Presentation is loading. Please wait.

Presentation is loading. Please wait.

Professional Standards Committee and Frameworks for IT Audits

Published byDerek Nelson Modified over 9 years ago

Similar presentations

Presentation on theme: "Professional Standards Committee and Frameworks for IT Audits"— Presentation transcript:

1 Professional Standards Committee and Frameworks for IT Audits
ISACA Professional Standards Committee and Frameworks for IT Audits

2 Steve Sizemore, CISA, CIA, CGAP
Texas Health and Human Services Commission – Internal Audit Division IIA Austin Chapter ISACA Past President of Austin Chapter Government and Regulatory Agencies Subcommittee – North America Professional Standards Committee

3 Professional Standards Committee - Charge
Develop, maintain, and support professional ethics, standards, and guidelines for the IT assurance, security and control professions.

4 Standards Board Members 2010/11
John Ho Chi, CISA, CISM, CBCP, CFE, Ernst & Young LLP, Singapore, Chair Manuel Aceves, CISSP, CGEIT,CISM,CISA, Cerberian Consulting, Mexico Rick De Young, CISA,MBA,CISSP, USA Murari Kalyanaramani, CISM,CISA,CISSP, British American Tobacco GSD, Malaysia Edward J. Pelcher, CGEIT,CISA, Office of the Auditor General, South Africa Rao Hulgeri Raghavendra, CISA,CQA,PGDIM, Oracle Financial Services Software Ltd., India Steven E. Sizemore, CISA,CIA,CGAP, Texas HHSC, USA Meera Venkatesh, CISA, CISM, CISSP, CWA, ACS, Microsoft Corp., USA

5 Professional Standards Committee Objectives
1. Refresh, consolidate, and retire IS auditing guidance issued by ISACA to ensure consistency with other material issued by ISACA and ITGI, such as COBIT 4.1 and the Information Technology Assurance Framework (ITAF).

6 Professional Standards Committee Objectives
2. Continue development of security principles and the Business Model for Information Security (BMIS).

7 Professional Standards Committee Objectives
3. IT Assurance Framework (ITAF) Ensure all current ISACA guidance is reflected. Identify Gaps with our current guidance. Develop guidance as determined to be a priority by the gap analysis.

8 IS Auditing Guidance Code of Professional Ethics is a mandatory requirement Standards are mandatory requirements Guidelines are guidance in applying standards Procedures are examples

9 ITAF Standards Guidelines Tools and techniques General Performance
Reporting Guidelines Tools and techniques

10 ITAF (cont) Standards – 3 categories
General standards are the guiding principles under which the IT assurance profession operates Performance standards establish baseline expectations in the conduct of IT assurance engagements Reporting standards address the types of reports, the means of communication, and the information to be communicated

11 COBIT COBIT 4.1 COBIT 5 In development
Will consolidate and integrate  COBIT 4.1, Val IT 2.0 and Risk IT frameworks Draw significantly from the Business Model for Information Security (BMIS) and ITAF.

12 COBIT - among top four IT Governance Frameworks

13 Val IT – A Governance Framework
IT-enabled investments will: 1. Be managed as a portfolio of investments 2. Include the full scope of activities required to achieve business value 3. Be managed through their full economic life cycle Value delivery practices will: Recognize different categories of investments to be evaluated and managed differently Define and monitor key metrics and respond quickly to any changes or deviations Engage all stakeholders and assign appropriate accountability for delivery of capabilities and realisation of business benefits Be continually monitored, evaluated and improved

14 Risk IT – Risk Management Framework
Risk Governance Establish and Maintain a Common Risk View Integrate with Enterprise Risk Management (ERM) Make Risk-aware Business Decisions Risk Evaluation Collect Data Analyze Risk Maintain Risk Profile Risk Response Articulate Risk Manage Risk React to Events

15 Information Security Principles
Partnership of ISACA Information Security Forum (ISF) International Information Systems Security Certification Consortium (ISC)2

16 Business Model for Information Security (BMIS)
Uses a business-oriented approach Can be used regardless of an enterprise’s size or the information security framework it has in place Focuses on people and processes in addition to technology. Is independent of any particular technology and is applicable across all industries, countries, and regulatory and legal systems. Includes traditional information security, as well as links to privacy, risk, physical security and compliance. Enables information security professionals to align the security program with business objectives by helping to widen the view to the enterprise

17 BMIS (cont)

18 How is IS auditing guidance developed?
Members and CISAs Chapter Presidents General public Other standard setting bodies Area Rep Standards Board

19 How is IS auditing guidance issued?
Selected professionals Other standard setting bodies (through the exposure process) Members and CISAs (through the Internet ) General public (through the internet) Copies of all Standards are available on the ISACA web site Standards Board

20 Working with Other Organisations
Work with other international standard setting bodies (IIA, IFAC, AICPA, etc.) Comment on Exposure Drafts

21 Future Pronouncements

22 Guidelines to be Refreshed in 2011
SDLC G24 Internet Banking G25 Review of VPNs G26 Business Process Reengineering G27 Mobile Computing

23 Guidelines to be Refreshed in 2011
Computer Forensics G29 Post Implementation Reviews G30 Competencies G31 Privacy G32 Business Continuity Planning

24 Gap Analysis Identified gaps between ITAF and the Standards and Guidelines Plan to address gaps through development of new standards and guidelines, and consolidation and reorginization of existing standards and guidelines.

25 Conclusion Questions?

Download ppt "Professional Standards Committee and Frameworks for IT Audits"

Similar presentations

Organizational Governance

Organizational Governance
1 2009 ISACA All rights reserved. Unlocking the Value of Technology Investments Speaker Name/Title Date.

ISACA All rights reserved. Unlocking the Value of Technology Investments Speaker Name/Title Date.
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Strategy 2022: A Holistic View Tony Hayes International President ISACA 2013-2014 © 2012, ISACA. All rights reserved.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
1 Transforming Enterprise IT Speaker Name/Title Date.

1 Transforming Enterprise IT Speaker Name/Title Date.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
The CPA Profession Chapter 2.

The CPA Profession Chapter 2.
SAFA- IFAC Regional SMP Forum

SAFA- IFAC Regional SMP Forum
Internal Audit Process

Internal Audit Process
Procurement Transformation State of North Carolina

Procurement Transformation State of North Carolina
Www.globaliia.org The Institute of Internal Auditors: Serving the Global Internal Auditing Profession Gerry Cox, CMIIA, CIA, CRMA, Chief Executive, South.

The Institute of Internal Auditors: Serving the Global Internal Auditing Profession Gerry Cox, CMIIA, CIA, CRMA, Chief Executive, South.
Chapter 2 Careers in Fraud Examination and Financial Forensics.

Chapter 2 Careers in Fraud Examination and Financial Forensics.
Conducting the IT Audit

Conducting the IT Audit

Similar presentations

Ads by Google