To satisfy business objectives, information needs to conform to certain criteria, which COBIT refers to as “business requirements for information.” In establishing the list of requirements, COBIT combines the principles embedded in existing and known reference models:
QUALITY requirements include quality, cost and delivery. This is no different than the historical “better, cheaper and faster” approach.
FIDUCIARY requirements recently have been outlined by the Committee of Sponsoring Organisations (Treadway Commission) indicating that management must attest to its organisation’s effectiveness and efficiency of operations, reliability of financial reporting (not financial reports), and compliance with laws and regulations.
SECURITY requirements require confidentiality, integrity and availability of all information.
Present the 11 high-level objectives contained in the Plan and Organise domain.
Present the six high-level objectives contained in the Acquire and Implement domain.
Present the 13 high-level objectives contained in the Deliver and Support domain.
Please give personal comments or experience with this process.
Based on the IT governance model, to ensure that management reaches its business objectives, it must direct and manage IT activities to reach an effective balance between managing risks and realising benefits. To accomplish this, management needs to identify the most important activities to be performed, measure progress towards achieving goals and determine how well the IT processes are performing.
The critical success factors (CSFs) were defined to support the objectives of the IT governance model. The key goal indicators (KGIs) and key performance indicators (KPIs) presented in the next sections are defined to support monitoring the performance of the organisation relative to these objectives.
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the second of the four-part generic audit guideline—Evaluating Controls.
The audit steps to be performed, in light of assessing the effectiveness of control measures in place or the degree to which the control objective is achieved.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the third of the four-part generic audit guideline—Assessing Compliance
The audit steps to be performed to ensure that the control measure established are working as prescribed consistently and continuously.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the last and fourth part of the generic audit guideline—Substantiating Risk
The audit steps to be performed to substantiate the risk of the control objective not being met by using analytical techniques and/or consulting alternative sources.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines
This slide outlines the first of the four-part generic audit guideline—Obtaining Understanding.
The audit steps to be performed to document the activities underlying the control objectives as well as to identify the control measures/procedures put in place.
(READ STEPS ALOUD IF YOU LIKE.)
Reference: Page 20 of COBIT Audit Guidelines