Professional Documents
Culture Documents
Ch2-2010 CISA
Ch2-2010 CISA
ISACA ®
Chapter 2
IT Governance
3 of 84
Course Agenda
• Learning Objectives
• Discuss Task and Knowledge Statements
• Discuss specific topics within the chapter
• Case studies
• Sample questions
4 of 84
Exam Relevance
Chapter 2 Learning
Objectives
Chapter 2 Learning
Objectives (continued)
Chapter 2 Learning
Objectives (continued)
2.3 IT Governance
Two issues:
1. IT delivers value to the business
2. IT risks are managed
11 of 84
Practice Question
2.4.3 Standard
IT Balanced Scorecard
2.4.4 Information
Security Governance
2.4.5 Enterprise
Architecture (continued)
Scope
Enterprise Model
Systems Model
Technology Model
Detailed
Representation
28 of 84
2.4.5 Enterprise
Architecture (continued)
Practice Question
Practice Question
• IDEAL model
• Capability Maturity Model Integration (CMMI)
• Team Software Process (TSP)
• Personal Software Process (PSP)
35 of 84
2.8.1 Policies
2.8.2 Procedures
• Qualitative
• Semiquantitative
• Quantitative
– Probability and expectancy
– Annual loss expectancy method
46 of 84
• Hiring
• Employee handbook
• Promotion policies
• Training
• Scheduling and time reporting
• Employee performance evaluations
• Required vacations
• Termination policies
48 of 84
Possible advantages:
• Commercial outsourcing companies likely to devote more
time and focus more efficiently on a given project than in-
house staff
• Outsourcing vendors likely to have more experience with
a wider array of problems, issues and techniques
Possible disadvantages:
• Costs exceeding customer expectations
• Loss of internal IS experience
• Loss of control over IS
• Vendor failure
51 of 84
Governance in outsourcing
• Mechanism that allows organizations to transfer the
delivery of services to third parties
• Accountability remains with the management of the
client organization
• Transparency and ownership of the decision-
making process must reside within the purview of
the client
54 of 84
2.10.3 Organizational
Change Management
Practice Question
Practice Question
2.10.7 Performance
Optimization
2.10.7 Performance
Optimization (continued)
Practice Question
• Data management
• Quality assurance manager
• Vendor and outsourcer management
• Operations manager
66 of 84
• Control group
• Media management
• Data entry
• Systems administration
67 of 84
• Security administration
• Quality assurance
• Database administration
68 of 84
• Systems analyst
• Security architect
• Applications development and maintenance
• Infrastructure development and maintenance
• Network management
69 of 84
2.11.2 Segregation of
Duties Within IS
Practice Question
Practice Question
Practice Question
Practice Question
2.12.1 Reviewing
Documentation
The following documents should be reviewed:
• IT strategies, plans and budgets
• Security policy documentation
• Organization/functional charts
• Job descriptions
• Steering committee reports
• System development and program change procedures
• Operations procedures
• Human resource manuals
• Quality assurance procedures
79 of 84
Conclusion