Please enable JavaScript.

Coggle requires JavaScript to display documents.

1.1.2 2.1.2 3.1.2 (ENTERPRISE GOVERNANCE OF INFORMATION AND TECHNOLOGY,…

- - - - starts with setting objectives for an enterprise’s IT,
      - and then a continuous loop is created to measure performance,
      - benchmark against objectives,
      - and move forward or change direction, as appropriate.
- - - - trust,
      - transparency
      - and accountability
    - - long-term investment,
      - financial stability
      - and business integrity,
    - - stronger growth
      - and more inclusive societies
- - - - provide INPUT into the IT decision-making process
  - - - IT should enable the enterprise by exploiting
        opportunities and maximizing benefits.
        
        IT-related RISK SHOULD BE MANAGED PROPERLY
  - - - Focuses on maintaining an UPDATED INVENTORY OF ALL IT RESOURCES and addresses the risk management process
    - - Focuses on ensuring that ALL IT RESOURCES PERFORM AS EXPECTED TO DELIVER VALUE to the business and identify risk early on.
      - This process is BASED ON PERFORMANCE INDICATORS that are OPTIMIZED FOR VALUE DELIVERY and from which any deviation might lead to risk.
    - - Focuses on IMPLEMENTING PROCESS THAT ADDRESS LEGAL AND REGULATORY ISSUES and contractual compliance requirements
  - - - The first is driven by strategic alignment of IT with the business.
    - - The second is driven by embedding accountability into the enterprise.
- - - - (e.g., the US Sarbanes-Oxley Act, Basel Accords, the European Union (EU) General Data Protection Regulation[GDPR]) and in specific sectors such as finance, pharmaceuticals and healthcare )
    - - to help monitor and improve critical IT activities to increase business value and reduce business risk (e.g., emerging risk related to cybersecurity)
- - - - • SCOPE of the work, including a CLEAR DEFINITION OF FUNCTIONAL AREAS and issues to be covered.
      - • REPORTING LINE TO BE USED, where EGIT issues are identified to the highest level of the organization.
      - • IS auditor’s RIGHT OF ACCESS TO THE INFORMATION both within the organization and from third-party service providers.