Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Published byBruno Stevenson Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall."— Presentation transcript:

1 Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall

2 Information Technology SOX Industry Specific Regulations (Pharmaceuticals, Oil sands) International Regulations – Security & Forensics Privacy Laws – (Canada, EEC) 5-2

3 © 2009 Pearson Education, Inc. Publishing as Prentice Hall Recent regulations impact a greater number of systems. Systems are more interconnected. (Interpol, Banks, CIA) Organizations are more dependent on Information Systems. (Banks, IBM e- commerce, Facebook, Amazon & EBay) Systems are more global and are affected by many countries. (EEC, US(SOX)) [GAPP] 5-3

4 © 2009 Pearson Education, Inc. Publishing as Prentice Hall Requires an annual evaluation of internal controls and procedures for financial ethics Requires the CEO and CFO personally certify controls. Requires independent auditors test control effectiveness. Controls must be designed to achieve ethical objectives using established criteria. Controls and control objectives must be documented. COBIT – Control Objectives for Information & related technologies 5-4

5 © 2009 Pearson Education, Inc. Publishing as Prentice Hall 1. Increasing Cost and Challenges 1. $5.5 Billion for SOX targets 2004 2. Benefits and Opportunities 1. SOX is good for IT 5-5

6 © 2009 Pearson Education, Inc. Publishing as Prentice Hall Compliance to say SOX requires a significant resource investment. Compliance adds new project costs and lengthens development schedules. (Syncrude, IBM) CIOs must personally attest to the effectiveness of IT’s internal controls and the quality of information. 5-6

7 © 2009 Pearson Education, Inc. Publishing as Prentice Hall Compliance requires that IT staff have adequate training and excellent written communication skills. Compliance requires the organization adopt a document retention strategy. 5-7

8 © 2009 Pearson Education, Inc. Publishing as Prentice Hall Compliance provides an opportunity to enhance business processes. Compliance has enhanced IT visibility with executives and the board of directors. (Maybe offering strategic direction) Compliance has increased the importance of security, quality, data architecture, and change management. 5-8

9 © 2009 Pearson Education, Inc. Publishing as Prentice Hall Improved overall IT governance Enhanced understanding of IT by senior executives Better business decisions based on more accurate information Improved IT-Business alignment Reduced risk of system security breaches 5-9

10 © 2009 Pearson Education, Inc. Publishing as Prentice Hall Reduced difficulty complying with new regulations More efficient and effective operations An integrated approach to security Enhanced risk management competencies Overall effective ethical practices 5-10

11 © 2009 Pearson Education, Inc. Publishing as Prentice Hall 5-11 Figure 5.1 New Systems Daily operation Information (Enabling IT Work)

12 © 2009 Pearson Education, Inc. Publishing as Prentice Hall 1. Enabling IT Work 2. New Systems 3. Information 4. Daily Operations 5. Controlling IT Work 5-12

13 © 2009 Pearson Education, Inc. Publishing as Prentice Hall Physical and Virtual Access across corps, new staff hires with access privileges Security Architecture requires practices Business Continuity Planning and Disaster Recovery (9/11, 2003 blackout) IT Governance (awareness & training required for compliance) HR Management and Training IT Finance (involving IT mgrs.) 5-13

14 © 2009 Pearson Education, Inc. Publishing as Prentice Hall IT Strategic Planning to be aligned with business strategy system Risk Assessment system Project Management system 5-14

15 © 2009 Pearson Education, Inc. Publishing as Prentice Hall Information Architecture Who has access to Data Document Retention Data Administration How to create, collect, organize, analyze, maintain & archive data 5-15

16 © 2009 Pearson Education, Inc. Publishing as Prentice Hall Operations and Infrastructure Support Help Desk Change Management Change Control Board (CCB) Change Management database 5-16

17 © 2009 Pearson Education, Inc. Publishing as Prentice Hall Testing and Validation Documentation Management Quality Assurance All are elements of quality Management Everyone is responsible 5-17

18 © 2009 Pearson Education, Inc. Publishing as Prentice Hall Organize for Compliance 1. Reduce cost Ensure procedures are followed React with new regulation Use Standards and Frameworks Emphasize Training and Awareness for compliance Ensure Appropriate Business Resources Business strategy is communicated so that IT strategy can support it 5-18

19 © 2009 Pearson Prentice Hall Plan and organize (IT environment) IT strategic planning Information architecture Determine technological direction IT organization and relationships Manage the IT investment Communication of management aims and direction Management of human resources Compliance with external requirements Assessment of risks Manage projects Manage quality 5-19

20 © 2009 Pearson Prentice Hall Acquire and implement (program development and program change) Identify automated solutions Acquire or develop application software Acquire technology infrastructure Manage changes Deliver and support (computer operations and access to programs and data) Define and manage service levels Manage third-party services 5-20

21 © 2009 Pearson Prentice Hall Manage performance and capacity Ensure continuous service Ensure systems security Identify and allocate costs Educate and train users Assist and advise customers Manage the configuration Manage problems and incidents Manage data Manage facilities Manage operations 5-21

22 © 2009 Pearson Prentice Hall Monitor and evaluate (IT environment) Monitoring Adequacy of internal controls Independent assurance Internal audit 5-22

23 © 2009 Pearson Education, Inc. Publishing as Prentice Hall New laws and regulations have had a significant impact on IT. IT managers are struggling to implement new controls to support these regulations. IT in the future will be controlled, standardized, and bureaucratized. 5-23

Download ppt "Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall."

Similar presentations

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Auditing Governance Functions

Auditing Governance Functions
Analisa Proses. Terjemahan model analisis menjadi desain software.

Analisa Proses. Terjemahan model analisis menjadi desain software.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.

8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.
TI BISNIS ITG using COBIT &

TI BISNIS ITG using COBIT &
COBIT Framework Source:

COBIT Framework Source:
COBIT - II.

COBIT - II.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Security Controls – What Works

Security Controls – What Works
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

Similar presentations

Ads by Google