IT审计相关知识英文版).ppt_第1页
IT审计相关知识英文版).ppt_第2页
IT审计相关知识英文版).ppt_第3页
IT审计相关知识英文版).ppt_第4页
IT审计相关知识英文版).ppt_第5页
已阅读5页,还剩55页未读 继续免费阅读

下载本文档

版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领

文档简介

AdvancedInformationTechnologyandManagement ITAuditandControlModelofInformationandRelatedTechnology COBITHukejinWhzhu ITAuditISACA InformationSystemsAuditandControlAssociation CISA CertifiedInformationSystemAuditor COBIT ControlObjectivesForInformationandRelatedTechnologyInformationSystemsAuditandControlFoundationITGovernanceInstitute 1 ITAuditOverview2 COBITOverview3 COBITArchitecture4 ControlObjectives5 ManagementGuidelines6 AuditGuidelines 1 ITAuditOverview AuditingObjectives SecurityReliabilityEffectiveness Scopeoftheaudit 1 InformationSystems2 tocoverlifecycleofIS AuditPlan DefinitionofScopeandObjectives Analysisandunderstandingofstandardprocedures Evaluationofsystemandinternalcontrols AuditProceduresanddocumentationofevidence Analysisoffactsencountered Formationofopinionoverthecontrols Presentationofreportandrecommendations AuditTechniques Compliancetests Substantivetests Auditingprogram IntegratedTestFacility ParallelSimulation Snapshot Tracing ProgramCodeComparison ComputerAssistedAuditTechniquesandTools AuditWorkTeam Manager Responsiblefortheauditandqualitycontrol Senior teamleader Responsiblefortheworkpapers Staff Responsiblefortheperformanceoftheaudit AuditReport ProgressReports WorkPapers OtherWorkPapers PreliminaryReports FinalAuditReport 1 Whatisourmission 2 Whatareourgoalsandhowwillweachievethem 3 Howcanwemeasureourperformance 4 Howwillweusethatinformationtomakeimprovements 1 AccountingAudit2 SystemAudit3 PerformanceAudit BusinessReferenceModel BRM LinesofBusiness Agencies Customers PartnersServiceComponentReferenceModel SRM ServiceDomains ServiceTypes Business ServiceComponentsTechnicalReferenceModel TRM ServiceComponentInterfaces Interoperability Technologies RecommendationsData InformationReferenceModel DRM Business focusedDataStandardization Cross AgencyInformationExchangesPerformanceandBusiness DrivenPerformanceReferenceModel PRM Inputs Outputs andOutcomes UniquelyTailoredITPerformanceIndicatorsComponent BasedArchitectures PerformanceReferenceModel PRM Inputs Outputs andOutcomes UniquelyTailoredITPerformanceIndicators BusinessReferenceModel BRM LinesofBusiness Agencies Customers Partners ServiceComponentReferenceModel SRM ServiceDomains ServiceTypes Business ServiceComponents TechnicalReferenceModel TRM ServiceComponentInterfaces Interoperability Technologies Recommendations Data InformationReferenceModel DRM Business focusedDataStandardization Cross AgencyInformationExchanges PerformanceandBusiness Driven Component BasedArchitectures THEFEAREFERENCEMODELFRAMEWORK HUMANCAPITAL MISSIONANDBUSINESSRESULTS CUSTOMERRESULTD VALUE VALUE STRATEGICOUTCOMS INPUT TECHONLOGY OTHERFIXEDASSETS PROCESSANDACTIVITY Missionandbusiness criticalresultsalignedwiththeBusinessReferenceModel Resultsmeasuredfromacustomerperspective Thedirecteffectsofday to dayactivitiesandbroaderprocessesmeasuredasdrivenbydesiredoutcomes UsedtofurtherdefineandmeasuretheModeofDeliveryinThebusinessreferencemodel Keyenablersmeasuredthroughtheircontributiontooutputs andbyextensionoutcomes DataandInformationReferenceModel DRM DataandInformationReferenceModel DRM iscurrentlyunderdevelopment COBITisthemodelforITgovernance 2 COBITOverview BusinessRequirements ITManagement ITResources 1 ExecutiveSummary2 Framework3 ControlObjectives4 ManagementGuidelines5 AuditGuidelines6 ImplementationToolset Thecontrolof whichsatisfy isenabledby considering ITProcesses BusinessRequirements ControlStatements ControlPractices DataApplicationSystems Technology Facilities People EventsBusinessObjectivesBusinessOpportunitiesExternalRequirementsRegulationsRisks InformationEffectivenessConfidentialityIntegrityAvailabilityComplianceReliability Messageinput Serviceoutput BusinessProcesses Information ITResources ITResources PeopleApplicationSystemsTechnologyFacilitiesData InformationCriteriaeffectivenessconfidentialityintegrityavailabilitycompliancereliability Dotheymatch Whatyouget Whatyouneed Informationcriteria ITdomains ITresources Planning organization Acquisition implementation Delivery support Monitoring Domains Processes Activities InformationCriteria ITProcesses ITResources Quality Fiduciary Security people ApplicationSystems Technology Facilities Data Domains Processes Activities Tasks 3 COBITArchitecture Managementframework Managementguidelines Controlobjectives Auditguidelines Toolset Managementguidelines Maturitymodels Criticalsuccessfactors Keygoalindicators Keyperformanceindicators ITdomains Planning Organization Acquisition Implementation Delivery Support Monitoring COBITITProcessesDefinedWithintheFourDomains COBIT BusinessObjectives Information ITResources Planning Organization Acquisition Implementation Delivery Support Monitoring ITResources ITResources ApplicationSystems Data ApplicationSystems Technology Facilities People Domains Processes Processes Activities Tasks InformationCriteria Quality Fiduciary Security QualityCostDelivery EffectivenessEfficiencyReliabilityCompliance ConfidentialityIntegrityAvailability 4 ControlObjectives High LevelControlObjectives34 ControlOvertheITProcess ControlObjectives318 ControlOvertheActivities Tasks Planning Organization PO1defineastrategicITplanPO2definetheinformationarchitecturePO3determinethetechnologicaldirectionPO4definetheITorganizationandrelationshipsPO5managetheITinvestmentPO6communicatemanagementaimsanddirectionPO7managehumanresourcesPO8ensurecompliancewithexternalrequirementsPO9assessrisksPO10manageprojectsPO11managequality Acquisition Implementation AI1identifysolutionsAI2acquireandmaintainapplicationsoftwareAI3acquireandmaintaintechnologyarchitectureAI4developandmaintainITproceduresAI5installandaccreditsystemsAI6managechanges Delivery Support DS1defineservicelevelsDS2managethird partyservicesDS3manageperformanceandcapacityDS4ensurecontinuousserviceDS5ensuresystemssecurityDS6identifyandattributecostsDS7educateandtrainusersDS8assistandadviseITcustomersDS9managetheconfigurationDS10manageproblemsandincidentsDS11managedataDS12managefacilitiesDS13manageoperations Monitoring M1monitortheprocessesM2assessinternalcontroladequacyM3obtainindependentassuranceM4provideforindependentaudit DOMAIN Process InformationCriteria ITResources Planning Organization PO1PO2PO3PO4PO5PO6PO7PO8PO9PO10PO11 EffectivenessEfficiencyConfidentialityIntegrityAvailabilityComplianceReliability PeopleApplicationSystemsTechnologyFacilitiesData DOMAIN Process InformationCriteria ITResources PeopleApplicationSystemsTechnologyFacilitiesData EffectivenessEfficiencyConfidentialityIntegrityAvailabilityComplianceReliability PO1defineastrategicITplan Planning Organization PO2definetheinformationarchitecture PSSS PS Management sQuestion1 Howdoresponsiblemanagers keeptheshiponcourse 2 Howtoachieveresultsthataresatisfactoryforthelargestpossiblesegmentofourstakeholders 3 Howtotimelyadapttheorganizationtotrendsanddevelopmentsintheenterprise senvironment Dashboards Scorecards Benchmarking Benchmarking 5 ManagementGuidelines MaturityModelsCSFKGIKPI GenericMaturityModel 0Non Existent1Initial2Repeatable3Defined4Managed5Optimized 0 1 2 3 4 5 Non Existent Initial Repeatable Defined Managed Optimized EnterpriseCurrentStatus InternationalStandardGuidelines IndustryBestPractice EnterpriseStrategy Goals Enablers BalancedBusinessScorecard InformationTechnology Measure Outcome Measure Performance CriticalSuccessFactors CSF DefinethemostimportantissuesoractionsformanagementtoachievecontroloverandwithinitsITprocesses KeyGoalIndicators KGI Definemeasuresthattellmanagement afterthefact whetheranITprocesshasachieveditsbusinessrequirements KeyPerformanceIndicators KPI Definemeasurestodetermi
人人文库> 全部分类> 应用文书 > 办公表格

温馨提示

  • 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
  • 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
  • 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
  • 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
  • 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
  • 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
  • 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

最新文档

评论

0/150

提交评论