Week 03 – All World Airways – COBIT 5

Published September 4, 2015 | By Mike Romeu

The All World Airways case study focuses on the real-world situation of a chief information officer (CIO) facing outsourcing and the risks associated with this process. It will help us get a better understanding of COBIT 5 and how we can apply this framework.

Elements of outsourcing, vendor management, and international regulations are present throughout this case. At least half of our class will be dedicated to contextualizing the case. This will give us a complete picture of the situation before we jump into the activities the case presents.

Readings:

IT Audit and Assurance Based on COBIT 5

The first part of this publication from ISACA summarizes the COBIT 5 framework. The second part – starting on page 27 – is a blueprint for the audit and assurance function. The combined use of this document and “COBIT 5 Enabling Processes” will prove useful in answering the questions for the case.

CISA Review Manual:

1.5.2 COBIT 5

Posted in Week 03 - All World Airways-COBIT 5 | Leave a comment

Week 02 – Information Technology and IT Audit

Published September 1, 2015 | By Mike Romeu

Now that we have a general idea of the role and necessity of the audit function, we will turn our attention to the IS Auditor (I use ‘IT’ and ‘IS’ interchangeably for the following reasons: 1) habit. I’ve always used the term ‘Information Technology.’ Old habits are hard to change; 2) ‘IS’ or Information Systems is the term ISACA likes to use. I’ll try to stick to ‘IS’ as best as I can. Just be aware…)

This week we will spend time discussing the role of IS in the enterprise, then we will do a deeper dive into its many services (but not too deep…).

Readings:

Articles:

“What Every IT Auditor Should Know About Scoping an IT Audit” by Tommie Singleton.
“Due Professional Care” by Fredrick Gallegos

Standards and Guidelines:

GS 1001 Charter / GG 2001 Audit Charter
GS 1002 Organizational Independence / GG 2002 Organizational Independence
GS 1003 Professional Independence / GG 2003 Professional Independence
GS 1005 Due Professional Care / GG 2005 Due Professional Care

Note: GS – General Standard; GG – General Guideline; PS – Performance Standard; PG – Performance Guideline; RS – Reporting Standard; RG – Reporting Guideline

CISA Review Manual:

1.2 Management of the IS Audit Function

Additional Resources:

Please bring to class.

Posted in Week 02 - Information Technology and IT Audit | Leave a comment

Welcome!

Published August 23, 2015 | By Mike Romeu

Welcome to MIS 5201 – IT Audit Process. I am looking forward with excitement to this fall semester. I hope you are to.

In this class you will learn how to prepare and conduct IT audits in accordance with IT audit standards, assisting organizations with protecting and controlling their information systems. The learning objectives for this course are:

Developing and implementing a risk-based IT audit approach to ensure that key areas are included
Plan and execute specific audit techniques to determine whether systems are properly protected, controlled and provide value to the enterprise
Gather, analyze and organize the information gathered during the audit to identify reportable conditions
Communicate the results of the audit to key stakeholders, make recommendations and, when necessary, help effect change
Plan and conduct follow-up activities to make sure that management is making appropriated adjustments in a timely manner

We are scheduled to meet on Wednesdays from 5:30 to 8:00 PM in Speakman Hall 107. During our first class – this coming Wednesday August 26 – I will introduce the course making sure you understand its context.

See you then!

** Prof. Mike Romeu **

Posted in Week 01 - Course Introduction