The WLS value proposition is:
-Extensive IT business experience and capability
-Demonstrated IT risk and compliance delivery
-Proven commercial experience with practical perspectives
-Low overhead compared to larger service providers results in a more competitive service
-Flexibility in service provision to reflect your business budgetary and resource requirements
ICT Association Suriname Presentation On eGovernment 2012Cyril Soeri
This presentation was presented to raise awareness on eGovernment which is mainly based on the Worldbanks\' eGovernment Handbook for developing countries.
IT Performance Measurement using IT Governance MetricPECB
Using IT Governance as a tool for measuring IT performance. COBIT 5 has provided generic metrics at strategic levels [Enterprise metrics], Tactical level [IT Goals metrics] and Operation Level [Process metrics]. We will highlight the benefits and objectives of the measurements, and then provide an approach along with suggestions on the time/frequency of measurement.
This webinar covers the following:
• An Overview of IT Governance
• Why and What to measure – Benefits and Objectives
• How and When to measure – Approach and Schedule
Presenter:
Oladapo Ogundeji's professional career extends over 18 years of experience focused on enhancing the strategic value of ICT in organizations through process re-engineering, strategic planning and project management for corporate objective & strategy that address business opportunities and issues.
Link of the recorded session published on YouTube: https://youtu.be/TOG3RPp1g0c
ICT Association Suriname Presentation On eGovernment 2012Cyril Soeri
This presentation was presented to raise awareness on eGovernment which is mainly based on the Worldbanks\' eGovernment Handbook for developing countries.
IT Performance Measurement using IT Governance MetricPECB
Using IT Governance as a tool for measuring IT performance. COBIT 5 has provided generic metrics at strategic levels [Enterprise metrics], Tactical level [IT Goals metrics] and Operation Level [Process metrics]. We will highlight the benefits and objectives of the measurements, and then provide an approach along with suggestions on the time/frequency of measurement.
This webinar covers the following:
• An Overview of IT Governance
• Why and What to measure – Benefits and Objectives
• How and When to measure – Approach and Schedule
Presenter:
Oladapo Ogundeji's professional career extends over 18 years of experience focused on enhancing the strategic value of ICT in organizations through process re-engineering, strategic planning and project management for corporate objective & strategy that address business opportunities and issues.
Link of the recorded session published on YouTube: https://youtu.be/TOG3RPp1g0c
Capability assessment of IT Governance using COBIT 4 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...PECB
Using IT Governance as a tool for measuring IT performance. COBIT 5 has provided generic metrics at strategic levels [Enterprise metrics], Tactical level [IT Goals metrics] and Operation Level [Process metrics]. We will highlight the benefits and objectives of the measurements, and then provide an approach along with suggestions on the time/frequency of measurement.
The webinar covers:
• The relation between ISO 27001 and ISO 20000
• How much does project management fit in with both of them
• Integration of information security and IT Services
Presenter:
Adnan Hafiz is an IT GRC, Security Consultant and Lead Auditor and a PECB Certified Trainer with over 10 years of significant, progressive experience in Information Technology field, focusing on Information Security, IT Governance, ISO Standards Implementation & Compliance, IT Service Management, Risk Management, Information Security & IT Service Management Audits, Software Project Management and Process Improvement.
Link of the recorded session published on YouTube: https://youtu.be/0se77tjLL4c
This is a summary of Control Objectives for Information and related Technology audit framework. Anyone can understand COBIT-19 framework within few slides. COBIT was published by ITGI, a nonprofit research entity created by ISACA
This presentation explains COBIT (Control Objectives for Information and Related Technology) standard.
Courtesy:
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
IT Governance - Capability Assessment using COBIT 5Eryk Budi Pratama
(re-upload)
Capability assessment of IT Governance using COBIT 5 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
Secure Software Development – COBIT5 PerspectiveSPIN Chennai
This presentation elucidates Secure Software Development based on COBIT 5, an IT governance framework and supporting tool set which emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITMark Constable
Frameworks assist enterprises in creating repeatable processes that can help in value creation, but sometimes it is difficult to thumb through a framework publication and completely understand how to use it. In this webinar we will explore ISACAs updated COBIT 2019 Framework and walk through examples on how to leverage its value. By using typical use cases, we will explore how to create a tailored governance framework for the governance and management of enterprise information and technology using COBIT 2019.
Learning Objectives:
- Understand the key elements of the COBIT 2019 framework and where to find them in the publications.
- Explore how to adopt a tailored enterprise governance framework for the governance and management of information and technology.
- Examine typical use cases that enterprises encounter when using the framework and walk through how to use COBIT 2019 to solve these.
High Level Agenda
- Framework introduction
- Governance and framework principles
- Governance systems and components
- Governance and management objectives
- Performance management
- Designing a tailored governance system through use cases
- Closing and questions
About the host: Mark is an internationally known Governance, Risk and Compliance expert specializing in information assurance, IT strategy and service management. With over 28 years of professional experience Mark has a wide array of industry experience including government, health care, finance and banking, manufacturing, and technology services. He has held roles spanning from CIO to IT consulting and is considered a thought leader in frameworks such as COBIT, NIST, ITIL and multiple ISO standards. Mark routinely speaks at US and international conferences and earned the ISACA John Kuyers award twice for Best Speaker/Conference contributor. Mark also holds the CGEIT and CRISC certifications.
Watch recording here: https://apmg-international.com/events/cobit-2019-use-cases-tailoring-governance-your-enterprise-it
Info-Tech is the most innovative firm in the industry, and we pride ourselves on delivering better research than anyone.
Become a member and unlock a range of data-driven tools and resources to drive systematic IT improvement.
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
The webinar covers:
• Overview of description and principles of COBIT 5.0
• How COBIT is adopted by ISO/IEC 38500
• Complementary values that ISO 38500 and COBIT 5.0 bring to each other
• How companies can use this approach for maximum benefits
Presenter:
This webinar was presented by PECB Trainer Orlando Olumide Odejide, Chief Trainer for Training Heights Limited and an experienced Enterprise Architect.
Link of the recorded session published on YouTube: https://www.youtube.com/watch?v=lnrji3A6C0I
IT Governance – The missing compass in a technology changing worldPECB
The webinar covers:
• Overview of IT Governance
• Benefits of IT Governance
• IT Governance implementation : Approach and Methodology
• Key critical success factors
Presenter:
This webinar was presented by Mr. Oladapo Ogundeji, from Digital Jewels and PECB partner.
Link of the recorded session published on YouTube: https://youtu.be/Ux_Yk4JLy0M
Knowledge of the purpose of IT strategy, policies, standards & pro cedures for an organization and the essential elements of each
https://www.infosectrain.com/blog/part-2-cisa-domain-2-governance-and-management-of-it/
Capability assessment of IT Governance using COBIT 4 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...PECB
Using IT Governance as a tool for measuring IT performance. COBIT 5 has provided generic metrics at strategic levels [Enterprise metrics], Tactical level [IT Goals metrics] and Operation Level [Process metrics]. We will highlight the benefits and objectives of the measurements, and then provide an approach along with suggestions on the time/frequency of measurement.
The webinar covers:
• The relation between ISO 27001 and ISO 20000
• How much does project management fit in with both of them
• Integration of information security and IT Services
Presenter:
Adnan Hafiz is an IT GRC, Security Consultant and Lead Auditor and a PECB Certified Trainer with over 10 years of significant, progressive experience in Information Technology field, focusing on Information Security, IT Governance, ISO Standards Implementation & Compliance, IT Service Management, Risk Management, Information Security & IT Service Management Audits, Software Project Management and Process Improvement.
Link of the recorded session published on YouTube: https://youtu.be/0se77tjLL4c
This is a summary of Control Objectives for Information and related Technology audit framework. Anyone can understand COBIT-19 framework within few slides. COBIT was published by ITGI, a nonprofit research entity created by ISACA
This presentation explains COBIT (Control Objectives for Information and Related Technology) standard.
Courtesy:
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
IT Governance - Capability Assessment using COBIT 5Eryk Budi Pratama
(re-upload)
Capability assessment of IT Governance using COBIT 5 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
Secure Software Development – COBIT5 PerspectiveSPIN Chennai
This presentation elucidates Secure Software Development based on COBIT 5, an IT governance framework and supporting tool set which emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework.
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITMark Constable
Frameworks assist enterprises in creating repeatable processes that can help in value creation, but sometimes it is difficult to thumb through a framework publication and completely understand how to use it. In this webinar we will explore ISACAs updated COBIT 2019 Framework and walk through examples on how to leverage its value. By using typical use cases, we will explore how to create a tailored governance framework for the governance and management of enterprise information and technology using COBIT 2019.
Learning Objectives:
- Understand the key elements of the COBIT 2019 framework and where to find them in the publications.
- Explore how to adopt a tailored enterprise governance framework for the governance and management of information and technology.
- Examine typical use cases that enterprises encounter when using the framework and walk through how to use COBIT 2019 to solve these.
High Level Agenda
- Framework introduction
- Governance and framework principles
- Governance systems and components
- Governance and management objectives
- Performance management
- Designing a tailored governance system through use cases
- Closing and questions
About the host: Mark is an internationally known Governance, Risk and Compliance expert specializing in information assurance, IT strategy and service management. With over 28 years of professional experience Mark has a wide array of industry experience including government, health care, finance and banking, manufacturing, and technology services. He has held roles spanning from CIO to IT consulting and is considered a thought leader in frameworks such as COBIT, NIST, ITIL and multiple ISO standards. Mark routinely speaks at US and international conferences and earned the ISACA John Kuyers award twice for Best Speaker/Conference contributor. Mark also holds the CGEIT and CRISC certifications.
Watch recording here: https://apmg-international.com/events/cobit-2019-use-cases-tailoring-governance-your-enterprise-it
Info-Tech is the most innovative firm in the industry, and we pride ourselves on delivering better research than anyone.
Become a member and unlock a range of data-driven tools and resources to drive systematic IT improvement.
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
The webinar covers:
• Overview of description and principles of COBIT 5.0
• How COBIT is adopted by ISO/IEC 38500
• Complementary values that ISO 38500 and COBIT 5.0 bring to each other
• How companies can use this approach for maximum benefits
Presenter:
This webinar was presented by PECB Trainer Orlando Olumide Odejide, Chief Trainer for Training Heights Limited and an experienced Enterprise Architect.
Link of the recorded session published on YouTube: https://www.youtube.com/watch?v=lnrji3A6C0I
IT Governance – The missing compass in a technology changing worldPECB
The webinar covers:
• Overview of IT Governance
• Benefits of IT Governance
• IT Governance implementation : Approach and Methodology
• Key critical success factors
Presenter:
This webinar was presented by Mr. Oladapo Ogundeji, from Digital Jewels and PECB partner.
Link of the recorded session published on YouTube: https://youtu.be/Ux_Yk4JLy0M
Knowledge of the purpose of IT strategy, policies, standards & pro cedures for an organization and the essential elements of each
https://www.infosectrain.com/blog/part-2-cisa-domain-2-governance-and-management-of-it/
A program description of an IT governance methodology for large and small programs where COBIT or ITIL may not be in your plans.
More at www.sqpegconsulting.com, Square Peg Consulting
John Goodpasture, PMP
One of the most daunting challenges organizations face in making decisions on what technology is needed to fully enable the business to achieve its strategy and objectives. The key is ALIGNMENT.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
WLS Services Brochure March 2013
1. IT Business Risk and Compliance Services
Mike Wright
Mobile +61(4) 17 044 622
Email: mike@wrightlane.com.au 1 | P a g e
Here are some IT Compliance questions you may want to consider:
1. As a business project sponsor or project manager for an IT project, do
you need to ensure it is on track?
2. Do you want to benchmark the maturity of your ITIL service
management shop?
3. Do you want to better manage IT risk in your organisation?
4. How comfortable are you with your Website management and
controls?
5. Are your IT policies current and when were they last reviewed?
6. Has your company outsourced part, or all, of your IT Function? If so,
is it working?
7. Does your company adequately govern IT project investment and
realise the benefits?
8. Does your Internal Audit department need to assess your IT
environment but can't justify a full-time IT Audit resource?
9. Does your business or IT department require support for a new
application or service but is not sure how to develop a RFI or RFP?
If the answer is yes, read on, Wright Lane Services can be of help!
Mike Wright has extensive and proven IT business risk
and compliance capability with major international
corporations such as Qantas (Australia) and Cable &
Wireless, Sainsbury and Esso Petroleum (UK).
The value proposition is:
Extensive IT business experience and capability
Demonstrated IT risk and compliance delivery
Proven commercial experience with practical perspectives
Low overhead compared to larger service providers results in a more
competitive service
Flexibility in service provision to reflect your business budgetary and resource
requirements
2. IT Business Risk and Compliance Services
Mike Wright
Mobile +61(4) 17 044 622
Email: mike@wrightlane.com.au 2 | P a g e
1. As a business project sponsor or IT project manager for an IT project, do you need to ensure its on track?
There are a number of IT application related reviews or Healthchecks that can be undertaken depending on
the development phase of the project or system:
Project Management reviews includes the set-up of the project team and validates that adequate
project processes are in place,
Systems Readiness reviews prior to implementing an application reviews applications controls,
adequacy of testing and business readiness,
Post-Implementation reviews (PIR) evaluates business feedback and allows the project team to
focus on what is needed to successfully close the project,
Applications controls review evaluates an application‘s availability, security, integrity &
maintainability including the underlying manual business processes necessary from a controls
perspective.
Approach and Deliverables
A series of interviews, with both IT and business stakeholders, are
undertaken to ensure that the intended project objectives are
agreed and are aligned to meet the business needs.
The project management governance model is reviewed and the
adequacy of procedures for the maintenance, recovery and data
integrity is verified.
Verify that potential project risks have been identified and that
mitigation plans are in place.
The findings and any issues will be discussed with management.
Practical recommendations are made in consultation, highlighting
practices that are currently being done efficiently and effectively as
well as those areas that may require improvements. Agreed actions
will be included in a final report following this consultation process.
2. Do you want to benchmark the maturity of your ITIL service management shop?
Based on the internationally recognised best practice ISACA CobiT Guide for Services Managers, CobiT focuses on
what should be addressed to ensure IT controls, while ITIL provides best practices describing how to plan, design
and implement effective service management capabilities. When used together, the power of both approaches is
amplified providing an effective way to benchmark and achieve improvement supported by CobiT’s control
objectives and practices.
Approach and Deliverables
Interviews with IT & business stakeholders and the suppliers providing the outsourced
service allow the current service management environment to be documented.
The current business and supplier service roles and responsibilities are then evaluated
against ITIL and Cobit guidelines.
A capability assessment using the CobiT maturity model for ITIL V3 processes is used to
benchmark the ITIL processes that management wants to review. It’s recommended
that service level agreement management and performance monitoring is always
undertaken.
A benchmark maturity report is produced using the traffic light approach with a
recommended Implementation Action Plan agreed with management
3. IT Business Risk and Compliance Services
Mike Wright
Mobile +61(4) 17 044 622
Email: mike@wrightlane.com.au 3 | P a g e
3. Do you want to manage IT risk better in your organisation?
The ISACA Risk IT framework is about IT risk, but more importantly, business risk related to the use of IT. The
framework uses a Top Down business objective and Bottom up Generic IT risk scenarios which can be used to create
an IT Improvement Program or alternatively slot into your existing ERM framework such as COSO or ISO 31000. There’s
two alternative approaches:
I) Full Risk IT Implementation to Create an Ongoing IT Risks Framework for Your Organisation.
To fully implement the Risk IT framework is a significant program of work and the objective is to enable your enterprise
to identify and manage all significant IT risk types by providing an end-to-end, comprehensive view of all IT related
risks.
Approach and Deliverables
This approach to fully implement the Risk IT framework involves the
following:
1. Define Scope of Risk analysis. Determines top strategic business
objectives and an oversight of IT. Determines initial scope,
initially start with Top 5 Business and Top 5 IT Risks.
2. Collect data. Interview key business and IT stakeholders and
available material. Obtain IT incident & audit reports, change
logs, risk reports and feedback on IT trend analysis and
regulatory requirement changes.
3. Identify common risk factors and cluster interrelated events
4. Estimate IT risk. Apply risk tolerances for determining risk
response.
5. Identify risk response options. Review findings with by CIO, CRO
and/or relevant business representatives.
6. Review the analysis. Draft interim report from findings.
7. Reporting. Issue initial draft report for discussion and review,
seek management feedback and agree an ongoing IT risk
ongoing Continuous Improvement Program to feed into the ERM
II) Risk IT Lite to Develop a One-Off Continuous Improvement Program
A simpler alternative is to work with both the business and IT management using elements of the Risk IT
framework to conduct a Risk IT assessment and create a continuous improvement program.
Approach and Deliverables
This Risk IT Lite approach uses elements of the Risk IT framework and involves the following:
1. Top-Down Business Review - Input from business representatives on areas and assets to
take into account Top 5 Business and Top 5 IT Risks and feedback on frequent IT events.
2. Bottom-Up IT Department Risk Review - Obtain IT Risk Register, incident & audit reports, change logs,
former risk reports and feedback on IT trend analysis.
3. Analyse Review Results - Review IT Department Risk Register and discussion with IT senior management.
Findings are reviewed with CIO & CRO and/or relevant business representatives to agree IT risk rating and
response.
4. Reporting - Issue initial IT Risk Continuous Improvement plan to key stakeholders (via email) and amend
draft report given IT senior management feedback given senior management feedback
4. IT Business Risk and Compliance Services
Mike Wright
Mobile +61(4) 17 044 622
Email: mike@wrightlane.com.au 4 | P a g e
4. How comfortable are you with your Website?
The scope of this review assesses the existing website against known best practice and provides a
controls related compliance view of the existing website environment. The purpose of this work is to
identify any areas of the website for enhancement in order to have a more cost effective, sustainable
and secure website environment.
Approach and Deliverables
Review and map the existing website environment against best practice standards including the
Web-based applications in use and the data they use, the controls in place such as application
development standards including data validation, change management, and testing. Website
accountabilities for access administration, performance monitoring are reviewed.
Assess whether adequate processes exist for the management of the existing website
environment in regard to a Data Management Strategy and benchmark the existing website
infrastructure against the latest multi-layered best practice standards.
Create a report with recommendations for consideration including the deficiencies of the existing
website and a detailed plan of issues identified during the review.
5. Are your IT policies up-to-date, when were they last reviewed?
IT best practice recommends that management review IT policies periodically to ensure they reflect new
technology, changes in the environment such as regulatory compliance and significant changes in
business processes in exploiting information technology for competitive gain. As such, a practical
alternative given the constraints on in-house IT compliance resources is to outsource this activity and
Wright Lane Services is in a position to fulfill this requirement.
Approach and Deliverables
Can either review and revise existing IT policies benchmarked against
best practice or supply a new set of IT policies.
Evaluate whether the IT policies reflect the existing IT environment
including new technology and threats.
Evaluate whether the IT Policies reflect the latest governmental, legal
and regulatory requirements.
Evaluate whether the IT Policy is integrated with the overall
corporate policies such as HR and Procurement.
Recommend an IT Policy framework including the individual IT
policies themselves.
Recommend a strategy on how best to implement the IT policies to
best affect once agreed by management.
5. IT Business Risk and Compliance Services
Mike Wright
Mobile +61(4) 17 044 622
Email: mike@wrightlane.com.au 5 | P a g e
6. Has your company outsourced part or all of your IT Function? If so, is it working?
The objective of carrying out an outsourcing review is to determine whether:
The risks associated with outsourcing, such as continued availability of services, acceptable levels of services
and security of information are adequately and effectively mitigated through appropriate controls that are
implemented and functioning.
The objectives of outsourcing are being achieved.
The IT strategy has been suitably modified to make best use of outsourcing.
The outsourcing of IT work involves assessing outsourced risk in relation to software development, application
support & maintenance and infrastructure management services. It must look at the total picture. Outsourcing has
many benefits but it also needs constant monitoring to evaluate both the technical and business aspects, as
necessary, to assess the health of the outsourcing and takes necessary corrective or improvement actions.
Approach and Deliverables
The review would typically involve reviewing the following:
o Services Agreement and Statement of Work
o High-level monitoring, connectivity and network security
o Data security
o Project monitoring and governance
o Compliance with regulatory requirements
o Benefit measurement
o Customer satisfaction
o Impact on IT strategy
Create a report with recommendations for consideration including
the deficiencies of the existing website and a detailed plan of issues
identified during the review.
7. Does your company adequately govern IT project investment and realise the benefits?
Poor IT project management governance of IT investment can occur due to a lack of project business cases and
accountability for benefits realisation. This can be because no formal enterprise wide business justification process
exists. Therefore the following approach needs to be given the remit by senior management to establish the
following process facilitated by IT but owned by the business unit sponsors.
Approach and Deliverables
The following steps would be undertaken as per ISACA Val-IT best practice program template:
Step 1—Review IT project Initiation document (PID) with all the relevant data followed by
analysis of the data concerning:
o Step 2—Alignment analysis
o Step 3—Financial benefits analysis
o Step 4—Non-financial benefits analysis
o Step 5—Risk analysis
Step 6 —Appraisal and optimisation of the risk/return of the IT-enabled investment
Step 7 —The Project Business Case Evaluation would be agreed with IT and lodged with the
IT PMO by the Project Manager. Any significant scope changes would be updated to the business
6. IT Business Risk and Compliance Services
Mike Wright
Mobile +61(4) 17 044 622
Email: mike@wrightlane.com.au 6 | P a g e
case and any benefits realisation impact reviewed.
8. Does Your Internal Audit Department need to assess the IT environment but can't justify a full-time IT Audit
resource?
Wright Lane Services can provide part time IT audit compliance and IT risk consultancy to supplement existing
capability and capacity with a full
suite of IT audit services and
requirements.
Approach and Deliverables
Perform IT Audits
identified on existing
Internal Audit schedule.
Perform an IT Risk
Assessment to create a
3- Year IT Audit Plan
customised to meet your
IT environment coupled
with the strategic
business objectives of
your organisation.
Perform one off senior
management requests
such as investigations
related to IT applications.
Project Healthchecks.
9. Does the business or IT department require support for a new application or service but is not sure how to
develop a RFI or RFP?
Wright Lane Services can provide the necessary support to interface between IT and the business to ensure that the
business requirements for a proposed IT application provision are understood (and in some cases, justified) as part
of the RFI & RFP preparation and analysis. This starts by verifying whether a simpler in-house solution already exists
and if not, ensuring the business understand and will realise the benefits of a turnkey outsourced supplier solution.
Approach and Deliverables
The steps involved include:
1. Identifying the Need
2. Development of Specification?
3. Selecting the Procurement Method
4. Developing the Specification and Contract Documents
5. Seeking, Clarifying and Closing Offers
6. Evaluating Offers
7. Identifying the Preferred Supplier
8. Negotiating the Contract
9. Disposals
10. Evaluating the procurement process
Group Internal Audit 3-Year IT audit Plan
Audit Year
IT Audit Name IT Audit Scope IT Audit Objectives
IT Risk
Rating
Generic IT Risk Topics
Covered
2011
Network Management and
IT Security Review
Evaluate the design, implementation and monitoring of logical
access controls to ensure the confidentiality, integrity, availability and
authorised use of information assets
Evaluate network infrastructure security to ensure the confidentiality,
integrity, availability and authorised use of the network and
information transmitted
IT continuity plans to reduce the impact of a major
disruption on key business functions exist
Preventive, detective and corrective measures are
in place (especially up-to-date security patches and
virus control) across the organisation to protect
information systems and technology from malware
(e.g., viruses, worms, spyware, spam).
M
L
Malware and Logical
attacks
Logical trespassing
2011
Database Management
Review
Evaluate data administration practices to ensure the integrity and
optimisation of databases
Evaluate sample of enterprise databases
Ensure management of: security policy; user
accounts and user access; access login and
reviewing; disaster recovery plans; logical and
physical access controls for infrastructure;
administrative and systemic user access controls
L Data(base) integrity
2012
IT Project Management
Governance Framework
Audit
IT Program Management
For a sample of large, medium and small IT projects to review that:
IT PM methodology followed
Cost and performance management are in place
Quality plan exists to deliver benefits to business expectations
Implementations thus far have been managed adequately
Standards are maintained for all development and
acquisition and follow the life cycle of the ultimate
deliverable, and include sign-off at key milestones
based on agreed-upon sign-off criteria.
Measure project performance against key project
performance scope, schedule, quality, cost and risk
criteria.
An implementation and fallback/backout plan exists
with approval from relevant parties.
H
M
Software implementation,
IT project termination and
Project delivery & project
quality
IT programme selection
2013 IT Operations Audit
Evaluate operations management to ensure that IT support functions
effectively meet business needs
Evaluate the use of capacity and performance monitoring tools and
techniques to ensure that IT services meet the organisation’s
objectives
Plan the actions to be taken for the period when IT
is recovering and resuming services. Manage
facilities, including power and communications
equipment, in line with laws and regulations,
technical and business requirements, vendor
specifications, and health and safety guidelines.
Define and implement procedures for backup and
restoration of systems, applications, data and
documentation in line with business requirements
and the continuity plan.
L
M
M
L
Software performance
System capacity
Utilities performance
Information media
2013
Physical and
Environmental Controls
Audit
Physical Controls
Evaluate the design, implementation and monitoring of physical
controls to ensure that information assets are adequately
safeguarded
Environmental Controls
Evaluate the design, implementation and monitoring of
environmental controls to prevent or minimise loss
Define and implement procedures to grant, limit
and revoke access to premises, buildings and
areas according to business needs
Define and implement physical security measures
in line with business requirements to secure the
location and the physical assets.
Include background checks in the IT recruitment
process and should be applied for employees,
contractors and vendors.
L
L
L
Physical and
Environmental
Infrastructure (hardware)
Infrastructure theft and
destruction of
infrastructure