it审计与控制模型cobit(同济大学刘仲英教授)-

Advanced Information Technology and Management,IT Audit and Control Model of Information and Related Technology -COBITHu kejin Whzhush163.net,IT AuditISACA (Information Systems Audit andControl Association)CISA (Certified Information System Auditor),COBIT- Control Objectives For Information and Related TechnologyInformation Systems Audit and Control FoundationIT Governance Institute,1. IT Audit Overview2. COBIT Overview3. COBIT Architecture4. Control Objectives5. Management Guidelines6. Audit Guidelines,1. IT Audit Overview,Auditing Objectives,Security Reliability Effectiveness,Scope of the audit,1) Information Systems2) to cover life cycle of IS,Audit Plan,$ Definition of Scope and Objectives. $ Analysis and understanding of standard procedures. $ Evaluation of system and internal controls. $ Audit Procedures and documentation of evidence. $ Analysis of facts encountered. $ Formation of opinion over the controls. $ Presentation of report and recommendations.,Audit Techniques,$ Compliance tests. $ Substantive tests. $ Auditing program. $ Integrated Test Facility. $ Parallel Simulation. $ Snapshot $ Tracing $ Program Code Comparison $ Computer Assisted Audit Techniques and Tools.,Audit Work Team,$ Manager: Responsible for the audit andquality control. $ Senior/team leader: Responsible for thework papers. $ Staff: Responsible for the performanceof the audit.,Audit Report,Progress Reports. Work Papers. Other Work Papers. Preliminary Reports. Final Audit Report.,1）What is our mission?2）What are our goals and how will we achieve them?3） How can we measure our performance?4）How will we use that information tomake improvements?,1）Accounting Audit2）System Audit3）Performance Audit,Business Reference Model (BRM) Lines of Business Agencies, Customers, Partners Service Component Reference Model (SRM) Service Domains, Service Types Business & Service Components Technical Reference Model (TRM) Service Component Interfaces, Interoperability Technologies, Recommendations Data & Information Reference Model (DRM) Business-focused Data Standardization Cross-Agency Information Exchanges Performance and Business-Driven Performance Reference Model (PRM) Inputs, Outputs, and Outcomes Uniquely Tailored IT Performance Indicators Component-Based Architectures,Performance Reference Model (PRM) Inputs, Outputs, and Outcomes Uniquely Tailored IT Performance Indicators,Business Reference Model (BRM) Lines of Business Agencies, Customers, Partners,Service Component Reference Model (SRM) Service Domains, Service Types Business & Service Components,Technical Reference Model (TRM) Service Component Interfaces, Interoperability Technologies, Recommendations,Data & Information Reference Model (DRM) Business-focused Data Standardization Cross-Agency Information Exchanges,Performance and Business-Driven,Component-Based Architectures,THE FEA REFERENCE MODEL FRAMEWORK,HUMAN CAPITAL,MISSION AND BUSINESSRESULTS,CUSTOMER RESULTD,VALUE,VALUE,STRATEGIC OUTCOMS,INPUT,TECHONLOGY,OTHERFIXED ASSETS,PROCESS AND ACTIVITY,Mission and business-critical results aligned with the Business Reference Model. Results measured from a customer perspective,The direct effects of day-to-day activities and broader processes measured as driven by desired outcomes. Used to further define and measure the Mode of Deliveryin The business reference model.,Key enablers measured throughtheir contribution to outputs and by extension outcomes,Data and Information Reference Model (DRM),Data and Information Reference Model (DRM) is currently under development,COBIT is the model for IT governance!,2. COBIT Overview,Business Requirements,IT Management,IT Resources,1). Executive Summary 2). Framework 3).Control Objectives 4).Management Guidelines 5).Audit Guidelines 6).Implementation Tool set,The control of,which satisfy,is enabled by,considering,IT Processes,Business Requirements,Control Statements,Control Practices,Data Application Systems,Technology,Facilities,People,Events Business Objectives Business Opportunities External Requirements Regulations Risks,Information Effectiveness Confidentiality Integrity Availability Compliance Reliability,Message input,Service output,Business Processes,Information,IT Resources,IT Resources,People Application Systems Technology Facilities Data,Information Criteriaeffectivenessconfidentialityintegrityavailabilitycompliancereliability,?,Do they match,What you get,What you need,Information criteria,IT domains,IT resources,Planning & organization,Acquisition & implementation,Delivery & support,Monitoring,Domains,Processes,Activities,Information Criteria,IT Processes,IT Resources,Quality,Fiduciary,Security,people,Application Systems,Technology,Facilities,Data,Domains,Processes,Activities/Tasks,3. COBIT Architecture,