Audit and Compliance
in ____________________________________ looking at the fiduciary, quality and security requirements of an organisation, the «to-be-managed» IT risks are identified. Based on these major risks, the CobiT® control framework is used to determine a set of generally accepted best practices.
. Risk analysis.
Audit Steps
1. Determination of needs. 2. Preparation. 3. Execution. 4. Finalization.
what is the IT audit methedology comtains:
1. Risk analysis. 2. IT Audit preparation 3. IT Audit Execution
The goal of project audit is to evaluate if :
1. project decision-making is appropriate. 2. projects are adequately managed. 3. concurrent project governance and risk management meet the business requirements.
Principles of Audit
1. systematic, independent and documented process. 2. Different objectives can be pursued. 3. can be performed for different organisation areas. 4. Different frameworks are used depending on the area covered.
________________ is systematic, independent and documented process for obtaining evidence and for determining objectively which agreed criteria are fulfilled.
Audit
in IT Audit Preparation :
Audit scope > Potential IT risks > cobit control objectives.
allows you to implement your business processes according to the best practices.
Business process management (BPM)
control measures that should be in place to manage those risks are determined with the help of the COBIT®.
COBIT control Objectives
This step defines the exact audit context and agrees on the risks to be mitigated.
Determination of needs
in this step the involved persons are interviewed. The effectiveness of the control design is evaluated and the operational effectiveness of controls is tested.
Execution.
in this step the conclusions are presented to the management.
Finalization.
IT allow you to :
ISMMOM 1. identify business requirements; 2.select and prioritize IT projects; 3.manage and mitigate IT risks; 4.manage the complexity of the IT environment; 5. optimize your IT resources; 6.monitor your IS with key performance indicators.
____________ audit takes in account your enterprise strategy and assesses the current practices and control activities
IT
_____________checks the level of compliance with a list of requirements defined in standards and allows the developmentof recommendations.
IT audit
____________________________audit evaluating the IT processes and structures
IT audit or information
provides reasonable assurance on the efficiency, the effectiveness and the security of the information systems.
IT audit team
_______________discussion on how much effort is to be spent on mitigating these IT risks. Actions plans are then drawn up.
IT control system evaluation
in IT Audit Execution
IT control system evaluation > Audit option and recommendations > Management reporting and debriefing
in risk analysis:
IT objective >IT risks > cobit control framework
________________ audit takes into account your enterprise strategy and evaluates the practices,
Internal
in this step the required information for the execution of the audit are gathered.
Preparation.
____________audit takes into account the enterprise strategy and assess the practices
Project
(T/F) A project audit aims at uncovering issues, concerns and challenges encountered in the execution of a project.
T
determines which IT processes or resources will be audited.
The audit scope
_____________audit assessing the board and management practices
governance
________________ audit assessing internal processes and controls.
integrated
Internal audit allow you to:
•achieve your strategic objectives; •contribute to the creation of added value; •control the risks related to your operational activities; •optimise the used resources; •monitor you activities with key indicators and balanced scorecards.
The optimization of your enterprise processes allows toy to:
•eliminate superfluous and redundant activities; •optimize your human, financial and physical resources; •reduce the workloads; •improve the cycle times; •save working costs; •adjust your processes to the technological evolutions.
a project audit allow you to:
•identify your business requirements; •build your project portfolio; •select and prioritise your projects; •control the risks related to your projects; •manage the project complexity; •optimise the resources of your project teams; •monitor your project with key indicators.
Process revision consists of 3 major steps:
•the understanding of the existing processes and the establishment of flow diagrams. •the analysis of the processes and the performance indicators and the identification of the improvement opportunities; •the innovation by improving your processes and by determining the optimisation actions