Google

Wednesday, November 28, 2007

Auditing using COBIT IT Assurance Guide

In COBIT, there is this thing called "IT Assurance Guide".
As an IT auditor, you can also used it during the audit execution stage.

Some of the components of IT Assurance Guide and the idea behind it:-
  • Value Drivers = what value can we add to the process
  • Risk Drivers = what can go wrong in the process
  • Test the Control Design = Identify controls in place
  • Test the Outcome of the Control Objective = Compliance Testing, if the control is in place-test whether it is working or not
  • Document the Impact of Control Weaknesses = Substantive Testing, if there is no control or control is not working, how serious is the impact (the substance).

Labels:

posted by man at 11:41 PM 0 comments

technorati tags:

Monday, November 26, 2007

Strategy for IT Audit planning

In planning for an IT audit, the first step is to determine the audit universe, i.e. all areas taht is under the responsibility of the CIO (Chief Information Officer)

Audit universe can be determined from the:
  • organisation structure,
  • COBIT 34 IT processes or
  • subject e.g. Datawarehouse.
Using 34 COBIT IT processes as audit universe
If you are using the 34 IT audit processes, assess all the 34 IT processes maturity (in COBIT), rank the maturity of each IT processes from the scale of 0-5.

Also assess the business impact of the processes failure and likelihood of the process failure. Areas which has high business impact and high likelihood of happening (based on previous history) should be given more attention.

Alternatively, you can also linking the audit universe to the 34 COBIT IT processes. Example "IT Budget audit" can be link to PO5, Manage the IT Investment.

What to audit first?

Audit the “ IT Risk Management” process first using either;

- COBIT Assurance Guide: PO9 “ Assess and Manage IT Risk”

- FFIEC “Management” Handbook, IT Risk Management Process

Also audit the “IT Governance” using ISACA Guidelines.

‘To be continued’

Labels:

posted by man at 9:58 PM 0 comments

technorati tags:

Tuesday, November 06, 2007

TCP / IP - An animated discussion

An animated discussion about how data is moved around on the internet. Topics include TCP/IP, Routing Information Protocol (RIP), Open Shortest Path First Protocol (OSPF), Border Gateway Protocol (BGP), Backbones, Automous Systems, Interior Gateway Protocols, Exterior Gateway Protocols, Hiding Routes, Hops, Sliding Windows, and Ports. (c) 1996 ACCAD

Labels:

posted by man at 12:41 AM 0 comments

technorati tags:

Monday, November 05, 2007

Server room - flood risk

A Server room is flooded after heavy rain

Labels: ,

posted by man at 6:47 PM 0 comments

technorati tags: