Week 06 – Risks and Controls; A Deeper Dive
CISA Review Manual:
- Section 1.4 IS Controls. This includes all subsections except 1.4.4 COBIT 5.
Article for Discussion:
- “Preparing for Auditing New Risk, Part 1“, by Ed Gelbstein, Ph.D
The underlying assumption of many articles and discussions regarding IS and General controls is that there is an IT organization (or function) that has a reasonable level of control over the IT assets (data, hardware, software, services…) of the enterprise. (You may want to also read Tommie Sincleton’s article “The Core of IT Auditing“). But things have changed significantly in the last few years.
Consider the following: mobile technology has blurred the lines between personal and work spaces; services offered by internal IT organizations are now easily procured on the cloud… usually without the need of IT intervention.
Question: What challenges do you think these present in terms of governance (IT governance) and risk optimization?