Instructor Michael Lester starts out with a description of IT governance and the role of IT policies, processes, and standards, providing examples of many of the most common types. He reviews three key areas for auditing: risk management, business continuity, and disaster recovery planning. He also explains how an IT department and its auditing team should be organized. At each stage, he explains how the auditor would address these topics in a typical audit environment.
- IT governance
- Policies, processes, and standards
- Risk management
- IT organization
- Business continuity
- Disaster recovery
Skill Level Intermediate
- [Michael] Here we go with IT Governance and Management. So first it's important to understand the difference between governance and management. Governance is really all about some governing body setting the direction of the organization, with the goals of meeting the stakeholders' needs and setting that direction. Now, providing directives down to management, who actually does the day to day running, the operating of the organization, by following the direction set by whatever the governing body is. So in this section, we're going to cover IT governance, and how that direction gets set by the governing body, and how they monitor and audit the success of the organization.
We're going to talk about IT management and all of the management practices within. The IT policy standards and processes and all the documentation. IT risk management, and the management structure and responsibilities of a particular organization, and how you might audit that. Business continuity planning with a little bit of disaster recovery sprinkled in. And then we're going to talk about how all of those things are audited. So, let's go do it.