alignment of cobit to botswana it audit methodology n.
Skip this Video
Loading SlideShow in 5 Seconds..
Alignment of COBIT to Botswana IT Audit Methodology PowerPoint Presentation
Download Presentation
Alignment of COBIT to Botswana IT Audit Methodology

Loading in 2 Seconds...

play fullscreen
1 / 25

Alignment of COBIT to Botswana IT Audit Methodology - PowerPoint PPT Presentation

  • Uploaded on

Alignment of COBIT to Botswana IT Audit Methodology. Why COBIT. G ives a holistically view of the IT computing environment, starting with management issues to operational issues. I ts practical and addresses key IT issues

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Alignment of COBIT to Botswana IT Audit Methodology' - archer

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
why cobit
  • Gives a holistically view of the IT computing environment, starting with management issues to operational issues.
  • Its practical and addresses key IT issues
  • The COBIT IT assurance guide provides a clear road map from planning of the audit up to field work execution.
cobit it assurance guide
COBIT IT Assurance Guide
  • The guide is linked to COBIT processes outlining the control objectives, value drivers for the process, risk drivers and tests of controls to be performed by an assurance professional.
using it assurance guide
Using IT Assurance Guide

For Example for PO 1.2 Business-IT Alignment

Test of Controls questions as suggested by IT Assurance guide;

  • Confirm that the process for communicating business opportunities with IT management is reviewed and the importance of the process is communicated to the business and IT. Consider the update frequency of those processes.
cobit it assurance guide1
COBIT IT Assurance Guide
  • Enquire whether and confirm through interviews with the members of the IT management that they helped define enterprise goals. Ask them about their accountability for achieving enterprise goals, determine if they undertook what if analyses and confirm their commitment goals.
cobit it assurance guide2
COBIT IT Assurance Guide
  • Enquire with the business management and IT management to identify business processes that are dependent of IT. Consider whether the business and IT share the same view of the systems including their criticality, usage and reporting.
cobit it assurance guide3
COBIT IT Assurance Guide
  • Using the guide and with the understanding of your client environment you can now tailor make audit questions for your audit controls.
  • The following is the standard questions that Botswana uses for our clients
it strategy alignment questions
IT Strategy Alignment Questions

Extracted from The IT Audit Manual Botswana

  • Is there a strategic IT plan for the organization based on business needs?
  • Is there a steering committee with well-defined roles and responsibilities?
  • Does the IT department have clear-cut and well defined goals and targets?
  • Is there a system of reporting to top management and review in vogue?
it strategy alignment questions1
IT Strategy Alignment Questions
  • Does management provide appropriate direction on end user computing?
  • Are there procedures to update strategic IT plan?
type of it audits
Type of IT Audits

IT Performance Audits

  • Focuses on ensuring that IT systems are procured and implemented effectively, efficiently and economically. These audits were carried out in the years 2008 to 2010. Three projects have been successfully complemented namely;
type of it audits1
Type of IT Audits

Financial IT Audits

  • Carried out to ascertain that there are sufficient controls within the systems and applications so that financial auditors can place reliance on information processed through the applications.
review of the department of tertiary education project
Review of the Department of Tertiary Education project
  • General Objectives
  • To assess whether Student Loans Management System assists the DSPW to achieve its mandate.
  • Specific Objectives
  • To assess if the system assists the users in performing their tasks effectively.
  • To assess whether the project scope included all aspects of the department, including identification of stakeholders and key players.
review of the department of tertiary education project1
Review of the Department of Tertiary Education project
  • Specific Objectives continued
  • To assess how data integrity is maintained and indentify business continuity measures in place.
  • To identify how the system’s performance is managed and measured.
  • To assess whether was training carried out to assist users to use the system efficiently.
analysis of recommendation value added
Analysis of recommendation, Value added
  • Management was advised that reports produced by system should be appropriate and relevant to strategic decision making process. The recommendation emphasised that the use of the system should not only be focusing on processing loans but management should be in a position to gather enough information from the system to make strategic decisions. COBIT P0.1.1 IT value management and IT business alignment emphasise on the need for IT resources to be aligned to business strategies.
analysis of recommendation value added1
Analysis of recommendation, Value added
  • Management was further advised to conform to Government IT Projects Guidelines and requirements. The government of Botswana has established IT project guidelines which guides IT officers on how to manage a project including documentation of user requirements, project initiation report, project memorandum and project end reports. The IT Projects guidelines are aligned to COBIT.
analysis of recommendation value added2
Analysis of recommendation, Value added
  • The use of and understanding of COBIT has significantly improved our audit methodology. Recommendation provided to clients are based on best standard and therefore if implemented will greatly improve on IT processes. Benchmarking on a recognized framework also gives assurance to the client that the criterion being used is fair.
analysis of recommendation value added3
Analysis of recommendation, Value added
  • What is important in providing recommendation to the client is having an understanding of the environment in which they work within and its limitations. This can be achieved through discussion of finding with the clients, identification of mitigating controls and finding a cost effective recommendation.
cobit 5
  • COBIT 5 which was release early in 2012 aim is to align COBIT to other frameworks such as Val IT, ITIL, ISO270002 and Prince 2.
  • COBIT 5 clearly defines governance and management and separates the duties of two roles.
  • COBIT 5 introduces 5 principles and 7 enablers
  • The concept of goal cascade from stakeholder needs to operation duties is emphasized. (Considering IT related interests of internal and external shareholders)
cobit 51
  • The control objectives are no longer explicitly defined.
  • The framework processes have increased from 34 to 37. The new processes included are
      • APO 04Manage Innovation
      • APO 10Manage Supplies
      • BAI 06Manage Knowledge
cobit 52

COBIT 5 products;

COBIT 5 the framework

COBIT 5 Enablers

  • COBIT 5 enabling processes
  • COBIT 5 enabling information

COBIT 5 Professionals

  • COBIT 5 Implementation
cobit 53
  • COBIT 5 Professional Continued
  • COBIT 5 for Information Security-Available
  • COBIT 5 For Assurance (In development)
  • COBIT 5 for Risk (In development)