Class Video: Week 06 – IT Risks and Controls – A Deeper Dive

Class Slides: Week 06 – IT Risk and Controls – A Deeper Dive

IS Controls: Examples

Backup and Restore Procedure: CareTech Backup and Restore SOP

Quiz 1 Study Guide

CISA Review Manual:

• Section 1.4 IS Controls. This includes all subsections except 1.4.4 COBIT 5.

Article for Discussion:

• “Preparing for Auditing New Risk, Part 1“, by Ed Gelbstein, Ph.D

The underlying assumption of many articles and discussions regarding IS and General controls is that there is an IT organization (or function) that has a reasonable level of control over the IT assets (data, hardware, software, services…) of the enterprise. (You may want to also read Tommie Sincleton’s article “The Core of IT Auditing“). But things have changed significantly in the last few years.

Consider the following: mobile technology has blurred the lines between personal and work spaces; services offered by internal IT organizations are now easily procured on the cloud… usually without the need of IT intervention.

Question: What challenges do you think these present in terms of governance (IT governance) and risk optimization?