UNPAD Session 03 - IT Process v 2
Transcript of UNPAD Session 03 - IT Process v 2
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 1/31
#!@
Technology and SecurityRisk Services
Session 3
IT Process
for Universitas PadjadjaranEDP Audit ± S1 Accounting
Session 3
IT Process
for Universitas PadjadjaranEDP Audit ± S1 Accounting 27 September 2003
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 2/31
#!@
IS Audit Syllabus1. Introduction of IS Audit
2. IT Environment
3. IT Process
4. General Computer Control Review (1)
5. General Computer Control Review (2)
6. General Computer Control Case Study
7. Kuliah Umum
8. Mid-semester Exam
9. Application Control Review
10. Data Analysis Approach
11. IT Audit Integration
12. Application Control Case Study
13. IT Security14. IT Risk Management & IT Governance
15. ERP Systems
16. Final Exam
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 3/31
#!@
Learning Objectives:
Gain understanding of the IT processes which
includes:
± Planning and Organization
± Acquisition and Implementation
± Delivery and Support
± Monitoring
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 4/31
#!@
Technology and SecurityRisk Services
IntroductionIntroduction
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 5/31
#!@
Management Expectations of
IT
Re-Engineered Processes
Right-Sizing
Distributed Processing
Flattened Organizations
Outsourcing
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 6/31
#!@
Management
R esponsibilitiesfor IT
Safeguarding Assets
Information as Most Valuable
Asset
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 7/31
#!@
OPPORTUNITY
Both Management IT Expectations
and Management IT ResponsibilitiesNeed a Control Framework.
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 8/31
#!@
Technology and SecurityRisk Services
CObITCObIT
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 9/31
#!@
CObIT is this required
controls framework.
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 10/31
#!@
Control
OB jectivesfor Information
and Related Technology
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 11/31
#!@
COb
IT¶s
Mission
To research, develop, publicize, and
promote an authoritative, up-to-date,
international set of g enerally accepted IT control objectives for day-to-day use
by business managers and auditors.
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 12/31
#!@
SC
OPE & OBJEC
TIV
ES
* Generally applicable and accepted standard
for good practices for IT control
* For application to enterprise-wide IS* Starting from a framework for control in IT
* Based on ISACA¶s Control Objectives
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 13/31
#!@
WHO NEEDS CObIT?
Management
Users Auditors
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 14/31
#!@
Management Needs CObIT
IT investment decisions
Balance of risk and control Benchmark existing and future IT environment
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 15/31
#!@
Users Need CObIT
To obtain assurance on return on costs,
on security, and control of products andservices they acquire internally and
externally.
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 16/31
#!@
IS Auditors Need CObIT
To substantiate opinions to management
on internal controls To answer the question of what are the
minimum controls necessary
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 17/31
#!@
FRAMEWORKS
WHAT IS A F RAM E WORK?
WHY DO YOU NEED O NE ?
HOW DID TH E C OBI T O NE C OM E ABOUT?
WHAT IS TH E C OBI T F RAM E WORK?
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 18/31
#!@
In order to provide the
information that the
organization needs toachieve its objectives, IT
resources need to be
managed by a set of
naturally grouped
processes.
Cobit¶s Golden RuleCobit¶s Golden Rule
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 19/31
#!@
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 20/31
#!@
Bu siness R eq u irements = Information Criteria
Effectiveness: deals with information being relevant and pertinent to the
business process as well as being delivered in a timely, correct,
consistent, usable and complete manner.
Efficiency : concerns the provision of information through the optimal
(most productive and economical) usage of resources.
Confidentiality : concerns the protection of sensitive information from
unauthorized disclosure.
Integrity : relates to the accuracy and completeness of information as well
as its validity in accordance with business¶ set of values andexpectations.
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 21/31
#!@
Availability : relates to information being available when required by the business
process, and hence also concerns the safeguarding of resources.
Compliance: deals with complying with those lays, regulations, and contractual
obligations to which the business process is subject i.e., externally imposed
business criteria
R eliability of Information: relates to systems providing management with appropriate
information for both it to use in operating the entity, in providing financial
reporting to users of the financial information, and in providing information
to report to regulatory bodies with regard to compliance with laws and
regulations.
Bu siness R eq u irements = Information Criteria
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 22/31
#!@
Information Technology Resources
Data
Data objects in their widest sense i.e., external and internal, structuredand not structured, graphics, sound, etc.
Application Systems
Collections of computer programs performing a specific task or tasks
and understood in the CobiT context to be both manual and computerized.
Technology
Hardware, operating systems, data base management, networking, multi-
media, telecommunications, telephone
Facilities
Resources to house and support information systems
People
Staff, their skills, awareness and productivity to plan, organize, acquire, deliver
support and monitor information systems and services.
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 23/31
#!@
Information Processes -- The 3rd Component
Domains
Processes
Activities
Natural grouping of processes, often
matching an organizational domain
of responsibility
A series of joined activities withnatural (control) breaks.
Actions needed to achieve a
measurable result. Activities
have a life-cycle whereas tasks
are discrete
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 24/31
#!@
Technology and SecurityRisk Services
The Domains
Planning and Organization Acquisition and ImplementationDelivery and SupportMonitoring
The Domains
Planning and Organization Acquisition and ImplementationDelivery and SupportMonitoring
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 25/31
#!@
Planning and Organization
Define a Strategic Plan
Determine Information Architecture
Define Technological Direction
Define Organization and Relationships
Manage the Investment Communicate Management Aims and Direction
Manage Human Resources
Ensure Compliance with External Requirements
Access Risk
Manage Projects
Manage Quality
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 26/31
#!@
Acquisition and Implementation
Identify Automated Solutions
Acquire and Maintain Application
Software
Acquire and Maintain Technology
Infrastructure
Develop and Maintain Procedures
Install and Accredit Systems Manage Changes
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 27/31
#!@
Delivery and Support
Define Service Levels Manage Third Party Services
Manage Performance and Capacity
Ensure Continuous Service
Ensure System Security
Identify and Attribute Costs Educate and Train Users
Assist and Advise Customers
Manage the Configuration
Manage Problems and
Incidents Manage Data
Manage Facilities
Manage Operations
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 28/31
#!@
Monitoring
Monitor the Processes
Assess internal control adequacy
Obtain Independent Assurance Provide for independent audit
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 29/31
#!@
End of Presentation
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 30/31
#!@
Q & AQ & A
8/7/2019 UNPAD Session 03 - IT Process v 2
http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 31/31
#!@
Technology and SecurityRisk Services
Thank YouThank You