GTAG1 IT Controls
-
Upload
emil-jabrailzadeh -
Category
Documents
-
view
216 -
download
0
Transcript of GTAG1 IT Controls
-
7/29/2019 GTAG1 IT Controls
1/10
www.theiia.org
IT Controls
Global Technology Auditing Guide 1
-
7/29/2019 GTAG1 IT Controls
2/10
www.theiia.org
What This Guide Covers
Understanding of IT controls
Importance of IT controls
Organizational roles and responsibilities
for ensuring IT controls
Analyzing risks
Monitoring and techniques
IT control assessment
-
7/29/2019 GTAG1 IT Controls
3/10
www.theiia.org
IT control is a processthat provide assurancefor information andinformation services, and
help to mitigate risksassociated with use oftechnology.
Two components Automation of business
controls Control of IT
Understanding IT Controls
-
7/29/2019 GTAG1 IT Controls
4/10
www.theiia.org
Understanding Controls
Classification General Controls
Application Controls
Classification Preventative
Detective
Corrective
Classification Governance controls
Management controls
Technical controls
-
7/29/2019 GTAG1 IT Controls
5/10
www.theiia.org
A top-down approach used when considering controls toimplement and determining areas on which to focus.
Understanding IT Controls
-
7/29/2019 GTAG1 IT Controls
6/10
www.theiia.org
Importance of IT Controls
Needs for IT controls, such as
controlling cost
remaining competitive
protecting of information
assets complying with laws and
regulation
Implementing effective ITcontrol will improve efficiency,
reliability, flexibility andavailability of assuranceevidence
-
7/29/2019 GTAG1 IT Controls
7/10
www.theiia.org
Roles and Responsibilities Board of Directors
/Governing Body
Management define,
approve, implement IT
controls or understand theuse of IT controls
Auditor
Internal Auditors -
assurance
External Auditors
periodical auditing
-
7/29/2019 GTAG1 IT Controls
8/10
www.theiia.org
Based On Risk Analyzing Risk
Identify risks
Consider risk indetermining the adequacyof IT controls
Define risk mitigationstrategy accept/eliminate/share/control/mitigate
Consider Baseline ITcontrols
-
7/29/2019 GTAG1 IT Controls
9/10
www.theiia.org
Monitoring & Techniques Monitoring &
Assessing IT Controls
Choose a controlframework
Use proper auditmethodology
Ongoingmonitoring/specialreview/automated
continuous auditing
-
7/29/2019 GTAG1 IT Controls
10/10
www.theiia.org
Assessment
Assessing IT controls is an
ongoing process, because
business processes are
constantly changing
Technology continues toadvance
Threats evolve as new
vulnerabilities emerge
Audit methods keep
improving