Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can.

Published byDaniel Fields Modified over 8 years ago

Similar presentations

Presentation on theme: "IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can."— Presentation transcript:

1 IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can provide assurance that the organization has the structure, policies, accountability mechanisms and monitoring practices in place to achieve the requirements of corporate governance of IT. Mata Kuliah: CSI 402, IT Governance Tahun Akademik: 2012/2013 1-1

2  Introduction Knowledge of IT governance is fundamental to the work of the IS auditor. It forms the foundation for the development of sound control practices and mechanisms for management oversight and review.  Task There are nine Task within the IT governance area : 1. Evaluate the effectiveness of IT governance structure to ensure adequate board control over the decisions, directions and performance of IT, so it supports the organization’s strategies and objectives. 1-2

3 2.Evaluate IT organizational structure and human resource ( personel ) management to ensure that they support the organization’s startegies and objectives. 3.Evaluate the IT strategy and process for their development, approval, implementation and maintenance to ensure that they support the organization’s startegies and objective. 4. Evaluate the oraganization’s IT policies, standard, procedure and processes for their development, approval, implementation and maintenance to ensure that they support the IT strategy and comply with regulatory and legal requirements. 1-3

4 5.the organization’s IT strategy, policies, standards and procedures. 6.Evaluate IT resource investment, use and allocation practices to ensure alignment with the organization’s strategies and objectives. 7.Evaluate IT contracting strategies and policies and contract management practices to ensure that they support the organization’s strategies and objectives. 8.Evaluate risk management practices to ensure that the organization’s IT-related risks are properly managed. 9.Evaluate monitoring and assurance practices to ensure that the board and executive management receive sufficient and timely information about IT performance. 1-4

5  KNOWLEDGE STATEMENTS There are 15 knowledge statements within the IT governance area : 1.Knowledge of the purpose of IT startegies, policies, standards and procedures for an organization and the essential elements of each. 2.Knowledge of IT governance frameworks 3.Knowledge of the processes for the development, implementation and maintenance of IT strategies, polcies, standards and procedures ( eg. Protection of information assets, business continuity and disaster recovery, systems and infrastructure management and IT service delivery and support). 1-5

6 4.Knowledge of quality management strategies and policies. 5.Knowledge of organizational structure, roles and responsibilities related to the use and management of IT. 6.Knowledge of generally accepted international IT standards and guidelines. 7.Knowledge of enterprise IT architecture and its implications for setting long-term strategic directions. 8.Knowledge of risk management methodologies and tools. 9.Knowledge of the use of control frameworks ( e.g., COBIT, COSO, ISO 17799 ) 1-6

7 10.Knowledge of the use of maturity and process improvement model [ e.g., Capability Maturity Model (CMM), CoBIT ). 11. Knowledge of contracting strategies, processes and contract management practices. 12.Knowledge of practices for monitoring and reporting of IT performance (e.g., Balanced ScoreCard [BSC], Key Performance Indicators [KPI]). 13.Knowledge of relevant legislative and regulatory issues [e.g., Privacy, Intellectual Property, Corporate governance requirements ]. 1-7

8 14.nowledge of IT human resources ( personnel ) management. 15.Knowledge of IT resource investment and allocation practices [e.g., Portfolio management, return on investment (ROI)]. ======== thank for your attention ======== 1-8

Download ppt "IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can."

Similar presentations

IT Governance & Quality Management

IT Governance & Quality Management
Organizational Governance

Organizational Governance
Auditing Governance Functions

Auditing Governance Functions
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
TI BISNIS ITG using COBIT &

TI BISNIS ITG using COBIT &
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Oncor’s EIM Program.

Oncor’s EIM Program.
Security Controls – What Works

Security Controls – What Works
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
IT Governance: Simultaneously Empowers and Controls Source: IT Governance, Chapter 1.

IT Governance: Simultaneously Empowers and Controls Source: IT Governance, Chapter 1.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Overview and Introduction

Overview and Introduction
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
The Information Systems Audit Process

The Information Systems Audit Process
How the Balance Scorecard Approach Compares to Policy Governance ® IPGA 2007 Annual Conference Alexandria, VA June 23, 2007 Presented by: David Mustine.

How the Balance Scorecard Approach Compares to Policy Governance ® IPGA 2007 Annual Conference Alexandria, VA June 23, 2007 Presented by: David Mustine.

Similar presentations

Ads by Google