Presentation is loading. Please wait.

Presentation is loading. Please wait.

Institute of Internal Auditors COBIT Presentation October 9, 2001.

Published byVirgil Chase Modified over 9 years ago

Similar presentations

Presentation on theme: "Institute of Internal Auditors COBIT Presentation October 9, 2001."— Presentation transcript:

1 Institute of Internal Auditors COBIT Presentation October 9, 2001

2 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 2 Confidential and Proprietary - Internal Audit Consulting Group Use Only For More Information on COBIT Phone 847-253-1545 Email research@isaca.org Websites www.Itgovernance.org www.isaca.org

3 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 3 Confidential and Proprietary - Internal Audit Consulting Group Use Only Cost ISACA Member$115 Non-Member$225

4 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 4 Confidential and Proprietary - Internal Audit Consulting Group Use Only Background C ontrol OB jectives for I nformation and related T echnology –Originally released in 1996 by the Information Systems Audit and Control Foundation (ISACF) –Current primary publisher is the IT Governance Institute - formed by the Information Systems Audit and Control Association (ISACA) in 1998 –COBIT was formed through research of sources such as the technical standards from ISO, codes of conduct issued by the Council of Europe and ISACA, professional standards for internal control and auditing issued by COSO, AICPA, GAO, etc. –The above sources were used to formulate COBIT to “be both pragmatic and responsive to business needs while being independent of the technical IT platforms adopted in an organization.”

5 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 5 Confidential and Proprietary - Internal Audit Consulting Group Use Only The COBIT Mission To research, develop, publicize and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to- day use by business managers and auditors

6 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 6 Confidential and Proprietary - Internal Audit Consulting Group Use Only Objectives of COBIT To provide a framework to bridge gaps between business risks, control needs and technical issues in order to maximize benefits, capitalize on opportunities and gain competitive advantage

7 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 7 Confidential and Proprietary - Internal Audit Consulting Group Use Only Components Executive Summary Framework Control Objectives Audit Guidelines Management Guidelines

8 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 8 Confidential and Proprietary - Internal Audit Consulting Group Use Only Executive Summary Provides a synopsis of COBIT’s objectives and processes

9 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 9 Confidential and Proprietary - Internal Audit Consulting Group Use Only Framework A tool to be used as a comprehensive guidance for users, auditors, management & business process owners

10 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 10 Confidential and Proprietary - Internal Audit Consulting Group Use Only Control Objectives Generically defined high-level business needs organized by process/activity used to facilitate the implementation of a process

11 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 11 Confidential and Proprietary - Internal Audit Consulting Group Use Only Audit Guidelines A template used to facilitate the obtaining, evaluating, assessing and substantiating of of information needed to evaluate overall control

12 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 12 Confidential and Proprietary - Internal Audit Consulting Group Use Only Management Guidelines Set of action oriented guidelines developed to assist management in answering: –Does the benefit outweigh the cost? –What are the indicators of good performance? –What are the critical success factors? –What are the risks of not achieving our objectives? –What do others do? –How do we measure and compare?

13 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 13 Confidential and Proprietary - Internal Audit Consulting Group Use Only COBIT Family of Products

14 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 14 Confidential and Proprietary - Internal Audit Consulting Group Use Only Framework (see handout) 4 Domains –Planning & Organization –Acquisition & Implementation –Delivery & Support –Monitoring 34 Control Objectives 318 Detailed Control Objectives

15 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 15 Confidential and Proprietary - Internal Audit Consulting Group Use Only

16 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 16 Confidential and Proprietary - Internal Audit Consulting Group Use Only Audit Guidelines 4Obtain Understanding –Interviewing –Obtaining 4Evaluate Controls –Considering 4Assess Compliance –Testing 4Substantiate Risk –Performing –Identifying

17 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 17 Confidential and Proprietary - Internal Audit Consulting Group Use Only Management Guidelines Ô Critical Success Factors Ô Key Goal Indicators Ô Key Performance Indicators Ô Maturity Model

18 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 18 Confidential and Proprietary - Internal Audit Consulting Group Use Only Example SManage Changes

19 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 19 Confidential and Proprietary - Internal Audit Consulting Group Use Only Domain 4Acquisition & Implementation

20 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 20 Confidential and Proprietary - Internal Audit Consulting Group Use Only Control Objective 4AI6

21 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 21 Confidential and Proprietary - Internal Audit Consulting Group Use Only Detailed Control Objectives ÜChange Request Initiation and Control ÜImpact Assessment ÜControl of Changes ÜEmergency Changes ÜDocumentation and Procedures ÜAuthorized Maintenance ÜSoftware Release Policy ÜDistribution of Software

22 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 22 Confidential and Proprietary - Internal Audit Consulting Group Use Only Audit Guidelines 4Obtain Understanding –Interviewing –Obtaining 4Evaluate Controls –Considering 4Assess Compliance –Testing 4Substantiate Risk –Performing –Identifying

23 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 23 Confidential and Proprietary - Internal Audit Consulting Group Use Only Management Guidelines  Non-existent  Initial/Ad Hoc 2Repeatable but Intuitive  Defined Process  Managed & Measurable  Optimized

24 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 24 Confidential and Proprietary - Internal Audit Consulting Group Use Only Findings t Issues t Benchmarking

25 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 25 Confidential and Proprietary - Internal Audit Consulting Group Use Only Adopting COBIT Tool Set

26 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 26 Confidential and Proprietary - Internal Audit Consulting Group Use Only Adopting COBIT Tool Set

27 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 27 Confidential and Proprietary - Internal Audit Consulting Group Use Only Adopting COBIT Tool Set

28 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 28 Confidential and Proprietary - Internal Audit Consulting Group Use Only Adopting COBIT Tool Set

29 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 29 Confidential and Proprietary - Internal Audit Consulting Group Use Only Adopting COBIT Tool Set

30 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 30 Confidential and Proprietary - Internal Audit Consulting Group Use Only Adopting COBIT Tool Set

31 Internal Audit Consulting Group Assurance and Consulting on Business Risk Management, Controls, and Governance9/26/01 31 Confidential and Proprietary - Internal Audit Consulting Group Use Only COBIT Case Studies Cedel Group Office of the State Auditor of Massachusetts PWC Fidelity Investments Department of Defense Boston Gas Company Santa Barbara Bank and Trust Society for Worldwide Interbank Financial Telecommunication

Download ppt "Institute of Internal Auditors COBIT Presentation October 9, 2001."

Similar presentations

Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’

Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’
Massachusetts Digital Government Summit October 19, 2009 IT Management Frameworks An Overview of ISO 27001:2005.

Massachusetts Digital Government Summit October 19, 2009 IT Management Frameworks An Overview of ISO 27001:2005.
Alignment of Enterprise Governance and IT Governance

Alignment of Enterprise Governance and IT Governance
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
International Federation of Accountants International Education Standards for Professional Accountants Mark Allison, Executive Director Institute of Chartered.

International Federation of Accountants International Education Standards for Professional Accountants Mark Allison, Executive Director Institute of Chartered.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
IT Governance Capability Maturity within Government

IT Governance Capability Maturity within Government
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
IT Infrastructure Library ITIL vs COBIT. ANDRIAN EDUARD BANGGA IKHSAN BASKARA JOOVANNY PASUHUK RANGGA FAJARULLAH TEAM.

IT Infrastructure Library ITIL vs COBIT. ANDRIAN EDUARD BANGGA IKHSAN BASKARA JOOVANNY PASUHUK RANGGA FAJARULLAH TEAM.
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.

Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.

Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.
Conducting the IT Audit

Conducting the IT Audit
Chicagoland IASA Spring Conference

Chicagoland IASA Spring Conference
Procurement Engineering and Review Team (PERT) PEER REVIEW PROGRAM Patrick Marmo 2/7/2012 Independent Peer Review Program for Contractor’s Purchasing Systems.

Procurement Engineering and Review Team (PERT) PEER REVIEW PROGRAM Patrick Marmo 2/7/2012 Independent Peer Review Program for Contractor’s Purchasing Systems.
Introduction to IT Auditing

Introduction to IT Auditing

Similar presentations

Ads by Google