Professional Documents
Culture Documents
Auditing IT Governance DDASI UI
Auditing IT Governance DDASI UI
Auditing IT Governance
CSIE604181 Dasar-Dasar Audit SI | SEMESTER GASAL - 2019/2020
© Fasilkom, Universitas Indonesia
Outline 2
Strategic Alignment
Risk management
Performance Management
Resource Management
Value delivery
IT Governance 3
Objective
Determine if a relationship exists between IT and business
objectives and if this relationship has been established through
participation between both IT and business management.
Artifacts/sources:
• Business Strategic Plans
• IT Strategic Plan
• Third Party service provider agreements and Request For
Proposals (RFP) process
• IT Road map
• Executive/IT Steering Committee minutes
• Board minutes
• Interviews with Executive Leaders and IT Leaders
1. Strategic Alignment (2/3) 7
Objective
Determine if activities are conducted relating to the identification and
analysis of risks impacting the achievement of business objectives and
the preparation of financial statements
Artifacts/sources :
• Business Continuity and Disaster Recovery Plans and Test Results
• IT Risk Assessment
• 3rd Party Service Provider Agreements and Request For Proposal
Policies and Procedures
• Board/Committee minutes evidencing IT Risk Management
communication to board and approval of Information Security
Policies
• Minutes from the Enterprise Risk Management (ERM) committee
and other committees where detailed IT Risk metrics are shared
• Discussions with CISO, Executive and IT Management
2. Risk Management (2/3) 10
Objective
Determine if adequate activities are being performed to align the
use of resources (applications, information, infrastructure,
people) to meet the needs of the business.
Example Review Documents:
• IT Organization Chart
• IT Job Descriptions
• Sourcing Strategy for IT projects
• IT Segregation of Duties Requirements
• IT Asset Management Policies and Procedures
• Capacity Planning
4. Resource Management (2/3) 16
Objective
Determine if IT is effectively managing costs as they relate to
meeting business objectives and communicating this
management to the appropriate individuals.
Artifacts/Sources:
• IT Steering Committee Meeting Minutes
• Policies and Procedures for the Development and
Management of IT projects
• IT Budget
• Discussions with Finance & IT Management (IT spend
benchmarking, Analysis on IT Projects spent on business
initiatives vs. Business Support)
5. Value Delivery 19