1 / 31

Institute of Internal Auditors COBIT Presentation October 9, 2001

Institute of Internal Auditors COBIT Presentation October 9, 2001. For More Information on COBIT. Phone 847-253-1545 Email research@isaca.org Websites www.Itgovernance.org www.isaca.org. Cost. ISACA Member $115 Non-Member $225. Background.

anoush
Download Presentation

Institute of Internal Auditors COBIT Presentation October 9, 2001

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Institute of Internal AuditorsCOBIT PresentationOctober 9, 2001

  2. For More Information on COBIT Phone 847-253-1545 Email research@isaca.org Websites www.Itgovernance.org www.isaca.org

  3. Cost • ISACA Member $115 • Non-Member $225

  4. Background • Control OBjectives for Information and related Technology • Originally released in 1996 by the Information Systems Audit and Control Foundation (ISACF) • Current primary publisher is the IT Governance Institute - formed by the Information Systems Audit and Control Association (ISACA) in 1998 • COBIT was formed through research of sources such as the technical standards from ISO, codes of conduct issued by the Council of Europe and ISACA, professional standards for internal control and auditing issued by COSO, AICPA, GAO, etc. • The above sources were used to formulate COBIT to “be both pragmatic and responsive to business needs while being independent of the technical IT platforms adopted in an organization.”

  5. The COBIT Mission • To research, develop, publicize and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers and auditors

  6. Objectives of COBIT • To provide a framework to bridge gaps between business risks, control needs and technical issues in order to maximize benefits, capitalize on opportunities and gain competitive advantage

  7. Components • Executive Summary • Framework • Control Objectives • Audit Guidelines • Management Guidelines

  8. Executive Summary • Provides a synopsis of COBIT’s objectives and processes

  9. Framework • A tool to be used as a comprehensive guidance for users, auditors, management & business process owners

  10. Control Objectives • Generically defined high-level business needs organized by process/activity used to facilitate the implementation of a process

  11. Audit Guidelines • A template used to facilitate the obtaining, evaluating, assessing and substantiating of of information needed to evaluate overall control

  12. Management Guidelines • Set of action oriented guidelines developed to assist management in answering: • Does the benefit outweigh the cost? • What are the indicators of good performance? • What are the critical success factors? • What are the risks of not achieving our objectives? • What do others do? • How do we measure and compare?

  13. COBIT Family of Products

  14. Framework (see handout) • 4 Domains • Planning & Organization • Acquisition & Implementation • Delivery & Support • Monitoring • 34 Control Objectives • 318 Detailed Control Objectives

  15. Audit Guidelines • Obtain Understanding • Interviewing • Obtaining • Evaluate Controls • Considering • Assess Compliance • Testing • Substantiate Risk • Performing • Identifying

  16. Management Guidelines • Critical Success Factors • Key Goal Indicators • Key Performance Indicators • Maturity Model

  17. Example • Manage Changes

  18. Domain • Acquisition & Implementation

  19. Control Objective • AI6

  20. Detailed Control Objectives • Change Request Initiation and Control • Impact Assessment • Control of Changes • Emergency Changes • Documentation and Procedures • Authorized Maintenance • Software Release Policy • Distribution of Software

  21. Obtain Understanding Interviewing Obtaining Evaluate Controls Considering Assess Compliance Testing Substantiate Risk Performing Identifying Audit Guidelines

  22. Non-existent Initial/Ad Hoc Repeatable but Intuitive Defined Process Managed & Measurable Optimized Management Guidelines

  23. Findings • Issues • Benchmarking

  24. Adopting COBIT Tool Set

  25. Adopting COBIT Tool Set

  26. Adopting COBIT Tool Set

  27. Adopting COBIT Tool Set

  28. Adopting COBIT Tool Set

  29. Adopting COBIT Tool Set

  30. COBIT Case Studies • Cedel Group • Office of the State Auditor of Massachusetts • PWC • Fidelity Investments • Department of Defense • Boston Gas Company • Santa Barbara Bank and Trust • Society for Worldwide Interbank Financial Telecommunication

More Related