Professional Documents
Culture Documents
Impacts of IT
1.Complexity of controls
2.Increase reliance on system
3.Introduce new risks
4.Lack of technical personnel
RISK : anything that may impact the ability to achieve an organization's objectives.
-Acceptable risk(Risk appetite)
-Inherent risk
-Residual risk
RISK MANAGEMENT : manage risks to be within its risk appetite to provide reasonable
assurance.
IT risk management
1.)IT objectives grouping
1.Effective
2.Efficiency
3.Confidentiality
4.Availability
5.Intrgrity
6.Reliability
7.Compliance
2.)Risk identification - Brainstorming
-People,process and tech.
-Internal and external
-Hazard,uncertainty and opportunity
-Root cause
3.)Risk assessment
1.Accepting Take
2.Reducing Treat
3.Avoiding Terminate
4.Sharing Transfer
*Using COBIT can be used as a guideline of risk treatment*
5.Monitoring
-Risk matrix/Register
Objectives
-Risk factors
-Risk rating
-Current controls
-Acceptable risk rating
-Control improvement
-Risk map : The template that management uses in monitoring the overall risk management.
IT Governance:The relationships are between management and the governing body.
The governing process:
-Setting objectives
-Giving direction
-Measuring performance
Associated risks
-Developed system not in line with objectives
-Development project may be delayed
-Development project use resource inefficiently
-Computer programs not work correctly
Controls
System development methodology
1.Traditional method(old method) - waterfall
Type of system development
-Custom development
-Purchase commercial s/w
-Considerations
-Implementation time
-Cost
-Reliability
-Dependence
-Customisation
-Maintenance
-User approval
-System is migrated
-Performs as designed
System implementation
1.Direct cutover
2.Parallel implementation : old system run along with the new system
3.Pilot implementation : use the new one to make sure that it work after left the old system
4.Phase(module) implementation
Key terminologies
Scrum - framework used to develop complex products
Sprints - time-boxed periods
Key players
Product owner - prioritize and adjust what features will be in the product release
Scrum master - main facilitator for the project’s development team
Scrum team - responsible for executing the work