Institute of Internal Auditors COBIT Presentation October 9, 2001.

Slides:



Advertisements
Similar presentations
Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’
Advertisements

Massachusetts Digital Government Summit October 19, 2009 IT Management Frameworks An Overview of ISO 27001:2005.
Alignment of Enterprise Governance and IT Governance
Chapter 10 Accounting Information Systems and Internal Controls
International Federation of Accountants International Education Standards for Professional Accountants Mark Allison, Executive Director Institute of Chartered.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
IT Governance Capability Maturity within Government
Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
IT Infrastructure Library ITIL vs COBIT. ANDRIAN EDUARD BANGGA IKHSAN BASKARA JOOVANNY PASUHUK RANGGA FAJARULLAH TEAM.
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
By Collin Smith COBIT Introduction By Collin Smith
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Quality evaluation and improvement for Internal Audit
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.
Conducting the IT Audit
Chicagoland IASA Spring Conference
Procurement Engineering and Review Team (PERT) PEER REVIEW PROGRAM Patrick Marmo 2/7/2012 Independent Peer Review Program for Contractor’s Purchasing Systems.
Introduction to IT Auditing
COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation.
© ITGI, ISACA - not for commercial use. John R. Robles Guidance for Information.
1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, October 2009 Introduction to IT audits PART II IT.
Information Security Framework & Standards
Continual Service Improvement Process
Fraud & Internal Control Frank M. Klaus, CPA. Fraud Definition  Fraud is the misappropriation of assets for the benefit of an individual.  “Willful.
Security Assessments FITSP-A Module 5
ITIL & COBIT O6PLM Kevin Lisay – Rendy Winarta –
INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.
The Challenge of IT-Business Alignment
Chapter Three IT Risks and Controls.
Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.
Presented By Tay Un Soo Senior VP, Bank of Commerce President of ISACA - Malaysia Chapter 1999 National Accountants Conference THRIVING IN THE DIGITAL.
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
The Institute and the Profession: 1 Personalize your title and presenter here. The Institute and the Profession The Institute and the Profession: 1.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.
Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,
COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.
Setting Up and Sustaining a PMO/PMCOE: Real Life Experiences.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
MANAGEMENT REVIEWS AND AUDITING IN SOCIAL INSURANCE INSTITUTIONS by: Jean-Victor Gruat, EUSE, Business Processes MANAGEMENT REVIEW AND AUDITING.
C OBI T and slides © 2007 IT Governance Institute. Used with permission. An Overview of C OBI T ®
ITIL VS COBIT 06 PLM - Group 9
CobiT Executive Summary MBA512 - Information Systems and Technology reference "CobiT, 3rd Edition Executive Summary", July 2000CobiT, 3rd Edition Executive.
Nicholas Sprague University of Tulsa. What is COBIT? History Components Framework Why do we care? Benefits.
BA 559: IT Governance Ben Tsao. What is COBIT?  Control Objectives for Information and Related Technology  Control framework for IT  A set of best.
1 COSO ERM Framework Update Our Next Challenge and Opportunity September 2015.
#325 - CobiT and Service Delivery Debra Mallette, CISA, CSSBB Kaiser Permanente IT.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
Change Management and COBIT®. Estonia & Finland Chapters Presentation Friday, November 5 th 2004 Charles Mansour CISA Tere päevast! ©Charles Mansour.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
CMMI Certification - By Global Certification Consultancy.
1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business.
Proposal and Company Information Document CONTENT About Indagatio Research Our Research Offerings Why Indagatio Research Our Work Process Project Snapshot.
ISACA Willamette Valley Chapter Luncheon Thursday, March 20, 2008 Practical Auditors Guide for CobiT Steve Balough, CISA.
MS in IT Auditing, Cyber Security, and Risk Assessment
Internal and external control in an automated environment
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
Governance, audit and digital preservation
By Jeff Burklo, Director
Bringing technology and leadership together.
Change Management and COBIT®. ISACA London Chapter Presentation
Assessment of Quality in Statistics GLOBAL ASSESSMENTS, PEER REVIEWS AND SECTOR REVIEWS IN THE ENLARGEMENT AND ENP COUNTRIES Mirela Kadic, Project Manager.
What is IT audit? An examination of how IT systems where implemented to ensure that they meet the organization’s business needs without compromising.
Presentation transcript:

Institute of Internal Auditors COBIT Presentation October 9, 2001

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 2 Confidential and Proprietary - Internal Audit Consulting Group Use Only For More Information on COBIT Phone Websites

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 3 Confidential and Proprietary - Internal Audit Consulting Group Use Only Cost ISACA Member$115 Non-Member$225

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 4 Confidential and Proprietary - Internal Audit Consulting Group Use Only Background C ontrol OB jectives for I nformation and related T echnology –Originally released in 1996 by the Information Systems Audit and Control Foundation (ISACF) –Current primary publisher is the IT Governance Institute - formed by the Information Systems Audit and Control Association (ISACA) in 1998 –COBIT was formed through research of sources such as the technical standards from ISO, codes of conduct issued by the Council of Europe and ISACA, professional standards for internal control and auditing issued by COSO, AICPA, GAO, etc. –The above sources were used to formulate COBIT to “be both pragmatic and responsive to business needs while being independent of the technical IT platforms adopted in an organization.”

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 5 Confidential and Proprietary - Internal Audit Consulting Group Use Only The COBIT Mission To research, develop, publicize and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to- day use by business managers and auditors

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 6 Confidential and Proprietary - Internal Audit Consulting Group Use Only Objectives of COBIT To provide a framework to bridge gaps between business risks, control needs and technical issues in order to maximize benefits, capitalize on opportunities and gain competitive advantage

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 7 Confidential and Proprietary - Internal Audit Consulting Group Use Only Components Executive Summary Framework Control Objectives Audit Guidelines Management Guidelines

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 8 Confidential and Proprietary - Internal Audit Consulting Group Use Only Executive Summary Provides a synopsis of COBIT’s objectives and processes

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 9 Confidential and Proprietary - Internal Audit Consulting Group Use Only Framework A tool to be used as a comprehensive guidance for users, auditors, management & business process owners

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 10 Confidential and Proprietary - Internal Audit Consulting Group Use Only Control Objectives Generically defined high-level business needs organized by process/activity used to facilitate the implementation of a process

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 11 Confidential and Proprietary - Internal Audit Consulting Group Use Only Audit Guidelines A template used to facilitate the obtaining, evaluating, assessing and substantiating of of information needed to evaluate overall control

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 12 Confidential and Proprietary - Internal Audit Consulting Group Use Only Management Guidelines Set of action oriented guidelines developed to assist management in answering: –Does the benefit outweigh the cost? –What are the indicators of good performance? –What are the critical success factors? –What are the risks of not achieving our objectives? –What do others do? –How do we measure and compare?

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 13 Confidential and Proprietary - Internal Audit Consulting Group Use Only COBIT Family of Products

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 14 Confidential and Proprietary - Internal Audit Consulting Group Use Only Framework (see handout) 4 Domains –Planning & Organization –Acquisition & Implementation –Delivery & Support –Monitoring 34 Control Objectives 318 Detailed Control Objectives

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 15 Confidential and Proprietary - Internal Audit Consulting Group Use Only

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 16 Confidential and Proprietary - Internal Audit Consulting Group Use Only Audit Guidelines 4Obtain Understanding –Interviewing –Obtaining 4Evaluate Controls –Considering 4Assess Compliance –Testing 4Substantiate Risk –Performing –Identifying

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 17 Confidential and Proprietary - Internal Audit Consulting Group Use Only Management Guidelines Ô Critical Success Factors Ô Key Goal Indicators Ô Key Performance Indicators Ô Maturity Model

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 18 Confidential and Proprietary - Internal Audit Consulting Group Use Only Example SManage Changes

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 19 Confidential and Proprietary - Internal Audit Consulting Group Use Only Domain 4Acquisition & Implementation

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 20 Confidential and Proprietary - Internal Audit Consulting Group Use Only Control Objective 4AI6

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 21 Confidential and Proprietary - Internal Audit Consulting Group Use Only Detailed Control Objectives ÜChange Request Initiation and Control ÜImpact Assessment ÜControl of Changes ÜEmergency Changes ÜDocumentation and Procedures ÜAuthorized Maintenance ÜSoftware Release Policy ÜDistribution of Software

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 22 Confidential and Proprietary - Internal Audit Consulting Group Use Only Audit Guidelines 4Obtain Understanding –Interviewing –Obtaining 4Evaluate Controls –Considering 4Assess Compliance –Testing 4Substantiate Risk –Performing –Identifying

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 23 Confidential and Proprietary - Internal Audit Consulting Group Use Only Management Guidelines  Non-existent  Initial/Ad Hoc 2Repeatable but Intuitive  Defined Process  Managed & Measurable  Optimized

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 24 Confidential and Proprietary - Internal Audit Consulting Group Use Only Findings t Issues t Benchmarking

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 25 Confidential and Proprietary - Internal Audit Consulting Group Use Only Adopting COBIT Tool Set

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 26 Confidential and Proprietary - Internal Audit Consulting Group Use Only Adopting COBIT Tool Set

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 27 Confidential and Proprietary - Internal Audit Consulting Group Use Only Adopting COBIT Tool Set

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 28 Confidential and Proprietary - Internal Audit Consulting Group Use Only Adopting COBIT Tool Set

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 29 Confidential and Proprietary - Internal Audit Consulting Group Use Only Adopting COBIT Tool Set

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 30 Confidential and Proprietary - Internal Audit Consulting Group Use Only Adopting COBIT Tool Set

Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 31 Confidential and Proprietary - Internal Audit Consulting Group Use Only COBIT Case Studies Cedel Group Office of the State Auditor of Massachusetts PWC Fidelity Investments Department of Defense Boston Gas Company Santa Barbara Bank and Trust Society for Worldwide Interbank Financial Telecommunication

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.