Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

Published byTracey Byrd Modified over 8 years ago

Similar presentations

Presentation on theme: "An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0."— Presentation transcript:

1 An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0

2

3 The Committee of Sponsoring Organizations of the Treadway Commission is a voluntary private not-for- profit organization dedicated to improving the quality of financial reporting through business ethics, internal controls and corporate governance. Originally formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting, COSO is jointly sponsored by five major professional associations in the United States, the American Accounting Association, the American Institute of Certified Public Accountants, Financial Executives International, The Institute of Internal Auditors, and the Institute of Management Accountants.

4 The new Enterprise Risk Management (ERM) COSO framework emphasizes the importance of identifying and managing risks across the enterprise. The new COSO framework consists of eight components: Internal control environment Objective setting Event identification Risk assessment Risk response Control activities Information and communication Monitoring.

5

6 IT Governance Strategic Alignment Value Delivery Resource Management Risk Management Performance Measurement COBIT

7 What is COBIT COBIT supports IT governance by providing a framework to ensure: Strategic Alignment: IT is aligned with the business Value Delivery: IT delivers the promised benefits against the strategy Resource Management: Optimal investment and management of IT resources Risk Management: IT risks are managed appropriately Performance Measurements: Track and monitor all areas of IT

8

9 Why COBIT? “Managers, Auditors, and users benefit from the development of COBIT because it helps them understand their IT systems and decide the level of security and control that is necessary to protect their companies’ assets through the development of an IT governance model.”

10 Support Levels of COBIT COBIT organization falls into three areas or levels, each aimed a specific group: 1. Executive Management and Boards 2. Business and IT Management 3. Governance, assurance, control and security professionals

11 Benefits of implementing COBIT A better alignment of business and IT strategies A view, understandable to management, of what IT does Clear ownership and responsibilities of processes General acceptability with regulators and 3 rd parties Shared understanding among all stakeholders, based on a common language Fulfillment of the COSO requirements for the IT control environment

12 COBIT Defined IT Activities In a general process model, IT activities fall into four domains: 1.Plan & Organize IT Activities to support the business 2.Acquire & Implement IT resources and strategies 3.Deliver & Support those resources and strategies 4.Monitor & Evaluate IT resources and strategies

13 4 Domains  34 Processes Plan & Organize PO1 Define a Strategic IT Plan PO2 Define the Information Architecture PO3 Determine Technological Direction PO4 Define the IT Processes, Organization and Relationships PO5 Manage the IT Investment PO6 Communicate Management Aims and Direction PO7 Manage IT Human Resources PO8 Manage Quality PO9 Assess and Manage IT Risks PO10 Manage Projects Acquire & Implement AI1 Identify Automated Solutions AI2 Acquire and Maintain Application Software AI3 Acquire and Maintain Technology Infrastructure AI4 Enable Operation and Use AI5 Procure IT Resources AI6 Manage Changes AI7 Install and Accredit Solutions and Changes Deliver & Support DS1 Define and Manage Service Levels DS2 Manage Third-party Services DS3 Manage Performance and Capacity DS4 Ensure Continuous Service DS5 Ensure Systems Security DS6 Identify and Allocate Costs DS7 Educate and Train Users DS8 Manage Service Desk and Incidents DS9 Manage the Configuration DS10 Manage Problems DS11 Manage Data DS12 Manage the Physical Environment DS13 Manage Operations Monitor & Evaluate ME1 Monitor and Evaluate IT Performance ME2 Monitor and Evaluate Internal Control ME3 Ensure Regulatory Compliance ME4 Provide IT Governance

14 Plan and Organize (PO) Are IT and the business strategy aligned? Is the enterprise achieving optimum use of its resources? Does everyone in the organization understand the IT objectives? Are IT risks understood and being managed? Is the quality of IT systems appropriate for business needs?

15 Acquire and Implement (AI) Are new projects likely to deliver solutions that meet business needs? Are new projects likely to be delivered on time and within budget? Will the new systems work properly when implemented? Will changes be made without upsetting current business operations?

16 Deliver and Support (DS) Are IT services being delivered in line with business priorities? Are IT costs optimized? Is the workforce able to use the IT systems productively and safely? Are adequate confidentiality, integrity and availability in place?

17 Monitor and Evaluate (ME) Is ITs performance measured to detect problems before it is too late? Does management ensure that internal controls are effective and efficient? Can IT performance be linked back to business goals? Are risk, control, compliance and performance measured and reported?

18 The COBIT Frame Work Control over the IT process of Define a strategic IT plan that satisfies the business requirement for IT of sustaining or extending the business strategy and governance requirements while being transparent about benefits, costs and risks by focusing on incorporating IT and business management in the translation of business requirements into service offerings, and the development of strategies to deliver these services in a transparent and effective manner is achieved by  Engaging with business and senior management in aligning IT strategic planning with current and future business needs  Understanding current IT capabilities  Providing for a prioritization scheme for the business objectives that quantifies the business requirements and is measured by  Percent of IT objectives in the IT strategic plan that support the strategic business plan  Percent of IT projects in the IT project portfolio that can be directly traced back to the IT tactical plan  Delay between updates of IT strategic plan and updates of IT tactical plans Section #1: High Level Control Objective

19 The COBIT Frame Work PO1 Define a Strategic IT Plan PO1.1 IT Value Management Work with the business to ensure that the enterprise portfolio of IT-enabled investments contains programs that have solid business cases. Recognize that there are mandatory, sustaining and discretionary investments that differ in complexity and degree of freedom in allocating funds. IT processes should provide effective and efficient delivery of the IT components of programs and early warning of any deviations from plan, including cost, schedule or functionality, that might impact the expected outcomes of the programs. IT services should be executed against equitable and enforceable service level agreements. Accountability for achieving the benefits and controlling the costs is clearly assigned and monitored. Establish fair, transparent, repeatable and comparable evaluation of business cases including financial worth, the risk of not delivering a capability and the risk of not realizing he expected benefits. PO1.2 Business-IT Alignment Educate executives on current technology capabilities and future directions, the opportunities that IT provides, and what the business has to do to capitalize on those opportunities. Make sure the business direction to which IT is aligned is understood. The business and IT strategies should be integrated, clearly linking enterprise goals and IT goals and recognizing opportunities as well as current capability limitations, and broadly communicated. Identify where the business (strategy) is critically dependent on IT and mediate between imperatives of the business and the technology, so agreed priorities can be established. PO1.3 Assessment of Current Performance Assess the performance of the existing plans and information systems in terms of contribution to business objectives, functionality, stability, complexity, costs, strengths and weaknesses. PO1.4 IT Strategic Plan Create a strategic plan that defines, in co-operation with the relevant stakeholders, how IT will contribute to the enterprises strategic objectives (goals) and related costs and risks. It includes how IT will support IT-enabled investment programs and operational service delivery. It defines how the objectives will be met and measured and will receive formal sign-off from the stakeholders. The IT strategic plan should cover investment/operational budget, funding sources, sourcing strategy, acquisition strategy, and legal and regulatory requirements. The strategic plan should be sufficiently detailed to allow the definition of tactical IT plans. Section #2: Detail Control Objectives

20 The COBIT Frame Work Section #3: Management Guidelines Process inputs are what the process owner needs from others Outputs are what the process owner must deliver

21 The COBIT Frame Work Section #3: Management Guidelines RACI Chart defines who is Responsible, Accountable, Consulted, and/or Informed

22 The COBIT Frame Work Section #3: Management Guidelines Goals and Metrics show what should be measured and how

23 The COBIT Frame Work Section #4: Maturity Model The process is rated on 0 to 5 scale. These ratings show: A relative measure of where the enterprise is A manner to efficiently decide what needs to be done A tool to measure progress

24

Download ppt "An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0."

Similar presentations

Options appraisal, the business case & procurement

Options appraisal, the business case & procurement
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
TI BISNIS ITG using COBIT &

TI BISNIS ITG using COBIT &
COBIT - II.

COBIT - II.
IT Governance Capability Maturity within Government

IT Governance Capability Maturity within Government
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
ISS IT Assessment Framework

ISS IT Assessment Framework
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
Overview of IT Governance and

Overview of IT Governance and
SOX, COSO, COBIT Timeline

SOX, COSO, COBIT Timeline
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-

Similar presentations

Ads by Google