Welcome ISACA Baton Rouge Chapter Moving from COBIT 4.1 to COBIT 5 May 24, 2012.

Slides:



Advertisements
Similar presentations
Presented by. © 2012 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored.
Advertisements

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Alignment of COBIT to Botswana IT Audit Methodology
Control and Accounting Information Systems
Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
Agenda COBIT 5 Product Family Information Security COBIT 5 content
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
TI BISNIS ITG using COBIT &
COBIT - II.
Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
By Collin Smith COBIT Introduction By Collin Smith
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
SOX, COSO, COBIT Timeline
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
The Information Systems Audit Process
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
How can projects be controlled?
Internal Auditing and Outsourcing
Introduction to IT Auditing
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
1 TO CISD MEETING WELCOME. 2 Information Technology AUDITING WITH THE LEGISLATIVE AUDITOR Questions: Ask, but may defer or handle off-line.
Continual Service Improvement Process
COBIT Information Security An Introduction Tanvir Orakzai,PhD
Chapter Three IT Risks and Controls.
Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
©2010 Prentice Hall Business Publishing, Auditing 13/e, Arens/Elder/Beasley Internal and Governmental Financial Auditing and Operational Auditing.
Roles and Responsibilities
Board of Directors and Governance
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
COBIT 5 Introduction 28 February 2012.
Comparing COBIT 4.1 and COBIT 5 Comparing COBIT 4.1 and COBIT 5 Presented by.
Presented by Peter Tessin, CISA, CRISC, MSA, PMP Technical Research Manager.
COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
ITIL VS COBIT 06 PLM - Group 9
Nicholas Sprague University of Tulsa. What is COBIT? History Components Framework Why do we care? Benefits.
© | Hansan Global | All Rights Reserved 1 INTRODUCTION TO IT SERVICE MANAGEMENT Hansan Global Pte Ltd.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 20-1 Chapter Twenty Assurance, Related Services and Internal.
Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.
Presented by. Information! Information is a key resource for all enterprises. Information is created, used, retained, disclosed and destroyed. Technology.
COBIT 5 Executive Summary © 2012 ISACA. All rights reserved.1.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business.
ISACA Willamette Valley Chapter Luncheon Thursday, March 20, 2008 Practical Auditors Guide for CobiT Steve Balough, CISA.
Dr. Yeffry Handoko Putra, M.T
COBIT 5 Executive Summary
An Overview on Risk Management
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
Assurance, Related Services and Internal Auditing
IS4680 Security Auditing for Compliance
COBIT 5 Executive Summary
COBIT 5 and GRC Date.
COBIT 5 Executive Summary
Alignment of COBIT to Botswana IT Audit Methodology
Canadian Auditing Standards (CAS)
IS4680 Security Auditing for Compliance
COBIT 5 Executive Summary
Taking the STANDARDS Seriously
December 5, 2018.
COBIT 5 and GRC Date.
What is IT audit? An examination of how IT systems where implemented to ensure that they meet the organization’s business needs without compromising.
COBIT 5 and GRC Date.
COBIT 5 and GRC Date.
Presentation transcript:

Welcome ISACA Baton Rouge Chapter Moving from COBIT 4.1 to COBIT 5 May 24, 2012

Agenda Differences between COBIT 4.1 and COBIT 5 Review of COBIT 5 Framework and Enabling Processes Incorporation of Application Level Controls LA Legislative Auditor’s Office Implementation of COBIT 5

COBIT 4.1 and COBIT 5 Compare and Contrast

COBIT 5 Created by the IT Governance Institute How is COBIT different and why do we use it? o Contains IT best practices that can be used by auditors and IT management o Generally acceptable with third parties and regulators o Fulfills the COSO requirements for the IT control environment

COBIT 5 Principles

1: Meeting Stakeholder Needs “The COBIT 5 Goals Cascade translates stakeholder needs into specific, actionable, and customized goals within the context of the enterprise, IT- related goals, and enabler goals.”

2: Covering the Enterprise End-to-End COBIT 5: Integrates governance of enterprise IT into enterprise governance. Covers all functions and processes required to govern and manage enterprise information and related technologies wherever that information may be processed.

3: Applying a Single Integrated Framework

4: Enabling a Holistic Approach Enablers are factors that, individually and collectively, influence whether something will work. COBIT 4.1 contained enablers, but more emphasis has been placed on enablers in COBIT 5.

5: Separating Governance from Management Governance: ensures that stakeholder needs, conditions, and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed- on direction and objectives. Management: plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives.

5: Separating Governance from Management These two disciplines encompass different types of activities, require different organizational structures, and serve different purposes.

COBIT 5 Framework and Enabling Processes

Notable Process Mapping COBIT 4.1COBIT 5Topic Covered ME4EDM1, 2, 3, 4, 5IT Governance AC 1, 2, 3, 4, 5, 6BAI3 & DSS6Manage Business Process Controls PO1APO2Strategic Planning PO4APO1Organization, Processes, and Relationships PO8APO11Manage Quality PO9APO12Manage Risk PO10BAI1Manage Programs and Projects AI4BAI8Manage Knowledge AI5 & DS2APO10Manage Suppliers DS1APO9Manage Service Agreements DS3BAI4Manage Availability and Capacity DS5 & DS12DSS5Manage Security Services DS5APO13Manage Security

Practices and Activities COBIT 5 Practices and Activities are equivalent to COBIT 4.1 Control Objectives and Val IT and Risk IT processes.

RACI Charts

Application Level Controls

Holistic Approach The terms “general controls” and “application controls” are still commonly used, COBIT 5 does not distinguish between the two as did COBIT 4.1. The holistic approach maps common enterprise goals and objectives to IT goals as “primary” or “secondary.” IT goals are mapped to processes and attributes as “primary” or “secondary” that enable an enterprise to achieve the IT goals.

Louisiana Legislative Auditor’s Office Implementation of COBIT 5 into Standard Auditing Procedures

LA Legislative Auditor Oversee 3500 audits of state and local governments, and conducts independent financial and performance audits of State agencies, colleges, and universities.

21 Our Approach Control Matrix for Information Technology (CoMIT) Tool We needed a tool based on CoBIT Criteria Use of IT has grown and we are resource challenged Standardize our procedures and have a common measuring tool

Confidentiality?!

Control Matrix for Information Technology (CoMIT) Governance Enterprise Management Matrix o “Primary Controls” o Organized according to the five domains Transaction and Application Level Matrix o Evaluates key controls at a more granular level o Organized in accordance with the Confidentiality, Integrity, and Availability (CIA) Triad

Transaction and Application Level

COBIT 5 Family

You Might Be An IT Auditor If… You have more letters behind your name than a can of alphabet soup You have a gadget on your desk that you have fondly given a name Bean counter references make you mad Balancing your checkbook is fun When you have your computer repaired, you ask for all the parts back, labeled, and itemized Your idea of vacation is field work You and your coworkers represent more nationalities than anywhere else in the office

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.