Join Michael Lester for an in-depth discussion in this video IT governance, part of CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors.
- [Instructor] Alright, let's talk a little…bit about IT governance.…We talked previously about the difference…between governance and management…and how governance is all about…setting a strategic directive…and then issuing directives down to management…who actually executes on those…directives and runs the organization.…Well, in information systems auditing,…it's all about auditing controls.…It's important from a auditor's perspective…to understand where those controls came from,…who chose what controls we need,…and how many controllers we need.…And that typically comes all the way up…from the strategic level from governance.…
So, ISACA defines four key practices for IT governance.…They first say an organization should…follow some kind of framework for governance.…So, the governing body, whoever that is,…the board of directors, the governing entity,…should decide that there's a framework…that they're going to follow to do their governance…and to build the security program of the organization.…Second, they think the governing body should establish…
Instructor Michael Lester starts out with a description of IT governance and the role of IT policies, processes, and standards, providing examples of many of the most common types. He reviews three key areas for auditing: risk management, business continuity, and disaster recovery planning. He also explains how an IT department and its auditing team should be organized. At each stage, he explains how the auditor would address these topics in a typical audit environment.
- IT governance
- Policies, processes, and standards
- Risk management
- IT organization
- Business continuity
- Disaster recovery