GTAG1 IT Controls

download GTAG1 IT Controls

of 10

Transcript of GTAG1 IT Controls

  • 7/29/2019 GTAG1 IT Controls

    1/10

    www.theiia.org

    IT Controls

    Global Technology Auditing Guide 1

  • 7/29/2019 GTAG1 IT Controls

    2/10

    www.theiia.org

    What This Guide Covers

    Understanding of IT controls

    Importance of IT controls

    Organizational roles and responsibilities

    for ensuring IT controls

    Analyzing risks

    Monitoring and techniques

    IT control assessment

  • 7/29/2019 GTAG1 IT Controls

    3/10

    www.theiia.org

    IT control is a processthat provide assurancefor information andinformation services, and

    help to mitigate risksassociated with use oftechnology.

    Two components Automation of business

    controls Control of IT

    Understanding IT Controls

  • 7/29/2019 GTAG1 IT Controls

    4/10

    www.theiia.org

    Understanding Controls

    Classification General Controls

    Application Controls

    Classification Preventative

    Detective

    Corrective

    Classification Governance controls

    Management controls

    Technical controls

  • 7/29/2019 GTAG1 IT Controls

    5/10

    www.theiia.org

    A top-down approach used when considering controls toimplement and determining areas on which to focus.

    Understanding IT Controls

  • 7/29/2019 GTAG1 IT Controls

    6/10

    www.theiia.org

    Importance of IT Controls

    Needs for IT controls, such as

    controlling cost

    remaining competitive

    protecting of information

    assets complying with laws and

    regulation

    Implementing effective ITcontrol will improve efficiency,

    reliability, flexibility andavailability of assuranceevidence

  • 7/29/2019 GTAG1 IT Controls

    7/10

    www.theiia.org

    Roles and Responsibilities Board of Directors

    /Governing Body

    Management define,

    approve, implement IT

    controls or understand theuse of IT controls

    Auditor

    Internal Auditors -

    assurance

    External Auditors

    periodical auditing

  • 7/29/2019 GTAG1 IT Controls

    8/10

    www.theiia.org

    Based On Risk Analyzing Risk

    Identify risks

    Consider risk indetermining the adequacyof IT controls

    Define risk mitigationstrategy accept/eliminate/share/control/mitigate

    Consider Baseline ITcontrols

  • 7/29/2019 GTAG1 IT Controls

    9/10

    www.theiia.org

    Monitoring & Techniques Monitoring &

    Assessing IT Controls

    Choose a controlframework

    Use proper auditmethodology

    Ongoingmonitoring/specialreview/automated

    continuous auditing

  • 7/29/2019 GTAG1 IT Controls

    10/10

    www.theiia.org

    Assessment

    Assessing IT controls is an

    ongoing process, because

    business processes are

    constantly changing

    Technology continues toadvance

    Threats evolve as new

    vulnerabilities emerge

    Audit methods keep

    improving