Ch2 2009 cisa

download Ch2 2009 cisa

of 83

  • date post

    30-Apr-2015
  • Category

    Business

  • view

    1.498
  • download

    2

Embed Size (px)

description

Certified Information System Auditor

Transcript of Ch2 2009 cisa

  • 1. ISACA The recognized globalleader in IT governance, control, security and assurance
  • 2. 2009 CISA Review Course Chapter 2IT Governance
  • 3. Course Agenda Learning Objectives Discuss Task and Knowledge Statements Discuss specific topics within the chapter Case studies Sample questions
  • 4. Exam RelevanceEnsure that the CISA candidateUnderstands and can provide assurance that the organization hasthe structure, policies, accountability mechanisms and monitoringpractices in place to achieve the requirements of corporategovernance of IT. % of Total Exam QuestionsThe content area in this chapter will Chapter 6 Chapter 1represent approximately 15% of 14% 10% Chapter 2the CISA examination 15%(approximately 30 questions). Chapter 5 31% Chapter 3 16% Chapter 4 14%
  • 5. Chapter 2 Learning Objectives Evaluate the effectiveness of IT governance structure to ensure adequate board control over the decisions, directions and performance of IT, so it supports the organizations strategies and objectives Evaluate IT organizational structure and human resources (personnel) management to ensure that they support the organizations strategies and objectives Evaluate the IT strategy and process for their development, approval, implementation and maintenance to ensure that they support the organizations strategies and objectives
  • 6. Chapter 2 Learning Objectives (continued) Evaluate the organizations IT policies, standards, procedures and processes for their development, approval, implementation and maintenance to ensure that they support the IT strategy and comply with regulatory and legal requirements Evaluate management practices to ensure compliance with the organizations IT strategy, policies, standards and procedures Evaluate IT resource investment, use and allocation practices to ensure alignment with the organizations strategies and objectives
  • 7. Chapter 2 Learning Objectives (continued) Evaluate IT contracting strategies and policies and contract management practices to ensure that they support the organizations strategies and objectives Evaluate risk management practices to ensure that the organizations IT-related risks are properly managed Evaluate monitoring and assurance practices to ensure that the board and executive management receive sufficient and timely information about IT performance
  • 8. 2.2 Corporate Governance Ethical corporate behavior by directors or others charged with governance in the creation and presentation of value for all stakeholders The distribution of rights and responsibilities among different participants in the corporation, such as board, managers, shareholders and other stakeholders Establishment of rules to manage and report on business risks
  • 9. 2.3 Monitoring and Assurance Practices for Board and Executive Management Enterprises are governed by generally accepted good or best practices, the assurance of which is provided by certain controls. From these practices flows the organizations direction, which indicates certain activities using the organizations resources. The results of these activities are measured and reported on, providing input to the cyclical revision and maintenance of controls. IT is also governed by good or best practices that ensure that the organizations information and related technology support its business objectives, its resources are used responsibly, and its risks are managed appropriately.
  • 10. 2.3 Monitoring and Assurance Practices for Board and Executive Management (continued) Effective enterprise governance focuses individual and group expertise and experience on specific areas where they can be most effective IT governance is concerned with two issues: that IT delivers value to the business and that IT risks are managed IT governance is the responsibility of the board of directors and executive management
  • 11. Practice Question2-1 IT governance ensures that an organization aligns its IT strategy with: A. enterprise objectives. B. IT objectives. C. audit objectives. D. control objectives.
  • 12. 2.3.1 Best Practices for IT Governance
  • 13. 2.3.1 Best Practices for IT Governance (continued)IT governance has become significant due to: Demands for better return from IT investments Increases in IT expenditures Regulatory requirements for IT controls Selection of service providers and outsourcing Complexity of network security Adoptions of control frameworks Benchmarking
  • 14. 2.3.1 Best Practices for IT Governance (continued)Audit role in IT governance Audit plays a significant role in the successful implementation of IT governance within an organization Reporting on IT governance involves auditing at the highest level in the organization and may cross division, functional or departmental boundaries
  • 15. 2.3.1 Best Practices for IT Governance (continued) In accordance with the defined role of the IS auditor, the following aspects related to IT governance need to be assessed: The IS functions alignment with the organizations mission, vision, values, objectives and strategies The IS functions achievement of performance objectives established by the business (effectiveness and efficiency) Legal, environmental, information quality, and fiduciary and security requirements The control environment of the organization The inherent risks within the IS environment
  • 16. 2.3.2 IT Strategy Committee The creation of an IT strategy committee is an industry best practice Committee should broaden its scope to include not only advice on strategy when assisting the board in its IT governance responsibilities, but also to focus on IT value, risks and performance
  • 17. 2.3.3 Standard IT Balanced Scorecard A process management evaluation technique that can be applied to the IT governance process in assessing IT functions and processes Method goes beyond the traditional financial evaluation One of the most effective means to aid the IT strategy committee and management in achieving IT and business alignment
  • 18. 2.3.4 Information Security Governance Focused activity with specific value drivers Integrity of information Continuity of services Protection of information assets Integral part of IT governance Importance of information security governance
  • 19. 2.3.4 Information Security Governance (continued)Importance of information security governance Information security (Infosec) covers all information processes, physica