Advanced Information Technology and Management,IT Audit and Control Model of Information and Related Technology -COBIT Hu kejin Whzhush163.net,IT Audit ISACA (Information Systems Audit and Control Association) CISA (Certified Information System Auditor),COBIT- Control Objectives For Information and Related Technology Information Systems Audit and Control Foundation IT Governance Institute,1. IT Audit Overview 2. COBIT Overview 3. COBIT Architecture 4. Control Objectives 5. Management Guidelines 6. Audit Guidelines,1. IT Audit Overview,Auditing Objectives,Security Reliability Effectiveness,Scope of the audit,1) Information Systems 2) to cover life cycle of IS,Audit Plan,$ Definition of Scope and Objectives. $ Analysis and understanding of standard procedures. $ Evaluation of system and internal controls. $ Audit Procedures and documentation of evidence. $ Analysis of facts encountered. $ Formation of opinion over the controls. $ Presentation of report and recommendations.,Audit Techniques,$ Compliance tests. $ Substantive tests. $ Auditing program. $ Integrated Test Facility. $ Parallel Simulation. $ Snapshot $ Tracing $ Program Code Comparison $ Computer Assisted Audit Techniques and Tools.,Audit Work Team,$ Manager: Responsible for the audit and quality control. $ Senior/team leader: Responsible for the work papers. $ Staff: Responsible for the performance of the audit.,Audit Report,Progress Reports. Work Papers. Other Work Papers. Preliminary Reports. Final Audit Report.,1）What is our mission? 2）What are our goals and how will we achieve them? 3） How can we measure our performance? 4）How will we use that information to make improvements?,1）Accounting Audit 2）System Audit 3）Performance Audit,Business Reference Model (BRM) Lines of Business Agencies, Customers, Partners Service Component Reference Model (SRM) Service Domains, Service Types Business & Service Components Technical Reference Model (TRM) Service Component Interfaces, Interoperability Technologies, Recommendations Data & Information Reference Model (DRM) Business-focused Data Standardization Cross-Agency Information Exchanges Performance and Business-Driven Performance Reference Model (PRM) Inputs, Outputs, and Outcomes Uniquely Tailored IT Performance Indicators Component-Based Architectures,Performance Reference Model (PRM) Inputs, Outputs, and Outcomes Uniquely Tailored IT Performance Indicators,Business Reference Model (BRM) Lines of Business Agencies, Customers, Partners,Service Component Reference Model (SRM) Service Domains, Service Types Business & Service Components,Technical Reference Model (TRM) Service Component Interfaces, Interoperability Technologies, Recommendations,Data & Information Reference Model (DRM) Business-focused Data Standardization Cross-Agency Information Exchanges,Performance and Business-Driven,Component-Based Architectures,THE FEA REFERENCE MODEL FRAMEWORK,HUMAN CAPITAL,MISSION AND BUSINESS RESULTS,CUSTOMER RESULTD,VALUE,VALUE,STRATEGIC OUTCOMS,INPUT,TECHONLOGY,OTHER FIXED ASSETS,PROCESS AND ACTIVITY,Mission and business-critical results aligned with the Business Reference Model. Results measured from a customer perspective,The direct effects of day-to-day activities and broader processes measured as driven by desired outcomes. Used to further define and measure the Mode of Delivery in The business reference model.,Key enablers measured through their contribution to outputs and by extension outcomes,Data and Information Reference Model (DRM),Data and Information Reference Model (DRM) is currently under development,COBIT is the model for IT governance!,2. COBIT Overview,Business Requirements,IT Management,IT Resources,1). Executive Summary 2). Framework 3).Control Objectives 4).Management Guidelines 5).Audit Guidelines 6).Implementation Tool set,The control of,which satisfy,is enabled by,considering,IT Processes,Business Requirements,Control Statements,Control Practices,Data Application Systems,Technology,Facilities,People,Events Business Objectives Business Opportunities External Requirements Regulations Risks,Information Effectiveness Confidentiality Integrity Availability Compliance Reliability,Message input,Service output,Business Processes,Information,IT Resources,IT Resources,People Application Systems Technology Facilities Data,Information Criteria effectiveness confidentiality integrity availability compliance reliability,?,Do they match,What you get,What you need,Information criteria,IT domains,IT resources,Planning & organization,Acquisition & implementation,Delivery & support,Monitoring,Domains,Processes,Activities,Information Criteria,IT Processes,IT Resources,Quality,Fiduciary,Security,people,Application Systems,Technology,Facilities,Data,Domains,Processes,Activities/Tasks,3. COBIT Architecture,Management