Auditing IT Governance - Pempal

2y ago
37 Views
4 Downloads
1.49 MB
20 Pages
Last View : 7d ago
Last Download : 7d ago
Upload by : Helen France
Transcription

AuditingIT GovernanceKomitas Stepanyan,Komitas Stepanyan,PhD, CRISC, CRMA,PhD,CobitFCRISC, CRMA, CobitFIT Audit IT AuditVirtual TrainingPEMPALVirtualforTrainingfor PEMPAL

What is IT governance?Why should we audit IT governance?How should we audit IT governance?CobIT vs Global Technology Audit Guide (GTAG ) 17What should we audit in IT governance?Komitas Stepanyan,Komitas Stepanyan,PhD, CRISC, CRMA,PhD,CobitFCRISC, CRMA, CobitFIT Audit IT AuditVirtual TrainingPEMPALVirtualforTrainingfor PEMPAL

STATISTICSKomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----3 --3 ---

STATISTICSKomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----4 --4 ---

STATISTICSMoral:IT Governance is more interestingand required than .KomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----5 --5 ---

WHAT IS IT tas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFConsists of the leadership, organizationalstructures and processes that ensure that theenterprise’s information technology supportsthe organization’s strategies and objectives.The responsibility of executives and theboard of directors; consists of the leadership,organizational structures and processes thatensure that the enterprise’s IT sustains andextends the enterprise’s strategies andobjectives.IT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----6 --6 ---

WHAT IS IT GOVERNANCE?, CONT.CorporateGovernanceIT GovernanceFrameworks & Standards Frameworks & Standards COBITISO 2X000/ITILPRINCE2/PMBOKISO 27000(InfoSec)/NIST/COBITAligning IT and BusinessEvaluateKomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFOECD Corporate GovernanceCOSO IC/CoCoCOSO ERM“Strategy Alignment Tools” ISO 38500DirectMonitorIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL--- 7------7 ---

WHAT IS IT GOVERNANCE?, CONT.Corporate GovernanceIT ntIT Security GovernanceISO27001IT Focus AreasPlan&OrganizeAcquire& ImplementDeliver&SupportMonitorDS5Ensure SystemsSecurityKomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----8 --8 ---

WHAT IS IT GOVERNANCE?, CONT. IT Governance involves managing IT operations and IT projects to ensurealignment with the needs of the organization defined in the strategic plan Proper alignment between IT and the organization means: Management understands the potential and limitations of IT, i.e. what they can and cannot do The IT Function understands and services the needs of the organization Activities and accountability are monitored through an appropriate Governance structure IT Governance is more about actual governance and much less about technologyKomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----9 --9 ---

WHY SHOULD WE AUDIT IT GOVERNANCE?an interpretation of IIAStandard 2110.A2 states:“the internal audit activity must assesswhether the information technologygovernance of the organization supports theorganization’s strategies and objectives.”Regardless of IIA Standards, performing IT Governance reviewson a periodic basis are vitally important due to the tremendousamount of dollars spent by the IT Function and on technologyKomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----1010--- ---

WHAT SHOULD WE AUDIT IN IT GOVERNANCE AUDIT ENGAGEMENT?Some of the key areas of IT governance internal auditors should address are:Chief IT Officer (e.g. Chief Information Officer; Chief Technology Officer;Chief Information Security Officer) related roles and responsibilities.Accountability and decision-makingAlignment between IT and the organizationIT performance monitoring and reporting metrics, including financialmanagement of IT operations and projects.level of understanding of how IT supports and enables the achievementof the organization’s strategy and objectives.KomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----1111--- ---

GTAG 17 - AUDITING IT GOVERNANCEIT Organization &Risk ManagementCorporateGovernanceOrganization &Governance StructuresExecutive Leadership& SupportITGovernanceInfoSecITOperationsStrategic &Operational PlanningKomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFITProjectsEnterprise GovernanceService Delivery& MeasurementIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----1212--- ---

ORGANIZATION AND GOVERNANCE STRUCTURESThe following questions will help the internal auditor gain an understanding of the degree or presence ofIT governance:Are roles and responsibilities clearly defined and communicated, and are organizationleaders empowered and held accountable for results?Is there a CIO in place, and is he/she a member of the senior management team?Are the structure of the organization clearly organized such that the IT function canefficiently and effectively help enable the achievement of the organization’s objectives?What decision bodies are in place to enable alignment of organization needs with ITservices and do they have adequate empowerment and accountability?Are organizational needs and IT service requirements defined in strategic and tacticalplans, and monitored? Do the CIO and senior management meet and discussprogress on plans on a regular basis?KomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----1313--- ---

EXECUTIVE LEADERSHIP AND SUPPORTDoes senior management have clearly defined and communicated roles and responsibilities forthe IT function with respect to the organizational achievement of strategic and tactical goals?Are the roles and responsibilities of the CIO clearly defined and communicated?Does the organization recognize in its strategy that the IT function is a significant contributor inenabling the achievement of goals, as well as supporting the organization on a day-to-day basis?Is the CIO a member of the senior management team? Does the CIO meet with the board andthe senior management team on a regular basis to discuss IT service delivery related to strategicand tactical plans?Does IT have adequate funding to meet the organization’s needs?KomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----1414--- ---

STRATEGIC AND OPERATIONAL PLANNINGDo the board and senior management view IT as a strategic organizational partner?Does the strategic plan of the organization include how IT is required to support andenable value creation?Is the strategic plan supported by individual tactical operating plans that take intoaccount IT requirements and deliverables?Are key performance indicators (KPIs) used by senior management to measure andmonitor the effectiveness of the IT function?Are strategic IT investment decisions based on accurate cost benefit analyses andevaluated after implementation to determine whether the projected ROI has beenrealized? Are lessons learned factored into future IT investment decisions?KomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----1515--- ---

SERVICE DELIVERY AND MEASUREMENTDo the board and senior management have a clear understanding of IT costs and how theycontribute to the achievement of organization strategic objectives?Do leaders of the organization measure IT value and deliverables? How?How do IT costs compare to other comparable organizations?Is CIO performance measured by financial and nonfinancial data?What sourcing arrangements are in place, and how are these measured and monitored?KomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----1616--- ---

IT ORGANIZATION AND RISK MANAGEMENTTo what degree are organizational processes automated?How complex is the IT infrastructure and how many applications are in use?Are there standard IT hardware, software, and service procurement policies, procedures, andcontrols in place?How mature are IT management processes and are recognized frameworks used (COBIT, ITIL,ISO 20000, ISO27001, etc.)?How are risks managed in relation to meeting organization needs, security, and compliancerequirements?Responses to these key questions provide the internal auditor with a foundation on which to buildand to understand how best to scope and execute an IT governance audit.KomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----1717--- ---

THE ROLE OF INTERNAL AUDIT IN IT GOVERNANCEBoard and Senior ManagementStrategy &ObjectivesITGovernancePerformanceKomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFVSComplianceIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----1818--- ---

CONCLUSIONIT Organization &Risk ManagementIT governance is a result of global practices and research.CorporateGovernanceOrganization &GovernanceStructuresThe five components of effective IT governance come tosupport and complete the enterprise governanceExecutiveLeadership& SupportITGovernanceInfoSecITOperationsStrategic &Operational PlanningITProjectsEnterprise GovernanceService Delivery& MeasurementAlthough components of IT are technical in nature, the measurement of ITgovernance is less technical.Although auditing IT governance require IT skills, however IT governance is moreabout governance and less about technologyKomitasKomitas Stepanyan,Stepanyan,PhD,CRISC,CRISC, CRMA,CRMA, CobitFPhD,CobitFIT Audit IT AuditVirtual forTrainingfor PEMPALVirtual TrainingPEMPAL-----1919--- ---

Q&A SessionKomitas Stepanyan,Komitas Stepanyan,PhD, CRISC, CRMA,PhD,CobitFCRISC, CRMA, CobitFIT Audit IT AuditVirtual TrainingPEMPALVirtualforTrainingfor PEMPAL

IT Audit Virtual Training for PEMPAL CONCLUSION Although components of IT are technical in nature, the measurement of IT governance is less technical. Although auditing IT governance require IT skills, however IT governance is more about governance and less about technology IT governance is a result of global practices and research.

Related Documents:

Chapter 05 - Auditing and Advanced Threat Analytics 1h 28m Topic A: Configuring Auditing for Windows Server 2016 Overview of Auditing The Purpose of Auditing Types of Events Auditing Goals Auditing File and Object Access Demo - Configuring Auditing Topic B: Advanced Auditing and Management Advanced Auditing

of Auditing and Assurance-Introduction (Auditing 1) and Auditing and Assurance-Intermediate (Auditing 2). This course is designed to provide an introduction to auditing and assurance services. Level of Proficiency in Auditing 1: Foundation Subject Learning Outcome Upon completion of the subj

SECTION-1 (AUDITING) INTRODUCTION TO AUDITING STRUCTURE: 1.1 Objectives 1.2 Introduction -an overview of auditing 1.3 Origin and evolution 1.4 Definition 1.5 Salient features 1.6 Scope of auditing 1.7 Principles of auditing 1.8 Objects of audit 1.9 Detection and prevention of fraud 1.2 1.10 Concept of " true and fair view"

5 GMP Auditing 6 GCP Auditing 7 GLP Auditing 8 Pharmacovigilance Auditing 9 Vendor/Supplier Auditing 10 Remediation 11 Staff Augmentation 12 Data Integrity & Computer System Validation . the training it needs to maintain quality processes in the future. GxP Auditing, Remediation, and Staff Augmentation The FDAGroupcom 9

PEMPAL, launched in 2006 with the assistance of the World Bank, is a regional network that aims to support reforms in public expenditure and financial management in the Europe and Central Asia region by promoting capacity building and exchang

Introduction to Assurance and Financial Statement Auditing 1 Chapter 1 An Introduction to Assurance and Financial Statement Auditing 2 Tips for Learning Auditing 4 The Demand for Auditing and Assurance 5 Principals and Agents 5 The Role of Auditing 6 An Assurance Analogy: The Case of

Auditing-B.com 3rd Year Unit I Introduction to Auditing Meaning and Definition of Auditing The word Audit is derived from Latin word “Audire” which means ‘to hear’. Auditing is the verification of financial position as discl

Pendidikan Akuntansi FKIP Universitas Sebelas Maret. Penetapan profil dan learning outcome ini dimaksudkan untuk membantu pemerintah dalam menyiapkan guru akuntansi yang bermutu menurut persepsi mahasiswa, alumni, dosen, pengguna lulusan, Asosiasi Profesi, dan pengambil keputusan. Sumber data penelitian ini adalah 96 orang mahasiswa, 248 orang alumni, 15 orang dosen, 15 orang pengguna lulusan .