Auditing IT Governance IIA

Auditing It Governance Iia-PDF Download

  • Date:12 Sep 2020
  • Views:2
  • Downloads:0
  • Pages:41
  • Size:1.25 MB

Share Pdf : Auditing It Governance Iia

Download and Preview : Auditing It Governance Iia


Report CopyRight/DMCA Form For : Auditing It Governance Iia


Transcription:

About Supplemental Guidance, Supplemental Guidance is part of The IIA s International Professional Practices Framework IPPF. and provides additional recommended nonmandatory guidance for conducting internal audit. activities While supporting the International Standards for the Professional Practice of Internal. Auditing Supplemental Guidance is intended to address topical areas as well as sector specific. issues in greater procedural detail than the Standards or Implementation Guides Supplemental. Guidance is endorsed by The IIA through formal review and approval processes. Practice Guides,Practice Guides are a type of Supplemental. Guidance that provide detailed step by step,approaches featuring processes procedures. tools and programs as well as examples of,deliverables. Practice Guides are intended to support,internal auditors Practice guides are also.
available to support,Financial Services,Public Sector. Information Technology GTAG,For an overview of authoritative guidance. materials provided by The IIA please visit,www globaliia org standards guidance. www theiia org Auditing IT Governance 2,Table of Contents. Executive Summary 4,Introduction 5,IT Governance Overview 6.
Business Significance 8,Key Risks 10,IT Governance Components 10. The Role of Internal Audit in IT Governance 12,Proficiency 13. Engagement Planning 15, 1 Understand the context and purpose of the engagement 15. 2 Gather information 17,2 1 Obtain and Document Information 17. 2 2 Interviewing Relevant Stakeholders 18,3 Conduct a preliminary risk assessment 19.
4 Form engagement objectives 20,4 1 Consulting Engagement Objectives 21. 5 Establish engagement scope 22,6 Allocate resources 23. 7 Document the plan 23,Reporting the Engagement Results 24. Appendix A Related IIA Standards and Guidance 25,Appendix B Glossary 26. Appendix C IT Governance Internal Controls Questionnaire 28. Appendix D Risk and Controls Matrix for IT Governance 31. Appendix E Additional Resources 39,Acknowledgements 40.
www theiia org Auditing IT Governance 3,Executive Summary. Taking a strategic approach to implementing, information technology IT governance helps Alignment of organizational. organizations address the speed of technological objectives and IT is more about. advancements IT services proliferation and the governance and less about. greater dependency on IT to meet organizational technology Governance assures. objectives Effective IT governance contributes to alternatives are evaluated. control efficiency and effectiveness and allows the execution is appropriately directed. organization s investment in IT to realize both and risk and performance are. financial and nonfinancial benefits Often when monitored. controls are poorly designed or deficient a root cause. is weak or ineffective IT governance, IT governance is directly related to organizational oversight of IT assets and risks making it a shared. responsibility of senior management1 and the board Senior management carries out the day to. day direction that tactically aligns with the overall strategic guidance of the board to ensure the. effective efficient and acceptable use of IT resources The primary outcomes of effective IT. governance include, IT strategies are aligned with organizational objectives. Risks are identified and managed properly, IT investments are optimized to deliver value to the organization.
IT performance is defined measured and reported using meaningful metrics. IT resources are managed effectively, Absent or poor IT governance can have significant negative impacts on an organization both. financially and reputationally Recovery from such impacts requires time energy and money In. many organizations there is a disconnect between senior management and IT due to the old belief. that IT exists solely to deliver day to day IT services In reality IT is critical in the development of. competitive advantage and to support the achievement of the organization s goals and strategic. objectives, The internal audit activity is uniquely positioned and staffed within an organization to assess whether. the information technology governance of the organization supports the organization s strategies. and objectives and to make recommendations as needed Implementation Standard 2110 A2. As the second edition of Auditing IT Governance this GTAG has been updated to reflect the 2017. International Professional Practices Framework and to be more directly practical to internal auditors. 1Senior management usually includes the chief executive officer CEO chief financial officer CFO chief operations. officer COO chief marketing officer CMO,www theiia org Auditing IT Governance 4. Introduction, The highest level of governance is organizational governance which is defined by the International. Standards for the Professional Practice of Internal Auditing as the combination of processes and. structures implemented by the board to inform direct manage and monitor the activities of the. organization toward the achievement of its objectives. IT governance is a subdiscipline of organizational governance consisting of the leadership. organizational structures policies and processes that ensure that the enterprise s information. technology supports the organization s strategies and objectives IT governance supports the. organization s regulatory legal environmental and operational requirements to enable the. achievement of strategic plans and aspirations Other subdisciplines include corporate governance. responsible for conformance processes and business governance responsible for performance. processes Figure 1 shows the relationship between organizational governance and IT governance. Figure 1 Organizational Governance and IT Governance Relationship. Organizational Governance,Corporate Business,IT Governance.
Governance Governance,Key Organizational Assets,Human Physical Financial. Assets Assets Assets,IT Governance,Structures,Mechanisms. Adapted from Institute de la Gouvernance des Systems d Information The place of IT Governance. in the Enterprise Governance 2005,www theiia org Auditing IT Governance 5. The objective of this guidance is to assist internal auditors in providing assurance services over IT. governance The guide provides a high level description of IT governance processes practices and. terminology to help internal auditors attain an understanding of the concept of governance and its. characteristics of good governance processes, This edition provides tools and techniques to help internal auditors build a work program and perform. engagements involving IT governance,IT Governance Overview.
Implementing IT governance is an imperative part of organizational strategies because it is. fundamentally concerned with goals that ensure that IT delivers value to the business in a. controlled and effective manner A typical IT governance framework would focus on five key areas. Strategic alignment IT governance provides strategic direction of IT and the alignment. of IT and the business with respect to services and projects business objectives up to. date IT strategy linkage between business objectives and IT initiatives. Risk management IT governance can help determine what processes are in place to. ensure that risks have been adequately addressed Additionally it can ensure that. enterprise risk management includes risk aspects of IT investments defined. responsibilities for risk management defines a common risk analysis methodology and. define strategies for addressing risks continuous monitoring of threats occurrence and. impact in a holistic manner, Value delivery IT governance helps IT and the business to create a partnership designed. to drive maximum business value from IT The business is enabled to oversee the delivery. of value by IT and measure return on investments ROI IT tactical plan execution and. clear benefits for each level of the organization For example system uptime. infrastructure strategy degree of automation in the software development SDLC. strategy productivity operational strategy and ultimately revenue IT financial. Performance measurement IT governance provides the mechanisms to verify strategic. compliance i e achievement of strategic IT objectives measure IT performance and its. contribution to the bottom line i e delivery of promised business functionality Further. metrics include continuous monitoring and reporting follow up policies root cause. analysis and problem management benchmarking against industry practices and proven. standards or frameworks, Resource management IT governance provides high level direction for sourcing and use. of IT resources to oversee the aggregate funding of IT at the enterprise level and ensure. there is an adequate IT capability and infrastructure to support current and expected. future business requirements sourcing strategies human management practices user. manuals segregation of duties time reporting infrastructure life cycle management. service level agreements SLAs and acceptable usage policies. www theiia org Auditing IT Governance 6, Some of the challenges that IT governance can help organizations address include. The increasing complexity of IT environments, A growing dependency on data to make business decisions. The proliferation of mobile devices, The need to exchange information with customers service providers and business.
The increasing risk of cyberattacks, An increase in laws and regulations related to data protection. In the IT governance conceptual framework senior management and the board are responsible for. establishing the organization s IT objectives in alignment with the overall business strategy. defining IT strategies to achieve business objectives and establishing IT governance policies. organizational structures and processes to manage the risks to accomplishing those objectives. IT management is responsible for the day to day activities of an organization planning executing. and monitoring the use of IT resources to ensure the achievement of the strategies and policies. established by the board, The role of internal audit in IT governance has become increasingly important in the wake of global. financial crises and high profile information security breaches According to survey results. published in The IIA s CBOK report Promoting and Supporting Effective Organizational. Governance internal audit is well positioned to promote and support organizational governance. and thus help achieve a balance between value creation and value preservation. Internal audit s role includes the responsibility to assess and make recommendations to improve. the organization s governance processes Standard 2110 Governance to help prevent. governance failures and improve strategic performance as part of the third line of defense. In the Three Lines of Defense model operational management including IT represents the first. line of defense and is responsible for the implementation and maintenance of processes and. controls to manage risks Compliance functions and risk management represent the second line of. defense and are responsible for monitoring risks across the organization Internal audit represents. the third line of defense and is responsible for providing independent assurance that risk. management and controls are operating effectively and advise senior management and the board. when deficiencies are identified,www theiia org Auditing IT Governance 7. Figure 2 shows the responsibilities for the Three Lines of Defense model as it relates to IT. governance, Figure 2 Three Lines of Defense in Reference to IT Governance. IT Governance,IT Management, Source The IIA Position Paper The Three Lines of Defense in Effective Risk Management and Control.
Altamonte Springs Fla USA The Institute of Internal Auditors 2013 Adapted from ECIIA FERMA. Guidance on the 8th EU Company Law Directive article 41. There are many internationally recognized IT governance frameworks that can be used to. supplement this guidance Frameworks such as ITIL COBIT ISO IEC 38500 King III and King IV. reports cover in more detail the processes and mechanisms needed to develop implement evaluate. and improve an IT governance program This guide is focused on the processes and mechanisms that. internal audit can use to assess whether the IT governance program supports the organization s. strategies and objectives in conformance with Implementation Standard 2110 A2. Business Significance, The information and technological components of an organization are among its most important. assets A lack of appropriate governance over information stored processed or produced by IT. systems can have a significant negative impact on an organization ranging from fines and penalties. to a damaged reputation that can take time energy and money to rebuild Simply put IT. governance can influence and impact the entire organization not only IT. Greater dependency on systems and information means that organizations have to invest greater. resources to improve and maintain their IT environments These are expected to help manage risk. improve operations and create value by delivering services that help achieve financial and. nonfinancial organizational objectives,www theiia org Auditing IT Governance 8. The main focus of IT governance is on creating alignment. between organizational priorities and IT objectives to. Auditing Supplemental Guidance is intended to address topical areas as well as sector specific Appendix C IT Governance Internal Controls Questionnaire 28 Appendix D Risk and Controls Matrix for IT Governance 31 Appendix E Additional Resources 39 Acknowledgements 40 www theiia org Auditing IT Governance 4 Executive Summary Taking a strategic approach to implementing

Related Books