Professional Documents
Culture Documents
AUDIT STRATEGY
AGENDA
⬡ COBIT 2019 Synopsis
⬡ COBIT 2019 Core Model
⬡ Purpose of the Audit
⬡ Example of COBIT Controls and Metrics
⬡ Audit Approach and Methodology
⬡ Design/Risk Factors
⬡ Organization Risk Profile
⬡ Audit Roles and Responsibilities
⬡ COBIT 2019 Implementation Roadmap
⬡ Q&A
2
COBIT 2019 SYNOPSIS
COBIT stands for Control Objectives for Information and Related Technology
It is a framework created by the ISACA for IT governance and management
COBIT 2019 is 6th version of COBIT , launched late in 2018 to address new
trends, technologies and security needs.
COBIT
Governance Management
3
COBIT 2019 SYNOPSIS (CONTINUED)
1 Value Creation
Business/IT
2
Alignment
Enterprise
3
Governance of IT
5
COBIT 2019 SYNOPSIS (CONTINUED)
The COBIT 2019 “CORE” consists of 40 governance and
management objectives
Five domains: one governance domain and 4 management
domains.
6
COBIT 2019 CORE MODEL
7
PURPOSE OF THE AUDIT
Assessment of IT Governance
Risk
Management
Compliance and Regulatory Requirements
Performance Evaluation
Continuous Improvement
8
EXAMPLE COBIT 2019 CONTROLS AND METRICS
Domain: Evaluate, Direct, Monitor
Objective: Ensured Governance
framework setting and maintenance
Understand the
enterprise Determine the
context and components of the IT Finalize IT Audit
strategy audit universe Risk Assessment Plan
Threat Compliance
IT related
Landscape Requirements
issues
Technology
Adoption Enterprise
Strategy Size
12
ORGANIZATION RISK PROFILE
nt to
rta sk
m po e Ri ect
i th ff
v ery tand ay a
s m
It i ders that ation
n
u les iz
fi rgan IT investment decision making, portfolio definition and Software failures
p ro o maintenance
Logical attacks (hacking, malware, etc.)
Program and projects lifecycle management
Third party/supplier incidents
IT cost and oversight
Noncompliance
IT expertise, skills and behaviour
Geopolitical issues
Enterprise/IT architecture
Industrial action
IT operational infrastructure incidents
Acts of nature
Unauthorized actions
Technology-based innovation
Software adoption/usage problems
Environmental
Hardware incidents
13
AUDIT ROLES AND RESPONSIBILITIES
Team Team Members Roles and Responsibilities
Internal Audit Team Internal auditors who are employees of the Conduct audits to assess internal controls,
organization. compliance with policies and regulations
External Audit Firm Independent professionals or firms hired by Conduct financial audits, compliance audits, or
the organization to perform audits special audits as required
Audit Committee The audit committee, a sub-committee of the Review audit plans, findings, and recommendations,
board of directors, provides oversight of the and ensure that appropriate actions are taken to
audit process address any issues identified.
Management Individuals from various departments within Provide information, documentation, and assistance
Representatives the organization may participate in the audit to auditors during fieldwork and may be responsible
process as management representatives. for implementing audit recommendations.
Subject Matter Experts SMEs possess specialized knowledge and Consulted by auditors to provide insights, clarify
(SMEs expertise in specific areas relevant to the audit technical matters, or review findings related to their
scope respective areas.
14
AUDIT ROLES AND RESPONSIBILITIES (CONTINUED)
Team Team Members Roles and Responsibilities
Information Technology (IT) IT personnel play a crucial role in Provide access to IT infrastructure, systems
Personnel: audits involving IT systems, controls, documentation, and technical expertise to
and security auditors conducting IT audit
Finance Department Finance department personnel are Provide financial statements, accounting
involved in financial audits records, and explanations of financial
transactions to auditors
Human Resources (HR) HR personnel may participate in audits Provide employee records, payroll, benefits, and
Department compliance with employment laws and
regulations
Quality Assurance/Quality QA/QC department may participate in QA/QC teams ensure that products, services,
Control (QA/QC) Teams audit and processes meet quality standards
15
COBIT 2019 IMPLEMENTATION ROADMAP
16
Thanks!
Any questions?
17