《IT审计相关知识(英文版)(61页PPT).pptx》由会员分享,可在线阅读,更多相关《IT审计相关知识(英文版)(61页PPT).pptx(61页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、Advanced Information Advanced Information Technology and Technology and ManagementManagementIT Audit and Control Model of Information and Related Technology-COBITHu kejin WIT AuditISACA (Information Systems Audit and Control Association)CISA(Certified Information System Auditor)COBIT-Control Objecti
2、ves For Information and Related TechnologyInformation Systems Audit and ControlFoundationIT Governance Institute1.IT Audit Overview2.COBIT Overview3.COBIT Architecture4.Control Objectives5.Management Guidelines6.Audit Guidelines1.IT Audit OverviewAuditingObjectivesSecurity Reliability EffectivenessS
3、cope of the audit1)Information Systems2)to cover life cycle of ISAudit Plan$Definition of Scope and Objectives.$Analysis and understanding of standard procedures.$Evaluation of system and internal controls.$Audit Procedures and documentation of evidence.$Analysis of facts encountered.$Formation of o
4、pinion over the controls.$Presentation of report and recommendations.Audit Techniques$Compliance tests.$Substantive tests.$Auditing program.$Integrated Test Facility.$Parallel Simulation.$Snapshot$Tracing$Program Code Comparison$Computer Assisted Audit Techniques and Tools.Audit Work Team$Manager:Re
5、sponsible for the audit and quality control.$Senior/team leader:Responsible for the work papers.$Staff:Responsible for the performance of the audit.Audit ReportProgress Reports.Work Papers.Other Work Papers.Preliminary Reports.Final Audit Report.1)What is our mission?2)What are our goals and how wil
6、l we achieve them?3)How can we measure our performance?4)How will we use that information to make improvements?1)Accounting Audit2)System Audit3)Performance Audit Business Reference Model(BRM)Lines of Business Agencies,Customers,PartnersService Component Reference Model(SRM)Service Domains,Service T
7、ypesBusiness&Service ComponentsTechnical Reference Model(TRM)Service Component Interfaces,Interoperability Technologies,RecommendationsData&Information Reference Model(DRM)Business-focused Data Standardization Cross-Agency Information ExchangesPerformance and Business-DrivenPerformance Reference Mod
8、el(PRM)Inputs,Outputs,and OutcomesUniquely Tailored IT Performance IndicatorsComponent-Based Architectures Performance Reference Model(PRM)Inputs,Outputs,and OutcomesUniquely Tailored IT Performance IndicatorsBusiness Reference Model(BRM)Lines of Business Agencies,Customers,PartnersService Component
9、 Reference Model(SRM)Service Domains,Service TypesBusiness&Service ComponentsTechnical Reference Model(TRM)Service Component Interfaces,Interoperability Technologies,RecommendationsData&Information Reference Model(DRM)Business-focused Data Standardization Cross-Agency Information ExchangesPerformanc
10、e and Business-DrivenComponent-Based ArchitecturesTHE FEA REFERENCE MODEL FRAMEWORKHUMAN CAPITAL MISSION AND BUSINESS RESULTS CUSTOMERRESULTDVALUE VALUE STRATEGIC OUTCOMSINPUTTECHONLOGY OTHER FIXED ASSETSPROCESS AND ACTIVITY Mission and business-critical resultsaligned with the Business ReferenceMod
11、el.Results measured from a customerperspectiveThe direct effects of day-to-day activitiesand broader processes measured as drivenby desired outcomes.Used to furtherdefine and measure the Mode of Delivery in The business reference model.Key enablers measured through their contribution to outputs and
12、by extension outcomesData and Information Reference Model(DRM)Data and Information Reference Model (DRM)is currently under developmentCOBIT is the model for IT governance!2.COBIT OverviewBusinessRequirementsIT ManagementIT Resources1).Executive Summary2).Framework3).Control Objectives4).Management G
13、uidelines5).Audit Guidelines6).Implementation Tool setThe control ofwhich satisfyis enabled byconsideringIT ProcessesBusinessRequirementsControlStatementsControlPractices DataApplication SystemsTechnologyFacilitiesPeopleEventsBusiness ObjectivesBusiness OpportunitiesExternal RequirementsRegulationsR
14、isksInformationEffectivenessConfidentialityIntegrityAvailabilityComplianceReliabilityMessageinputServiceoutputBusinessProcessesInformationIT ResourcesIT ResourcesPeopleApplication SystemsTechnologyFacilitiesDataInformation Criteria effectiveness confidentiality integrity availability compliance reli
15、ability?Do they matchWhat you getWhat you needInformation criteria ITdomains ITresourcesPlanning&organizationAcquisition&implementationDelivery&supportMonitoringDomainsProcessesActivitiesInformation CriteriaIT ProcessesIT ResourcesQualityFiduciarySecuritypeopleApplication SystemsTechnologyFacilities
16、DataDomainsProcessesActivities/Tasks3.COBIT ArchitectureManagement frameworkManagementguidelinesControlobjectivesAuditguidelinesTool setManagementguidelinesMaturitymodelsCritical success factorsKey goalindicatorsKey performance indicatorsIT domainsPlanning&OrganizationAcquisition&ImplementationDeliv
17、ery&SupportMonitoringCOBIT IT Processes Defined Within the Four DomainsCOBITBusiness ObjectivesInformationIT ResourcesPlanning&OrganizationAcquisition&ImplementationDelivery&SupportMonitoringIT ResourcesIT ResourcesApplication SystemsDataApplication SystemsTechnologyFacilitiesPeopleDomainsProcessesP
18、rocessesActivities/TasksInformation CriteriaQualityFiduciarySecurityQualityCostDeliveryEffectivenessEfficiencyReliabilityComplianceConfidentialityIntegrityAvailability4.Control Objectives High-Level Control Objectives 34(Control Over the IT Process)Control Objectives 318(Control Over the Activities/
19、Tasks)Planning&OrganizationPO1 define a strategic IT planPO2 define the information architecturePO3 determine the technological directionPO4 define the IT organization and relationshipsPO5 manage the IT investmentPO6 communicate management aims and directionPO7 manage human resourcesPO8 ensure compl
20、iance with external requirementsPO9 assess risksPO10 manage projectsPO11 manage quality Acquisition&ImplementationAI1 identify solutionsAI2 acquire and maintain application softwareAI3 acquire and maintain technology architectureAI4 develop and maintain IT proceduresAI5 install and accredit systemsA
21、I6 manage changesDelivery&SupportDS1 define service levelsDS2 manage third-party servicesDS3 manage performance and capacityDS4 ensure continuous serviceDS5 ensure systems securityDS6 identify and attribute costsDS7 educate and train usersDS8 assist and advise IT customersDS9 manage the configuratio
22、nDS10 manage problems and incidentsDS11 manage dataDS12 manage facilitiesDS13 manage operationsMonitoringM1 monitor the processesM2 assess internal control adequacyM3 obtain independent assuranceM4 provide for independent auditDOMAINProcessInformation CriteriaIT ResourcesPlanning&OrganizationPO1 PO2
23、 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11EffectivenessEfficiencyConfidentialityIntegrityAvailabilityComplianceReliabilityPeopleApplication SystemsTechnologyFacilitiesDataDOMAINProcessInformation CriteriaIT ResourcesPeopleApplication SystemsTechnologyFacilitiesDataEffectivenessEfficiencyConfidentialityI
24、ntegrityAvailabilityComplianceReliabilityPO1 define a strategic IT planPlanning&OrganizationPO2 define the informationarchitectureP S S SP SManagements Question1.How do responsible managers“keep the ship on course”?2.How to achieve results that are satisfactory for the largest possiblesegment of our
25、 stakeholders?3.How to timely adapt the organizationto trends and developments in the enterprises environment?DashboardsScorecardsBenchmarkingBenchmarking5.Management GuidelinesMaturity ModelsCSFKGIKPI Generic Maturity Model0 Non-Existent1 Initial2 Repeatable3 Defined4 Managed5 Optimized 012345Non-E
26、xistentInitialRepeatableDefinedManagedOptimizedEnterprise Current StatusInternational Standard GuidelinesIndustry Best PracticeEnterprise StrategyGoalsEnablersBalanced Business ScorecardInformationTechnologyMeasure(Outcome)Measure(Performance)Critical Success Factors(CSF)Define the most important is
27、sues or actionsfor management to achieve control over and within its IT processes.Key Goal Indicators (KGI)Define measures that tell management-after the fact-whether an IT process has achieved itsbusiness requirementsKey PerformanceIndicators(KPI)Define measures to determine how well theIT process
28、is performing in enabling the goalto be reachedGOALCompareProcessActivitiesControlInformationObjectivesPlanDoCheckCorrectIT GovernanceControlDirectPlanDoCheckCorrectIT ActivitiesPlanning and OrganizationAcquisition and ImplementationDelivery and SupportMonitoringManage risks Realize BenefitsObjectiv
29、esReportGoalsEnablersBalanced Business ScorecardInformationTechnology KGI(measure of outcome)KPI(measure of performance)Financial Perspective Goal MeasuresCustomer Perspective Goal MeasuresInternal Processes Goal MeasuresLearn and Innovate Goal MeasuresEffectivenessEfficiencyConfidentialityIntegrity
30、AvailabilityComplianceReliabilityGoalsEnablers KGI(measure of outcome)KPI(measure of performance)6.Audit GuidelinesAudit GuidelinesAudit GuidelinesStandardsGuidelinesProceduresEffectivenessReliabilitySecurityAuditingObjectives1、每一个成功者都有一个开始。勇于开始,才能找到成功的路。5月-235月-23Wednesday,May 3,20232、成功源于不懈的努力,人生最
31、大的敌人是自己怯懦。02:46:4302:46:4302:465/3/2023 2:46:43 AM3、每天只看目标,别老想障碍。5月-2302:46:4302:46May-2303-May-234、宁愿辛苦一阵子,不要辛苦一辈子。02:46:4302:46:4302:46Wednesday,May 3,20235、积极向上的心态,是成功者的最基本要素。5月-235月-2302:46:4302:46:43May 3,20236、生活总会给你另一个机会,这个机会叫明天。03五月20232:46:43上午02:46:435月-237、人生就像骑单车,想保持平衡就得往前走。五月232:46上午5月-2302:46May 3,20238、业余生活要有意义,不要越轨。2023/5/32:46:4302:46:4303 May 20239、我们必须在失败中寻找胜利,在绝望中寻求希望。2:46:43上午2:46上午02:46:435月-2310、一个人的梦想也许不值钱,但一个人的努力很值钱。5/3/2023 2:46:43 AM02:46:4303-5月-2311、在真实的生命里,每桩伟业都由信心开始,并由信心跨出第一步。5/3/2023 2:46 AM5/3/2023 2:46 AM5月-235月-23谢谢大家谢谢大家