《IT审计相关知识(英文版)(powerpoint 62页)》由会员分享,可在线阅读,更多相关《IT审计相关知识(英文版)(powerpoint 62页)(62页珍藏版)》请在金锄头文库上搜索。
1、Advanced Information Advanced Information Technology and Technology and ManagementManagementIT Audit and Control Model of Information and Related Technology -COBITHu kejin WIT AuditISACA (Information Systems Audit and Control Association)CISA (Certified Information System Auditor)COBIT-Control Objec
2、tives For Information and Related TechnologyInformation Systems Audit and ControlFoundationIT Governance Institute1. IT Audit Overview2. COBIT Overview3. COBIT Architecture4. Control Objectives5. Management Guidelines6. Audit Guidelines1. IT Audit OverviewAuditingObjectivesSecurity Reliability Effec
3、tivenessScope of the audit1) Information Systems2) to cover life cycle of ISAudit Plan$ Definition of Scope and Objectives.$ Analysis and understanding of standard procedures.$ Evaluation of system and internal controls.$ Audit Procedures and documentation of evidence.$ Analysis of facts encountered
4、.$ Formation of opinion over the controls.$ Presentation of report and recommendations.Audit Techniques$ Compliance tests.$ Substantive tests.$ Auditing program.$ Integrated Test Facility.$ Parallel Simulation.$ Snapshot$ Tracing $ Program Code Comparison$ Computer Assisted Audit Techniques and Tool
5、s.Audit Work Team$ Manager: Responsible for the audit and quality control.$ Senior/team leader: Responsible for the work papers.$ Staff: Responsible for the performance of the audit. Audit ReportProgress Reports.Work Papers.Other Work Papers.Preliminary Reports.Final Audit Report.1)What is our missi
6、on?2)What are our goals and how will we achieve them?3) How can we measure our performance? 4)How will we use that information to make improvements?1)Accounting Audit2)System Audit3)Performance Audit Business Reference Model (BRM) Lines of Business Agencies, Customers, PartnersService Component Refe
7、rence Model (SRM)Service Domains, Service TypesBusiness & Service ComponentsTechnical Reference Model (TRM)Service Component Interfaces, Interoperability Technologies, RecommendationsData & Information Reference Model (DRM) Business-focused Data Standardization Cross-Agency Information ExchangesPerf
8、ormance and Business-DrivenPerformance Reference Model (PRM)Inputs, Outputs, and OutcomesUniquely Tailored IT Performance IndicatorsComponent-Based Architectures Performance Reference Model (PRM)Inputs, Outputs, and OutcomesUniquely Tailored IT Performance IndicatorsBusiness Reference Model (BRM) Li
9、nes of Business Agencies, Customers, PartnersService Component Reference Model (SRM)Service Domains, Service TypesBusiness & Service ComponentsTechnical Reference Model (TRM)Service Component Interfaces, Interoperability Technologies, RecommendationsData & Information Reference Model (DRM) Business-
10、focused Data Standardization Cross-Agency Information ExchangesPerformance and Business-DrivenComponent-Based ArchitecturesTHE FEA REFERENCE MODEL FRAMEWORKHUMAN CAPITAL MISSION AND BUSINESS RESULTS CUSTOMERRESULTDVALUE VALUE STRATEGIC OUTCOMSINPUTTECHONLOGY OTHER FIXED ASSETSPROCESS AND ACTIVITY Mi
11、ssion and business-critical resultsaligned with the Business ReferenceModel. Results measured from a customerperspectiveThe direct effects of day-to-day activitiesand broader processes measured as drivenby desired outcomes. Used to furtherdefine and measure the Mode of Delivery in The business refer
12、ence model.Key enablers measured through their contribution to outputs and by extension outcomesData and Information Reference Model (DRM) Data and Information Reference Model (DRM) is currently under developmentCOBIT is the model for IT governance!2. COBIT OverviewBusinessRequirementsIT ManagementI
13、T Resources1). Executive Summary2). Framework3).Control Objectives4).Management Guidelines5).Audit Guidelines6).Implementation Tool setThe control ofwhich satisfyis enabled byconsideringIT ProcessesBusinessRequirementsControlStatementsControlPractices DataApplication SystemsTechnologyFacilitiesPeopl
14、eEventsBusiness ObjectivesBusiness OpportunitiesExternal RequirementsRegulationsRisksInformationEffectivenessConfidentialityIntegrityAvailabilityComplianceReliabilityMessageinputServiceoutputBusinessProcessesInformationIT ResourcesIT ResourcesPeopleApplication SystemsTechnologyFacilitiesDataInformat
15、ion Criteria effectiveness confidentiality integrity availability compliance reliability?Do they matchWhat you getWhat you needInformation criteria ITdomains ITresourcesPlanning & organizationAcquisition &implementationDelivery &supportMonitoringDomainsProcessesActivitiesInformation CriteriaIT Proce
16、ssesIT ResourcesQualityFiduciarySecuritypeopleApplication SystemsTechnologyFacilitiesDataDomainsProcessesActivities/Tasks3. COBIT ArchitectureManagement frameworkManagementguidelinesControlobjectivesAuditguidelinesTool setManagementguidelinesMaturitymodelsCritical success factorsKey goalindicatorsKey performance indicatorsIT domainsPlanning &OrganizationAcquisition &ImplementationDelivery &SupportMonitoringCOBIT IT Processes Defined Within the Four DomainsCOBITBusiness ObjectivesInformationIT Re
