Information Technology Audit

Frameworks and Standards

Dr. Wing Wahyu Winarno, MAFIS, CA, Ak.

wingwinarno wingww wingww wingww

Program Studi S2 Magister Teknologi Informasi – Program Jarak Jauh

Universitas Amikom Yogyakarta
Topics
1. The Objectives of Information Systems
2. Types of Information Systems
3. Components of Information Systems
4. Information Systems Maturity
5. Information Systems Risks
6. Control for Information Systems

2
The Objectives of Information Systems
• To bring competitive advantage to the organization
• To run business more efficient and effective
• To achieve organizations’ goals
• To help decision makers make their decision

3
Types of Information Systems (based on decision type)
• Transaction Processing Systems
• Management Information Systems
ES
• Decision Support Systems
Decision
• Expert Systems Support Systems

Management Information Systems

Transaction Processing Systems

4
Components of Information Systems

Internal Database External Data Analytical Data

Computers Application Computer

(hardware) (software) Networks

Documents
Procedures Controls
(hard/soft-copy)

Users
Management, employees, end users, analysts, etc.
Information Systems Maturity
Information
• Systems that deliver one way information
• Eg. Television, videoboard, radio

Communication
• Systems that deliver two way communication with users
• Eg.: call center, blog

Transaction
• System that handles daily transactions
• Eg.: Point of Sales, ticketing systems

Collaboration
• IS among companies’ systems
• Eg.: Superapps, blockchain

Transformation
• Systems that can replace the old ways with the new way
• Eg. GoJek, Indonesian railway systems, distance learning 6
Components of Information Systems
COSO: Internal Control Framework
COSO: Enterprise Risk Management
ICF and ERM (COSO)
COBIT 2019
COBIT
• https://www.youtube.com/watch?time_continue=33&v=oqmkX_E1c1M
• https://www.escoute.com/finally-a-guide-for-tailoring-a-governance-system-
for-information-and-technology/
greycampus.com
Information Technology Infrastructure Library (ITIL)
• ITIL framework uses Key performance indicators to measure the IT
department's performance, progress, problems and also to continually
improve the service.
• ITIL is very flexible, scalable and versatile which makes any IT department
implement these methodologies. This framework is useful to document the
process, functions, and roles in IT Service Management.
ITIL Video
• What is ITIL? https://www.youtube.com/watch?v=rXLUf3ug3aQ
• ITIL Fundamentals https://www.youtube.com/watch?v=7qjVjfz7pzg
ITIL and Other Good Practices
ITIL can be adapted and used in conjunction with other good practices such as:
• COBIT (a framework for IT Governance and Controls)
• Six Sigma ( a quality methodology)
• TOGAF (a framework for IT architecture)
• ISO 27000 (a standard for IT security)
• ISO/IEC 20000 (a standard for IT Service Management)
http://tosjustsytfa.gq
Related Framework on IT Audit
20