COBIT 4.0 WHAT YOU NEED TO KNOW Howard DuBois, CISA firstname.lastname@example.orgSlide 2
Objectives Review structure and substance of COBIT Assess challenges for IT administration Explore effect of a fruitful usage of COBIT on application proprietorsSlide 3
What is COBIT? COBIT is a profoundly respected IT Governance structure delivered and bolstered by the IT Governance Institute (ITGI) COBIT 4.0 is the latest arrival of this modelSlide 4
What Does COBIT Stand For? C ontrol OB jectives I for I nformation T and Related T echnologySlide 5
Why is COBIT Important? Some fascinating inquiries: Why are "control targets" important to application proprietors and clients? What is the history behind COBIT? Where does IT Governance fit in?Slide 6
COBIT\'s History COBIT began as a control model for IT inspectors – henceforth control targets for IT associations and operations sooner or later, somebody understood that if the model was adequate for the evaluator to gauge IT control and viability, it was sufficient for administration This turned into an "administration system" when it was understood that great control required usage of best practicesSlide 7
COBIT\'s History Control Objectives delivered as a review item by EDPAF mid 1990\'s COBIT first version - 1996 COBIT second release – 1998 First reference to administration and considering COBIT to be an arrangement of best practices for IT administration COBIT third release – 2000 First reference to ITGI First reference to administration rulesSlide 8
COBIT\'s History COBIT 4.0 - 2005 4.0 is an upgrade of 3 rd version – better mapping to business objectives, further improvement of development models COBIT On-Line presented During the procedure, different items were issued Control Practices – 2004 – more nitty gritty investigation of individual practices seen as best practicesSlide 9
Purpose of COBIT Provide for the most part relevant and acknowledged Standards for Good Practices for Information and Information Technology (IT) Control Based on an administration situated Framework for Control in IT Aligned with De Jure and De Facto Standards and Regulations Create a reasonable and consistent structureSlide 10
The Pieces of C OBI T Exec Summary - Senior Executives (CEO, CIO) - 16 pages Framework - Senior Operational Management (Directors of IT and IS Audit/Controls) - 68 pages Control Objectives - Middle Management (IT Management and IS Audit/Controls Managers/Seniors) - 148 pages Audit Guidelines - Line Management and Controls Practitioner (Applications or Operations Manager and Auditor) – 226 pages Management Guidelines - Senior Operational Management, Director of IS, Mid-Level IT Management and IT Audit/Control Managers - 122 pages Implementation Tool Set - Director of IS and Audit/Control, Mid-Level IS Management and IS Audit/Control Managers - 86 pagesSlide 11
The Framework\'s Principles Business Requirements IT Processes IT ResourcesSlide 12
Business Requirements = Information Criteria Quality Requirements Quality, Cost, Delivery Fiduciary Requirements (COSO Report) Effectiveness and Efficiency of Operations Reliability of Financial Reporting Compliance with Laws and Regulations Security Requirements Confidentiality Integrity AvailabilitySlide 13
Information Technology Resources Data objects in their amplest sense, i.e., outside and inward, organized and non-organized, illustrations, sound, and so forth. Application Systems Application frameworks is comprehended to be the total of manual and customized strategies. Innovation Technology covers equipment, working frameworks, database administration frameworks, organizing, sight and sound, and so forth. Offices Resources to house and bolster data frameworks. Individuals Staff aptitudes, mindfulness and profitability to arrange, sort out, obtain, convey, backing and screen data frameworks and administrations.Slide 14
The Framework\'s PrinciplesSlide 15
Domains Processes Activities IT Domains & Processes Natural gathering of procedures, regularly coordinating an authoritative area of obligation. A progression of joined exercises with normal (control) breaks. Activities expected to accomplish a quantifiable result. Exercises have an existence cycle while undertakings are tactful .Slide 16
CONTROL OBJECTIVES The DOMAINS * Planning & Organization * Acquisition & Implementation * Delivery & Support * MonitoringSlide 17
Planning and Organization Define a Strategic IT Plan Define the Information Architecture Determine Technological Direction Define the IT Organization and Relationships Manage the IT Investment Communicate Management Aims and Direction Manage Human Resources Ensure Compliance with External Requirements Assess Risks Manage Projects Manage QualitySlide 18
Acquisition and Implementation Identify Automated Solutions Acquire and Maintain Application Software Acquire and Maintain Technology Infrastructure Develop and Maintain Procedures Install and Accredit Systems Manage ChangesSlide 19
Delivery and Support Define and Manage Service Levels Manage Third-Party Services Manage Performance and Capacity Ensure Continuous Service Ensure Systems Security Identify and Allocate Costs Educate and Train Users Assist and Advise Customers Manage the Configuration Manage Problems and Incidents Manage Data Manage Facilities Manage OperationsSlide 20
Monitoring Monitor the Processes Access Internal Control Adequacy Obtain Independent Assurance Provide for Independent AuditSlide 21
IT Process Overview 1.0 Define a Strategic IT Plan The IT capacity ought to guarantee that there are IT long-and short-run gets ready for overseeing and coordinating all IT assets of the association. These arrangements ought to be opportune and precisely overhauled to suit changes in IT conditions. Appraisals of existing frameworks ought to be performed before creating or changing the key IT arrangement. Moreover, IT administration ought to guarantee that the key IT arrangement is steady with the business destinations and long-and short-go arrangements of the association.Slide 22
Linking to Control Objectives Control over the IT procedure of DEFINING A STRATEGIC IT PLAN PO-1 that fulfills the business prerequisite to strike an ideal parity of data innovation open doors and IT business necessities and in addition guaranteeing its further achievement is empowered by a key arranging process embraced at normal interims offering ascend to long haul arranges; the long haul arrangements ought to occasionally be interpreted into operational arrangements setting clear and solid fleeting objectives and mulls over: * undertaking business technique * meaning of how IT bolsters the business targets * stock of mechanical arrangements and current base * observing the innovation watch markets * opportune achievability studies and rude awakenings * existing frameworks evaluations * venture position on danger, time-to-business sector, quality * requirement for senior administration purchase in, backing and basic auditSlide 23
SUMMARY OF C OBI T TO THIS POINT Framework characterizes a develop for investigating and overseeing IT. Four areas are recognized. Inside every area there are procedures - 34 complete. Inside every procedure there are abnormal state IT control destinations characterizing controls that ought to be set up. For each of the 34 forms, there are from 3 to 30 point by point IT control targets. There are navigational apparatuses including a "waterfall" approach. An orderly and sensible technique for characterizing and imparting IT control goals.Slide 24
AUDIT GUIDELINES The destinations of reviewing are to: give administration sensible affirmation that control targets are being met where there are noteworthy control shortcomings, to substantiate the subsequent dangers exhort administration on restorative activitiesSlide 25
AUDIT GUIDELINES The procedure is examined by: Obtaining a comprehension of business prerequisites, related dangers, and applicable control measures Evaluating the propriety of expressed controls Assessing consistence by testing whether the expressed controls are filling in as recommended, reliably and constantly Substantiating the danger of the control goals not being met by utilizing investigative strategies and/or counseling elective sources.Slide 26
Audit Guidelines 1 Generic Guideline 34 Process Oriented Guidelines A non specific rule distinguishes different assignments to be performed in evaluating ANY control objective inside a procedure. Others are particular procedure arranged undertaking proposals to give administration affirmation that a control is set up and working.Slide 27
GENERIC AUDIT GUIDELINE O BTAINING A U NDERSTANDING The review ventures to be performed to archive the exercises hidden the control targets and additionally to distinguish the expressed control measures/systems set up . Meeting suitable administration and staff to pick up a comprehension of: * Business necessities and related dangers, Organization structure, * Roles and obligations, Policies and methodology, Laws and directions, Control measures set up, Management reporting (status, execution, activity things) Document the procedure related IT assets especially influenced by the procedure under audit. Affirm the comprehension of the procedure under audit, the Key Performance Indicators (KPI) of the procedure, and the control suggestions (e.g., by a procedure stroll through).Slide 28
GENERIC AUDIT GUIDELINE E VALUATING THE C ONTROLS The review ventures to be performed in evaluating the viability of control measures set up or the extent to which
ANÀLISI D’ORINA DE RUTINA. ANÀLISI D’ORINA DE RUTINA. L’analítica d’orina és una ...
¡¡¡Carreta Vacía!!!. Caminaba con mi padre cuando él se detuvo en una curva y después d ...
Vuorovaikutusleikki lapsen psyykkisen ja sosiaalisen kasvun tukena varhaisiän musiikinopetuks ...
PENGURUSAN REKOD BERKUALITI. Oleh Zailan binti Yussoff Quality Quest Resources zaiyus57@ya ...
News to Know. April 2004. Office of Student Financial Assistance Florida Department of Educ ...
™. JWAirfair.com. AIRFAIR WEB SITE. AIRFAIR ™. AirFair was organized in May 2002 and i ...
Gruppevejledning - i et systemisk perspektiv . Produktionsskoleforeningens vejledningskonfere ...
The Hutterian Brethren. The Hutterian Brethren are better known as Hutterites. They are fou ...
Metabolsk typebestemmelse. For any speculation which does not at first glance look crazy, ...