MIS 5202 Wrapup Misc Week 15 CISA Domains

MIS 5202 Wrap-up & Misc. Week 15

CISA Domains

CISA Domain 2 topics (16%) • Corporate Governance • Governance of Enterprise IT • Maturity and Process Improvement • IT Investment Practices (Portfolio Management) • Policies and Procedures • Risk Management • IT Management Practices (HR Management) • Organization Structure • Business Continuity Planning

Theme: Where are we? Where do we need to be? Are we making progress?

What is COBIT 5? • • Its about best practice framework It tries to cover IT end-to-end What you need to be thinking about when running (or auditing) IT Its not about the technology, • its about the processes used to deliver technology • Its about how to decide what you do • (Right Things) • then how to do them in an efficient, effective and secure manner • (Done Right) • It is critical that you understand the processes it recommends

COBIT is based on 5 Principles • Generic in language • Applicable to organizations of all sizes

IT Governance Right Things • Get the right people making key decisions • Adopt a value orientation to all IT decisions • Develop an IT strategy and an Enterprise Architecture Done Right • Create a strong IT organization recognizing the inherent conflicts between some roles • Clearly define the services IT provides & measure them • Contact services carefully • Know your risks • Establish a compliance culture and control environment • Use portfolio management to make IT investment decisions • Understand the key IT processes & measure them • Manage your risks • Monitor and promote continual improvement

Relational Databases • Foreign key = unique identifier that connects tables. Essential role in DB design • Referential integrity constraint: a relational database concept, which states that table relationships must always be consistent

Source code escrow (Outsourcing) • Escrow: defines an arrangement by which one party deposits and asset to be held by a third party. • Mortgage payment and escrow for insurance and taxes • Source code escrow account: Deposit of software application related source code. Code is released based on contract terms [Bankruptcy or breach of contract] • An IS auditor reviewing outsourced software arrangement, might recommend such an arrangement to protect investment in software source code being developed by a third-party.

Control self-assessment (CSA) • Technique used by organizations to assess effectiveness of risk management and control processes • process through which operational risks and the effectiveness of controls are assessed and examined within the business unit. • Self-assessment vs traditional audit: Tests and checks are performed by staff responsible for normal day-to-day operations within the business unit. • Traditional audits are external assessments • Know the difference between CSA and external audit. • Know who should be involved in a CSA • (line managers, business unit personnel)

More suggestions • When answering exam questions, look for the answer that is most reasonable! • Practices are out of alignment with policy. Which do you adjust? • Option 1: enforce policy? • Option 2: adjust to policy to match practices? • Know risk management program activities and order of steps

CISA Exam tips • Focus on the qualifiers: FIRST, MOST, LEAST • Choose the best answer of the four in front of you! • Don’t over think it • Know the difference between Tactical and Strategic • • Strategy involves planning next move Tactics means implementing a plan or carrying it out Strategic is doing the right things! Tactical is doing things right!

Final Exam • 75 Multiple choice questions • 90 Minutes • 1. 2 minutes per question • One question at a time • Open to take on Canvas • Monday the 17 th, 12: 00 am until Tuesday 18 th, 11: 59 pm