IT governance Flashcards
Corporate Governance
the collection of mechanisms, processes and
relations used by various parties to control and to
operate a corporation”
the goals of corporate governance
– regulate risk
– reduce opportunity for corruption
– maintain legal and ethical standards
complication of Corporate Governance
principal agent problem: conflicting interests between
shareholders (principal) and management (agent)
Sarbanes-Oxley Act (2002)
protect shareholders and public from accounting errors
and fraud
improve accuracy of corporate disclosure
Section 404 Sarbanes-Oxley Act (2002)
Assessment of internal control
management responsible forestablishing and maintaining an adequate internal control
structure and procedures for financial reporting
* document, test and maintain those controls
components of coso
control environment
risk assessment
control activities
information and communication
monitoring activities
IS Governance
organizational capacity exercised by board of directors,
executive management and IT management to control
formulation and implementation of IT strategy and
ensure alignment of business and IT
IS Governance mechanisms
– structures
– processes (e.g. portfolio management, SLA)
– relational mechanisms (e.g., job rotation, co-location,
cross-training)
what is COBIT
Business Framework for Governance and Management of
Enterprise IT
Top 4 benefits of COBIT according to ISACA
– IT integrations
– improved risk management
– discovery of gaps in security
– creating a framework that provides more visibility to
the board of directors
Governance Principles OF COBIT
- PROVIDE STAKEHOLDER VALUE
-HOLISTIC APPROACH
-DYNAMIC GOVERNANCE SYSTEMS
-GOVERNANCE DISTINCT FROM MANAGEMENT - TAILORED TO ENTERPRISE NEEDS
-END TO END GOVERNANCE SYSTEM
GOVERNANCE PART OF COBIT
EDM
EVALUATE DIRECT AND MONITOR
MANAGEMENT PART OF COBIT
- APO (align plan organize)
- BAI (build acquire implement)
- DSS (deliver , service , support)
- MEA (monitor evaluate assess)
