CIA Section 5 Flashcards
The board is in charge of:
- Takes the lead role in governance, including providing strategic
- Provides governance oversight
- Establishes a governance committee.
- Articulates requirements for reporting to the board
- Periodically reevaluates governance expectations
- Sets the risk appetite and risk tolerance levels
- Interact directly with internal an external assurance providers.
Refers to how management plans to achieve the organization’s objectives.
Strategy
A strategy to promote the long-term viability of an organization’s operations and actions by ensuring that the current and future needs of the organization and society can be met.
Sustainable development
Beliefs about right versus wrong that guide people’s and organizations’ decisions and actions, especially in situations that require making tradeoffs between conflicting objective.
Values
The combination of processes and structures implemented by the board in order to inform, direct, manage and monitor the activities of the organization toward the achievement of its objectives.
Governance
A concept that corporate success should be measured in three dimensions–economic, social, and environmental–not just by traditional economic profitability measures.
Triple bottom line
The leadership, structure, and oversight processes that ensure the organization’s IT supports the objectives and strategies of the organization.
IT governance
The tangible manifestation of culture through the actions, behaviors, and decisions of the individuals who form an organization.
Conduct
The established parameters and boundaries of the audit engagement. It identifies what will be reviewed (processes, activities, and time period) and what will be excluded from the engagement.
Audit scope
The values and norms that exist in an organization.
Culture
The conformity and adherence to policies, plans, procedures, laws, regulations, contracts, or other requirements.
Compliance
The way firms integrate social, environmental, and economic concerns into their values, culture, decision making, strategy and operations in a transparent and accountable manner and thereby establish better practices within the firm, create wealth, and improve society.
Corporate social responsibility (CSR)
What’s included on the IT Governance Framework? (3 general topics)
Strategic alignment: Strategic directions that ensures that IT and business strategies are aligned for all IT project and services
Risk Management: Risk are addressed, responsible are defined and a holistic process for analyzing, addressing and continuously monitoring risk
Value Delivery: not only returning of inversion but systems uptime, degree of automation in the systems development life cycle, productivity and revenue generation
What factors are taken into account in order to make strategic and operational decisions
1–Understand organizational objectives
2-How strategic and operational decision are discussed and implemented
3-Asees whether stablishes, consisted decision making processes are used.
Risk roles in regarding the three lines of defense- Who owns it, who control and watch compliance and who’s has the risk assurance?
The first line role has the risk owner role.
The second line role has the risk control and compliance role
The third line role has the risk assurance
