cisa review courses - slides part2
TRANSCRIPT
LOGO
CISA Review Course
Iyad Mourtada, CIA, CMA, CFE, CPLP
Introduction to IT Governance
wps.cn/moban
Company Logo
IT Value Delivery
Stakeholders Value Drivers
Performance Measurement
Risk Management
Strategic Alignment
IT GOVERNANCE
CORPORATE GOVERNANCE
Company Logo
Audit Role in IT Governance:
- Improve the quality and effectiveness of the IT governance Implementation. - Ensure compliance with IT governance initiatives implemented
CORPORATE GOVERNANCE
Company Logo
Information Security Governance
•IS Governance should be integrated with IT Governance •The focus should be on
• Integrity of information• Continuity of services • Information assets protection
CORPORATE GOVERNANCE Enterprise Architecture
Organizations should in structured way document its IT assets in to facilitate understanding, management and planning for IT investments
• Performance• Business• Service component• Technical • Data
Company Logo
CORPORATE GOVERNANCE IS Roles & Responsibilities
•Systems analysis •Security Architect•Application programming•Systems programming•Network management
Company Logo
Segregation of Duties Within IS- Security administration and change management- Computer operations and system development- System development and System design- System development and systems maintenance
- Segregated - Segregated - Segregated
wps.cn/moban
Risk Management
Risk Definitions
“Risk is the possibility that an event will occur and adversely affect the achievement of objectives.”
COSO ERM – Integrated Framework (Jersey City, NJ: AICPAs, 2004), P5
“Risk [is] the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood”
IPPF (Altamonte Springs, FL: IIA, 2011), p.43
Business Objectives
Strategic Objectives Operations Objectives Reporting Objectives Compliance Objectives COSO ERM – Integrated Framework (Jersey City, NJ: AICPAs, 2004), P5
Risks
Company Logo
- Personnel Risk- Information Security Risk - Outsourcing Risk - Operational Risk - Financial Risk - Compliance Risk - Business Process Risk
Fraud
Lawsuits
Penalties and fines
Increased market share
New product development
Increased revenue
Creating shareholder
value
+
−
VALUE
Preserving shareholder
value
Valu
e a
nd
Ris
k
Enterprise Risk Management (ERM) as an essential tool for good corporate governance, Rahaju Pal, Deloitte - Enterprise Risk Services ,September 2010
Estimating Annual Losses
Company Logo
Single Loss Expectancy = Asset Value $ X Exposure factor %
Annual Loss Expectancy = Single Loss Expectancy X Annual rate of Occurrence
Impact and Probability
Managing Risk
Control
Share/Transfer Mitigate & Control
Accept (Mointor)
High Risk
Medium Risk
Medium Risk
Low Risk
Low
High
High
IMPACT
PROBABILITY
Business Process Reengineering
Company Logo
- Business Efficiency
- Improved Techniques
- New Requirements
BPR project is strategic in nature
Principles for BPR
Company Logo
- Think Big
- Incremental
- Hybrid Approach
BPR Implementation Steps
Company Logo
- Envision
- Initiate
- Diagnose
- Redesign
- Reconstruct
- Evaluate
Role of IS in BPR
Company Logo
- Enable the new process though automation- Provide IT Project Management Tools- Provide IT Support - Help in integrating business processes with the IT systems.
Business Process Documentation
Company Logo
- Process Maps
- Risk Assessment
- Benchmarking
- Roles and Responsibilities
- Tasks and Activities
- Process Controls and Data Process Restrictions
Business Process Documentation
Company Logo
- Process Maps
- Risk Assessment
- Benchmarking
- Roles and Responsibilities
- Tasks and Activities
- Process Controls and Data Process Restrictions
Question1:
Company Logo
What is the main purpose of the IT Steering Committee?
A.Implement the New IT System
B.Review vender contracts
C.Identify business issues and objectives
D.Develop the IT Plan and Strategy
Question2:
Company Logo
Which of the following strategies is used in business process reengineering with the big thinking approach?
A.Bottom-up
B.Business Impact Analysis
C.Outsourcing
D.Top-Down
Question3:
Company Logo
An organization implements IT governance to ensure that it aligns its IT strategy with:
A.IT Objectives
B.Enterprise Objectives.
C.Audit Objectives.
D.Control Objectives.
Question4:
Company Logo
Security Administrator performs a very important role in:
A. Creating the security policy
B.Testing Security System
C. Maintaining access rules
D. Ensuring data integrity