LOGO

CISA Review Course

Iyad Mourtada, CIA, CMA, CFE, CPLP

Introduction to IT Governance

wps.cn/moban

Company Logo

IT Value Delivery

Stakeholders Value Drivers

Performance Measurement

Risk Management

Strategic Alignment

IT GOVERNANCE

CORPORATE GOVERNANCE

Company Logo

Audit Role in IT Governance:

- Improve the quality and effectiveness of the IT governance Implementation. - Ensure compliance with IT governance initiatives implemented

CORPORATE GOVERNANCE

Company Logo

Information Security Governance

•IS Governance should be integrated with IT Governance •The focus should be on

• Integrity of information• Continuity of services • Information assets protection

CORPORATE GOVERNANCE Enterprise Architecture

Organizations should in structured way document its IT assets in to facilitate understanding, management and planning for IT investments

• Performance• Business• Service component• Technical • Data

Company Logo

CORPORATE GOVERNANCE IS Roles & Responsibilities

•Systems analysis •Security Architect•Application programming•Systems programming•Network management

Company Logo

Segregation of Duties Within IS- Security administration and change management- Computer operations and system development- System development and System design- System development and systems maintenance

- Segregated - Segregated - Segregated

wps.cn/moban

Risk Management

Risk Definitions

“Risk is the possibility that an event will occur and adversely affect the achievement of objectives.”

COSO ERM – Integrated Framework (Jersey City, NJ: AICPAs, 2004), P5

“Risk [is] the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood”

IPPF (Altamonte Springs, FL: IIA, 2011), p.43

Business Objectives

Strategic Objectives Operations Objectives Reporting Objectives Compliance Objectives COSO ERM – Integrated Framework (Jersey City, NJ: AICPAs, 2004), P5

Risks

Company Logo

- Personnel Risk- Information Security Risk - Outsourcing Risk - Operational Risk - Financial Risk - Compliance Risk - Business Process Risk

Fraud

Lawsuits

Penalties and fines

Increased market share

New product development

Increased revenue

Creating shareholder

value

+

−

VALUE

Preserving shareholder

value

Valu

e a

nd

Ris

k

Enterprise Risk Management (ERM) as an essential tool for good corporate governance, Rahaju Pal, Deloitte - Enterprise Risk Services ,September 2010

Estimating Annual Losses

Company Logo

Single Loss Expectancy = Asset Value $ X Exposure factor %

Annual Loss Expectancy = Single Loss Expectancy X Annual rate of Occurrence

Impact and Probability

Managing Risk

Control

Share/Transfer Mitigate & Control

Accept (Mointor)

High Risk

Medium Risk

Medium Risk

Low Risk

Low

High

High

IMPACT

PROBABILITY

Business Process Reengineering

Company Logo

- Business Efficiency

- Improved Techniques

- New Requirements

BPR project is strategic in nature

Principles for BPR

Company Logo

- Think Big

- Incremental

- Hybrid Approach

BPR Implementation Steps

Company Logo

- Envision

- Initiate

- Diagnose

- Redesign

- Reconstruct

- Evaluate

Role of IS in BPR

Company Logo

- Enable the new process though automation- Provide IT Project Management Tools- Provide IT Support - Help in integrating business processes with the IT systems.

Business Process Documentation

Company Logo

- Process Maps

- Risk Assessment

- Benchmarking

- Roles and Responsibilities

- Tasks and Activities

- Process Controls and Data Process Restrictions

Business Process Documentation

Company Logo

- Process Maps

- Risk Assessment

- Benchmarking

- Roles and Responsibilities

- Tasks and Activities

- Process Controls and Data Process Restrictions

Question1:

Company Logo

What is the main purpose of the IT Steering Committee?

A.Implement the New IT System

B.Review vender contracts

C.Identify business issues and objectives

D.Develop the IT Plan and Strategy

Question2:

Company Logo

Which of the following strategies is used in business process reengineering with the big thinking approach?

A.Bottom-up

B.Business Impact Analysis

C.Outsourcing

D.Top-Down

Question3:

Company Logo

An organization implements IT governance to ensure that it aligns its IT strategy with:

A.IT Objectives

B.Enterprise Objectives.

C.Audit Objectives.

D.Control Objectives.

Question4:

Company Logo

Security Administrator performs a very important role in:

A. Creating the security policy

B.Testing Security System

C. Maintaining access rules

D. Ensuring data integrity