UNPAD Session 03 - IT Process v 2

8/7/2019 UNPAD Session 03 - IT Process v 2

http://slidepdf.com/reader/full/unpad-session-03-it-process-v-2 1/31

#!@

Technology and SecurityRisk Services

Session 3

IT Process

for Universitas PadjadjaranEDP Audit ± S1 Accounting

Session 3

IT Process

for Universitas PadjadjaranEDP Audit ± S1 Accounting 27 September 2003



#!@

IS Audit Syllabus1. Introduction of IS Audit

2. IT Environment

3. IT Process

4. General Computer Control Review (1)

5. General Computer Control Review (2)

6. General Computer Control Case Study

7. Kuliah Umum

8. Mid-semester Exam

9. Application Control Review

10. Data Analysis Approach

11. IT Audit Integration

12. Application Control Case Study

13. IT Security14. IT Risk Management & IT Governance

15. ERP Systems

16. Final Exam



#!@

Learning Objectives:

Gain understanding of the IT processes which

includes:

± Planning and Organization

± Acquisition and Implementation

± Delivery and Support

± Monitoring



#!@


IntroductionIntroduction



#!@

Management Expectations of

IT

Re-Engineered Processes

Right-Sizing

Distributed Processing

Flattened Organizations

Outsourcing



#!@

Management

R esponsibilitiesfor IT

Safeguarding Assets

Information as Most Valuable

Asset



#!@

OPPORTUNITY

Both Management IT Expectations

and Management IT ResponsibilitiesNeed a Control Framework.



#!@


CObITCObIT



#!@

CObIT is this required

controls framework.



#!@

Control

OB jectivesfor Information

and Related Technology



#!@

COb

IT¶s

Mission

To research, develop, publicize, and

promote an authoritative, up-to-date,

international set of g enerally accepted IT control objectives for day-to-day use

by business managers and auditors.



#!@

SC

OPE & OBJEC

TIV

ES

* Generally applicable and accepted standard

for good practices for IT control

* For application to enterprise-wide IS* Starting from a framework for control in IT

* Based on ISACA¶s Control Objectives



#!@

WHO NEEDS CObIT?

Management

Users Auditors



#!@

Management Needs CObIT

IT investment decisions

Balance of risk and control Benchmark existing and future IT environment



#!@

Users Need CObIT

To obtain assurance on return on costs,

on security, and control of products andservices they acquire internally and

externally.



#!@

IS Auditors Need CObIT

To substantiate opinions to management

on internal controls To answer the question of what are the

minimum controls necessary



#!@

FRAMEWORKS

WHAT IS A F RAM E WORK?

WHY DO YOU NEED O NE ?

HOW DID TH E C OBI T O NE C OM E ABOUT?

WHAT IS TH E C OBI T F RAM E WORK?



#!@

In order to provide the

information that the

organization needs toachieve its objectives, IT

resources need to be

managed by a set of

naturally grouped

processes.

Cobit¶s Golden RuleCobit¶s Golden Rule



#!@



#!@

Bu siness R eq u irements = Information Criteria

Effectiveness: deals with information being relevant and pertinent to the

business process as well as being delivered in a timely, correct,

consistent, usable and complete manner.

Efficiency : concerns the provision of information through the optimal

(most productive and economical) usage of resources.

Confidentiality : concerns the protection of sensitive information from

unauthorized disclosure.

Integrity : relates to the accuracy and completeness of information as well

as its validity in accordance with business¶ set of values andexpectations.



#!@

Availability : relates to information being available when required by the business

process, and hence also concerns the safeguarding of resources.

Compliance: deals with complying with those lays, regulations, and contractual

obligations to which the business process is subject i.e., externally imposed

business criteria

R eliability of Information: relates to systems providing management with appropriate

information for both it to use in operating the entity, in providing financial

reporting to users of the financial information, and in providing information

to report to regulatory bodies with regard to compliance with laws and

regulations.

Bu siness R eq u irements = Information Criteria



#!@

Information Technology Resources

Data

Data objects in their widest sense i.e., external and internal, structuredand not structured, graphics, sound, etc.

Application Systems

Collections of computer programs performing a specific task or tasks

and understood in the CobiT context to be both manual and computerized.

Technology

Hardware, operating systems, data base management, networking, multi-

media, telecommunications, telephone

Facilities

Resources to house and support information systems

People

Staff, their skills, awareness and productivity to plan, organize, acquire, deliver

support and monitor information systems and services.



#!@

Information Processes -- The 3rd Component

Domains

Processes

Activities

Natural grouping of processes, often

matching an organizational domain

of responsibility

A series of joined activities withnatural (control) breaks.

Actions needed to achieve a

measurable result. Activities

have a life-cycle whereas tasks

are discrete



#!@


The Domains

Planning and Organization Acquisition and ImplementationDelivery and SupportMonitoring

The Domains

Planning and Organization Acquisition and ImplementationDelivery and SupportMonitoring



#!@

Planning and Organization

Define a Strategic Plan

Determine Information Architecture

Define Technological Direction

Define Organization and Relationships

Manage the Investment Communicate Management Aims and Direction

Manage Human Resources

Ensure Compliance with External Requirements

Access Risk

Manage Projects

Manage Quality



#!@

Acquisition and Implementation

Identify Automated Solutions

Acquire and Maintain Application

Software

Acquire and Maintain Technology

Infrastructure

Develop and Maintain Procedures

Install and Accredit Systems Manage Changes



#!@

Delivery and Support

Define Service Levels Manage Third Party Services

Manage Performance and Capacity

Ensure Continuous Service

Ensure System Security

Identify and Attribute Costs Educate and Train Users

Assist and Advise Customers

Manage the Configuration

Manage Problems and

Incidents Manage Data

Manage Facilities

Manage Operations



#!@

Monitoring

Monitor the Processes

Assess internal control adequacy

Obtain Independent Assurance Provide for independent audit



#!@

End of Presentation



#!@

Q & AQ & A



#!@


Thank YouThank You

UNPAD Session 03 - IT Process v 2

Documents

Transcript of UNPAD Session 03 - IT Process v 2