This document discusses various aspects of IT governance including:
1. The role of auditing in improving IT governance implementation and ensuring compliance. Information security governance should be integrated with IT governance with a focus on integrity, continuity of services, and protecting information assets.
2. The importance of enterprise architecture in documenting an organization's IT assets in a structured way to facilitate management, planning, and understanding of IT investments.
3. Key IT roles and responsibilities including systems analysis, security architecture, application programming, systems programming, and network management. The importance of segregating duties within information systems.
4. Risk management concepts including risk definitions, business objectives, types of risks, and estimating annual losses based on asset
3. CORPORATE
GOVERNANCE
Company Logo
Audit Role in IT Governance:
- Improve the quality and effectiveness of
the IT governance Implementation.
- Ensure compliance with IT governance
initiatives implemented
4. CORPORATE
GOVERNANCE
Company Logo
Information Security Governance
•IS Governance should be integrated with IT
Governance
•The focus should be on
• Integrity of information
• Continuity of services
• Information assets protection
6. CORPORATE
GOVERNANCE
IS Roles & Responsibilities
•Systems analysis
•Security Architect
•Application programming
•Systems programming
•Network management
Company Logo
7. Segregation of Duties Within IS
- Security administration and change management
- Computer operations and system development
- System development and System design
- System development and systems maintenance
- Segregated
- Segregated
- Segregated
12. Risk Definitions
“Risk is the possibility that an event will
occur and adversely affect the
achievement of objectives.”
COSO ERM – Integrated Framework (Jersey City, NJ: AICPAs, 2004), P5
“Risk [is] the possibility of an event
occurring that will have an impact on
the achievement of objectives. Risk is
measured in terms of impact and
likelihood”
IPPF (Altamonte Springs, FL: IIA, 2011), p.43
14. Risks
Company Logo
- Personnel Risk
- Information Security Risk
- Outsourcing Risk
- Operational Risk
- Financial Risk
- Compliance Risk
- Business Process Risk
15. Fraud
Lawsuits
Penalties and fines
Increased market share
New product
development
Increased revenue
Creating
shareholder
value
+
−
V
A
L
U
EPreserving
shareholder
value
ValueandRisk
Enterprise Risk Management (ERM) as an essential tool for good corporate governance, Rahaju Pal,
Deloitte - Enterprise Risk Services ,September 2010
16. Estimating Annual Losses
Company Logo
Single Loss Expectancy =
Asset Value $ X Exposure factor %
Annual Loss Expectancy =
Single Loss Expectancy X Annual rate of Occurrence
22. Role of IS in BPR
Company Logo
- Enable the new process though automation
- Provide IT Project Management Tools
- Provide IT Support
- Help in integrating business processes with the
IT systems.
23. Business Process Documentation
Company Logo
- Process Maps
- Risk Assessment
- Benchmarking
- Roles and Responsibilities
- Tasks and Activities
- Process Controls and Data Process Restrictions
24. Business Process Documentation
Company Logo
- Process Maps
- Risk Assessment
- Benchmarking
- Roles and Responsibilities
- Tasks and Activities
- Process Controls and Data Process Restrictions
25. Question1:
Company Logo
What is the main purpose of the IT Steering
Committee?
A.Implement the New IT System
B.Review vender contracts
C.Identify business issues and objectives
D.Develop the IT Plan and Strategy
26. Question2:
Company Logo
Which of the following strategies is used in
business process reengineering with the big
thinking approach?
A.Bottom-up
B.Business Impact Analysis
C.Outsourcing
D.Top-Down
27. Question3:
Company Logo
An organization implements IT governance to ensure
that it aligns its IT strategy with:
A.IT Objectives
B.Enterprise Objectives.
C.Audit Objectives.
D.Control Objectives.
28. Question4:
Company Logo
Security Administrator performs a very
important role in:
A. Creating the security policy
B.Testing Security System
C. Maintaining access rules
D. Ensuring data integrity
Editor's Notes
Risk begins with strategy formulation an objective settings
Risk is related to preserving shareholders value as well as create value. Upside and downside