Documente Academic
Documente Profesional
Documente Cultură
Focus
Monitoring Area
results for Safeguarding
corrective assets, disaster
Resource Management recovery and
actions
compliance
Optimizing the
development
and use of
available
resources
Why is IT Governance Important?
What is COBiT?
• Control Objectives for Information and Related
Technology
• It is a comprehensive framework of globally
accepted practices, analytical tools and models
designed for governance and management of
enterprise IT
COBiT supports it governance by
providing a framework to ensure that:
Governance
Summary of changes between CobiT
4.1 and CobiT 5
Organization, Relationships
and Processes
BAI.DSS •
•
Deliver, Service and Support (DSS)
Monitor, Evaluate and Assess (MEA)
MEA
1.3: The Work of an IT Auditor
What is an IT Auditor?
• IT auditor participates in project
and assignments that improve
internal processes and
-40 performances.
Who are qualified to be an IT
Auditor?
Core
IT Audit Skills
Advanced
Core Skills
Advanced Skills
To add:
• Detail-Oriented
• Business Minded
• Professional
• Tech Savy
• Certified
1.5: The CISA Examination
Certified Information Systems Auditor (CISA)
• - is a certification issued by ISACA for the
people in charge of ensuring that an organization's
IT and business systems are monitored, managed
and protected.
The CISA exam is usually offered in June and September every year.
The contents of the CISA Examination include areas (domains) in
information systems security, audit, and control.
CISA Exam Syllabus
Domain 1:
The process of auditing information systems (21%)
Domain 2:
Governance and management of IT (16%)
Domain 3:
Information systems acquisition, development, and
implementation (18%)
Domain 4:
Information systems operations, maintenance and support (20%)
Domain 5:
Protection of information assets (25%)
Overview of D1: The process of
auditing information systems
Summary of Audit Process
covers how IT auditors provide services in
Audit Planning accordance with IT audit standards, in
order to assist the organization in
protecting and controlling information
Perform Test
systems.
Reporting
Examples of target
Follow-up
• Audit mission and planning
Activity • Laws and regulations
• Standards and guidelines for IS
auditing
• Risk analysis
• Internal controls
• Performing an IS audit
Overview of D2: Governance and
management of IT
Examples of target
covers how IT auditors
provide assurance that • Planning IT Strategy
necessary organization with IT Steering
Committee
structure and processes • Implementation of the
are in place. IT strategy
• Business Process
Reengineering
• Risk management for
IT strategy
• Organization and
Personnel Management
Overview of D3: Information systems
acquisition, development, and
implementation
covers how IT auditors Examples of target
provide assurance that
• Application development
the practices for the process and regulation
acquisition, including needs analysis,
including cost estimation
development, testing, • Quality Management
and implementation of IS • Validation of computer &
system architecture for
meet the organization’s Application
• Application control
strategies and • Management of
objectives. outsourcing and vender
Overview of D4: Information systems
operations, maintenance and support
CISA employees: