Global IT association ISACA has issued 23 new audit programs aligned with the COBIT 5 framework. The new audit/assurance programs have been developed to help information systems (IS) audit and assurance professionals implement the good practices presented in COBIT 5 for Assurance and incorporate the seven enablers presented in COBIT 5 as part of a consistent assurance approach to assess IT risk.
This group of audit/assurance programs covers two important domains: Align, Plan and Organise (APO) and Build, Acquire and Implement (BAI). These domains include enterprise IT management processes that enable day-to-day delivery of IT services and products to achieve enterprise goals. Audit and assurance professionals can use all or subsets of these generic programs to build specific programs that meet their scope and assurance objectives.
The APO domain covers 13 processes that lay the foundation to manage information assets in a consistent way that ensures value creation and risk optimization. The 13 APO processes are:
- Manage the IT Management Framework
- Manage Strategy
- Manage Enterprise Architecture
- Manage Innovation
- Manage Portfolio
- Manage Budget and Costs
- Manage Human Resources
- Manage Relationships
- Manage Service Agreements
- Manage Suppliers
- Manage Quality
- Manage Risk
- Manage Security
The BAI domain covers 10 processes that ensure that projects will be managed in a consistent and efficient way to enable the enterprise to realize value from information assets. The 10 BAI processes are:
- Manage Programmes and Projects
- Manage Requirements Definition
- Manage Solutions Identification and Build
- Manage Availability and Capacity
- Manage Organisational Change Enablement
- Manage Changes
- Manage Change Acceptance and Transitioning
- Manage Knowledge
- Manage Assets
- Manage Configuration
An audit program has been developed for each of these processes.
In total, ISACA now has nearly 30 generic audit/assurance programs aligned with COBIT 5. The Evaluate, Direct and Monitor (EDM) domain covers five processes for the governance of enterprise IT, and those five programs were released earlier in the year to help audit professionals assess the effectiveness of the IT governance framework and its alignment with enterprise goals. Programs for the six processes included in the Deliver, Service and Support (DSS) domain will be released in December.
“ISACA’s audit programs are comprehensive and reference all seven COBIT 5 enablers and their dimensions to assess overall process performance,” said Steven Babb, CGEIT, CRISC, international vice president of ISACA and risk, compliance and assurance leader at Vodafone UK and Ireland. “The programs reference the COBIT 5 goals cascade to ensure that detailed objectives of the assurance engagement can be put into the enterprise and IT context.”
The audit programs have been developed and peer reviewed by experienced audit/assurance professionals from around the world. The programs can be downloaded as Microsoft Word™ files to allow customization to fit specific operatingenvironments.