Go To Home Page
Contact Us Locations Request for help
Process models, CobiT and CMM Research, viewpoints and other Guidance Who we are, our locations, and more Print This PageE-Mail This Page
ADVERTISERS:  INFO SEC AFRICA   BOONEN & ASSOCIATES  WILDHABER CONSULTING 

 

Background
Focus Areas
Consultants & Services
Implementation Services
Assessments
Training
Tools
CONFERENCES and EVENTS








ASSESSMENTS

Assessments can take a variety forms. Understand the difference before engaging a service provider.

A SAS 70 based approach is used to arrange the audit report following SAS 70 guidance. This approach assists auditors align their review of general controls that support application controls in systems that produce information used for financial reporting as required by the SEC when a third-party service provider's general controls are being relied on.

Sarbanes-Oxley requirements include the need for enterprise risk management and COSO is the suggested approach. Control objectives from CobiT are selected according to the COSO framework.

An application systems review can be based on CobiT. The relevant control objectives from CobiT can be used to assist with a review of application system controls together with the guidance provided by ISACA.

A general controls review can be based on CobiT's control objectives. Typically a review of general controls is aligned to specific application systems or business processes and the guidance from ISACA adopted.

Corporate governance concerns such as risk management, value delivery, IT's alignment with business, resource management and performance measurement may provide one or more drivers for the review. CobiT processes relevant to the specific concerns are selected and the relevant detailed control objectives used as the basis of the review.

Technology issues such as cost optimisation, IT service delivery (or ITIL), selective outsourcing, security (or ISO 17799), enterprise architecture, system integration and priority planning may also be drivers for the review. CobiT processes relevant to the specific issues would be selected and the relevant detailed control objectives used as the basis of the review.

Process capability and building organisational maturity are frequently drivers of improvement initiatives. This approach may address all 34 CobiT processes, but can focus on the 15 CobiTLite processes or the 7 CobiT QuickStart processes.

Health checks are used to objectively assess the effectiveness of a process. They aim to identify those aspects that are functioning well, thus determining which good practices in current use and should be retained, and pinpoint problem areas.

A Gap analysis is used to quickly establish the current status against a target for all 34 CobiT processes (or a smaller number if appropriate). This has the benefit of quickly identifying areas for further investigation, but not recommended for process improvement initiatives.

Specific themes such as Internet Banking, eCommerce, ERP systems or Systems Under Development can be the focus of a review.

Performance measurement would focus attention on the outcomes derived by the relevant business units (and enterprise) from each significant process.

 

 

 

 

In need of guidance?
Contact us for assistance.
Want to request training? Go here.



Copyright 2004 by The IT Governance Network (Pty) Ltd. All rights reserved. The IT Governance Network operates around the world via separate and independent legal entities. Print This Page  | E-Mail This Page
HOME |  Site Map |  Back To Top