RELATIONSHIP OF TASK TO KNOWLEDGE STATEMENT Pert-2 The TASK Statement are what the CISA candidate is expected to know how to do. The KNOWLEDGE Statement delineate what CISA candidate is expected to know in order to perform the TASK The TASK and KNOWLEDGE Statements are approximately mapped in table 1. insofar as it is possible to do so. Note that although there is often overlap, each TASK Statement will generally map to several KNOWLEDGE Statement. 2-1

Table 1., TASK and KNOWLEDGE Statement Mapping TASK Statement KNOWLEDGE Statement T1. Evaluate the effectiveness of IT, KS.1 Knowledge of the purpose of IT strate governance structure to ensure tegies, policesn, standards and the adequate board control over the procedures for an organization and decision, directions and performan- the essential element of each KS.1a Knowledge of IT governance framework KS.1b Knowledge of tne use of control frame- works (cth. CoBiT, COSO, ISO ) KS.1c Knowledge of practices for monitoring and reporting of IT performence (cth. Balanced Scorecards, key performan- ce indikator=KPI ) KS.1d Knowledge of IT resource investment and allocation practices (cth. Portfolio management ROI ) 2-2

T,2 Evaluate IT organizational structure KS.2a Knowledge of the purpose of IT strategies, and human resources (personnel) polices, standards and procedures for an or- management to ensure that they ganization and the essential elements of support the organization’s strategies each and objectives KS.2b Knowledge of organizational structure roles and responsibilities related to the use and management of IT KS.2c Knowledge of IT human resources (personnel) management. T.3 Evaluate the IT Strategy and process KS.3a Knowledge of the purpose of IT strategies, for their development, approval, im- policies, standards and procedures for an plementation and maintenance to organization and the essential elements of ensure that they support the organi- each. zation’s strategies and objectives KS.3b Knowledge of the processes for the deve- of IT strategirs, policies, standards and pro- cedures ( cth.protection of information as- sets, business continuity and disaster reco - very, systems and infrastructure life cycle. KS.3c Knowledge of quality management strategies and policies. 2-3

TASK and Knowledge Statement Mapping ( Continued T.4 Evaluate the organizational’sKS.4a Knowledge of the processes for the de- IT policies, standards, proce velopment,implementation and mainte dures and processes for their nance of IT strategies, policies, stan – development, approval, imple dards and procedures (cth. Protection mentation and maintenance to of information assets, business conti ensure that they support the IT nuity and disaster recovery, systems strategy and comply with regu- and infrastructure life cycle manage – latory and legal requirements. Ment and IT service delivery and sup- port. KS.4b Knowledge of generally accepted inter national IT standards and guidlines. KS4.c Knowledge of relevant legislative and regulatory issues (cth. Privacy, Intellec tual Property, Corporate governance requirements) 2-4

TASK and KNOWLEDGE Statement Mapping ( Continued ) T.5 Evaluate management practices KS.5a Knowledge of the processes for the de to ensure compliance with the velopment, implementation and mainte the organization’s IT strategy, nance of IT strategies, policies, stand policies, standards and produres ard and procedures (cth. Protection of information assets, business continui ty and disaster recovery, systems and infrastrutures life cycle management and IT service delivery and support. KS.5b Knowledge of quality management strategies and policies. KS.5c Knowledge of generally accepted inter national IT standards and guidlines. KS.5d Knowledge of enterprise IT architectu re and its implications for setting long-term strategies directions. KS.5e Knowledge of the use of control frame works (cth. CoBit, COSO, ISO ) KS.5f Knowledge of the use of maturity and process and improvement models ( Cth. CMM, CoBit ). KS.5g Knowledge of contrating strategies, processes and contract management practices. 2-5

TASK and KNOWLEDGE Statement Mapping ( continued 0 KS.5h Knowledge of IT human resource (personnel ) management. KS.5i Knowledge of IT resource investment and allocation practices (cth. Portfolio management ROI ) T.6 Evaluate IT resource invest KS.6a Knowledge of IT human resource ( ment,use and allocation prac personnel ) management. tices to ensure aligment with the organization’s strategies and objectives. T.7 Evaluate IT contracting stra- KS.7a Knowledge of contracting startegies, pro tegies and policies and con- cesses and contract management prac- to ensure tahat they support tices. the organization’s strategies and objectives. 2-6

TASK and KNOWLEDGE Statement Mapping ( Continued ) T.8 Evaluate risk management KS.8a Knowledge of the processes for the deve- practices to ensure that the lopment implementation and maintenance organization’s IT-related risk of IT strategies, policies, standards and are property managed. Procedures (cth. Protection of information assets, business continuity and disaster recovery, systems and infrastructure life cycle management and IT service delivery and support. KS.8b Knowledge of risk management ad toond methodology and tools. T.9 Evaluate monitoring and as- KS.9a Knowledge of quality management strate surance practices to ensure gies and policies. that the board and execu- KS.9b. Knowledge of practices for monitoring tive management receives andreporting of IT performance (cth.BSC, sufficient and timely informa KPI ). tion about IT performance ========= thank for your attention ========= 2-7