Your SlideShare is downloading. ×
CISA Part2
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

CISA Part2

505
views

Published on

Published in: Business, Technology

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
505
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Risk begins with strategy formulation an objective settings
  • Risk is related to preserving shareholders value as well as create value. Upside and downside
  • Transcript

    • 1. LOGOCISA Review CourseIyad Mourtada, CIA, CMA, CFE, CPLPIntroduction to IT Governance
    • 2. wps.cn/mobanCompany LogoIT ValueDeliveryStakeholdersValue DriversPerformanceMeasurementRiskManagementStrategicAlignmentIT GOVERNANCE
    • 3. CORPORATEGOVERNANCECompany LogoAudit Role in IT Governance:- Improve the quality and effectiveness ofthe IT governance Implementation.- Ensure compliance with IT governanceinitiatives implemented
    • 4. CORPORATEGOVERNANCECompany LogoInformation Security Governance•IS Governance should be integrated with ITGovernance•The focus should be on• Integrity of information• Continuity of services• Information assets protection
    • 5. CORPORATEGOVERNANCEEnterprise ArchitectureOrganizations should in structuredway document its IT assets in tofacilitate understanding,management and planning for ITinvestments• Performance• Business• Service component• Technical• DataCompany Logo
    • 6. CORPORATEGOVERNANCEIS Roles & Responsibilities•Systems analysis•Security Architect•Application programming•Systems programming•Network managementCompany Logo
    • 7. Segregation of Duties Within IS- Security administration and change management- Computer operations and system development- System development and System design- System development and systems maintenance- Segregated- Segregated- Segregated
    • 8. wps.cn/mobanRiskManagement
    • 9. Risk Definitions“Risk is the possibility that an event willoccur and adversely affect theachievement of objectives.”COSO ERM – Integrated Framework (Jersey City, NJ: AICPAs, 2004), P5“Risk [is] the possibility of an eventoccurring that will have an impact onthe achievement of objectives. Risk ismeasured in terms of impact andlikelihood”IPPF (Altamonte Springs, FL: IIA, 2011), p.43
    • 10. Business ObjectivesStrategic ObjectivesOperations ObjectivesReporting ObjectivesCompliance ObjectivesCOSO ERM – Integrated Framework (Jersey City, NJ: AICPAs, 2004),P5
    • 11. RisksCompany Logo- Personnel Risk- Information Security Risk- Outsourcing Risk- Operational Risk- Financial Risk- Compliance Risk- Business Process Risk
    • 12. FraudLawsuitsPenalties and finesIncreased market shareNew productdevelopmentIncreased revenueCreatingshareholdervalue+−VALUEPreservingshareholdervalueValueandRiskEnterprise Risk Management (ERM) as an essential tool for good corporate governance, Rahaju Pal,Deloitte - Enterprise Risk Services ,September 2010
    • 13. Estimating Annual LossesCompany LogoSingle Loss Expectancy =Asset Value $ X Exposure factor %Annual Loss Expectancy =Single Loss Expectancy X Annual rate of Occurrence
    • 14. Impact and Probability
    • 15. Managing RiskControlShare/Transfer Mitigate & ControlAccept (Mointor)High RiskMedium RiskMedium RiskLow RiskLowHighHighIMPACTPROBABILITY
    • 16. Business Process ReengineeringCompany Logo- Business Efficiency- Improved Techniques- New RequirementsBPR project is strategic in nature
    • 17. Principles for BPRCompany Logo- Think Big- Incremental- Hybrid Approach
    • 18. BPR Implementation StepsCompany Logo- Envision- Initiate- Diagnose- Redesign- Reconstruct- Evaluate
    • 19. Role of IS in BPRCompany Logo- Enable the new process though automation- Provide IT Project Management Tools- Provide IT Support- Help in integrating business processes with theIT systems.
    • 20. Business Process DocumentationCompany Logo- Process Maps- Risk Assessment- Benchmarking- Roles and Responsibilities- Tasks and Activities- Process Controls and Data Process Restrictions
    • 21. Business Process DocumentationCompany Logo- Process Maps- Risk Assessment- Benchmarking- Roles and Responsibilities- Tasks and Activities- Process Controls and Data Process Restrictions
    • 22. Question1:Company LogoWhat is the main purpose of the IT SteeringCommittee?A.Implement the New IT SystemB.Review vender contractsC.Identify business issues and objectivesD.Develop the IT Plan and Strategy
    • 23. Question2:Company LogoWhich of the following strategies is used inbusiness process reengineering with the bigthinking approach?A.Bottom-upB.Business Impact AnalysisC.OutsourcingD.Top-Down
    • 24. Question3:Company LogoAn organization implements IT governance to ensurethat it aligns its IT strategy with:A.IT ObjectivesB.Enterprise Objectives.C.Audit Objectives.D.Control Objectives.
    • 25. Question4:Company LogoSecurity Administrator performs a veryimportant role in:A. Creating the security policyB.Testing Security SystemC. Maintaining access rulesD. Ensuring data integrity