Assessment Answers – Information Technology Audit: HI6035

Information System
Audit and IT Governance
[Student Name]
[Name of University]
Introduction
An information technology audit is an
examination …

Preview text

Information System
Audit and IT Governance
[Student Name]
[Name of University]
Introduction
An information technology audit is an
examination of the information technology
system’s performance through gathering and
evaluation of evidence to ensure that it can
maintain the integrity of data and preserve the
property of the data. The audit also considers
whether the information system is assisting in
the achievement of the organizational
objectives (Otero 2018).
2
Methodologies and Standards
The methodologies and standards that deal with
the issue of Information Technology audit are as
follows:
• COBIT
• ITIL
• COSO
• ISO 27002 and 27001
• ISO 9000
3
Organizations use various models of IT and
standards that are in best practices, which
requires a proper understanding of the concepts
to utilize them in combination.
COBIT
Introduction
COBIT is an acronym for Control Objectives for
Information and Related Technologies. It is a
standard that describes the control areas for the
governance of information technology, its
processes and informatics (De Haes et al. 2020).
4
COBIT It was developed by ISACA and ITGI to cover up the gap between the
issues are technical, risks in business and requirements for controlling (White
2019). It allows the management to make the information technology
resources like the applications, infrastructure, information and people
optimum to combine both IT and business goals.
Domains of primary control objectives
This domain includes
the planning process
and designing of the
functions for
achieving
organizational goals.
Planning and
Organization
It is inclusive of the
processes regarding
the acquisition and
also includes the
process of developing
information
technology solutions
along with managing
those solutions.
Acquisition and
Implementation
The processes that
are involved with the
delivery of
information
technology services
are included in this
domain. It also
contains the
processes that
handle the problems
which arise and helps
in managing the
security that can
affect performance.
Delivery and Support
It includes the
processes that help in
the review of
information
technology and the
success of the
functions in achieving
objectives of
information
technology controls.
Monitoring and
Evaluation
5
RACI Matrix
6
RACI is an acronym for Responsible, Accountable,
Consulted and Informed, which is a matrix that
states the persons that are responsible for each
process, who is accountable and who has to be
consulted and informed in the process. It is a
simple but effective model for defining the roles
and responsibilities in a project (Ahmed 2019).
Components of COBIT
7
As per Cyber Security News (2021) COBIT
framework provides different aspects for different
processes of business and information technology,
which are as follows:
• Maturity model
• Critical success factors (CSF)
• Key goal indicators (KGI)
• Key performance indicators (KPI)
• RACI matrix
• Control objectives and tests
Assessment of maturity of IT
Governance
8
•There is no process of IT governance, and management does not consider the
concept of IT governance to be important. 0 No Process
•Management is unaware of the significance of IT governance. There is the
supervision of information technology on a case-to-case basis, and there are no
standards.
1 Initial Process
•The process of IT governance is present but mostly performed by the IT
department. The same tasks are performed by multiple people. There is no
coordination, supervision or the processes are not standardized.
2 Repeatable Process
•The procedures of IT governance are defined and documented, but they are not
sophisticated or customized as per the organization. 3 Defined Process
•The IT governance processes are constantly monitored for execution for
measuring their performance and making corrections. Processes are
sophisticatedly aligned with the goals of the business.
4 Managed Process
•The processes of IT governance are optimized, and the company leads in the
same. The efficiency and performance are constantly monitored and compared to
best practices. The processes are also aligned perfectly with the actual business
goals.
5 Optimized Process
Business Requirements for
Information
9
•Information should be relevant and usable for the business process. It should be correct, delivered on
time, and consistent.
Effectiveness
•Information should be made available by optimally using the resources.
Efficiency
•Information should be protected from unauthorized access.
Confidentiality
•Information should be accurate and complete, along with being valid for the business.
Integrity
•Information should be available when it is required by the business processes.
Availability
•Compliance with regulations, laws and other arrangements is required for the business process.
Compliance
•Information that is appropriate should be provided to management to enable proper governance.
Reliability
IT Resources as per COBIT
10
Applications
• These are the
systems of the
users that are
automated and
procedures that
are manually
performed for
processing
information.
Information
• It is the actual
data of the
business in all its
form, whether
input, output, or
processed by the
information
system.
Infrastructure
• It is the facility or
technology like
the operating
system and
database
management
systems that
allow the
applications to be
processed.
People
• The human
resources needed
for planning,
organizing,
acquiring,
implementing,
delivering,
supporting,
monitoring and
evaluating the
services and
information
systems.
COBIT Cube
11
Source: (Audit.uni.edu 2022)
ITIL
Introduction
ITIL specifies the best practice process for the
management of IT services and support. It does not
provide a broader framework for control. It is a more
business and strategy-oriented approach to IT decision-
making ( Harani , Arman and Awangga 2018).
12
For the first time, it made the continuous improvement in service the main
activity that helps in maintaining delivery of value to customers. ITIL provides
the framework for best practice in the management of IT services, which
encourages a quality approach towards achieving effectiveness and efficiency
in managing the IT services in the business.
History of ITIL
13
It was first brought into practice by the UK Government in the form of best
practices for guiding the usage of IT in its Government departments. They
recognized the importance of the concept very early. These have now been
adopted worldwide by the public and private segments. Its development was
completed 15 years ago that documented the best practices to manage Its
services.
ITIL V3
ITIL describes the approach, function, processes and
roles which provide guidance for organizations to
base their practices. Implementation of ITIL in an
organization requires complete knowledge of the
business processes to be of the highest effectiveness.
The latest ITIL V3 has seen the most important
development in the form of a shift from a process-
oriented framework to a comprehensive structure that
consists of the entire IT service cycle.
14
Five volumes of ITIL v3
15
ITIL Service Strategy
ITIL Service Design
ITIL Service Transition
ITIL Service Operation
ITIL Continual Service Improvement
ISO 27002 standard
16
The international standard on controls of information
technology security, ISO/IEC 27002:2005, was provided by
IEC and ISO. It is the practice that is best for the
development and maintenance of standards on security
and practices of the management that help in improving
the information security’s reliability ( Sihwi , Andriyanto and
Anggrainingsih 2016).
It provides a total of 133 strategies for security control that are under 11
headings. The standard makes the importance of managing risk clearer and
that all guidelines of the standard are not required to be implemented.
ISO 27002 standard
17
The standards are a starting point for implementing the security of
information. The generally accepted best practice and
requirements of the law guide the implementation of information
security further. Based on the legal framework, the requirements
are:
• Non-disclosure and protection of data that is personal
• Protecting the information that is internal
• Protecting the intellectual property rights
Best practices as per the standard
18
Information security policy
Assigning responsibility of security for
information
Escalation of problems
Management of business continuity
Comparison
19
COBIT
§ Its function is to map the IT
processes.
§ It has four domains and 34
processes.
§ Issued by ISACA.
§ Implemented in Information
system audit.
§ Consultants can be accounting
companies or the IT
consultation companies.
ITIL
§ Its function is to map IT service
management level.
§ It has 9 processes.
§ Issued by OGC.
§ It is implemented to manage
the service levels.
§ Consultation can be taken from
IT consulting companies.
ISO 27002
§ Its function is security of
information.
§ It has in total 10 domains.
§ It was issued by ISO Board.
§ It is implemented for complying
with the requirements of the
security standards.
§ Consultation has to be done with
the IT consulting companies or
the security companies or
network companies.
Conclusion
20
COBIT
69%
ISO
27002
12%
ITIL
11%
Others
8%
Standards and frameworks used for IT
audit planning by companies
ISO /IEC
27001:2
005
30%
ISO /IEC
27002:2
005
17% ITIL
15% COSO
2%
COBIT
15%
Other
20%
CMMI
1%
Standards and frameworks used for IT
governance and security
Source: ( Radovanovic et al. 2010)
Conclusion
21
Therefore, the information technology audit is maturing as a discipline. There is a
need of standardization, automation and making the pace of analyzing and
reporting faster. The processes have to be economic and more efficient through
reduction of cost. The tools should be used to enhance the reliability and
effectiveness of the output and its control and compliance.
Reference
22
Ahmed, M.R., 2019. The RACI Matrix and its implications: a case of Unilever.
Audit.uni.edu, 2022.  COBIT | Office of Internal Audit . [online] Audit.uni.edu. Available at: [Accessed 5 May
2022].
Cyber Security News, 2021.  What is COBIT Framework – Components, Structure & Advantages . [online] Cyber Security News. Available at:
[Accessed 5 May 2022].
De Haes , S., Van Grembergen , W., Joshi, A. and Huygh , T., 2020. COBIT as a Framework for Enterprise Governance of IT. In  Enterprise
governance of information technology  (pp. 125-162). Springer, Cham.
Harani , N.H., Arman, A.A. and Awangga , R.M., 2018, April. Improving togaf adm 9.1 migration planning phase by ITIL v3 service transition.
In  Journal of Physics: Conference Series  (Vol. 1007, No. 1, p. 012036). IOP Publishing.
Otero, A.R., 2018.  Information Technology Control and Audit . Auerbach Publications.
Radovanovic , D., Radojevic, T., Lucic , D. and Sarac , M., 2010, May. Analysis of methodology for it governance and information systems audit.
In  6th International Scientific Conference, ISSN  (pp. 2029-4441).
Sihwi , S.W., Andriyanto , F. and Anggrainingsih , R., 2016, September. An expert system for risk assessment of information system security
based on ISO 27002. In  2016 IEEE International Conference on Knowledge Engineering and Applications (ICKEA)  (pp. 56-61). IEEE.
White, S., 2019.  What is COBIT? A framework for alignment and governance . [online] CIO. Available at:
[Accessed 5 May 2022].
Thank you

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more