Itgr 15ca3121 Semend Key
Itgr 15ca3121 Semend Key
Itgr 15ca3121 Semend Key
6A) Outline the process and procedure of Control Objectives for Information and
Related
Technologies; 4.1 & 5.0, Advantages and benefits of COBIT 5. 20M
Disadvantages of using COBIT to establish an IT management and governance frameworkIt is
costly, many organizations and businesses have avoided implementing it in their activities. The
major cost of this framework is that it needs a lot of knowledge and skill in order to implement
as a tool to provide support to information technology governance or in assessing the
performance of a company’s information technology. Additionally, the framework lacks
specifications concerning its connections especially between the determined benefits of an
activity and how it is reflected in the featured maturity model. The framework has all the
descriptions in terms of processes, activities, and responsibilities but it lacks the specification of
its connections (Moller, 2010). The maturity model provides a shallow analysis of the given
situation. Thus, it requires a very experienced analyst to conduct a credible maturity assessment
of an information technology organization using control objectives for information and related
technology (CobiT). Additionally, there is no evidence or assurance that the experienced
analystswould get the required solution regarding the maturity of an organization’s information
technology.OBJECTIVESAudit Objectives:It refers to specific goals of the audit and provides
basis for managing audit departments which could include the following:Ensures asset
safeguarding. Assets include the following 5 types of assets: data, application systems,
technology, facilities and peopleEnsures the seven attributes of data or information are
maintained: Accuracy, Validity, Reliability, Timeliness, Relevance, Completeness, Confidentiality
Compliance with regulations.( legal and regulatory requirements)CIA of information.
(Confidentiality, integrity, and availability)Compliance and Substantive Testing:Defining and
testing controls are important audit objectives. A control is a procedure or task that prevents staff
from failing to follow policy. For example, requiring the signature of the supervisor on every
employee time card is a way to stop people from getting paid for time they did not work. The
quality of the control, however, is based on the supervisor knowing where staffis and making
sure that the time card is accurate. THE SCOPE OF AN IS AUDITHowever, the normal scope of
an information systems audit still does cover the entire lifecycle ofthe technology under scrutiny,
including the correctness of computer calculations. The word "scope"is prefaced by "normal"
because the scope of an audit is dependent on its objective.Audits are always a result of some
concern over the management of assets. The concerned party may be a regulatory agency, an
asset owner, or any stakeholder in the operation of the systems environment, including systems
managers themselves. That party will have an objectivein commissioning the audit. The
objective may be validating the correctness of the systems