We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byDylan Elsbury
Modified over 2 years ago
COBIT® 5 for Assurance Introduction Presented by
© 2013 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise) without the prior written authorisation of ISACA. Use of this publication is permitted solely for personal use and must include full attribution of the material’s source. No other right or permission is granted with respect to this work. © 2013 ISACA. All rights reserved.2
© 2013 ISACA. All rights reserved.3
Drivers for Assurance The main drivers for assurance in its different forms include: Providing interested parties substantiated opinions on governance and management of enterprise IT as per assurance objectives Defining assurance objectives in line with enterprise objectives, thus maximising the value of assurance initiatives Satisfying regulatory or contractual requirements for enterprises to provide assurance over their IT arrangements To achieve these aims, the COBIT 5 for Assurance professional guide: Provides guidance on how to use the COBIT 5 framework to establish and sustain assurance provisioning and an assurance function for the enterprise Provides a structured approach on how to provide assurance over enablers (all of COBIT 5’s defined enablers, e.g., processes, information, organisational structures) Illustrates the structured approach with a number of concrete examples of assurance programmes © 2013 ISACA. All rights reserved.4
Benefits of the Guidance Assurance providers can rely on the consistency, structure, context and vocabulary of the COBIT 5 framework and its related products. If assurance professionals base their reviews on the same framework as that used by business and IT managers who are improving value of IT for the enterprise, everyone involved will be using a common language and it will be easier to agree on and implement any necessary improvements to governance and management arrangements. This guide can be used by the assurance professional for many different purposes, including: Obtaining a view (based on COBIT 5 concepts such as the enablers) on current good practices on assurance Learning how to use different COBIT 5 components and related concepts for planning, scoping, executing and reporting on various types of IT assurance initiatives Obtaining a view of the extent to which the value objective of the enterprise—delivering benefits whilst optimising risk and resource use—is achieved © 2013 ISACA. All rights reserved.5
Target Audiences The target audience for this publication is broad, and includes: Assurance professionals at various governance and management layers Boards and audit committees, as stakeholders who commission assurance activities Business and IT management, as responsible parties External stakeholders, including external auditors, regulators and customers The intended audience for COBIT 5 for Assurance is extensive, as are the reasons for adopting and using the framework, and the benefits each group can find in it. Assurance professionals also have specific standards to follow in providing their services. Section 5 of this presentation looks briefly at this aspect of assurance service provision. © 2013 ISACA. All rights reserved.6
© 2013 ISACA. All rights reserved.7
Assurance Components © 2013 ISACA. All rights reserved.8
Assurance Components Three-party relationship Subject matter Suitable criteria Execution Conclusion The assurance process (ties together the above components) © 2013 ISACA. All rights reserved.9
Scope of the Assurance Publication In this publication, two perspectives on assurance are identified: Assurance function perspective—Describes what is needed in an enterprise to build and provide assurance function(s). COBIT 5 is an end-to-end framework, meaning that it considers the provisioning and use of assurance as part of the overall governance and management of enterprise IT. Assessment perspective—Describes the subject matter over which assurance needs to be provided. In this case, the subject matter is enterprise IT, which is described in ample detail in the COBIT 5 framework and COBIT ® 5: Enabling Processes and is therefore not covered in detail in the assurance guide itself. Section 3 of this presentation addresses the assurance function perspective, Section 4 addresses the assessment perspective © 2013 ISACA. All rights reserved.10
Two Perspectives on Assurance Provided by COBIT 5 Both perspectives are built on the seven common governance and management enablers of the COBIT 5 framework. © 2013 ISACA. All rights reserved.11
© 2013 ISACA. All rights reserved.12
The Assurance Function Perspective The assurance function perspective describes how each enabler contributes to the overall provisioning of assurance, e.g.: Which organisational structures are required to provide assurance (board/audit committee, audit function, etc.) Which information flows are required to provide assurance (audit universe, audit plan, audit reports, etc.) Section 2A of the publication contains examples of contributions to assurance practices for each of the enablers and further elaboration on each example is provided in an appendix. The assurance publication introduces an expanded form of audit programme, explicitly acknowledging and addressing the seven governance and management enablers to support effective assessment and assurance provision against the COBIT 5 framework elements. © 2013 ISACA. All rights reserved.13
© 2013 ISACA. All rights reserved.14
The Assessment Perspective The assessment perspective deals with the actual subject of assurance, i.e., performing actual assurance engagements, where assurance needs to be provided over the subject matter of IT. This subject matter is described in full detail in the COBIT 5 framework and COBIT 5: Enabling Processes publications; the framework consists of the interconnected and interacting COBIT 5 enablers, and the process enabler is fully described in COBIT 5: Enabling Processes. Therefore, the assurance publication describes only at a high level how an assurance professional can approach providing assurance over enablers. Section 2B of the assurance publication, provides: A detailed description of the core assurance processes, which includes a more in-depth level of detail on the COBIT 5 processes MEA01, MEA02 and MEA03 A generic approach on how to provide assurance over COBIT 5 enablers © 2013 ISACA. All rights reserved.15
© 2013 ISACA. All rights reserved.16
How COBIT 5 for Assurance Relates to Other Standards COBIT 5 for Assurance—much like COBIT 5 itself—is an umbrella approach for the provisioning of assurance. This section illustrates the umbrella positioning by positioning COBIT 5 for Assurance in context with a number of (IT) assurance-related standards. The list of standards considered includes: ISACA ITAF, 2 nd Edition, a professional practices framework for IS audit/assurance The Institute of Internal Auditors (IIA) International Professional Practices Framework (IPPF) Standards 2013 American Institute of Certified Public Accountants (AICPA) Statement on Standards for Attestation Engagements (SSAE) 16 © 2013 ISACA. All rights reserved.17
Presented by. © 2012 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored.
Date. © 2012 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval.
© 2012 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval.
COBIT® 5 for Risk Introduction Presented by. © 2013 ISACA. All rights reserved.2 © 2013 ISACA. All rights reserved. For usage guidelines, see
Additional Assurance Services: Other Information Chapter 20 McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
International Auditing and Assurance Standards Board The Clarified ISAs, Audit Documentation, and SME Audit Considerations ISA Implementation Support Module.
Slide Additional Assurance Services: Other Information.
Copyright © 2014 Pearson Education Chapter 1 The Assurance Services Market.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter
Learning Objectives LO1 Define the various financial presentations and levels of service involved in association with special reports and compliance reporting.
COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.
SOC1 vs. SOC2 vs. SOC3 Source: ryServices/Pages/AICPASOC3Report.aspx.
2007 IT Governance Institute. All rights reserved. IT Governance Using C OBI T ® and Val IT™: Presentation, 2 nd Edition The explanation.
INTOSAI Compliance Audit Guidelines (ISSAI ) Presentation by (name and tittle) Venue and date 1.
Presented by. COBIT–The ISACA Framework COBIT is an IT governance framework and supporting tool set that allows managers to bridge the gap between control.
Chapter Nine Conducting the IT Audit. Audit Standards AICPA — Statements of Auditing Standards (SASs) AICPA — Statements of Auditing Standards (SASs)
Organizational Culture, Creativity, and Innovation Chapter Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.
Module 6: Business Application Software Audit Chapter 1: Business Application Software Audit 1.
COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation.
PwC Internal Control Reports: Facts, Myths and Best Practices FIRMA National Risk Management Training Conference – San Francisco, CA Wednesday March 31,
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
International Auditing and Assurance Standards Board Audits of Group Financial Statements ISA Implementation Support Module Prepared by IAASB Staff November.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.
International Standards for the Professional Practice of Internal Auditing.
Module N° 4ICAO State Safety Programme (SSP) Implementation Course 1 Module N° 4 – ICAO SSP framework Revision N° 5ICAO State Safety Programme (SSP) Implementation.
International Auditing and Assurance Standards Board Communicating Deficiencies in Internal Control to Those Charged with Governance and Management ISA.
© ITGI not for commercial use. 1 C OBI T ® Presentation Package Sample 10 Slides of 80-slide Deck The C OBI T ® framework explained in a complete.
Marakas: Decision Support Systems, 2nd Edition © 2003, Prentice-Hall Chapter Chapter 13: The Systems Perspective of a DSS Decision Support Systems.
Chapter 20 Additional Assurance Services: Other Information McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
1. IT AUDITS IT audits: provide audit services where processes or data, or both, are embedded in technologies. Subject to ethics, guidelines, and.
1 Homologues Group Meeting Slovenia, October 2009 Republika SlovenijaEuropean Union Ljubljana, October 2009 Introduction to IT audits PART II IT.
Data Protection: Health. Data Protection & Health Data Data on physical or mental health or condition or sexual life are ‘sensitive personal data’ with.
Module N° 4 – ICAO SSP framework Revision N° 3ICAO State Safety Programme (SSP) familiarization Course06/05/09.
The ISO 9000 family of standards The ISO 9000 family of standards is related to quality management systems Designed to help organizations ensure that they.
ISA Implementation Support Module Prepared by IAASB Staff October 2010 Written Representations.
Harmonization Project FAS Meeting Harmonization project and ISSAI 200 Purpose and scope of the project The purpose is to provide a conceptual basis.
COBIT 5 Introduction 28 February COBIT 5 Executive Summary © 2012 ISACA. All rights reserved.2.
1 Service Oriented Architecture Reference Model An informal SOA Ontology.
ISACA’s COBIT ® Assessment Programme (based on COBIT ® 5) Presented by:
Chapter 16 Prepared by Richard J. Campbell Copyright 2011, Wiley and Sons Topics Beyond the Integrated Audit.
0 May 2013 Internal Control–Integrated Framework.
Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 20-1 Chapter Twenty Assurance, Related Services and Internal.
© 2017 SlidePlayer.com Inc. All rights reserved.