《it审计与控制模型cobit(同济大学 刘仲英教授)》由会员分享,可在线阅读,更多相关《it审计与控制模型cobit(同济大学 刘仲英教授)(60页珍藏版)》请在金锄头文库上搜索。
1、Advanced Information Technology and Management,IT Audit and Control Model of Information and Related Technology -COBITHu kejin W,IT AuditISACA (Information Systems Audit andControl Association)CISA (Certified Information System Auditor),COBIT- Control Objectives For Information and Related Technolog
2、yInformation Systems Audit and Control FoundationIT Governance Institute,1. IT Audit Overview2. COBIT Overview3. COBIT Architecture4. Control Objectives5. Management Guidelines6. Audit Guidelines,1. IT Audit Overview,Auditing Objectives,Security Reliability Effectiveness,Scope of the audit,1) Inform
3、ation Systems2) to cover life cycle of IS,Audit Plan,$ Definition of Scope and Objectives. $ Analysis and understanding of standard procedures. $ Evaluation of system and internal controls. $ Audit Procedures and documentation of evidence. $ Analysis of facts encountered. $ Formation of opinion over
4、 the controls. $ Presentation of report and recommendations.,Audit Techniques,$ Compliance tests. $ Substantive tests. $ Auditing program. $ Integrated Test Facility. $ Parallel Simulation. $ Snapshot $ Tracing $ Program Code Comparison $ Computer Assisted Audit Techniques and Tools.,Audit Work Team
5、,$ Manager: Responsible for the audit andquality control. $ Senior/team leader: Responsible for thework papers. $ Staff: Responsible for the performanceof the audit.,Audit Report,Progress Reports. Work Papers. Other Work Papers. Preliminary Reports. Final Audit Report.,1)What is our mission?2)What a
6、re our goals and how will we achieve them?3) How can we measure our performance?4)How will we use that information tomake improvements?,1)Accounting Audit2)System Audit3)Performance Audit,Business Reference Model (BRM) Lines of Business Agencies, Customers, Partners Service Component Reference Model
7、 (SRM) Service Domains, Service Types Business & Service Components Technical Reference Model (TRM) Service Component Interfaces, Interoperability Technologies, Recommendations Data & Information Reference Model (DRM) Business-focused Data Standardization Cross-Agency Information Exchanges Performan
8、ce and Business-Driven Performance Reference Model (PRM) Inputs, Outputs, and Outcomes Uniquely Tailored IT Performance Indicators Component-Based Architectures,Performance Reference Model (PRM) Inputs, Outputs, and Outcomes Uniquely Tailored IT Performance Indicators,Business Reference Model (BRM)
9、Lines of Business Agencies, Customers, Partners,Service Component Reference Model (SRM) Service Domains, Service Types Business & Service Components,Technical Reference Model (TRM) Service Component Interfaces, Interoperability Technologies, Recommendations,Data & Information Reference Model (DRM) B
10、usiness-focused Data Standardization Cross-Agency Information Exchanges,Performance and Business-Driven,Component-Based Architectures,THE FEA REFERENCE MODEL FRAMEWORK,HUMAN CAPITAL,MISSION AND BUSINESSRESULTS,CUSTOMER RESULTD,VALUE,VALUE,STRATEGIC OUTCOMS,INPUT,TECHONLOGY,OTHERFIXED ASSETS,PROCESS
11、AND ACTIVITY,Mission and business-critical results aligned with the Business Reference Model. Results measured from a customer perspective,The direct effects of day-to-day activities and broader processes measured as driven by desired outcomes. Used to further define and measure the Mode of Delivery
12、in The business reference model.,Key enablers measured throughtheir contribution to outputs and by extension outcomes,Data and Information Reference Model (DRM),Data and Information Reference Model (DRM) is currently under development,COBIT is the model for IT governance!,2. COBIT Overview,Business
13、Requirements,IT Management,IT Resources,1). Executive Summary 2). Framework 3).Control Objectives 4).Management Guidelines 5).Audit Guidelines 6).Implementation Tool set,The control of,which satisfy,is enabled by,considering,IT Processes,Business Requirements,Control Statements,Control Practices,Dat
14、a Application Systems,Technology,Facilities,People,Events Business Objectives Business Opportunities External Requirements Regulations Risks,Information Effectiveness Confidentiality Integrity Availability Compliance Reliability,Message input,Service output,Business Processes,Information,IT Resource
15、s,IT Resources,People Application Systems Technology Facilities Data,Information Criteriaeffectivenessconfidentialityintegrityavailabilitycompliancereliability,?,Do they match,What you get,What you need,Information criteria,IT domains,IT resources,Planning & organization,Acquisition & implementation,Delivery & support,Monitoring,Domains,Processes,Activities,Information Criteria,IT Processes,IT Resources,Quality,Fiduciary,Security,people,Application Systems,Technology,Facilities,Data,Domains,Processes,Activities/Tasks,3. COBIT Architecture,
