Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Chapter 1 IT Governance The process for controlling an organization’s IT resources Resources are defined to include – information and communication systems, and technology Explains – influence of IT on business transactions Creates – opportunities, but these opportunities bring w/ them risks Part of Enterprise Governance – process of setting/implementing corporate strategy, making sure the organization achieves its objectives efficiently, and manage risks. Objective: using IT to – 1) promote an organization’s objectives and enable business processes 2) manage and control IT related risks CobiT’s IT Governance Management Guideline Identifies critical success factors, key goal and performance indicators, and an IT governance maturity model Figure 1-1 (p.3) IT Governance Framework Steps: organization sets its IT objectives follows a continual process in which performance is measure and compared against those objectives the above process provides direction for (1) increasing IT resources, decreasing cost, and managing risk IT and Transaction (Tx) Processing Information system (IS) collects transaction data and turn them into information Information is made available to stockholders Computerized Tx information systems increase some risks and decrease others Example: 1. Risk of error is higher in manual barcode entry then if a computer system was used to scan an inventory bar code (automation risk due to human error) 2. However, if the database admin. has accidentally mismatched an inventory item description and item number, then every sale of that inventory item will be recorded incorrectly (automation risk due to human error) Computers are reliable in that they do the same thing over and over the same way, but if that same thing is incorrect one time, it’s likely to be wrong all the time The Work of An Auditor 1. Ensure IT governance BY 2. Works as either internal or external auditor 3. Works on many kind of audit engagements 4. Provide internal control advice to management including reviewing draft procedures and systems under development. (Potential loss of objectivity from reviewing such projects in progress but value of internal control expertise can offset that) Examples of Audit Engagements: Evaluating control over specific applications – analyzing the risks and controls over applications such as e-business, ERP systems or other software
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Provide assurance over specific processes – agreed upon procedure between the auditor and client Provide 3-rd party assurance – evaluate risks/controls over a 3 rd party’s IS and provide assurance to others Penetration testing – efforts to gain access to information resources to discover security
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/27/2012 for the course ITM 595 taught by Professor Davidchan during the Spring '12 term at Ryerson.

Page1 / 6


This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online