GTAG1 IT Controls

download GTAG1 IT Controls

of 10

Transcript of GTAG1 IT Controls

  • 7/29/2019 GTAG1 IT Controls

    1/10

    www.theiia.org

    IT Controls

    Global Technology Auditing Guide 1

  • 7/29/2019 GTAG1 IT Controls

    2/10

    www.theiia.org

    What This Guide Covers

    Understanding of IT controls

    Importance of IT controls

    Organizational roles and responsibilities

    for ensuring IT controls

    Analyzing risks

    Monitoring and techniques

    IT control assessment

  • 7/29/2019 GTAG1 IT Controls

    3/10

    www.theiia.org

    IT control is a processthat provide assurancefor information andinformation services, and

    help to mitigate risksassociated with use oftechnology.

    Two components Automation of business

    controls Control of IT

    Understanding IT Controls

  • 7/29/2019 GTAG1 IT Controls

    4/10

    www.theiia.org

    Understanding Controls

    Classification General Controls

    Application Controls

    Classification Preventative

    Detective

    Corrective

    Classification Governance controls

    Management controls

    Technical controls

  • 7/29/2019 GTAG1 IT Controls

    5/10

    www.theiia.org

    A top-down approach used when considering controls toimplement and determining areas on which to focus.

    Understanding IT Controls

  • 7/29/2019 GTAG1 IT Controls

    6/10

    www.theiia.org

    Importance of IT Controls

    Needs for IT controls, such as

    controlling cost

    remaining competitive

    protecting of information

    assets complying with laws and

    regulation

    Implementing effective ITcontrol will improve efficiency,

    reliability, flexibility andavailability of assuranceevidence

  • 7/29/2019 GTAG1 IT Controls

    7/10

    www.theiia.org

    Roles and Responsibilities Board of Directors

    /Governing Body

    Management define,

    approve, implement IT

    controls or understand theuse of IT controls

    Auditor

    Internal Auditors -

    assurance

    External Auditors

    periodical auditing

  • 7/29/2019 GTAG1 IT Controls

    8/10

    www.theiia.org

    Based On Risk Analyzing Risk

    Identify risks

    Consider risk indetermining the adequacyof IT controls

    Define risk mitigationstrategy accept/eliminate/share/control/mitigate

    Consider Baseline ITcontrols

  • 7/29/2019 GTAG1 IT Controls

    9/10

    www.theiia.org

    Monitoring & Techniques Monitoring &

    Assessing IT Controls

    Choose a controlframework

    Use proper auditmethodology

    Ongoingmonitoring/specialreview/automated

    continuous auditing

  • 7/29/2019 GTAG1 IT Controls

    10/10

    www.theiia.org

    Assessment

    Assessing IT controls is an

    ongoing process, because

    business processes are

    constantly changing

    Technology continues toadvance

    Threats evolve as new

    vulnerabilities emerge

    Audit methods keep

    improving


IT Governance Controls

IT Governance Controls

Auditing IT Governance Controls

Auditing IT Governance Controls

ITG General Controls / IT Risk Assessment Taking it to the ... · PDF fileITG General Controls / IT Risk Assessment – Taking it to ... and governance concerns have contributed to

ITG General Controls / IT Risk Assessment Taking it to the ... · PDF fileITG General Controls / IT Risk Assessment – Taking it to ... and governance concerns have contributed to

Inventory: Control It Before It Controls You

Inventory: Control It Before It Controls You

Internal Controls Over Payroll Processes and IT General Controls

Internal Controls Over Payroll Processes and IT General Controls

IT Security Controls in Spanish

IT Security Controls in Spanish

Control Change Before it Controls You

Control Change Before it Controls You

Information Technology Auditing IT Controls

Information Technology Auditing IT Controls

INTERNAL CONTROLS for IT cape@cviog.uga.edu. Internal Controls: An Overview Internal Controls: An Overview Objectives Define what internal controls are.

INTERNAL CONTROLS for IT [email protected]. Internal Controls: An Overview Internal Controls: An Overview Objectives Define what internal controls are.

ASHRAE IT Equipment Thermal Management and Controls … 2012 IT Equipment... · IT Equipment Thermal Management and Controls ... switches or other enterprise hardware may ... processor

ASHRAE IT Equipment Thermal Management and Controls … 2012 IT Equipment... · IT Equipment Thermal Management and Controls ... switches or other enterprise hardware may ... processor

IT Security Controls IT Security Controls and Services - Docbox - ETSI

IT Security Controls IT Security Controls and Services - Docbox - ETSI

Information Technology General Controls (ITGCs) 101 · 2015-12-03  · Introduction Why are IT General Controls Important? Types of Controls IT General Controls Review - Audit Process

Information Technology General Controls (ITGCs) 101 · 2015-12-03  · Introduction Why are IT General Controls Important? Types of Controls IT General Controls Review - Audit Process

Switch-It Alternative Drive Controls Catalog

Switch-It Alternative Drive Controls Catalog

Chapter 2 auditing it governance controls

Chapter 2 auditing it governance controls

Internal Controls Over Payroll Processes and IT …qa.osc.nc.gov/eagle/Internal Controls Over Payroll...Internal Controls Over Payroll Processes and IT General Controls April 6, 2011

Internal Controls Over Payroll Processes and IT …qa.osc.nc.gov/eagle/Internal Controls Over Payroll...Internal Controls Over Payroll Processes and IT General Controls April 6, 2011

IT Governance, Controls and Security:

IT Governance, Controls and Security:

Soft Controls in IT Auditing

Soft Controls in IT Auditing

Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.

Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.

AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst of Controls (SAC306)

AWS re:Invent 2016: Encryption: It Was the Best of Controls, It Was the Worst of Controls (SAC306)

1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.

1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.