Cobit Assessment Matrix - 19376 Words

2009 Capital Investment Ltd COBIT ASSESSMENT MATRIX COBIT 4.1 AS AN ASSESSMENT TOOL FOR ERP {Page 1 of 109} COBIT ASSESSMENT MATRIX 1. INTRODUCTION: At a certain point in time, every organization has to take steps to change/improve itself and its processes to comply with its own goals and that of its clients. The ultimate goal of a business is growth and that can be done in a continuous or a phased fashion. Everyone in the organization tries to hold on to their known state of operations, organization and processes stating that things have worked fine or are working fine. However this can only work up to a certain point where operations based on goodwill, minor adjustments or ad-hoc solutions no longer work and more drastic†¦show more content†¦Activity—The main actions taken to operate the COBIT process Application program—A program that processes business data through activities such as data entry, update or query. It contrasts with systems programs, such as an operating system or network control program, and with utility programs, such as copy or sort. Audit charter—A document appr oved by the board, which defines the purpose, authority and responsibility of the internal audit activity Authentication—The act of verifying the identity of a system entity (e.g., user, system, network node) and the entity’s eligibility to access computerised information. Designed to protect against fraudulent logon activity, authentication can also refer to the verification of the correctness of a piece of data. Automated application control—A set of controls embedded within automated solutions (applications) {Page 4 of 109} COBIT ASSESSMENT MATRIX Balanced scorecard—A coherent set of performance measures organised into four categories. It includes traditional financial measures, but adds customer, internal business process, and learning and growth perspectives. It was developed by Robert S. Kaplan and David P. Norton in 1992. Benchmarking—A systematic approach to comparing an organisation’s performanceShow MoreRelatedInformation Technology Audit1278 Words   |  6 PagesIS/IT Auditor IT Auditor often is the translator of business risk, as it relates to the use of IT, to management, someone who can check the technicalities well enough to understand the risk (not necessarily manage the technology) and make a sound assessment and present risk-oriented advice to management. IT auditors review risks relating to IT systems and processes, some of them are: 1. Inadequate information security (e.g. missing or out of date antivirus controls, open computer ports, open systemsRead MoreInformation Management And Techn ology Strategy1782 Words   |  8 PagesReport of VicRoads against precise criteria of COBIT 5 framework and seeks to provide recommendations on the basis of key findings of the assessment. Some of the key features of this strategic plan evaluation report are stated below. ïÆ'Ëœ COBIT 5 Framework is chosen as the standard ICT governance framework to evaluate the content of the strategy report. ïÆ'Ëœ IT-related Goals, Metrics, Process Practices, Inputs and Outputs of Key enabling processes of COBIT 5 Process Reference Model are chosen are as evaluationRead MoreWhat s The Difference Between Hitrust And Hipaa?859 Words   |  4 Pagesare taking preventive measures in order to avoid breaches and possible fines. However, healthcare organizations are confused on what measures they need to take in order to protect healthcare information HITRUST and HIPAA are two unique types of assessments that share the common objective of safeguarding protected healthcare information but otherwise are different in how they are setup. HITRUST takes a risk based approach and HIPAA takes a compliance based approach. HIPAA - (Health Insurance PortabilityRead MoreWhat Is Business Continuity And Disaster Recovery Strategy878 Words   |  4 Pages7 years Payroll records: 7 years Customer records: Permanent Method of retention is up to each facility to determine, it is recommended that at least two copies of each type of record (Tarantino, 2006). Business Impact Assessment (BIA) The business impact assessment is used to identify the effect of disruptions that occur during a disaster and then is used to identify ways to reduce and/or eliminate the risk (Hiles, 2002). Since Gulfstream is a global enterprise we will incorporate severalRead MoreCyber Risks And Security Control1337 Words   |  6 Pagesmost – and know where to implement those controls in their expanding borderless enterprise. However, every control everywhere is not financially sustainable. A risk-based perspective, leveraging threat-based assessments based on attack scenarios, complements a traditional Risk and Controls Matrix, and empowers a more effective GRC program. Growing volume and sophistication of cyber attacks Cyber risks are constantly changing. Think about the rate of change in your business, its use of technology andRead MoreCobit Framework21120 Words   |  85 PagesCOBIT 3rd Edition  ® Framework July 2000 Released by the COBIT Steering Committee and the IT Governance InstituteTM The COBIT Mission: To research, develop, publicise and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers and auditors. AMERICAN SAMOA ARGENTINA ARMENIA AUSTRALIA AUSTRIA BAHAMAS BAHRAIN BANGLADESH BARBADOS BELGIUM BERMUDA BOLIVIA BOTSWANA BRAZIL BRITISH VIRGINRead MoreSystem Audit12707 Words   |  51 PagesIT audit, purpose Types of IT audits, history of IT audit, major events that have prompted the use of and been solved using IT audit techniques. IT Audit process outline; process and phases. Planning the audit, materiality, risk assessment. 2) Effective information system audit. Evaluation of controls, types and tests of controls. Audit sampling, sampling methods, sample evaluation. 3) Audit automation and system testing: Computer assisted audit techniques. Traditional vsRead MoreThe Classification Of Dynamic Games1546 Words   |  7 Pagesattacker) general-sum and zero sum games Let us consider a game where there are two players, with payoffs represented by the following matrix: B^1=[ââ€"  (ÃŽ ²_11^1ÃŽ ²_12^1@ÃŽ ²_21^1ÃŽ ²_22^1 )] and B^2=[ââ€"  (ÃŽ ²_11^1ÃŽ ²_12^1@ÃŽ ²_21^1ÃŽ ²_22^1 )] If the player 1 has an action set of A1 = {ÃŽ ±11, ÃŽ ± 21 } and the player 2 has an action set of A2 = {ÃŽ ±12, ÃŽ ± 22 } , the payoff to the first player is matrix B^1 and to the second player is B^2 . When we have a zero sum game the payoff for both players is always zero: B^1+B^2=0 If we considerRead MoreHow Game Theory Can Be Viewed As A Conflict Resolution Scenario4589 Words   |  19 Pagesthere is a defending mechanism, it is possible the system to reboot because of different reasons. We can model the game as a continuous Markov process with a transition probability that can be represented by a matrix. The interaction between the players in the game will affect this transition matrix in a way that depends on the different strategies that they use. The whole process is represented as a Markov decision process (MDP) by Filar and Vrieze [10] where the transition probabilities are subjectRead Moreais homework 1 5329 Words   |  22 Pagessynchronization, system consistency makes it difficult to change versions of a program, and user training is greater. PROBLEMS: 17. a. ALU – CPU component b. CD-ROM - secondary storage c. keyboard – input equipment d. Modem – data communications e. dot-matrix printer – output equipment f. POS device - input equipment g. MICR reader - input equipment h. laser printer - output equipment i. flash memory – secondary storage j. OCR reader - input equipment k. magnetic (hard) disk – secondary storage