IT审计与控制模型COBIT课件.ppt

上传人:小飞机 文档编号:1610693 上传时间:2022-12-10 格式:PPT 页数:60 大小:753.02KB
返回 下载 相关 举报
IT审计与控制模型COBIT课件.ppt_第1页
第1页 / 共60页
IT审计与控制模型COBIT课件.ppt_第2页
第2页 / 共60页
IT审计与控制模型COBIT课件.ppt_第3页
第3页 / 共60页
IT审计与控制模型COBIT课件.ppt_第4页
第4页 / 共60页
IT审计与控制模型COBIT课件.ppt_第5页
第5页 / 共60页
点击查看更多>>
资源描述

《IT审计与控制模型COBIT课件.ppt》由会员分享,可在线阅读,更多相关《IT审计与控制模型COBIT课件.ppt(60页珍藏版)》请在三一办公上搜索。

1、Advanced Information Technology and Management,IT Audit and Control Model of Information and Related Technology -COBITHu kejin W,IT AuditISACA (Information Systems Audit and Control Association)CISA (Certified Information System Auditor),COBIT-Control Objectives For Information and Related Technolog

2、yInformation Systems Audit and ControlFoundationIT Governance Institute,1. IT Audit Overview2. COBIT Overview3. COBIT Architecture4. Control Objectives5. Management Guidelines6. Audit Guidelines,1. IT Audit Overview,AuditingObjectives,Security Reliability Effectiveness,Scope of the audit,1) Informat

3、ion Systems2) to cover life cycle of IS,Audit Plan,$ Definition of Scope and Objectives.$ Analysis and understanding of standard procedures.$ Evaluation of system and internal controls.$ Audit Procedures and documentation of evidence.$ Analysis of facts encountered.$ Formation of opinion over the co

4、ntrols.$ Presentation of report and recommendations.,Audit Techniques,$ Compliance tests.$ Substantive tests.$ Auditing program.$ Integrated Test Facility.$ Parallel Simulation.$ Snapshot$ Tracing $ Program Code Comparison$ Computer Assisted Audit Techniques and Tools.,Audit Work Team,$ Manager: Res

5、ponsible for the audit and quality control.$ Senior/team leader: Responsible for the work papers.$ Staff: Responsible for the performance of the audit.,Audit Report,Progress Reports.Work Papers.Other Work Papers.Preliminary Reports.Final Audit Report.,1)What is our mission?2)What are our goals and h

6、ow will we achieve them?3) How can we measure our performance? 4)How will we use that information to make improvements?,1)Accounting Audit2)System Audit3)Performance Audit,Business Reference Model (BRM) Lines of Business Agencies, Customers, PartnersService Component Reference Model (SRM)Service Dom

7、ains, Service TypesBusiness & Service ComponentsTechnical Reference Model (TRM)Service Component Interfaces, Interoperability Technologies, RecommendationsData & Information Reference Model (DRM) Business-focused Data Standardization Cross-Agency Information ExchangesPerformance and Business-DrivenP

8、erformance Reference Model (PRM)Inputs, Outputs, and OutcomesUniquely Tailored IT Performance IndicatorsComponent-Based Architectures,Performance Reference Model (PRM)Inputs, Outputs, and OutcomesUniquely Tailored IT Performance Indicators,Business Reference Model (BRM) Lines of Business Agencies, C

9、ustomers, Partners,Service Component Reference Model (SRM)Service Domains, Service TypesBusiness & Service Components,Technical Reference Model (TRM)Service Component Interfaces, Interoperability Technologies, Recommendations,Data & Information Reference Model (DRM) Business-focused Data Standardiza

10、tion Cross-Agency Information Exchanges,Performance and Business-Driven,Component-Based Architectures,THE FEA REFERENCE MODEL FRAMEWORK,HUMAN CAPITAL,MISSION AND BUSINESS RESULTS,CUSTOMERRESULTD,VALUE,VALUE,STRATEGIC OUTCOMS,INPUT,TECHONLOGY,OTHER FIXED ASSETS,PROCESS AND ACTIVITY,Mission and busine

11、ss-critical resultsaligned with the Business ReferenceModel. Results measured from a customerperspective,The direct effects of day-to-day activitiesand broader processes measured as drivenby desired outcomes. Used to furtherdefine and measure the Mode of Delivery in The business reference model.,Key

12、 enablers measured through their contribution to outputs and by extension outcomes,Data and Information Reference Model (DRM),Data and Information Reference Model (DRM) is currently under development,COBIT is the model for IT governance!,2. COBIT Overview,BusinessRequirements,IT Management,IT Resour

13、ces,1). Executive Summary2). Framework3).Control Objectives4).Management Guidelines5).Audit Guidelines6).Implementation Tool set,The control of,which satisfy,is enabled by,considering,IT Processes,BusinessRequirements,ControlStatements,ControlPractices,DataApplication Systems,Technology,Facilities,P

14、eople,EventsBusiness ObjectivesBusiness OpportunitiesExternal RequirementsRegulationsRisks,InformationEffectivenessConfidentialityIntegrityAvailabilityComplianceReliability,Messageinput,Serviceoutput,BusinessProcesses,Information,IT Resources,IT Resources,PeopleApplication SystemsTechnologyFacilitie

15、sData,Information Criteria effectiveness confidentiality integrity availability compliance reliability,?,Do they match,What you get,What you need,Information criteria,ITdomains,ITresources,Planning & organization,Acquisition &implementation,Delivery &support,Monitoring,Domains,Processes,Activities,I

16、nformation Criteria,IT Processes,IT Resources,Quality,Fiduciary,Security,people,Application Systems,Technology,Facilities,Data,Domains,Processes,Activities/Tasks,3. COBIT Architecture,Management framework,Managementguidelines,Controlobjectives,Auditguidelines,Tool set,Managementguidelines,Maturitymo

17、dels,Critical success factors,Key goalindicators,Key performance indicators,IT domains,Planning &Organization,Acquisition &Implementation,Delivery &Support,Monitoring,COBIT IT Processes Defined Within the Four Domains,COBIT,Business Objectives,Information,IT Resources,Planning &Organization,Acquisit

18、ion &Implementation,Delivery &Support,Monitoring,IT Resources,IT Resources,Application Systems,Data,Application Systems,Technology,Facilities,People,Domains,Processes,Processes,Activities/Tasks,Information Criteria,Quality,Fiduciary,Security,QualityCostDelivery,EffectivenessEfficiencyReliabilityComp

19、liance,ConfidentialityIntegrityAvailability,4.Control Objectives,High-Level Control Objectives 34(Control Over the IT Process)Control Objectives 318(Control Over the Activities/Tasks),Planning & Organization,PO1 define a strategic IT planPO2 define the information architecturePO3 determine the techn

20、ological directionPO4 define the IT organization and relationshipsPO5 manage the IT investmentPO6 communicate management aims and directionPO7 manage human resourcesPO8 ensure compliance with external requirementsPO9 assess risksPO10 manage projectsPO11 manage quality,Acquisition &Implementation,AI1

21、 identify solutionsAI2 acquire and maintain application softwareAI3 acquire and maintain technology architectureAI4 develop and maintain IT proceduresAI5 install and accredit systemsAI6 manage changes,Delivery &Support,DS1 define service levelsDS2 manage third-party servicesDS3 manage performance an

22、d capacityDS4 ensure continuous serviceDS5 ensure systems securityDS6 identify and attribute costsDS7 educate and train usersDS8 assist and advise IT customersDS9 manage the configurationDS10 manage problems and incidentsDS11 manage dataDS12 manage facilitiesDS13 manage operations,Monitoring,M1 moni

23、tor the processesM2 assess internal control adequacyM3 obtain independent assuranceM4 provide for independent audit,DOMAIN,Process,Information Criteria,IT Resources,Planning & Organization,PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11,EffectivenessEfficiencyConfidentialityIntegrityAvailabilityCompli

24、anceReliability,PeopleApplication SystemsTechnologyFacilitiesData,DOMAIN,Process,Information Criteria,IT Resources,PeopleApplication SystemsTechnologyFacilitiesData,EffectivenessEfficiencyConfidentialityIntegrityAvailabilityComplianceReliability,PO1 define a strategic IT plan,Planning & Organization

25、,PO2 define the informationarchitecture,P S S S,P S,Managements Question1. How do responsible managers “keep the ship on course”?2. How to achieve results that are satisfactory for the largest possiblesegment of our stakeholders?3. How to timely adapt the organizationto trends and developments in th

26、e enterprises environment?,Dashboards,Scorecards,Benchmarking,Benchmarking,5. Management Guidelines,Maturity ModelsCSFKGIKPI,Generic Maturity Model,0 Non-Existent1 Initial2 Repeatable3 Defined4 Managed5 Optimized,0,1,2,3,4,5,Non-Existent,Initial,Repeatable,Defined,Managed,Optimized,Enterprise Curren

27、t Status,International Standard Guidelines,Industry Best Practice,Enterprise Strategy,Goals,Enablers,Balanced Business Scorecard,InformationTechnology,Measure(Outcome),Measure(Performance),Critical Success Factors (CSF),Define the most important issues or actionsfor management to achieve control ove

28、r and within its IT processes.,Key Goal Indicators (KGI),Define measures that tell management-after the fact-whether an IT process has achieved itsbusiness requirements,Key PerformanceIndicators (KPI),Define measures to determine how well theIT process is performing in enabling the goalto be reached

29、,GOAL,Compare,Process,Activities,Control,Information,Objectives,Plan,Do,Check,Correct,IT Governance,Control,Direct,PlanDoCheckCorrect,IT Activities,Planning and OrganizationAcquisition and ImplementationDelivery and SupportMonitoring,Manage risks Realize Benefits,Objectives,Report,Goals,Enablers,Bal

30、anced Business Scorecard,InformationTechnology,KGI(measure of outcome),KPI(measure of performance),Financial Perspective Goal Measures,Customer Perspective Goal Measures,Internal Processes Goal Measures,Learn and Innovate Goal Measures,EffectivenessEfficiencyConfidentialityIntegrityAvailabilityComplianceReliability,Goals,Enablers,KGI(measure of outcome),KPI(measure of performance),6. Audit Guidelines,Audit Guidelines,Audit Guidelines,Standards,Guidelines,Procedures,Effectiveness,Reliability,Security,AuditingObjectives,

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 生活休闲 > 在线阅读


备案号:宁ICP备20000045号-2

经营许可证:宁B2-20210002

宁公网安备 64010402000987号