CISA Part2


Published on

Published in: Business, Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Risk begins with strategy formulation an objective settings
  • Risk is related to preserving shareholders value as well as create value. Upside and downside
  • CISA Part2

    1. 1. LOGOCISA Review CourseIyad Mourtada, CIA, CMA, CFE, CPLPIntroduction to IT Governance
    2. 2. LogoIT ValueDeliveryStakeholdersValue DriversPerformanceMeasurementRiskManagementStrategicAlignmentIT GOVERNANCE
    3. 3. CORPORATEGOVERNANCECompany LogoAudit Role in IT Governance:- Improve the quality and effectiveness ofthe IT governance Implementation.- Ensure compliance with IT governanceinitiatives implemented
    4. 4. CORPORATEGOVERNANCECompany LogoInformation Security Governance•IS Governance should be integrated with ITGovernance•The focus should be on• Integrity of information• Continuity of services• Information assets protection
    5. 5. CORPORATEGOVERNANCEEnterprise ArchitectureOrganizations should in structuredway document its IT assets in tofacilitate understanding,management and planning for ITinvestments• Performance• Business• Service component• Technical• DataCompany Logo
    6. 6. CORPORATEGOVERNANCEIS Roles & Responsibilities•Systems analysis•Security Architect•Application programming•Systems programming•Network managementCompany Logo
    7. 7. Segregation of Duties Within IS- Security administration and change management- Computer operations and system development- System development and System design- System development and systems maintenance- Segregated- Segregated- Segregated
    8. 8.
    9. 9. Risk Definitions“Risk is the possibility that an event willoccur and adversely affect theachievement of objectives.”COSO ERM – Integrated Framework (Jersey City, NJ: AICPAs, 2004), P5“Risk [is] the possibility of an eventoccurring that will have an impact onthe achievement of objectives. Risk ismeasured in terms of impact andlikelihood”IPPF (Altamonte Springs, FL: IIA, 2011), p.43
    10. 10. Business ObjectivesStrategic ObjectivesOperations ObjectivesReporting ObjectivesCompliance ObjectivesCOSO ERM – Integrated Framework (Jersey City, NJ: AICPAs, 2004),P5
    11. 11. RisksCompany Logo- Personnel Risk- Information Security Risk- Outsourcing Risk- Operational Risk- Financial Risk- Compliance Risk- Business Process Risk
    12. 12. FraudLawsuitsPenalties and finesIncreased market shareNew productdevelopmentIncreased revenueCreatingshareholdervalue+−VALUEPreservingshareholdervalueValueandRiskEnterprise Risk Management (ERM) as an essential tool for good corporate governance, Rahaju Pal,Deloitte - Enterprise Risk Services ,September 2010
    13. 13. Estimating Annual LossesCompany LogoSingle Loss Expectancy =Asset Value $ X Exposure factor %Annual Loss Expectancy =Single Loss Expectancy X Annual rate of Occurrence
    14. 14. Impact and Probability
    15. 15. Managing RiskControlShare/Transfer Mitigate & ControlAccept (Mointor)High RiskMedium RiskMedium RiskLow RiskLowHighHighIMPACTPROBABILITY
    16. 16. Business Process ReengineeringCompany Logo- Business Efficiency- Improved Techniques- New RequirementsBPR project is strategic in nature
    17. 17. Principles for BPRCompany Logo- Think Big- Incremental- Hybrid Approach
    18. 18. BPR Implementation StepsCompany Logo- Envision- Initiate- Diagnose- Redesign- Reconstruct- Evaluate
    19. 19. Role of IS in BPRCompany Logo- Enable the new process though automation- Provide IT Project Management Tools- Provide IT Support- Help in integrating business processes with theIT systems.
    20. 20. Business Process DocumentationCompany Logo- Process Maps- Risk Assessment- Benchmarking- Roles and Responsibilities- Tasks and Activities- Process Controls and Data Process Restrictions
    21. 21. Business Process DocumentationCompany Logo- Process Maps- Risk Assessment- Benchmarking- Roles and Responsibilities- Tasks and Activities- Process Controls and Data Process Restrictions
    22. 22. Question1:Company LogoWhat is the main purpose of the IT SteeringCommittee?A.Implement the New IT SystemB.Review vender contractsC.Identify business issues and objectivesD.Develop the IT Plan and Strategy
    23. 23. Question2:Company LogoWhich of the following strategies is used inbusiness process reengineering with the bigthinking approach?A.Bottom-upB.Business Impact AnalysisC.OutsourcingD.Top-Down
    24. 24. Question3:Company LogoAn organization implements IT governance to ensurethat it aligns its IT strategy with:A.IT ObjectivesB.Enterprise Objectives.C.Audit Objectives.D.Control Objectives.
    25. 25. Question4:Company LogoSecurity Administrator performs a veryimportant role in:A. Creating the security policyB.Testing Security SystemC. Maintaining access rulesD. Ensuring data integrity