Presented By Tay Un Soo Senior VP, Bank of Commerce President of ISACA - Malaysia Chapter 1999...
-
Upload
francine-little -
Category
Documents
-
view
215 -
download
0
Transcript of Presented By Tay Un Soo Senior VP, Bank of Commerce President of ISACA - Malaysia Chapter 1999...
Presented By Tay Un Soo
Senior VP, Bank of Commerce
President of ISACA - Malaysia Chapter
1999 National Accountants Conference THRIVING IN
THE DIGITAL ECONOMY OF A NEW CENTURY
AGENDA• Introduction - Directions and Challenges• What is Corporate Governance & how it works.• What is IT Governance & how it works.• Relationship of Corporate and IT Governance• How IT Governance impacts Enterprise effectiveness• CobiT: The breakthrough IT Governance tool• What is IT Audit Governance?• How to audit IT Governance?• Conclusion
-
Introduction: What is Digital Economy?
Information
KnowledgeContent
Computing
Communi-cation
InteractiveMultimedia
TechnologyHumans
OrganizationsSocieties
Intelligence
CyberspaceDigital
Electronic
Goods,services,capital, labour,
information
Changes In Information Technology
Time to react
Business process
Organization
Rightsizing
Control Redesign
TRENDS
Realignment
MISSIONCUSTOMERS
COMPETITION
NEWENTERPRISE
Businessrisk
RiskAssessmentAssurance
AUDITORS
INFORMATIONTECHNOLOGY
BUSINESSSTRATEGIES,CULTURES,
ETHICS
SUCCESSFULENTERPRISE
OPTIMISEINFORMATION
VALUE
CAPITALISEON
TECHNOLOGY
ATTAIN BUSINESS OBJECTIVES
SECURITY & PRIVACY
TIMELY, ACCURATEINFORMATION
BUSINESS CONTINUITY
NEW AUDIT METHODOLOGIES
ACCOUNTING FORVIRTUAL ASSETS
TECHNICAL PROFICIENCIES
CHANGING ROLES
AICPA 1999 TOP 10 TECHNOLOGY PRIORITIES
1. YEAR 2000 2 (1998)
2. Internet, Intranets & Extranets 1
3. Information Security & Control 3
4. Training & Technology 4
5. Technology Management -
6. Disaster Recovery -
7. The Virtual Office -
8. Privacy -
9. Electronic Money -
10.Electronic Evidence -
Information-related Assurance Services
RISKASSESSMENTASSURANCE
ELECTRONIC COMMERCEASSURANCE
SYSTEMRELIABILITYASSURANCE
WEBTRUSTASSURANCE
BusinessRisks
Systems &Tools
InternalIS Websites
� Do your enterprise’s systems create
competitive advantage, or simply keep
you in business?
� Does your IT investment make money for
your organization or cause it concern?
� What is the economic and strategic
value of your enterprise’s information?
� How is online and internet delivery of products and services changing global industries?
DO THE ISSUES CONCERN ME?
CIO
� Does your management view the
internet as a threat or an opportunity?
� How can you help management and Board to effectively manage and govern IT strategy opportunities and threats in the rapidly changing technology?
TOP PRIORITIES OF CHIEF INFORMATION OFFICERS
In The Digital Economy
• Business/IT fusion
• Demonstrating the business value of IT
• IT Governance
THE TOP OF THE TOP PRIORITIES
IT and systems must work hand in hand with corporate goals and business practices
- To create competitive advantage
- To ensure the ultimate success
of the enterprise.
What Is Corporate Governance?
OBJECTIVES
•To Enhance Business Prosperity And Corporate Accountability
•To realize long term stakeholders value
The process and structureto direct
and managethe business
and affairsof the company
EFFECTIVECORPORATE GOVERNANCE
IndividualAnd GroupExpertise
AndExperience
Monitors And
MeasuresPerformance
Provides assurance tocritical issues
INFORMATION TECHNOLOGY& CORPORATE OBJECTIVES
ITGovernance
CORPORATE GOVERNANCE FRAMEWORK
STAKEHOLDERS
REGULATORSEXTERNAL AUDITORS
AUDIT COMMITTEE
BOARD OFDIRECTORS
COSO Framework of Internal Control
MonitoringC
omm
unic
atio
nControl
Risk
Activitie
s
Info
rmat
ion
&
Co
mm
un
icat
ion
Information &
Assessment
ControlEnviro
nment
Guidance on Control - CoCo• 20 criteria of control
PURPOSE
CAPABILITY
COMMITMENT
ACTION
MONITORING& LEARNING
Quality
Fiducia
ry
Securit
y
COBIT Information CriteriaInformation Criteria
IT P
roce
sses
IT P
roce
sses
IT R
esou
rces
IT R
esou
rces
Domains
Processes
Activities
How Corporate Governance Works
DIRECT
REPORT
USING
•Results measured•Input for constant revision & maintenance of control•Cycle begins again
Enterprisegoverned by:
Assuranceprovided by
What is IT Governance?
IT GOVERNANCE is an inclusive term, which encompasses :
• Information systems, technology & communication
• business, legal & other issues
• stakeholders, directors, senior management, process owners, IT suppliers, users, auditors, etc
Linking business objectives and IT
•IT AlignedWith Business
•IT ResourcesUsedResponsibly
•IT RelatedRisksManaged Appropriately
•Plan/organize•Acquire/implement
•Deliver/support•Monitor
MANAGE RISKS: Security,Reliability & Compliance
REALISE BENEFITS: •Increase automation•Effectiveness•Decrease costs•Efficiency
GOOD/BESTPRACTICES
HOW IT GOVERNANCE WORKS
IT ACTIVITIES
RELATIONSHIP OF CORPORATE & IT GOVERNANCE
STRATEGIC PLAN
RELATIONSHIP OF CORPORATE
& IT GOVERNANCE
REQUIRE INFORMATION
FROM
BUSINESS OBJECTIVES
STRATEGIC PLANNING
•MAXIMISE BENEFITS •CAPITALIZING ONOPPORTUNITIES•GAINING COMPETITIVE ADVANTAGE
How IT governance impact an enterprise effectiveness?
IT INVESTMENTProtection
INFORMATIONASSET - Management
for success
BUSINESS ISSUES- Y2K, ERP,E-commerce
STRATEGICINFORMATION
Security, Confidentiality,Integrity
COBIT is the breakthroughIT governance tool
CCOBIOBITT::
GOVERNANCE, CONTROL and AUDIT GOVERNANCE, CONTROL and AUDIT for INFORMATION and RELATED for INFORMATION and RELATED TECHNOLOGYTECHNOLOGY
IT governance tool to help management understand and manage IT risk
THE COBIT FRAMEWORKSetting The Scene
THE NEED FOR CONTROL IN IT
•Dependencies•Vulnerabilities• Scale and cost of investment•Change organizations and business practices, create opportunities and reduce costs
MANAGEMENT OF IT RISKS
• Management - What to invest for security & control
•Users - assurance
•Auditors - Opinion on internal control
THE COBIT FRAMEWORKSetting The Scene
•COMPETITION
•CHANGE
•COST
THE BUSINESSENVIRONMENT
MANAGENTEXPECTATIONS
OF IT
•Re-engineered Processes•Right-sizing•Distributed Processing•Flattened Organization•Outsourcing
COBIT IS SPECIFICALLY DESIGNED FOR..
MANAGEMENT USERS AUDITORS
•IT investment
•Risk & Control
•Benchmarking
Assurance on
return on costs,security and
control on
products andservices
•Minimum controls
•To substantiate opinions to management
COBIT Framework’s Principles -Summary
BUSINESSREQUIREMENTS
IT PROCESSES
IT RESOURCES
The Framework’s Principles
BUSINESS PROCESSESWhat you getWhat you get
INFORMATION
IT RESOURCES
What you needWhat you need
Do they matchDo they match?? data application
systems technology facilities people
Criteria effectiveness efficiency confidentiality integrity availability compliance reliability
The Framework’s Principles
PLANNING &ORGANISATION
IT RESOURCES
data application
systems technology facilities people
MONITORING
DELIVERY &SUPPORT
ACQUISITION &IMPLEMENTATION
The principle applied is The principle applied is that the IT Resources that the IT Resources are managed by a set of are managed by a set of naturally grouped naturally grouped processes, which need to processes, which need to be controlled in order to be controlled in order to ensure that the ensure that the resources provide the resources provide the information that the information that the enterprise needs to enterprise needs to achieve its objectives.achieve its objectives.
MatchMatch
IT Domains & Processes
DomainsDomains
ProcessesProcesses
ActivitiesActivities
Natural grouping of processes, often Natural grouping of processes, often matching and organisational domain matching and organisational domain of responsibility.of responsibility.
A series of joined activities with A series of joined activities with natural (control) breaks.natural (control) breaks.
Actions needed to achieve a Actions needed to achieve a measurable result. Activities have a measurable result. Activities have a life-cycle whereas tasks are discreet.life-cycle whereas tasks are discreet.
The COBIT Cube
Domains
Processes
Activities
Quality
Fiducia
ry
Securit
y
Peo
ple
Ap
pli
cati
on S
yste
ms
Tec
hn
olog
y
Fac
ilit
ies
Dat
a
IT P
roce
sses
IT P
roce
sses
Information Information CriteriaCriteria
IT R
esou
rces
IT R
esou
rces
The Waterfall Navigation Aid - High Level Control Objectives for Each Process
IT Processes
BusinessRequirements
Control Statements
Control Practices
The control of
Which satisfy
Is enabled by
considering34 CONTROLOBJECTIVES
AUDIT GUIDELINES
What Is IT Audit Governance?
It is an encompassing term which includes:
• IT Audit Charter
• IT Audit Plan
• IT Audit Manual
• IT Audit Program
How To Audit IT Governance?
• Audit Charter
• Independence
• Planning
• Performance of Audit Work
• Reporting
AUDITING GUIDELINE ISSUED BY ISACA
CORPORATE GOVERNANCEON INFORMATION
SYSTEMS
Audit Charter
• Scope of work to include corporate governance of information systems and technology
• Reporting line to be used where corporate governance issues are identified
Independence
• Consider organizational status appropriate for the nature of planned audit
• If not, use of independent third party should be considered
Planning
• Fact finding - corporate governance structure
• IS audit objectives - intended audience’s needs, level of dissemination intended and national and industry regulations; control framework adopted
• Scope of the audit - relevant processes; IT resources
• Staffing
Performance of Audit Work
• Review of Board activities
• Review of policies and compliance
• Business process owner responsibilities
• Consideration of external factors
Reporting• To audit committee and Board members
• Contents include
- Statement on directors’ responsibility for system of internal control
- Statement on reasonable assurance of system of internal control
- Key procedures established by Board to provide effective internal control
- Non compliance, major uncontrolled risks
- Poor control structures or controls
- Overall conclusion