Mike Romeu

This week’s quiz is again only 5 multiple-choice questions. IT Risk has been the subject of the last 2 weeks. Performance Guideline 2202 – Risk Assessment in Planning and the class slides will prove useful in preparing for the quiz.

As always, please give me a call if you have any trouble. Best of luck.

Posted in Uncategorized | Leave a comment

Week 07 – IT Risks and Controls

Published October 10, 2015 | By Mike Romeu

This week we will continue on the subject of Risk and Controls from last week.

Readings:

Article(s):

“Risk-Based Approach to IT Systems Lifecycle and Change Control” by Loic Jegousse, CISA, CISM

CISA Review Manual:

1.5.3 General Controls
1.5.4 IS Controls

Posted in Week 07 - IT Risk and Controls | Leave a comment

Week 06 – IT Risk and Controls

Published October 5, 2015 | By Mike Romeu

Time to shift gears and start delving more into IT Risks and Controls. At the beginning of our course we defined Risk as the product of Harm or Vulnerability and its Impact. We also discussed briefly how risk assessments can help us sift through a universe of risks (Risk Universe) to help us define and scope the target of our efforts.

This week will be all about IT risks and controls. Discussing IT services will help us contextualize risks and controls. This will be our starting point. I’d like to offer a simple technique to evaluate and manage risks.

Finally we will also discuss the risks beyond IT activities. These are risks regarding auditing, controls, and sampling.

Readings:

Standards and Guidelines:

PS 1202 Risk Assessment in Planning / PG 2202 Risk Assessment in Planning

CISA Review Manual:

1.6.5 Risk-Based Auditing
1.6.6 Audit Risk and Materiality
1.6.7 Risk Assessment and Treatment
1.6.8 Risk Assessment Techniques

Posted in Week 06 - IT Risk and Controls | Leave a comment