for Governance of Enterprise IT Evaluate, Direct and Monitor EDM01 Ensure EDM04 Ensure Governance EDM02 Ensure EDM03 Ensure Risk Resource IT Framework Assurance Setting Benefits Delivery Optimisation and COBIT 5 Assurance Optimisation Process and Maintenance EDM05 Ensure Stakeholder Transparency Align, Plan and Organize aap001 Manage the IT management Framework AP008 Manage Relationships AP002 Manage Strategy AP009 Manage Service Agreements AP003 Manage C. Communicate Enterprise AP004 Manage AP005 Manage AP006 Manage the Results of the Architecture Innovation Innovation Budget and Costs AP011 Manage Assessment AP012 Manage AP010 Manage Suppliers Innovation Risk AP013 Manage Security AP007 Manage Human Resources Monitor, Evaluate and Assess MEA01 Monitor, Evaluate and Assess Performance and Conformance C 1 Document exceptions and gaps. BAI03 Manage BAI05 Manage BAI02 Manage C 2 Communicate the work performed and findings. Solutions BAI04 Manage Organisational Build, Acquire and Implement BAI01 Manage Programmes and Projects Requirements Definition Identification and Build Availability and Capacity Change Enablement BAI06 Manage Changes BAI07 Manage Change Acceptance and Transitioning MEA02 Monitor, Evaluate and Assess the System of Internal Controls BAI08 Manage Knowledge BAI09 Manage Assets BAI010 Manage Configurations Deliver, Service and Support DSS01 Manage Operations DSS02 Manage Service Requests and Incidents DSS03 Manage Problems DSS04 Manage Continuity DSS05 Manage Security Services DSS06 Manage Business Process Controls MEA03 Monitor, Evaluate and Assess Compliance With External Requirements Processes for Management of Enterprise IT 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information