Professional Documents
Culture Documents
net/publication/224162993
CITATIONS READS
19 9,927
4 authors, including:
Marko Šarac
Singidunum University
63 PUBLICATIONS 268 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Dalibor Radovanovic on 16 May 2014.
Abstract - In today's market circumstances, the fact that ty and maintain data integrity. It is also necessary to de-
the number of jobs that are taking place with the help of in- termine whether IS enables effective achievement of busi-
formation systems constantly growing is indisputable. Man- ness objectives and whether system resources are used in
agers often know very little about the information system and an effective and efficient manner. IT audit today represent
in that circumstance it is very difficult to them to effectively a modern and advisory function, "right hand" that helps the
perform control function and successfully manage informa- management on IT governance. Furthermore represent a
tion’s. This paper explains the concept of information systems procedure used to assess whether the information technol-
audit and methodologies used. IT governance and informa- ogy acts in the function of successful accomplishment of
tion systems audit is imposed as an imperative for successful business objectives.
business. To improve the management of IT in accordance There are several methodologies and standards that deal
with regulatory requirements, organizations are using best with this issue: COBIT, ITIL, ISO 27002 (ex ISO 17799)
practice frameworks to facilitate the work. One of these and ISO 9000. Organizations will consider and use a varie-
frameworks for IT governance is Cobit, which provides ty of IT models, standards and best practices. These must
guidelines on what can be done in an organization in terms of be understood in order to consider how they can be used
control activities, measurement and documentation of together (Fig 1.), COBIT with acting as the consolidator.
processes and operations.
II. COBIT
I. INTRODUCTION
COBIT (Control Objectives for Information and Related
Critical element important for the survival and success Technologies) is the worldwide accepted standard which
of the organization is effectively managing information prescribes areas and individual controls for IT governance,
and communication technology or ICT, which is reflected informatics and related IT processes. COBIT framework
in the increase depending on the information and their as- authors are non-profit organization ISACA (Information
sociated systems, increased vulnerability and a wide range System Audit and Control Association) and ITGI (IT Go-
of threats to the ICT technology, the extent and cost of ex- vernance Institute).
isting and future investments in ICT systems , the potential COBIT combines business and IT goals, providing the
of technology to change work organization and business ability to monitor the maturity of the information metric
practices, creating new opportunities and reduce costs. system. COBIT enables management to optimize IT re-
sources such as applications, information, infrastructure
and people. The practice recommended by COBIT is the
mixture of knowledge of numerous experts as a result of
good practice, applicable in any organization.
People
Domains
III. ITIL
Information
IT Processes
Applications
IV. ISO 27002 AND ISO 27001 STANDARD Table 2. Comparison of COBIT, ITIL and ISO 27002
Objectives Objectives
which refer which refer
The international standard of IT security controls, COBIT CONTROL OBJECTIVES to ISO to ITIL
ISO/IEC 27002:2005 was published by ISO and the IEC, 27002
which established a joint technical committee, ISO/IEC PO - PLAN AND ORGANISE
PO1 Define a strategic IT plan
JTC 1, ISO 27000 [5] Directory (2005). Its goal is to pro- PO2 Define the information architecture
vide information to parties responsible for implementing
STRATEGIC LEVEL