Join Michael Lester for an in-depth discussion in this video IT organization, part of CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors.
- [Instructor] Alright, let's talk about IT management,…structure and responsibilities.…So we'll talk about personnel resources,…we'll talk about the key functions of IT these days,…and we'll talk about implementing segregation of duties…and I'll use that as a control.…So let's get into the personnel stuff.…So, an organization chart, or an org chart…is a graphical representation of the organization's…reporting structure.…Who reports to who reports to who.…And typically, in a modern-day organization,…the top of that food chain is the CIO,…the Chief Information Officer, as it relates…to the IT organization within the overall organization.…
And the CIO will represent the IT organization…to executive management and the board, potentially.…When it comes to personnel resources, you've got…the internal resources and we've got the external resources.…So, employees and consultants are internal resources.…Employees, of course, are covered by the Fair Labor…Standards Act in the United States and other laws,…particularly that govern the employer-employee relationship.…
Instructor Michael Lester starts out with a description of IT governance and the role of IT policies, processes, and standards, providing examples of many of the most common types. He reviews three key areas for auditing: risk management, business continuity, and disaster recovery planning. He also explains how an IT department and its auditing team should be organized. At each stage, he explains how the auditor would address these topics in a typical audit environment.
- IT governance
- Policies, processes, and standards
- Risk management
- IT organization
- Business continuity
- Disaster recovery