Download   Report
  1. No category

“Aligning Gap Between Internal Audit and IT Governance”

“Aligning Gap Between Internal Audit and
IT Governance”
Muhammad Fadly
[email protected]
Literature
●
Internal Audit and IT Governance (Norman
Marks/ISACA)
http://www.theiia.org/blogs/marks/index.cfm/post/Internal%20Audit%20and%20IT%20Governance
●
Interdependencies between Auditing and Corporate
Governance (Dennis Voeller/Michael Bremert/Nicole Zein)
http://www.sbr-online.de/pdfarchive/einzelne_pdf/sbr_2013_july_198-226.pdf
●
IT governance and information system auditing
practice in credit institutions in the Republic of Croatia
http://www.oecd.org/daf/ca/corporategovernanceprinciples/37178451.pdf
●
AUDITING AND ITS ROLE IN CORPORATE
GOVERNANCE (Derek Broadley & Deloitte Touche
Tohmatsu)
http://www.oecd.org/daf/ca/corporategovernanceprinciples/37178451.pdf
●
IT Governance and Its Mechanisms (ISACA)
http://www.isaca.org/Journal/Past-Issues/2004/Volume-1/Pages/IT-Governance-and-Its-Mechanisms.aspx
Interrelation between business
components
http://www.sbr-online.de/pdfarchive/einzelne_pdf/sbr_2013_july_198-226.pdf
Positioning IT Governance as integral
part of enterprise Management
Include IT governance as an element of their audits of
organizational governance.
The alignment of organizational and IT strategies and
plans.
Perform separate audits of IT governance as a whole, or
Perform audits of selected IT governance activities (those
considered to represent higher risks).
IT projects and operations provide the values and benefits
needed by the business.
Opportunities presented by information technology are
realized.
IT resources are used responsibly and effectively
managed.
Risks to the business related to IT are managed
IT-related activities comply with applicable laws,
regulations, and corporate standards for behavior
Aligning The Gap Between Corporate
Internal Audit and CIS Governance Dept
Corporate Internal Audit
CIS Governance (CIS Divison)
Ensure that each element in the
company obey the Enterprise rules
To ensure that overall IT Operation
has follow the Enterprise rules
Enterprise Risk Management
(Corporate Internal Audit)
Risk Management (CIS Divison)
To ensure that all risk facing the whole To ensure that all risk facing the IT
Operation are managed
Organization are managed
IT Audit (Corporate Internal
Audit)
Compliance (CIS Governance)
As an auditor to assess the
adequacy of overall IT governance
activities.
As an auditee to ensure the IT
Operation complied to the Audit Finding.
Introduction : Risk Management at CIS
Govenance Department
Goal : Assess, Monitor & Control IT Risks
Improving processes to meet management objectives
Identifying risk
● Analyzing and prioritizing risks
● Identifying controls
● Analyzing controls
● Planning and scheduling implementation
● Tracking and reporting risks and controls
● Operating controls
● Learning from prior efforts and updating knowledge base
●
●
IT Risk Management Portfolios
IT Risk Profile Life Cycle
Identify business value
Establish Risk Context
1
Monitor & Report
(IT Risk Profile)
2
5
4
Response Risk
(COBIT 4.1)
Identify Risk
(ISO 27001:2013)
3
Assess Risk
https://www.isaca.org/Education/Upcoming-Events/Documents/2012-NACACS-Presentations/127-nac2012.pdf
Compile IT Risk Management with GRC
Framework
1. Integrate with ERM (Internal Audit Dept)
2. Make a risk-aware bussiness decisions
3. Establish & maintain common risk view
IT Risk Governance
IT Risk Response
Goal of Position :
Manage Risks
Assess, Monitor & Managed Risk 1.
2. React to events (incident)
3. Articulate Risk
IT Risk Evaluation
1. Analyze Risk
2. Maintain Risk Profile
3. Collect Data
IT Risk Governance :
Ensure that IT Risk management practicing
Are embedded in the enterprise,enabling it
To secure optimal risk adjusted return.
IT Risk Response :
Ensure that IT related risk issues,oportunities
And events are addressed in a cost effective
Manner and inline with business priorities
External In :
External In :
1.
2.
3.
4.
ERM (CIA)
IT Risk Evaluation
IT Audit (CIA)
IT Risk Response
External Out :
1.
2.
3.
4.
5.
Std Officer
IT Site (SH & Off)
Compliance Off
Internal Auditor
All IT Operation
External Out :
1. IT Risk Evaluation 1. IT Risk Governance
2. Business analyst 2. IT Site (SH & Off)
3. Compliance Off
3. Sysadm
IT Risk Evaluation :
Ensure that IT related risk issues,oportunities
Are identified, analyzed and presented in the
Bussiness terms
External Out :
1. IT Risk Governance 1. IT Risk response
External In :
2. Business analyst
3. Sysadm
2.
3.
4.
5.
6.
7.
8.
9.
IT Site (SH & Off)
IT Infr. Devel Sect
Appl sect head
Business analyst
System & Tech Spc
IT O&M Sect
IT Opr Support Sect
IT Syst. & Conf Spc
Enterprise Security Architecture

Enterprise Security Architecture

On Chinese Non-Interventionism” “

On Chinese Non-Interventionism” “

Rochana Bajpai | SOAS London - Global Governance Programme

Rochana Bajpai | SOAS London - Global Governance Programme

How to get control of IT Projects and Systems?

How to get control of IT Projects and Systems?

Read more about Rick... - CIO Professional Services, LLC

Read more about Rick... - CIO Professional Services, LLC

(IT) will play a critical role in supporting all areas of the Univ

(IT) will play a critical role in supporting all areas of the Univ

Governance challenges in the world of infrastructure Part 2

Governance challenges in the world of infrastructure Part 2

UNITED NATIONS NATIONS UNIES TJO Grade Level

UNITED NATIONS NATIONS UNIES TJO Grade Level

ICBMLS Themes

ICBMLS Themes

First Nations Data Governance Policy This document

First Nations Data Governance Policy This document

Risk and Opportunity Management Strategy

Risk and Opportunity Management Strategy

abcdocz.com

© Copyright 2024