The implications and risks of IT controls are difficult for the average line of business executive to understand. The Sarbanes Oxley requirements for financial reporting are recognized, but are only one component of general controls. The operational audit aspects and non-financial processes have a significant effect on all aspects of the organization. To make this easier for management to appreciate a barometer or score card, with a qualitative measure for determining “how well are we doing” from period to period is an effective management reporting mechanism.
The agenda for this session will include:
- The five processes included in the CobiT analysis
- The rating function
- A risk methodology to assess and establish a management ambition level for the key CobiT processes as viewed and approved by the business unit executives
- Audit methodologies for assessing management’s compliance
- A reporting presentation methodology using a pictorial rating and a concise report to management identifying the successes and areas for enhanced controls.