• 15 Marks

AAA – Nov 2023 – L3 – SC – Q5 – Audit of IT Systems and Data Analytics

Discusses COBIT's purposes, components, and its application in business processes for IT governance and audit functions.

Hillary Professional Services is a medium-sized firm on a retreat having successfully combined business operations to take advantage of mandatory audit rotation guidelines. At the retreat, it was agreed that a robust software to reduce paperwork was inevitable. All along, one of the combined firms has an Information Technology (IT) Unit which has been strengthened with state-of-the-art equipment.

All auditors are now encouraged to show more interest in information technology, especially in areas relating to data analytics, artificial intelligence, and machine learning. Undoubtedly, understanding the business information system used by management is necessary as they affect risk assessment involved in the financial reporting process. It was also concluded that obtaining an understanding of the field of information technology is a standard audit procedure to be followed; otherwise, it will be difficult to evaluate the adequacy of the expert’s work as recommended by International Standards on Auditing. The purpose of the merger will be defeated if the firm will not be able to win jobs and perform well in a highly competitive market. The after-effect of the COVID-19 pandemic has also revealed that one could work with flexibility anywhere if there is a robust audit software in place.

The IT Audit Partner made a presentation on “COBIT (Control Objectives for Information and Related Technologies) – a globally accepted suite of tools that a client might use in order to ensure IT is working effectively.” He stated that COBIT is all about doing the right things the right way in order to deliver benefits to the client.

You are a staff of Hillary Professional Services. Based on the presentation made on COBIT at the retreat, you have been divided into groups and the groups are to debrief the main group after one hour.

Required:

a. State the purposes of COBIT (Control Objectives for Information and Related Technologies).
(3 Marks)

b. Identify and explain the specific components of COBIT.
(8 Marks)

c. Explain how COBIT will be applied in the business process.
(4 Marks)

Total: 15 Marks

a. Purposes of COBIT (Control Objectives for Information and Related Technologies) include:

  1. COBIT provides management and business process owners with an IT governance model that aids in understanding and managing the risks associated with Information Technology.
  2. COBIT helps bridge the gaps between business risks, control needs, and technical issues.
  3. It serves as a control model to meet the needs of IT governance and ensure the integrity of information and information systems.
  4. COBIT is a framework for the governance and management of enterprise information and technology, aiming to cover the entire organization.

b. COBIT comprises six specific components:

  1. Management Guidelines: Consist of maturity models, critical success factors, key goal indicators, and key performance indicators to guide IT process control and compare against industry standards.
  2. Executive Summary: Provides a concise overview for senior executives to understand COBIT’s core concepts, highlighting four domains and 34 IT processes.
  3. Framework: Explains how IT processes support business objectives through 34 high-level control objectives, categorized into four domains (Planning & Organization, Acquisition & Implementation, Delivery & Support, and Monitoring).
  4. Control Objectives: Define the desired outcomes for IT processes, creating a policy and best practice framework for IT controls.
  5. Audit Guidelines: Offer specific procedures aligned with high-level IT control objectives, allowing information system auditors to provide assurance and improvement advice.
  6. Implementation Tool Set: Contains resources like management awareness guides, FAQs, case studies, and presentation slides to support COBIT implementation and lessons from its successful applications.

c. The application of COBIT in business processes includes:

  1. COBIT is business process-oriented, addressing itself to the owners of these processes.
  2. It provides a generic business model, applicable to core processes such as procurement, operations, marketing, sales, and support processes like HR and IT.
  3. COBIT offers business process owners a framework to control IT activities, ensuring IT supports business objectives.
  4. It includes a communication framework to enhance clarity among stakeholders in IT service delivery.
  5. Management Guidelines offer self-assessment tools for IT control implementation, supporting managerial decision-making through maturity models and performance indicators.
Back to all questions

Pick a Form

Professional Tutor Application Form
Academic Tutor Application Form
Student Tutor Application Form