Professional Standards Committee and Frameworks for IT Audits

Slides:

Advertisements

Similar presentations

Organizational Governance

Advertisements

ISACA All rights reserved. Unlocking the Value of Technology Investments Speaker Name/Title Date.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

Alignment of COBIT to Botswana IT Audit Methodology

Chapter 10 Accounting Information Systems and Internal Controls

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)

Agenda COBIT 5 Product Family Information Security COBIT 5 content

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

1 Transforming Enterprise IT Speaker Name/Title Date.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

The CPA Profession Chapter 2.

SAFA- IFAC Regional SMP Forum

Internal Audit Process

Procurement Transformation State of North Carolina

The Institute of Internal Auditors: Serving the Global Internal Auditing Profession Gerry Cox, CMIIA, CIA, CRMA, Chief Executive, South.

Chapter 2 Careers in Fraud Examination and Financial Forensics.

Conducting the IT Audit

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

Internal Auditing and Outsourcing

Introduction to IT Auditing

© ITGI, ISACA - not for commercial use. John R. Robles Guidance for Information.

© 2007 ISACA ® All Rights Reserved DAMA-NCR Chapter Meeting March 11, 2008.

1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, October 2009 Introduction to IT audits PART II IT.

Continual Service Improvement Process

The Institute of Internal Auditors

Improving Corporate Governance in Malaysian Capital Markets – The Role of the Audit Committee Role of the Audit Committee in Assessing Audit Quality.

INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.

The Challenge of IT-Business Alignment

Chapter Three IT Risks and Controls.

Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.

International Federation of Accountants Organizational Overview and Update April 2002.

Presented By Tay Un Soo Senior VP, Bank of Commerce President of ISACA - Malaysia Chapter 1999 National Accountants Conference THRIVING IN THE DIGITAL.

Standards and Guidelines for IS Auditing (ISACA).

Mahesh S. Sonavane SunGard VP – Information Security & BCM

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.

Taking the STANDARDS Seriously... what they are and why they are so critically important to internal audit professionalism.

Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.

“Financial reporting plays a critical role in establishing and maintaining the confidence of the investing public. The objective of financial reporting.

Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

Presented by Peter Tessin, CISA, CRISC, MSA, PMP Technical Research Manager.

COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.

1 Computer Auditing ( What is it, what skill set do you require & how much can you earn?) John Mitchell Academic Relations Director ISACA London Chapter.

12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)

PRESENTATION TO THE PORTFOLIO COMMITTEE ON TRADE AND INDUSTRY COMPANIES BILL [B ] 13 August 2008 By: Bernard Peter Agulhas – Acting Chief Executive.

ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.

“ I C T a d v i s o r y s e r v i c e s ” Transforming Enterprise IT Thomas Bbosa, CISSP BitWork Consult Ltd BitWork Consult Ltd.

COBIT 5 Update FEI/CFIT Meeting December 15, 2011

Internal Audit Quality Assessment Guide

1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business.

#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.

The International Professional Practices Framework

12-CRS-0106 REVISED 8 FEB 2013 EDM (Evaluate, Direct, and Monitor) CDG4I3 / Audit Sistem Informasi Angelina Prima K | Gede Ary W. KK SIDE

MS in IT Auditing, Cyber Security, and Risk Assessment

IS4680 Security Auditing for Compliance

Dr. Ir. Yeffry Handoko Putra

Quality Assurance and Improvement Program (QAIP) Practice Guide

COBIT 5 and GRC Date.

ISACA Guidance and Practices Committee

COSO Internal Control s Framework

Alignment of COBIT to Botswana IT Audit Methodology

ISACA Guidance and Practices Committee

Taking the STANDARDS Seriously

December 5, 2018.

COBIT 5 and GRC Date.

COBIT 5 and GRC Date.

COBIT 5 and GRC Date.

Presentation transcript:

Professional Standards Committee and Frameworks for IT Audits ISACA Professional Standards Committee and Frameworks for IT Audits

Steve Sizemore, CISA, CIA, CGAP Texas Health and Human Services Commission – Internal Audit Division IIA Austin Chapter ISACA Past President of Austin Chapter Government and Regulatory Agencies Subcommittee – North America Professional Standards Committee

Professional Standards Committee - Charge Develop, maintain, and support professional ethics, standards, and guidelines for the IT assurance, security and control professions.

Standards Board Members 2010/11 John Ho Chi, CISA, CISM, CBCP, CFE, Ernst & Young LLP, Singapore, Chair Manuel Aceves, CISSP, CGEIT,CISM,CISA, Cerberian Consulting, Mexico Rick De Young, CISA,MBA,CISSP, USA Murari Kalyanaramani, CISM,CISA,CISSP, British American Tobacco GSD, Malaysia Edward J. Pelcher, CGEIT,CISA, Office of the Auditor General, South Africa Rao Hulgeri Raghavendra, CISA,CQA,PGDIM, Oracle Financial Services Software Ltd., India Steven E. Sizemore, CISA,CIA,CGAP, Texas HHSC, USA Meera Venkatesh, CISA, CISM, CISSP, CWA, ACS, Microsoft Corp., USA

Professional Standards Committee Objectives 1. Refresh, consolidate, and retire IS auditing guidance issued by ISACA to ensure consistency with other material issued by ISACA and ITGI, such as COBIT 4.1 and the Information Technology Assurance Framework (ITAF).

Professional Standards Committee Objectives 2. Continue development of security principles and the Business Model for Information Security (BMIS).

Professional Standards Committee Objectives 3. IT Assurance Framework (ITAF) Ensure all current ISACA guidance is reflected. Identify Gaps with our current guidance. Develop guidance as determined to be a priority by the gap analysis.

IS Auditing Guidance Code of Professional Ethics is a mandatory requirement Standards are mandatory requirements Guidelines are guidance in applying standards Procedures are examples

ITAF Standards Guidelines Tools and techniques General Performance Reporting Guidelines Tools and techniques

ITAF (cont) Standards – 3 categories General standards are the guiding principles under which the IT assurance profession operates Performance standards establish baseline expectations in the conduct of IT assurance engagements Reporting standards address the types of reports, the means of communication, and the information to be communicated

COBIT COBIT 4.1 COBIT 5 In development Will consolidate and integrate COBIT 4.1, Val IT 2.0 and Risk IT frameworks Draw significantly from the Business Model for Information Security (BMIS) and ITAF.

COBIT - among top four IT Governance Frameworks

Val IT – A Governance Framework IT-enabled investments will: 1. Be managed as a portfolio of investments 2. Include the full scope of activities required to achieve business value 3. Be managed through their full economic life cycle Value delivery practices will: Recognize different categories of investments to be evaluated and managed differently Define and monitor key metrics and respond quickly to any changes or deviations Engage all stakeholders and assign appropriate accountability for delivery of capabilities and realisation of business benefits Be continually monitored, evaluated and improved

Risk IT – Risk Management Framework Risk Governance Establish and Maintain a Common Risk View Integrate with Enterprise Risk Management (ERM) Make Risk-aware Business Decisions Risk Evaluation Collect Data Analyze Risk Maintain Risk Profile Risk Response Articulate Risk Manage Risk React to Events

Information Security Principles Partnership of ISACA Information Security Forum (ISF) International Information Systems Security Certification Consortium (ISC)2

Business Model for Information Security (BMIS) Uses a business-oriented approach Can be used regardless of an enterprise’s size or the information security framework it has in place Focuses on people and processes in addition to technology. Is independent of any particular technology and is applicable across all industries, countries, and regulatory and legal systems. Includes traditional information security, as well as links to privacy, risk, physical security and compliance. Enables information security professionals to align the security program with business objectives by helping to widen the view to the enterprise

BMIS (cont)

How is IS auditing guidance developed? Members and CISAs Chapter Presidents General public Other standard setting bodies Area Rep Standards Board

How is IS auditing guidance issued? Selected professionals Other standard setting bodies (through the exposure process) Members and CISAs (through the Internet ) General public (through the internet) Copies of all Standards are available on the ISACA web site www.isaca.org Standards Board

Working with Other Organisations Work with other international standard setting bodies (IIA, IFAC, AICPA, etc.) Comment on Exposure Drafts

Future Pronouncements

Guidelines to be Refreshed in 2011 SDLC G24 Internet Banking G25 Review of VPNs G26 Business Process Reengineering G27 Mobile Computing

Guidelines to be Refreshed in 2011 Computer Forensics G29 Post Implementation Reviews G30 Competencies G31 Privacy G32 Business Continuity Planning

Gap Analysis Identified gaps between ITAF and the Standards and Guidelines Plan to address gaps through development of new standards and guidelines, and consolidation and reorginization of existing standards and guidelines.

Conclusion Questions?