Alignment of COBIT to Botswana IT Audit Methodology

Slides:



Advertisements
Similar presentations
Module N° 4 – ICAO SSP framework
Advertisements

Continuous Auditing Global Technology Auditing Guide 3 Twelfth Continuous Auditing and Reporting Symposium Rutgers Business School November.
Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
It’s Time to Talk About Risk and Control
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
TI BISNIS ITG using COBIT &
COBIT - II.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
By Collin Smith COBIT Introduction By Collin Smith
IT Governance and Management
IS Audit Function Knowledge
Quality evaluation and improvement for Internal Audit
Trinidad & Tobago Corporate Governance Code 2013
Tech Talk IT Guidance for Executives.  Information & Communications Technology is a key enabler to Customs reform and modernization  Already ubiquitous.
PAINTING THE FULL PICTURE
Opportunities & Implications for Turkish Organisations & Projects
Conducting the IT Audit
Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],
COBIT® 5 for Risk Introduction
Information Technology Audit
Internal Auditing and Outsourcing
Developing Enterprise Architecture
1 Jon Whitfield Agency CEO Head of Government Internal Audit.
COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation.
WHERE WE ARE 22 member associations in 20 countries Over 4300 individual members who are responsible for risk management and/or insurance in their organisations.
Managing a Training Program Why train? Who will attend the training? What are the learning objectives? Strategies? Coverage? How will the training program.
Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.
Transport Development and Solutions Alliance (TDSA) Technology Evolving Business Functions Scott Lawton – Chief Executive Officer 7 th of August 2015.
IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.
The Challenge of IT-Business Alignment
Roles and Responsibilities
CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
ISO 9001:2008 to ISO 9001:2015 Summary of Changes
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)
1 ROLE OF OFFICE OF THE PREMIER IN IMPROVING HRM EFFICIENCY IN A PROVINCE PRESENTED AT THE NATIONAL HUMAN RESOURCE FORUM BY MADIKOLO RACHEL MODIPA THE.
SMS Planning.  Safety management addresses all of the operational activities of the entire organization.  The four (4) components of an SMS are: 1)
Workshop on Implementing Audit Quality Practices Working Group on Audit Manuals and Methods March 2006 Vilnius (Lithuania) Hungarian Experiences.
Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,
COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.
Kathy Corbiere Service Delivery and Performance Commission
Internal Auditing Effectiveness
Assessment Validation. MORE THAN YOU IMAGINE ASQA (Australian Skills Quality Authority) New National Regulator ASQA as of 1 July, 2011.
12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)
12-CRS-0106 REVISED 8 FEB 2013 BAI (Build, Acquire, and Implement) CDG4I3 / Audit Sistem Informasi Angelina Prima K | Gede Ary W. KK SIDE
33 3. IS Planning Issues Scope of IS planning Barriers in IS planning Overview of IS planning Inputs to IS planning Process of IS planning Outputs from.
The Power of Recommendations Dainius Jakimavičius National Audit Office of Lithuania Vilnius, April 23, 2013.
Info-Tech Research Group1 Manage IT Budgets & Cost World Class Operations - Impact Workshop.
#325 - CobiT and Service Delivery Debra Mallette, CISA, CSSBB Kaiser Permanente IT.
ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.
Driving Value from IT Services using ITIL and COBIT 5 July 24, 2013 Gary Hardy ITWinners.
1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business.
Shared Services and Third Party Assurance: Panel May 19, 2016.
Australian National Audit Office Better Practice Guide: Implementation of Programme and Policy Initiatives Presentation to the Canberra PMI Chapter 7 March.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Internal and external control in an automated environment
Data Architecture World Class Operations - Impact Workshop.
IT Professional Perspective IT Strategy, Policy and Governance
Quality Assurance and Improvement Program (QAIP) Practice Guide
COSO Internal Control s Framework
"IT principles" Context, roadmap
Alignment of COBIT to Botswana IT Audit Methodology
Portfolio, Programme and Project
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Presentation transcript:

Alignment of COBIT to Botswana IT Audit Methodology

Why COBIT Gives a holistically view of the IT computing environment, starting with management issues to operational issues. Its practical and addresses key IT issues The COBIT IT assurance guide provides a clear road map from planning of the audit up to field work execution.

COBIT IT Assurance Guide The guide is linked to COBIT processes outlining the control objectives, value drivers for the process, risk drivers and tests of controls to be performed by an assurance professional.

Using IT Assurance Guide For Example for PO 1.2 Business-IT Alignment Test of Controls questions as suggested by IT Assurance guide; Confirm that the process for communicating business opportunities with IT management is reviewed and the importance of the process is communicated to the business and IT. Consider the update frequency of those processes.

COBIT IT Assurance Guide Enquire whether and confirm through interviews with the members of the IT management that they helped define enterprise goals. Ask them about their accountability for achieving enterprise goals, determine if they undertook what if analyses and confirm their commitment goals.

COBIT IT Assurance Guide Enquire with the business management and IT management to identify business processes that are dependent of IT. Consider whether the business and IT share the same view of the systems including their criticality, usage and reporting.

COBIT IT Assurance Guide Using the guide and with the understanding of your client environment you can now tailor make audit questions for your audit controls. The following is the standard questions that Botswana uses for our clients

IT Strategy Alignment Questions Extracted from The IT Audit Manual Botswana Is there a strategic IT plan for the organization based on business needs? Is there a steering committee with well-defined roles and responsibilities? Does the IT department have clear-cut and well defined goals and targets? Is there a system of reporting to top management and review in vogue?

IT Strategy Alignment Questions Does management provide appropriate direction on end user computing? Are there procedures to update strategic IT plan?

Type of IT Audits IT Performance Audits Focuses on ensuring that IT systems are procured and implemented effectively, efficiently and economically. These audits were carried out in the years 2008 to 2010. Three projects have been successfully complemented namely;

Type of IT Audits Financial IT Audits Carried out to ascertain that there are sufficient controls within the systems and applications so that financial auditors can place reliance on information processed through the applications.

Review of the Department of Tertiary Education project General Objectives To assess whether Student Loans Management System assists the DSPW to achieve its mandate. Specific Objectives To assess if the system assists the users in performing their tasks effectively. To assess whether the project scope included all aspects of the department, including identification of stakeholders and key players.

Review of the Department of Tertiary Education project Specific Objectives continued To assess how data integrity is maintained and indentify business continuity measures in place. To identify how the system’s performance is managed and measured. To assess whether was training carried out to assist users to use the system efficiently.

COBIT areas selected and mapped to the audit questions Is the system assisting the department perform its activities more effectively? PO1.1 IT Value Management PO1.2 Business-IT Alignment PO1.3 Assessment of Current Capability and Performance PO10 Manage Projects

COBIT areas selected and mapped to the audit questions Was the project scope comprehensive enough with regards to stakeholder’s identification? AI1 Identify Automated Solutions AI1.1 Definition and Maintenance of Business Functional and Technical Requirements. AI2 Acquire and Maintain Application Software

COBIT areas selected and mapped to the audit questions How is data integrity and disaster recovery addressed? DS5 Ensure Systems Security DS11 Manage Data DS11.5 Backup and Restoration

Analysis of recommendation, Value added Management was advised that reports produced by system should be appropriate and relevant to strategic decision making process. The recommendation emphasised that the use of the system should not only be focusing on processing loans but management should be in a position to gather enough information from the system to make strategic decisions. COBIT P0.1.1 IT value management and IT business alignment emphasise on the need for IT resources to be aligned to business strategies.

Analysis of recommendation, Value added Management was further advised to conform to Government IT Projects Guidelines and requirements. The government of Botswana has established IT project guidelines which guides IT officers on how to manage a project including documentation of user requirements, project initiation report, project memorandum and project end reports. The IT Projects guidelines are aligned to COBIT.

Analysis of recommendation, Value added The use of and understanding of COBIT has significantly improved our audit methodology. Recommendation provided to clients are based on best standard and therefore if implemented will greatly improve on IT processes. Benchmarking on a recognized framework also gives assurance to the client that the criterion being used is fair.

Analysis of recommendation, Value added What is important in providing recommendation to the client is having an understanding of the environment in which they work within and its limitations. This can be achieved through discussion of finding with the clients, identification of mitigating controls and finding a cost effective recommendation.

COBIT 5 COBIT 5 which was release early in 2012 aim is to align COBIT to other frameworks such as Val IT, ITIL, ISO270002 and Prince 2. COBIT 5 clearly defines governance and management and separates the duties of two roles. COBIT 5 introduces 5 principles and 7 enablers The concept of goal cascade from stakeholder needs to operation duties is emphasized. (Considering IT related interests of internal and external shareholders)

COBIT 5 The control objectives are no longer explicitly defined. The framework processes have increased from 34 to 37. The new processes included are APO 04Manage Innovation APO 10Manage Supplies BAI 06Manage Knowledge

COBIT 5 COBIT 5 products; COBIT 5 the framework COBIT 5 Enablers COBIT 5 enabling processes COBIT 5 enabling information COBIT 5 Professionals COBIT 5 Implementation

COBIT 5 COBIT 5 Professional Continued COBIT 5 for Information Security-Available COBIT 5 For Assurance (In development) COBIT 5 for Risk (In development)

QUESTIONS THANK YOU

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.