- Objective of control self assessment is to concentrate on areas of high risk and to enhance control monitoring by functional staff.
- Role of an IS auditor in a control self-assessment (CSA) should be that of facilitator.
- Most important success factor for CSA is involvement of line management.
- Purpose of CSA is to enhance the audit responsibilities (and not audit replacement).
Preventive Control - Segregation of duty, Access Control Policy
Detective Control - Audit, Hash Total, Echo Controls in Telecommunication, Activity Log review, Error messages over tape labels
Corrective - Contingency Planning, Back Up Procedure, Rerun procedures
- Audit Charter should not be dynamic in nature, should not include detailed yearly audit calendar, audit planning, yearly resource allocation, professional fees payable, travel expenses budget for auditors etc.
- Audit Charter should include audit funtions reporting structure.
COBIT - 5
- 5 Principles
- 7 Enablers
7 Enablers of COBIT-5
- Principles, Policies, and Frameworks
- Processes
- Organizational structures
- Culture, ethics, and behaviour
- Information
- Services, Infrastructure and Applications
- People, Skills, and Competencies
Focus area of COBIT-5
- Benefit Realization
- Risk Optimization
- Resource Otimization
Attribute Sampling - We sample some number of items and classify each item as either having some attribute, like being complied, or not complied. Applied in Compliance testing. Expressed in percentage. Example: 55% transactions are complied.
Variable Sampling - Allows us to understand "how much" or "how bad" or "how good". Applied in substantive testing. Expressed in monetray values, weight or some other measures. Example - Deviation of $2 from standard mean.
When Threats and Vulnerability comes at same place, it constitute a RISK. Example: Open door (Vulnerability) and Thieves (Threat) together constitute risk of robbery.
- Role of an IS auditor in a control self-assessment (CSA) should be that of facilitator.
- Most important success factor for CSA is involvement of line management.
- Purpose of CSA is to enhance the audit responsibilities (and not audit replacement).
Preventive Control - Segregation of duty, Access Control Policy
Detective Control - Audit, Hash Total, Echo Controls in Telecommunication, Activity Log review, Error messages over tape labels
Corrective - Contingency Planning, Back Up Procedure, Rerun procedures
- Audit Charter should not be dynamic in nature, should not include detailed yearly audit calendar, audit planning, yearly resource allocation, professional fees payable, travel expenses budget for auditors etc.
- Audit Charter should include audit funtions reporting structure.
COBIT - 5
- 5 Principles
- 7 Enablers
7 Enablers of COBIT-5
- Principles, Policies, and Frameworks
- Processes
- Organizational structures
- Culture, ethics, and behaviour
- Information
- Services, Infrastructure and Applications
- People, Skills, and Competencies
Focus area of COBIT-5
- Benefit Realization
- Risk Optimization
- Resource Otimization
Attribute Sampling - We sample some number of items and classify each item as either having some attribute, like being complied, or not complied. Applied in Compliance testing. Expressed in percentage. Example: 55% transactions are complied.
Variable Sampling - Allows us to understand "how much" or "how bad" or "how good". Applied in substantive testing. Expressed in monetray values, weight or some other measures. Example - Deviation of $2 from standard mean.
When Threats and Vulnerability comes at same place, it constitute a RISK. Example: Open door (Vulnerability) and Thieves (Threat) together constitute risk of robbery.
No comments :
Post a Comment