CISA Review Courses - Slides Part2
•Download as PPT, PDF•
3 likes•2,929 views
This document discusses various aspects of IT governance including: 1. The role of auditing in improving IT governance implementation and ensuring compliance. Information security governance should be integrated with IT governance with a focus on integrity, continuity of services, and protecting information assets. 2. The importance of enterprise architecture in documenting an organization's IT assets in a structured way to facilitate management, planning, and understanding of IT investments. 3. Key IT roles and responsibilities including systems analysis, security architecture, application programming, systems programming, and network management. The importance of segregating duties within information systems. 4. Risk management concepts including risk definitions, business objectives, types of risks, and estimating annual losses based on asset
More Related Content
What's hot
What's hot (19)
Similar to CISA Review Courses - Slides Part2
Similar to CISA Review Courses - Slides Part2 (20)
More from Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
More from Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP (20)
Recently uploaded
Recently uploaded (20)
CISA Review Courses - Slides Part2
- 1. LOGO CISA Review Course Iyad Mourtada, CIA, CMA, CFE, CPLP Introduction to IT Governance
- 2. wps.cn/moban Company Logo IT Value Delivery Stakeholders Value Drivers Performance Measurement Risk Management Strategic Alignment IT GOVERNANCE
- 3. CORPORATE GOVERNANCE Company Logo Audit Role in IT Governance: - Improve the quality and effectiveness of the IT governance Implementation. - Ensure compliance with IT governance initiatives implemented
- 4. CORPORATE GOVERNANCE Company Logo Information Security Governance •IS Governance should be integrated with IT Governance •The focus should be on • Integrity of information • Continuity of services • Information assets protection
- 5. CORPORATE GOVERNANCE Enterprise Architecture Organizations should in structured way document its IT assets in to facilitate understanding, management and planning for IT investments • Performance • Business • Service component • Technical • Data Company Logo
- 6. CORPORATE GOVERNANCE IS Roles & Responsibilities •Systems analysis •Security Architect •Application programming •Systems programming •Network management Company Logo
- 7. Segregation of Duties Within IS - Security administration and change management - Computer operations and system development - System development and System design - System development and systems maintenance - Segregated - Segregated - Segregated
- 12. Risk Definitions “Risk is the possibility that an event will occur and adversely affect the achievement of objectives.” COSO ERM – Integrated Framework (Jersey City, NJ: AICPAs, 2004), P5 “Risk [is] the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood” IPPF (Altamonte Springs, FL: IIA, 2011), p.43
- 13. Business Objectives Strategic Objectives Operations Objectives Reporting Objectives Compliance Objectives COSO ERM – Integrated Framework (Jersey City, NJ: AICPAs, 2004), P5
- 14. Risks Company Logo - Personnel Risk - Information Security Risk - Outsourcing Risk - Operational Risk - Financial Risk - Compliance Risk - Business Process Risk
- 15. Fraud Lawsuits Penalties and fines Increased market share New product development Increased revenue Creating shareholder value + − V A L U EPreserving shareholder value ValueandRisk Enterprise Risk Management (ERM) as an essential tool for good corporate governance, Rahaju Pal, Deloitte - Enterprise Risk Services ,September 2010
- 16. Estimating Annual Losses Company Logo Single Loss Expectancy = Asset Value $ X Exposure factor % Annual Loss Expectancy = Single Loss Expectancy X Annual rate of Occurrence
- 18. Managing Risk Control Share/Transfer Mitigate & Control Accept (Mointor) High Risk Medium Risk Medium Risk Low Risk Low High High I M P A C T PROBABILITY
- 19. Business Process Reengineering Company Logo - Business Efficiency - Improved Techniques - New Requirements BPR project is strategic in nature
- 20. Principles for BPR Company Logo - Think Big - Incremental - Hybrid Approach
- 21. BPR Implementation Steps Company Logo - Envision - Initiate - Diagnose - Redesign - Reconstruct - Evaluate
- 22. Role of IS in BPR Company Logo - Enable the new process though automation - Provide IT Project Management Tools - Provide IT Support - Help in integrating business processes with the IT systems.
- 23. Business Process Documentation Company Logo - Process Maps - Risk Assessment - Benchmarking - Roles and Responsibilities - Tasks and Activities - Process Controls and Data Process Restrictions
- 24. Business Process Documentation Company Logo - Process Maps - Risk Assessment - Benchmarking - Roles and Responsibilities - Tasks and Activities - Process Controls and Data Process Restrictions
- 25. Question1: Company Logo What is the main purpose of the IT Steering Committee? A.Implement the New IT System B.Review vender contracts C.Identify business issues and objectives D.Develop the IT Plan and Strategy
- 26. Question2: Company Logo Which of the following strategies is used in business process reengineering with the big thinking approach? A.Bottom-up B.Business Impact Analysis C.Outsourcing D.Top-Down
- 27. Question3: Company Logo An organization implements IT governance to ensure that it aligns its IT strategy with: A.IT Objectives B.Enterprise Objectives. C.Audit Objectives. D.Control Objectives.
- 28. Question4: Company Logo Security Administrator performs a very important role in: A. Creating the security policy B.Testing Security System C. Maintaining access rules D. Ensuring data integrity
Editor's Notes
- Risk begins with strategy formulation an objective settings
- Risk is related to preserving shareholders value as well as create value. Upside and downside