版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、IT Audit and Control Model of Information and Related Technology -COBIT Hu kejin W IT Audit ISACA (Information Systems Audit and Control Association) CISA (Certified Information System Auditor) COBIT- Control Objectives For Information and Related Technology Information Systems Audit and Control Fou
2、ndation IT Governance Institute 1. IT Audit Overview 2. COBIT Overview 3. COBIT Architecture 4. Control Objectives 5. Management Guidelines 6. Audit Guidelines 1. IT Audit Overview Auditing Objectives Security Reliability Effectiveness Scope of the audit 1) Information Systems 2) to cover life cycle
3、 of IS Audit Plan $ Definition of Scope and Objectives. $ Analysis and understanding of standard procedures. $ Evaluation of system and internal controls. $ Audit Procedures and documentation of evidence. $ Analysis of facts encountered. $ Formation of opinion over the controls. $ Presentation of re
4、port and recommendations. Audit Techniques $ Compliance tests. $ Substantive tests. $ Auditing program. $ Integrated Test Facility. $ Parallel Simulation. $ Snapshot $ Tracing $ Program Code Comparison $ Computer Assisted Audit Techniques and Tools. Audit Work Team $ Manager: Responsible for the aud
5、it and quality control. $ Senior/team leader: Responsible for the work papers. $ Staff: Responsible for the performance of the audit. Audit Report Progress Reports. Work Papers. Other Work Papers. Preliminary Reports. Final Audit Report. 1)What is our mission? 2)What are our goals and how will we ac
6、hieve them? 3) How can we measure our performance? 4)How will we use that information to make improvements? 1)Accounting Audit 2)System Audit 3)Performance Audit Business Reference Model (BRM) Lines of Business Agencies, Customers, Partners Service Component Reference Model (SRM) Service Domains, Se
7、rvice Types Business & Service Components Technical Reference Model (TRM) Service Component Interfaces, Interoperability Technologies, Recommendations Data & Information Reference Model (DRM) Business-focused Data Standardization Cross-Agency Information Exchanges Performance and Business-Driven Per
8、formance Reference Model (PRM) Inputs, Outputs, and Outcomes Uniquely Tailored IT Performance Indicators Component-Based Architectures Performance Reference Model (PRM) Inputs, Outputs, and Outcomes Uniquely Tailored IT Performance Indicators Business Reference Model (BRM) Lines of Business Agencies
9、, Customers, Partners Service Component Reference Model (SRM) Service Domains, Service Types Business & Service Components Technical Reference Model (TRM) Service Component Interfaces, Interoperability Technologies, Recommendations Data & Information Reference Model (DRM) Business-focused Data Stand
10、ardization Cross-Agency Information Exchanges Performance and Business-Driven Component-Based Architectures THE FEA REFERENCE MODEL FRAMEWORK HUMAN CAPITAL MISSION AND BUSINESS RESULTS CUSTOMER RESULTD VALUE VALUE STRATEGIC OUTCOMS INPUT TECHONLOGY OTHER FIXED ASSETS PROCESS AND ACTIVITY Mission and
11、 business-critical results aligned with the Business Reference Model. Results measured from a customer perspective The direct effects of day-to-day activities and broader processes measured as driven by desired outcomes. Used to further define and measure the Mode of Delivery in The business referen
12、ce model. Key enablers measured through their contribution to outputs and by extension outcomes Data and Information Reference Model (DRM) is currently under development COBIT is the model for IT governance! 2. COBIT Overview Business Requirements IT Management IT Resources 1). Executive Summary 2).
13、 Framework 3).Control Objectives 4).Management Guidelines 5).Audit Guidelines 6).Implementation Tool set The control of which satisfy is enabled by considering IT Processes Business Requirements Control Statements Control Practices Data Application Systems Technology Facilities People Events Busines
14、s Objectives Business Opportunities External Requirements Regulations Risks Information Effectiveness Confidentiality Integrity Availability Compliance Reliability Message input Service output Business Processes Information IT Resources IT Resources People Application Systems Technology Facilities D
15、ata Information Criteria effectiveness confidentiality integrity availability compliance reliability ? Do they match What you get What you need Information criteria IT domains IT resources Planning & organization Acquisition & implementation Delivery & support Monitoring Domains Processes Activities
16、 Information Criteria IT Processes IT Resources Quality Fiduciary Security people Application Systems Technology Facilities Data Domains Processe s Activities/Tasks 3. COBIT Architecture Management framework Management guidelines Control objectives Audit guidelines Tool set Management guidelines Mat
17、urity models Critical success factors Key goal indicators Key performance indicators IT domains Planning & Organization Acquisition & Implementation Delivery & Support Monitoring COBIT IT Processes Defined Within the Four Domains COBIT Business Objectives Information IT Resources Planning & Organiza
18、tion Acquisition & Implementation Delivery & Support Monitoring IT Resources IT Resources Application Systems Data Application Systems Technology Facilities People Domains Processes Processes Activities/ Tasks Information Criteria Quality Fiduciary Security Quality Cost Delivery Effectiveness Effici
19、ency Reliability Compliance Confidentiality Integrity Availability 4.Control Objectives High-Level Control Objectives 34 (Control Over the IT Process) Control Objectives 318 (Control Over the Activities/Tasks) Planning & Organization PO1 define a strategic IT plan PO2 define the information architec
20、ture PO3 determine the technological direction PO4 define the IT organization and relationships PO5 manage the IT investment PO6 communicate management aims and direction PO7 manage human resources PO8 ensure compliance with external requirements PO9 assess risks PO10 manage projects PO11 manage qua
21、lity Acquisition & Implementation AI1 identify solutions AI2 acquire and maintain application software AI3 acquire and maintain technology architecture AI4 develop and maintain IT procedures AI5 install and accredit systems AI6 manage changes Delivery & Support DS1 define service levels DS2 manage t
22、hird-party services DS3 manage performance and capacity DS4 ensure continuous service DS5 ensure systems security DS6 identify and attribute costs DS7 educate and train users DS8 assist and advise IT customers DS9 manage the configuration DS10 manage problems and incidents DS11 manage data DS12 mana
23、ge facilities DS13 manage operations Monitoring M1 monitor the processes M2 assess internal control adequacy M3 obtain independent assurance M4 provide for independent audit DOMAIN Process Information Criteria IT Resources Planning & Organization PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 Effecti
24、veness Efficiency Confidentiality Integrity Availability Compliance Reliability People Application Systems Technology Facilities Data DOMAIN Process Information Criteria IT Resources People Application Systems Technology Facilities Data Effectiveness Efficiency Confidentiality Integrity Availability
25、 Compliance Reliability PO1 define a strategic IT plan Planning & Organization PO2 define the information architecture P S S S P S Managements Question 1. How do responsible managers “keep the ship on course”? 2. How to achieve results that are satisfactory for the largest possible segment of our st
26、akeholders? 3. How to timely adapt the organization to trends and developments in the enterprises environment? Dashboards Scorecards BenchmarkingBenchmarking 5. Management Guidelines Maturity Models CSF KGI KPI Generic Maturity Model 0 Non-Existent 1 Initial 2 Repeatable 3 Defined 4 Managed 5 Optimi
27、zed 0123 4 5 Non- ExistentInitialRepeatable Defined Managed Optimized Enterprise Current Status International Standard Guidelines Industry Best Practice Enterprise Strategy GoalsEnablers Balanced Business Scorecard Information Technology Measure (Outcome) Measure (Performance) Critical Success Facto
28、rs (CSF) Define the most important issues or actions for management to achieve control over and within its IT processes. Key Goal Indicators (KGI) Define measures that tell management -after the fact- whether an IT process has achieved its business requirements Key Performance Indicators (KPI) Define
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 2024年休闲健身服务项目发展计划
- 2024年喷雾通风冷却塔合作协议书
- 2024年数字水位仪项目合作计划书
- 2024真空技术 夹紧型快卸连接器尺寸
- 第16课 国家出路的探索与列强侵略的加剧 - 学生版
- 课时12 赏析环境特色-立足意蕴挖掘作用
- 课时58 意象与意境-体悟内涵品象悟境
- 北师大版小学科学二年级上册期末试卷含参考答案
- 空调专业英语词汇
- 北师大版小学数学四年级下册模拟试卷含参考答案
- 消防队伍组织与指挥体系
- 互联网医疗合作协议范本
- 停电电梯困人应急处理方案
- 电子商务在美妆行业的应用与发展趋势
- 小班音乐《好孩子不要妈妈抱》课件
- ROHS、Reach、HF等HSF基础知识介绍培训
- 国家开放大学《Python语言基础》实验2:基本数据类型和表达式计算参考答案
- Excel基础知识培训课件
- 2023中国人力资源数智化发展白皮书
- 电信业务技能考试:电信业务客户经理(中级)考试答案
- 质量管理体系的战略规划与创新思维
评论
0/150
提交评论