evaluating system controls cobit 5 integration system controls cobit 5 integration cuav 2017 annual...
TRANSCRIPT
Evaluating System ControlsCOBIT 5 Integration
CUAV 2017 Annual ConferenceMay 03, 2017
Glenn R. WilsonODU IT Audit Manager
Framework Based AuditingInternational Standards for the Professional Practice of Internal Auditing
2201 - Planning Considerations
In planning the engagement, internal auditors must consider:
• The objectives of the activity being reviewed and the means by which the activity controls its performance;
• The significant risks to the activity, its objectives, resources, and operations and the means by which the potential impact of risk is kept to an acceptable level;
• The adequacy and effectiveness of the activity's risk management and control processes compared to a relevant control framework or model; and
• The opportunities for making significant improvements to the activity's risk management and control processes.
2
COBIT 5 Capability LevelCOBIT 4.1 Maturity Model Levels 0 through 5
COBIT 5 ISO/IEC 15504 Based Capability Level
3
0 - Incomplete1 - Performed2 - Managed3 - Established4 - Predictable5 - Optimized
COBIT 5 Control Objectives
COBIT 5 does not make reference to specific control objectives.
COBIT 5 defines IT related goals and processes for achieving enterprise goals.
4
The assessment model enables assessments by enterprisesto support process improvement. Guidance is given in aseparate assessor guide on a scoping approach to select theprocesses to be assessed, including the use of ISACA’spublished COBIT 5 mappings to determine the processes tobe assessed.
These mappings include:
• Linking enterprise goals to enterprise-related IT goals• Linking enterprise-related IT goals to IT processes
Copyright© 2013 ISACA5
COBIT 5 IT Related Goals and Balanced Scorecard Dimensions
6
17 IT Related Goals • Financial (6)• Customer (2) • Internal (7) • Learning and Growth (2)
37 Defined Processes • Evaluate Direct and Monitor (5)• Align, Plan and Organize (13)• Build, Acquire and Implement (10) • Deliver Service and Support (6)• Monitor Evaluate, Assess (3)
Goal-Process Map
Evaluating System ControlsCOBIT 5 Integration
14
Questions?
Glenn R. WilsonODU IT Audit Manager