Your SlideShare is downloading. ×
CISA Part2
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

CISA Part2


Published on

Published in: Business, Technology

  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • Risk begins with strategy formulation an objective settings
  • Risk is related to preserving shareholders value as well as create value. Upside and downside
  • Transcript

    • 1. LOGOCISA Review CourseIyad Mourtada, CIA, CMA, CFE, CPLPIntroduction to IT Governance
    • 2. LogoIT ValueDeliveryStakeholdersValue DriversPerformanceMeasurementRiskManagementStrategicAlignmentIT GOVERNANCE
    • 3. CORPORATEGOVERNANCECompany LogoAudit Role in IT Governance:- Improve the quality and effectiveness ofthe IT governance Implementation.- Ensure compliance with IT governanceinitiatives implemented
    • 4. CORPORATEGOVERNANCECompany LogoInformation Security Governance•IS Governance should be integrated with ITGovernance•The focus should be on• Integrity of information• Continuity of services• Information assets protection
    • 5. CORPORATEGOVERNANCEEnterprise ArchitectureOrganizations should in structuredway document its IT assets in tofacilitate understanding,management and planning for ITinvestments• Performance• Business• Service component• Technical• DataCompany Logo
    • 6. CORPORATEGOVERNANCEIS Roles & Responsibilities•Systems analysis•Security Architect•Application programming•Systems programming•Network managementCompany Logo
    • 7. Segregation of Duties Within IS- Security administration and change management- Computer operations and system development- System development and System design- System development and systems maintenance- Segregated- Segregated- Segregated
    • 8.
    • 9. Risk Definitions“Risk is the possibility that an event willoccur and adversely affect theachievement of objectives.”COSO ERM – Integrated Framework (Jersey City, NJ: AICPAs, 2004), P5“Risk [is] the possibility of an eventoccurring that will have an impact onthe achievement of objectives. Risk ismeasured in terms of impact andlikelihood”IPPF (Altamonte Springs, FL: IIA, 2011), p.43
    • 10. Business ObjectivesStrategic ObjectivesOperations ObjectivesReporting ObjectivesCompliance ObjectivesCOSO ERM – Integrated Framework (Jersey City, NJ: AICPAs, 2004),P5
    • 11. RisksCompany Logo- Personnel Risk- Information Security Risk- Outsourcing Risk- Operational Risk- Financial Risk- Compliance Risk- Business Process Risk
    • 12. FraudLawsuitsPenalties and finesIncreased market shareNew productdevelopmentIncreased revenueCreatingshareholdervalue+−VALUEPreservingshareholdervalueValueandRiskEnterprise Risk Management (ERM) as an essential tool for good corporate governance, Rahaju Pal,Deloitte - Enterprise Risk Services ,September 2010
    • 13. Estimating Annual LossesCompany LogoSingle Loss Expectancy =Asset Value $ X Exposure factor %Annual Loss Expectancy =Single Loss Expectancy X Annual rate of Occurrence
    • 14. Impact and Probability
    • 15. Managing RiskControlShare/Transfer Mitigate & ControlAccept (Mointor)High RiskMedium RiskMedium RiskLow RiskLowHighHighIMPACTPROBABILITY
    • 16. Business Process ReengineeringCompany Logo- Business Efficiency- Improved Techniques- New RequirementsBPR project is strategic in nature
    • 17. Principles for BPRCompany Logo- Think Big- Incremental- Hybrid Approach
    • 18. BPR Implementation StepsCompany Logo- Envision- Initiate- Diagnose- Redesign- Reconstruct- Evaluate
    • 19. Role of IS in BPRCompany Logo- Enable the new process though automation- Provide IT Project Management Tools- Provide IT Support- Help in integrating business processes with theIT systems.
    • 20. Business Process DocumentationCompany Logo- Process Maps- Risk Assessment- Benchmarking- Roles and Responsibilities- Tasks and Activities- Process Controls and Data Process Restrictions
    • 21. Business Process DocumentationCompany Logo- Process Maps- Risk Assessment- Benchmarking- Roles and Responsibilities- Tasks and Activities- Process Controls and Data Process Restrictions
    • 22. Question1:Company LogoWhat is the main purpose of the IT SteeringCommittee?A.Implement the New IT SystemB.Review vender contractsC.Identify business issues and objectivesD.Develop the IT Plan and Strategy
    • 23. Question2:Company LogoWhich of the following strategies is used inbusiness process reengineering with the bigthinking approach?A.Bottom-upB.Business Impact AnalysisC.OutsourcingD.Top-Down
    • 24. Question3:Company LogoAn organization implements IT governance to ensurethat it aligns its IT strategy with:A.IT ObjectivesB.Enterprise Objectives.C.Audit Objectives.D.Control Objectives.
    • 25. Question4:Company LogoSecurity Administrator performs a veryimportant role in:A. Creating the security policyB.Testing Security SystemC. Maintaining access rulesD. Ensuring data integrity