Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

CISA Review Courses - Slides Part2

Download as PPT, PDF
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP

This document discusses various aspects of IT governance including: 1. The role of auditing in improving IT governance implementation and ensuring compliance. Information security governance should be integrated with IT governance with a focus on integrity, continuity of services, and protecting information assets. 2. The importance of enterprise architecture in documenting an organization's IT assets in a structured way to facilitate management, planning, and understanding of IT investments. 3. Key IT roles and responsibilities including systems analysis, security architecture, application programming, systems programming, and network management. The importance of segregating duties within information systems. 4. Risk management concepts including risk definitions, business objectives, types of risks, and estimating annual losses based on asset

1 of 28
LOGO CISA Review Course Iyad Mourtada, CIA, CMA, CFE, CPLP Introduction to IT Governance
wps.cn/moban Company Logo IT Value Delivery Stakeholders Value Drivers Performance Measurement Risk Management Strategic Alignment IT GOVERNANCE
CORPORATE GOVERNANCE Company Logo Audit Role in IT Governance: - Improve the quality and effectiveness of the IT governance Implementation. - Ensure compliance with IT governance initiatives implemented
CORPORATE GOVERNANCE Company Logo Information Security Governance •IS Governance should be integrated with IT Governance •The focus should be on • Integrity of information • Continuity of services • Information assets protection
CORPORATE GOVERNANCE Enterprise Architecture Organizations should in structured way document its IT assets in to facilitate understanding, management and planning for IT investments • Performance • Business • Service component • Technical • Data Company Logo
CORPORATE GOVERNANCE IS Roles & Responsibilities •Systems analysis •Security Architect •Application programming •Systems programming •Network management Company Logo
Segregation of Duties Within IS - Security administration and change management - Computer operations and system development - System development and System design - System development and systems maintenance - Segregated - Segregated - Segregated
wps.cn/moban Risk Management
CISA Review Courses - Slides Part2
CISA Review Courses - Slides Part2
CISA Review Courses - Slides Part2
Risk Definitions “Risk is the possibility that an event will occur and adversely affect the achievement of objectives.” COSO ERM – Integrated Framework (Jersey City, NJ: AICPAs, 2004), P5 “Risk [is] the possibility of an event occurring that will have an impact on the achievement of objectives. Risk is measured in terms of impact and likelihood” IPPF (Altamonte Springs, FL: IIA, 2011), p.43
Business Objectives Strategic Objectives Operations Objectives Reporting Objectives Compliance Objectives COSO ERM – Integrated Framework (Jersey City, NJ: AICPAs, 2004), P5
Risks Company Logo - Personnel Risk - Information Security Risk - Outsourcing Risk - Operational Risk - Financial Risk - Compliance Risk - Business Process Risk
Fraud Lawsuits Penalties and fines Increased market share New product development Increased revenue Creating shareholder value + − V A L U EPreserving shareholder value ValueandRisk Enterprise Risk Management (ERM) as an essential tool for good corporate governance, Rahaju Pal, Deloitte - Enterprise Risk Services ,September 2010
Estimating Annual Losses Company Logo Single Loss Expectancy = Asset Value $ X Exposure factor % Annual Loss Expectancy = Single Loss Expectancy X Annual rate of Occurrence
Impact and Probability
Managing Risk Control Share/Transfer Mitigate & Control Accept (Mointor) High Risk Medium Risk Medium Risk Low Risk Low High High I M P A C T PROBABILITY
Business Process Reengineering Company Logo - Business Efficiency - Improved Techniques - New Requirements BPR project is strategic in nature
Principles for BPR Company Logo - Think Big - Incremental - Hybrid Approach
BPR Implementation Steps Company Logo - Envision - Initiate - Diagnose - Redesign - Reconstruct - Evaluate
Role of IS in BPR Company Logo - Enable the new process though automation - Provide IT Project Management Tools - Provide IT Support - Help in integrating business processes with the IT systems.
Business Process Documentation Company Logo - Process Maps - Risk Assessment - Benchmarking - Roles and Responsibilities - Tasks and Activities - Process Controls and Data Process Restrictions
Business Process Documentation Company Logo - Process Maps - Risk Assessment - Benchmarking - Roles and Responsibilities - Tasks and Activities - Process Controls and Data Process Restrictions
Question1: Company Logo What is the main purpose of the IT Steering Committee? A.Implement the New IT System B.Review vender contracts C.Identify business issues and objectives D.Develop the IT Plan and Strategy
Question2: Company Logo Which of the following strategies is used in business process reengineering with the big thinking approach? A.Bottom-up B.Business Impact Analysis C.Outsourcing D.Top-Down
Question3: Company Logo An organization implements IT governance to ensure that it aligns its IT strategy with: A.IT Objectives B.Enterprise Objectives. C.Audit Objectives. D.Control Objectives.
Question4: Company Logo Security Administrator performs a very important role in: A. Creating the security policy B.Testing Security System C. Maintaining access rules D. Ensuring data integrity

More Related Content

CISA Review Courses - Slides Part2

Editor's Notes

  1. Risk begins with strategy formulation an objective settings
  2. Risk is related to preserving shareholders value as well as create value. Upside and downside