IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can.

Slides:

Advertisements

Similar presentations

IT Governance & Quality Management

Advertisements

Organizational Governance

Auditing Governance Functions

Chapter 10 Accounting Information Systems and Internal Controls

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

TI BISNIS ITG using COBIT &

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

Oncor’s EIM Program.

Security Controls – What Works

By Collin Smith COBIT Introduction By Collin Smith

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

IT Governance: Simultaneously Empowers and Controls Source: IT Governance, Chapter 1.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

Overview and Introduction

First Practice - Information Security Management System Implementation and ISO Certification.

The Information Systems Audit Process

How the Balance Scorecard Approach Compares to Policy Governance ® IPGA 2007 Annual Conference Alexandria, VA June 23, 2007 Presented by: David Mustine.

Information Technology Audit

The Role of the Actuary in a General Insurance Company Yangon, Myanmar 14 July 2014 Scott Yen.

Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.

Governance of the IT Function

OPR100: Overview of Enterprise Project Management & Project Management Maturity Models Melinda Curtis Product Manager, Microsoft Office Project.

Continual Service Improvement Process

Vijay V Vijayakumar.  SOX Act  Difference between IT Management and IT Governance  Internal Controls  Frameworks for Implementing SOX  COSO - Committee.

The Challenge of IT-Business Alignment

Chapter Three IT Risks and Controls.

Chapter 5 Internal Control over Financial Reporting

Page 1 Presentation to the Portfolio Committee on Tourism Fundamentals of effective Internal Control 21 July 2010.

Roles and Responsibilities

Challenges in Infosecurity Practices at IT Organizations

1. IT AUDITS  IT audits: provide audit services where processes or data, or both, are embedded in technologies.  Subject to ethics, guidelines, and.

08 October 2015 M. Ammar Mehdi Introduction to Human Resource Management & SSG-16 Actions 4 th Steering Committee on Competence of Human.

Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.

Building Capability.  In order to successfully operate an architecture function within an enterprise, it is necessary to put in place appropriate organization.

TI Tata Kelola Sistem dan Teknologi Informasi BISNIS &

Practical Investment Assurance Framework PIAF Copyright © 2009 Group Joy Pty. Ltd. All rights reserved. Recommended for C- Level Executives.

RELATIONSHIP OF TASK TO KNOWLEDGE STATEMENT Pert-2 The TASK Statement are what the CISA candidate is expected to know how to do. The KNOWLEDGE Statement.

Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

The Second Annual Medical Device Regulatory, Reimbursement and Compliance Congress Presented by J. Glenn George Thursday, March 29, 2007 Day II – Track.

12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)

Getting to Grips with CobiT – Enterprise Architecture, a conseptual approach to IT Covernance or how to understand the difference between IT Governance.

Driving Value from IT Services using ITIL and COBIT 5 July 24, 2013 Gary Hardy ITWinners.

IT Auditor’s Role in IT Governance Fred C. Roth, CISA MIS Training Institute Session 425.

ForrTel: IT Governance Frameworks

Presented by. Information! Information is a key resource for all enterprises. Information is created, used, retained, disclosed and destroyed. Technology.

COBIT 5 Executive Summary © 2012 ISACA. All rights reserved.1.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

#327 – Legal and Regulatory Risk: Silent and Possibly Deadly Deborah Frazer, CPA CISA CISSP Senior Director, Internal Audit PalmSource, Inc.

Shared Services and Third Party Assurance: Panel May 19, 2016.

12-CRS-0106 REVISED 8 FEB 2013 EDM (Evaluate, Direct, and Monitor) CDG4I3 / Audit Sistem Informasi Angelina Prima K | Gede Ary W. KK SIDE

Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.

Michael J. Novak ASQ Section 0511 Meeting, February 8, 2017

Dr. Yeffry Handoko Putra, M.T

THE ENTERPRISE ARCHITECTURE REPOSITORY AND SUPPORT TOOLS Pertemuan-12

EITS Planning & Decision Support

Fundamental elements of internal control

Fundamental elements of internal control

CIGFARO ANNUAL CONFERENCE – 11 OCTOBER 2017

IT Governance CIS 9002 Kannan Mohan Department of CIS

SAPS Audit Committee 26 October 2016.

همسویی چارچوب‏هاو به‏روشهای حاکمیت و مدیریت فناوری اطلاعات

By Jeff Burklo, Director

Presentation transcript:

IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can provide assurance that the organization has the structure, policies, accountability mechanisms and monitoring practices in place to achieve the requirements of corporate governance of IT. Mata Kuliah: CSI 402, IT Governance Tahun Akademik: 2012/

 Introduction Knowledge of IT governance is fundamental to the work of the IS auditor. It forms the foundation for the development of sound control practices and mechanisms for management oversight and review.  Task There are nine Task within the IT governance area : 1. Evaluate the effectiveness of IT governance structure to ensure adequate board control over the decisions, directions and performance of IT, so it supports the organization’s strategies and objectives. 1-2

2.Evaluate IT organizational structure and human resource ( personel ) management to ensure that they support the organization’s startegies and objectives. 3.Evaluate the IT strategy and process for their development, approval, implementation and maintenance to ensure that they support the organization’s startegies and objective. 4. Evaluate the oraganization’s IT policies, standard, procedure and processes for their development, approval, implementation and maintenance to ensure that they support the IT strategy and comply with regulatory and legal requirements. 1-3

5.the organization’s IT strategy, policies, standards and procedures. 6.Evaluate IT resource investment, use and allocation practices to ensure alignment with the organization’s strategies and objectives. 7.Evaluate IT contracting strategies and policies and contract management practices to ensure that they support the organization’s strategies and objectives. 8.Evaluate risk management practices to ensure that the organization’s IT-related risks are properly managed. 9.Evaluate monitoring and assurance practices to ensure that the board and executive management receive sufficient and timely information about IT performance. 1-4

 KNOWLEDGE STATEMENTS There are 15 knowledge statements within the IT governance area : 1.Knowledge of the purpose of IT startegies, policies, standards and procedures for an organization and the essential elements of each. 2.Knowledge of IT governance frameworks 3.Knowledge of the processes for the development, implementation and maintenance of IT strategies, polcies, standards and procedures ( eg. Protection of information assets, business continuity and disaster recovery, systems and infrastructure management and IT service delivery and support). 1-5

4.Knowledge of quality management strategies and policies. 5.Knowledge of organizational structure, roles and responsibilities related to the use and management of IT. 6.Knowledge of generally accepted international IT standards and guidelines. 7.Knowledge of enterprise IT architecture and its implications for setting long-term strategic directions. 8.Knowledge of risk management methodologies and tools. 9.Knowledge of the use of control frameworks ( e.g., COBIT, COSO, ISO ) 1-6

10.Knowledge of the use of maturity and process improvement model [ e.g., Capability Maturity Model (CMM), CoBIT ). 11. Knowledge of contracting strategies, processes and contract management practices. 12.Knowledge of practices for monitoring and reporting of IT performance (e.g., Balanced ScoreCard [BSC], Key Performance Indicators [KPI]). 13.Knowledge of relevant legislative and regulatory issues [e.g., Privacy, Intellectual Property, Corporate governance requirements ]. 1-7

14.nowledge of IT human resources ( personnel ) management. 15.Knowledge of IT resource investment and allocation practices [e.g., Portfolio management, return on investment (ROI)]. ======== thank for your attention ======== 1-8