COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Slides:

Advertisements

Similar presentations

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

Advertisements

Chapter 10 Accounting Information Systems and Internal Controls

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

TI BISNIS ITG using COBIT &

The Islamic University of Gaza

By Collin Smith COBIT Introduction By Collin Smith

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Overview of IT Governance and

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

MIS 310: Management Information Systems Minder Chen, Ph.D. Associate Professor Martin V. Smith School of Business and economics CSU Channel Islands

Session 3 – Information Security Policies

1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.

Information Systems Controls for System Reliability -Information Security-

Control environment and control activities. Day II Session III and IV.

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

Information Technology Audit

Internal Auditing and Outsourcing

Introduction to IT Auditing

COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.

COBIT Information Security An Introduction Tanvir Orakzai,PhD

The Challenge of IT-Business Alignment

Chapter Three IT Risks and Controls.

Internal Control in a Financial Statement Audit

COBIT - IT Governance.

Roles and Responsibilities

1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.

Learning Objectives LO5 Illustrate how business risk analysis is used to assess the risk of material misstatement at the financial statement level and.

1. IT AUDITS  IT audits: provide audit services where processes or data, or both, are embedded in technologies.  Subject to ethics, guidelines, and.

Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.

Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.

Audit of predetermined objectives Presentation: Portfolio Committee on Economic Development March 2013.

ISO 9001:2008 to ISO 9001:2015 Summary of Changes

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.

Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

The common structure and ISO 9001:2015 additions

C OBI T and slides © 2007 IT Governance Institute. Used with permission. An Overview of C OBI T ®

ITIL VS COBIT 06 PLM - Group 9

Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

Nicholas Sprague University of Tulsa. What is COBIT? History Components Framework Why do we care? Benefits.

© | Hansan Global | All Rights Reserved 1 INTRODUCTION TO IT SERVICE MANAGEMENT Hansan Global Pte Ltd.

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

#325 - CobiT and Service Delivery Debra Mallette, CISA, CSSBB Kaiser Permanente IT.

Driving Value from IT Services using ITIL and COBIT 5 July 24, 2013 Gary Hardy ITWinners.

6/11/2016 Filename Session 135 Control Practices and Control Theories Jeff Roth, CISA.

1 Chapter 1 Introduction to Accounting Information Systems Chapter 2 Intelligent Systems and Knowledge Management.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

ISACA Willamette Valley Chapter Luncheon Thursday, March 20, 2008 Practical Auditors Guide for CobiT Steve Balough, CISA.

Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.

Internal Control Principles

BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.

Internal control - the IA perspective

Cobit Framework.

IT Governance and Control: An Analysis of CobIT 4.1

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

COBIT 5 and GRC Date.

Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.

An overview of Internal Controls Structure & Mechanism

Presentation transcript:

COBIT

The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in Provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company.

Harmonizing the Elements of IT Governance IT Governance Resource Management Strategic Alignment Value Delivery Performance Measurement Risk Management

COBIT supports IT governance by providing a framework to ensure that: 1.IT is aligned with the business 2.IT enables the business and maximizes benefits 3.IT resources are used responsibly 4.IT risks are managed appropriately Harmonizing the Elements of IT Governance

The benefits of implementing COBIT Better alignment, based on a business focus A view, understandable to management, of what IT does Clear ownership and responsibilities, based on process orientation General acceptability with third parties and regulators Shared understanding amongst all stakeholders, based on a common language

COBIT Mission To research, develop, publicize and promote an authoritative, up-to-date, internationally accepted IT governance control for adoption by enterprises and day-to-day use by business managers, IT professionals and assurance professionals

COBIT Principle

Information Criteria Effectiveness deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent and usable manner Efficiency concerns the provision of information through the optimal (most productive and economical) use of resources. Confidentiality concerns the protection of sensitive information from unauthorized disclosure. Integrity relates to the accuracy and completeness of information as well as to its validity in accordance with business values and expectations.

Information Criteria Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities. Compliance deals with complying with the laws, regulations and contractual arrangements to which the business process is subject. Reliability relates to the provision of appropriate information for management to operate the entity and exercise its fiduciary and governance responsibilities.

IT Resources Applications are the automated user systems and manual procedures that process the information. Information is the data, in all their forms, input, processed and output by the information systems in whatever form is used by the business. Infrastructure is the technology and facilities (i.e., hardware, operating systems, database management systems, networking, multimedia, and the environment that houses and supports them) that enable the processing of the applications. People are the personnel required to plan, organize, acquire, implement, deliver, support, monitor and evaluate the information systems and services. They may be internal, outsourced or contracted as required

COBIT Domain

PLAN AND ORGANISE (PO) Covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. Typical questions: – Are IT and the business strategy aligned? – Is the enterprise achieving optimum use of its resources? – Does everyone in the organization understand the IT objectives? – Are IT risks understood and being managed? – Is the quality of IT systems appropriate for business needs?

ACQUIRE AND IMPLEMENT (AI) To realize the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into the business process. Typical questions: – Are new projects likely to deliver solutions that meet business needs? – Are new projects likely to be delivered on time and within budget? – Will the new systems work properly when implemented? – Will changes be made without upsetting current business operations?

DELIVER AND SUPPORT (DS) Concerned with the actual delivery of required services, which includes service delivery, management of security and continuity, service support for users, and management of data and operational facilities. Typical questions: – Are IT services being delivered in line with business priorities? – Are IT costs optimized? – Is the workforce able to use the IT systems productively and safely? – Are adequate confidentiality, integrity and availability in place for information security?

MONITOR AND EVALUATE (ME) Addresses performance management, monitoring of internal control, regulatory compliance and governance. Typical questions: – Is IT’s performance measured to detect problems before it is too late? – Does management ensure that internal controls are effective and efficient? – Can IT performance be linked back to business goals? – Are adequate confidentiality, integrity and availability controls in place for information security?

To be discussed IT Processes Process Control Application Control Maturity Model

Process Control PC1 Process Goals and Objectives PC2 Process Ownership PC3 Process Repeatability PC4 Roles and Responsibilities PC5 Policy, Plans and Procedures PC6 Process Performance Improvement

Activity Control AC1 Source Data Preparation and Authorisation AC2 Source Data Collection and Entry AC3 Accuracy, Completeness and Authenticity Checks AC4 Processing Integrity and Validity AC5 Output Review, Reconciliation and Error Handling AC6 Transaction Authentication and Integrity

Maturity Model