February 24, 2012 8:57 PM
Posted by: Robert Davis
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Audit,
Internal Audit,
IT Audit,
ITG,
Performance Measurement,
Resource Management,
Risk Management,
Strategic Alignment,
Value DeliveryPrimary drivers for IT governance audit planning are verifying governance existence, adequacy, and risk management. However, as with standard IT audits, a general control environment, information systems, and control procedures understanding...
February 21, 2012 9:28 PM
Posted by: Robert Davis
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Audit,
Internal Audit,
IT Audit,
ITG,
Performance Measurement,
Resource Management,
Risk Management,
Strategic Alignment,
Value DeliveryIT governance audits normally have an organizational focus. ‘Organizational-based’ IT governance audits examine deployed frameworks, managerial issues, and departmental activities. However, if during...
February 17, 2012 8:50 PM
Posted by: Robert Davis
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Audit,
Internal Audit,
IT Audit,
ITG,
Performance Measurement,
Resource Management,
Risk Management,
Strategic Alignment,
Value DeliveryTo prevent expectation misinterpretation, the IT governance engagement ‘terms of reference’ should minimally address engagement ambit, reporting lines, and IT audit authority. Specifically, IT governance functional areas and issues definitions; identified ‘highest-organization-level’...
February 17, 2012 8:43 PM
Posted by: Robert Davis
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Audit,
Internal Audit,
IT Audit,
ITG,
Performance Measurement,
Resource Management,
Risk Management,
Strategic Alignment,
Value DeliveryReflective of ISACA standards and guidelines, the IT audit process should be replicated within for-profit and not-for-profit entities. “Topics which should be considered are set by COBIT in the IT Governance Management Guidelines.” However, an audit committee’s perceived mandate and mission...
February 10, 2012 9:36 PM
Posted by: Robert Davis
Certified Information Systems Auditor,
Certified Information Technology Professional,
Certified Internal Auditor,
Certified Internal Controls Auditor,
Certified Public Accountant,
External Audit,
Internal Audit,
IT Audit,
ITG,
Performance Measurement,
Resource Management,
Risk Management,
Strategic Alignment,
Value DeliveryGovernance supports stakeholder expectations related to management’s fiduciary responsibilities. Governance also reflects how an enterprise achieves its stated mission. Specifically, as presented in the Cadbury Committee...
September 20, 2011 8:33 PM
Posted by: Robert Davis
COBIT,
Control Environment,
IT Architecture,
Project Management,
Risk Management,
Risk Mitigation,
Risk ToleranceAt the departmental-level, value delivery risks are generally an inducement for the entity’s executive management to designate an IT managerial group (e.g. IT Portfolio Management Committee) or individual (e.g. Chief Information Officer) to oversee
September 16, 2011 9:24 PM
Posted by: Robert Davis
COBIT,
Control Environment,
IT Architecture,
Project Management,
Risk Management,
Risk Mitigation,
Risk ToleranceAs a logical assumption, IT project management is a primary governance point for the entity’s ITG program. Therefore, derivatively, management’s CE due diligence regarding IT project governance policies will significantly reduce systems and infrastructure life cycle risks.
At the...
September 13, 2011 8:56 PM
Posted by: Robert Davis
Audit Oversight Committee,
COBIT,
Control Environment,
Due Diligence,
IT Architecture,
Project Management,
Risk Management,
Risk Mitigation,
Risk ToleranceAn entity's oversight committee should provide internal and external controls due diligence. In this regard, entity oversight committees normally delegate responsibility, accountability, and authority to an audit oversight committee that: evaluates project controls, interfaces...
September 9, 2011 8:31 PM
Posted by: Robert Davis
COBIT,
Control Environment,
IT Architecture,
Project Management,
Risk Management,
Risk Mitigation,
Risk ToleranceIT project governance can only be effective if those influencing project decisions are adequately informed. Project management policies, procedures, rules, and individual responsibilities should be distributed to all affected parties. Furthermore, the risk awareness program...
