COBIT - II.

Slides:



Advertisements
Similar presentations
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Advertisements

Alignment of COBIT to Botswana IT Audit Methodology
Alignment of Enterprise Governance and IT Governance
Analisa Proses. Terjemahan model analisis menjadi desain software.
Chapter 10 Accounting Information Systems and Internal Controls
 2007 IT Governance Institute. All rights reserved. IT Governance Using C OBI T ® and Val IT™: Presentation, 2 nd Edition The explanation.
Auditing Corporate Information Security John R. Robles Tuesday, November 1, Tel:
Title Slide Higher Education Office of Information Technology Management Methodology By James M. Dutcher.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
TI BISNIS ITG using COBIT &
The Importance of the COBIT Framework IT Processes For Effective Internal Control over the Reliability of Financial Reporting: An International Survey.
COBIT Framework Source:
Centro de Convenciones, August 22-23, 2006
IT Governance Capability Maturity within Government
Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
By Collin Smith COBIT Introduction By Collin Smith
COBIT & IT Governance Control Objectives for Information and Related Technology Includes material subject to: Copyright © 2004 and 2005 IT Governance Institute.
Managing the Information Technology Resource Jerry N. Luftman
Overview of IT Governance and
© ITGI not for commercial use. 1 C OBI T ® Presentation Package The C OBI T ® framework explained in a complete PowerPoint presentation, to be used.
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.
Information Systems Controls for System Reliability -Information Security-
Enterprise Architecture
Chapter 4 Internal Controls McGraw-Hill/Irwin
Information Technology Audit
Introduction to IT Auditing
© 2007 ISACA ® All Rights Reserved DAMA-NCR Chapter Meeting March 11, 2008.
Continual Service Improvement Process
© IT Management Consulting Ltd., London, Implementing IT Governance Frameworks within Regulated Institutions.
Information ITIL Technology Infrastructure Library ITIL.
COBIT Information Security An Introduction Tanvir Orakzai,PhD
INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.
Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.
The Challenge of IT-Business Alignment
Chapter Three IT Risks and Controls.
Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.
Roles and Responsibilities
1. IT AUDITS  IT audits: provide audit services where processes or data, or both, are embedded in technologies.  Subject to ethics, guidelines, and.
Presented By Tay Un Soo Senior VP, Bank of Commerce President of ISACA - Malaysia Chapter 1999 National Accountants Conference THRIVING IN THE DIGITAL.
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
© ITGI not for commercial use. 1 C OBI T ® Presentation Package Sample 10 Slides of 80-slide Deck The C OBI T ® framework explained in a complete.
1 Optimizing IT Better Planning, Better Control, Better Results Copyright © 2009 K-12 Technology Works.
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
© ITGI not for commercial use. 1 A High-level Overview of the C OBI T Principles, Structure, and Framework John R. Robles
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
Kathy Corbiere Service Delivery and Performance Commission
C OBI T and slides © 2007 IT Governance Institute. Used with permission. An Overview of C OBI T ®
12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)
12-CRS-0106 REVISED 8 FEB 2013 BAI (Build, Acquire, and Implement) CDG4I3 / Audit Sistem Informasi Angelina Prima K | Gede Ary W. KK SIDE
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
© | Hansan Global | All Rights Reserved 1 INTRODUCTION TO IT SERVICE MANAGEMENT Hansan Global Pte Ltd.
#325 - CobiT and Service Delivery Debra Mallette, CISA, CSSBB Kaiser Permanente IT.
Driving Value from IT Services using ITIL and COBIT 5 July 24, 2013 Gary Hardy ITWinners.
IT Auditor’s Role in IT Governance Fred C. Roth, CISA MIS Training Institute Session 425.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business.
#245 - CobiT and Software Development Debra Mallette, CISA, CSSBB Kaiser Permanente IT & Monica Jain, CSQA Convansys.
12-CRS-0106 REVISED 8 FEB 2013 EDM (Evaluate, Direct, and Monitor) CDG4I3 / Audit Sistem Informasi Angelina Prima K | Gede Ary W. KK SIDE
ISACA Willamette Valley Chapter Luncheon Thursday, March 20, 2008 Practical Auditors Guide for CobiT Steve Balough, CISA.
Chapter 8 Controlling Information Systems: IT Processes.
Information ITIL Technology Infrastructure Library ITIL.
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
IT Governance Using COBIT® and Val IT™: Presentation, 2nd Edition
Alignment of COBIT to Botswana IT Audit Methodology
Presentation transcript:

COBIT - II

Process Orientation Domains Natural grouping of processes, often matching an organisational domain of responsibility Processes A series of joined activities with natural control breaks Activities or Tasks Actions needed to achieve a measurable result. Activities have a life cycle, whereas tasks are discrete.

Domains COBIT defines IT activities in a generic process model within four domains. Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate

Plan and Organise Description Topics Questions This domain covers strategy and tactics, and concerns the identification of how IT can best contribute to the achievement of the business objectives. Furthermore, the realisation of the strategic vision needs to be planned, communicated and managed for different perspectives. Finally, a proper organisation as well as technological infrastructure must be put in place. Topics Strategy and tactics Vision planned Organisation and infrastructure Questions Are IT and the business strategy aligned? Is the enterprise achieving optimum use of its resources? Does everyone in the organisation understand the IT objectives? Are IT risks understood and being managed? Is the quality of IT systems appropriate for business needs?

Plan and Organise PO1 Define a strategic information technology plan PO2 Define the information architecture PO3 Determine the technological direction PO4 Define the IT organisation and relationships PO5 Manage the investment in information technology PO6 Communicate management aims and direction PO7 Manage human resources PO8 Ensure compliance with external requirements PO9 Assess risks PO10 Manage projects PO11 Manage quality .

Acquire and Implement Description Topics Questions IT solutions To realise the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into the business process. In addition, changes in and maintenance of existing systems are covered by this domain to make sure that the life cycle is continued for these systems. Topics IT solutions Changes and maintenance Questions Are new projects likely to deliver solutions that meet business needs? Are new projects likely to deliver on time and within budget? Will the new systems work properly when implemented? Will changes be made without upsetting current business operations?

Acquire and Implement AI1 Identify automated solutions AI2 Acquire and maintain application software AI3 Acquire and maintain technology infrastructure AI4 Develop and maintain IT procedures AI5 Install and accredit systems AI6 Manage changes

Deliver and Support Description Topics Questions This domain is concerned with the actual delivery of required services, which range from traditional operations over security and continuity aspects to training. To deliver services, the necessary support processes must be set up. This domain includes the actual processing of data by application systems, often classified under application controls. Topics Delivery of required services Setup of support processes Processing by application systems Questions Are IT services being delivered in line with business priorities? Are IT costs optimised? Is the work force able to use the IT systems productively and safely? Are adequate security, integrity and availability in place?

Deliver and Support DS1 Define and manage service levels DS2 Manage third-party services DS3 Manage performance and capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify and allocate costs DS7 Educate and train users DS8 Assist and advise customers DS9 Manage the configuration DS10 Manage problems and incidents DS11 Manage data DS12 Manage facilities DS13 Manage operations Present the 13 high-level objectives contained in the Deliver and Support domain.

Monitor and Evaluate Description Topics Questions All IT processes need to be regularly assessed over time for their quality and compliance with control requirements. This domain thus addresses management’s oversight of the organisation’s control process and independent assurance provided by internal and external audit or obtained from alternative sources. Topics Assessment over time, delivering assurance Management’s oversight of the control system Performance measurement Questions Can IT’s performance be measured and can problems be detected before it is too late? Is independent assurance needed to ensure critical areas are operating as intended?

Monitor and Evaluate M1 Monitor the process M2 Assess internal control adequacy M3 Obtain independent assurance M4 Provide for independent audit

Business Requirements Quality Requirements: • Quality • Delivery • Cost Security Requirements • Confidentiality • Integrity • Availability Fiduciary Requirements* • Effectiveness and efficiency of operations • Compliance with laws and regulations • Reliability of financial reporting Effectiveness Efficiency Confidentiality Integrity Availability Compliance Reliability of information *Treadway Commission req’s that management must attest to its organisation’s effectiveness and efficiency of operations, reliability of financial reporting (not financial reports), and compliance with laws and regulations.

Business Requirements IT Resources IT Processes The resources made available to—and built up by—IT How IT is organised to respond to the requirements What the stakeholders expect from IT Business Requirements IT Resources IT Processes Data Application systems Technology Facilities People Plan and Organise Aquire and Implement Deliver and Support Monitor and Evaluate Effectiveness Efficiency Confidentiality Integrity Availability Compliance Information reliability

DS2 Example - Manage third-party services Drilling Down the COBIT model