《it审计相关知识(英文版)》由会员分享,可在线阅读,更多相关《it审计相关知识(英文版)(60页珍藏版)》请在金锄头文库上搜索。
1、Advanced Information Technology and Management,IT Audit and Control Model of Information and Related Technology -COBIT Hu kejin W,IT Audit ISACA (Information Systems Audit and Control Association) CISA (Certified Information System Auditor),COBIT- Control Objectives For Information and Related Techn
2、ology Information Systems Audit and Control Foundation IT Governance Institute,1. IT Audit Overview 2. COBIT Overview 3. COBIT Architecture 4. Control Objectives 5. Management Guidelines 6. Audit Guidelines,1. IT Audit Overview,Auditing Objectives,Security Reliability Effectiveness,Scope of the audi
3、t,1) Information Systems 2) to cover life cycle of IS,Audit Plan,$ Definition of Scope and Objectives. $ Analysis and understanding of standard procedures. $ Evaluation of system and internal controls. $ Audit Procedures and documentation of evidence. $ Analysis of facts encountered. $ Formation of
4、opinion over the controls. $ Presentation of report and recommendations.,Audit Techniques,$ Compliance tests. $ Substantive tests. $ Auditing program. $ Integrated Test Facility. $ Parallel Simulation. $ Snapshot $ Tracing $ Program Code Comparison $ Computer Assisted Audit Techniques and Tools.,Aud
5、it Work Team,$ Manager: Responsible for the audit and quality control. $ Senior/team leader: Responsible for the work papers. $ Staff: Responsible for the performance of the audit.,Audit Report,Progress Reports. Work Papers. Other Work Papers. Preliminary Reports. Final Audit Report.,1)What is our m
6、ission? 2)What are our goals and how will we achieve them? 3) How can we measure our performance? 4)How will we use that information to make improvements?,1)Accounting Audit 2)System Audit 3)Performance Audit,Business Reference Model (BRM) Lines of Business Agencies, Customers, Partners Service Comp
7、onent Reference Model (SRM) Service Domains, Service Types Business & Service Components Technical Reference Model (TRM) Service Component Interfaces, Interoperability Technologies, Recommendations Data & Information Reference Model (DRM) Business-focused Data Standardization Cross-Agency Informatio
8、n Exchanges Performance and Business-Driven Performance Reference Model (PRM) Inputs, Outputs, and Outcomes Uniquely Tailored IT Performance Indicators Component-Based Architectures,Performance Reference Model (PRM) Inputs, Outputs, and Outcomes Uniquely Tailored IT Performance Indicators,Business R
9、eference Model (BRM) Lines of Business Agencies, Customers, Partners,Service Component Reference Model (SRM) Service Domains, Service Types Business & Service Components,Technical Reference Model (TRM) Service Component Interfaces, Interoperability Technologies, Recommendations,Data & Information Re
10、ference Model (DRM) Business-focused Data Standardization Cross-Agency Information Exchanges,Performance and Business-Driven,Component-Based Architectures,THE FEA REFERENCE MODEL FRAMEWORK,HUMAN CAPITAL,MISSION AND BUSINESS RESULTS,CUSTOMER RESULTD,VALUE,VALUE,STRATEGIC OUTCOMS,INPUT,TECHONLOGY,OTHE
11、R FIXED ASSETS,PROCESS AND ACTIVITY,Mission and business-critical results aligned with the Business Reference Model. Results measured from a customer perspective,The direct effects of day-to-day activities and broader processes measured as driven by desired outcomes. Used to further define and measu
12、re the Mode of Delivery in The business reference model.,Key enablers measured through their contribution to outputs and by extension outcomes,Data and Information Reference Model (DRM),Data and Information Reference Model (DRM) is currently under development,COBIT is the model for IT governance!,2.
13、 COBIT Overview,Business Requirements,IT Management,IT Resources,1). Executive Summary 2). Framework 3).Control Objectives 4).Management Guidelines 5).Audit Guidelines 6).Implementation Tool set,The control of,which satisfy,is enabled by,considering,IT Processes,Business Requirements,Control Stateme
14、nts,Control Practices,Data Application Systems,Technology,Facilities,People,Events Business Objectives Business Opportunities External Requirements Regulations Risks,Information Effectiveness Confidentiality Integrity Availability Compliance Reliability,Message input,Service output,Business Processe
15、s,Information,IT Resources,IT Resources,People Application Systems Technology Facilities Data,Information Criteria effectiveness confidentiality integrity availability compliance reliability,?,Do they match,What you get,What you need,Information criteria,IT domains,IT resources,Planning & organization,Acquisition & implementation,Delivery & support,Monitoring,Domains,Processes,Activities,Information Criteria,IT Processes,IT Resources,Quality,Fiduciary,Security,people,Application Systems,Technology,Facilities,Data,Domains,Processes,Activities/Tasks,3. COBIT Architecture,Management
