PART 1 – CISA Domain2 – Governance and Management of IT

PART 1 – CISA Domain2 – Governance and Management of IT

This article covers –
Understanding the domain in general
Exam-oriented concepts that you should focus on
The article is divided into five parts, as follows:
Part 1 – Corporate Governance Governance of Enterprise IT (GEIT), Auditor’s role in GEIT
Part 2 – IT Balanced Score Card, IT Governing Committee (IT Strategy and Steering committee), Maturity and Process Improvement Models
Part 3 – Risk Management, Human Resource Management, Sourcing Practices
Part 4 – Information Security – Roles and Responsibilities. Business Continuity Planning, Business Impact Analysis (BIA).
Part 5 – Classification of Systems, criticality analysis, Components of Business Continuity Planning(BCP), Plan Testing

PART 1 – CISA Domain2 – Governance and Management of IT
Understanding the domain in general
What is Corporate Governance?
What is Governance of Enterprise IT?
What is the role and responsibilities of an auditor in GEIT

Understanding the organization’s IT architecture and direction is key to setting long-term strategic directions.
Understanding the processes involved in the development, implementation, and maintenance of IT strategies, policies, standards, and procedures
Understanding the use of maturity and capability models
The art of process optimization
Knowledge of IT resource investment, allocation practices, and prioritization criteria (e.g. portfolio management, value management and personnel management).
Knowledge of IT supplier selection, relationship management, performance monitoring, and contract management processes, including third-party outsourcing relationships
Knowledge of enterprise risk management (ERM).
Knowledge of best practices for monitoring and reporting on controls performance (e.g. continuous monitoring, quality assurance [QA]).
Knowledge of quality management systems and quality assurance (QA).
Knowledge of best practices for monitoring and reporting IT performance (e.g. balanced scorecards [BSCs], key performances indicators [KPIs]).
Understanding of business impact analysis (BIA).
The standards and procedures that are used to develop, maintain and test the business continuity plan (BCP), is important.
The procedures for invoking and executing the business continuity plan and returning to normal operations.
Exam concepts:
1.Corporate Governance:
It is a system that allows an entity to be controlled and directed.
Set of responsibilities and practices that provide strategic direction, thereby making it possible to achieve theGoals
It is important to address risks effectively
Properly utilizing organizational resources

This involves a set of relationships between the management of a company, its board, its shareholders, and other stakeholders
Here are some points to keep in mind:
Effective IT Governance requires that the IT plan be compatible with the overall business plan in order to be effective
The best way to improve information security alignment with the business is to involve top management to mediate among business and information systems.
2.Governance of Enterprise IT, GEIT:
GEIT is a domain of Corporate governance
GEIT is a system where all stakeholders, including the board, senior managers, customers, and finance departments, contribute to the decision-making process.
GEIT falls under the control of the board of directors as well as the executive management.
GEIT’s purpose is to direct IT efforts to ensure that IT performance meets enterprise objectives and realizes promised benefits
Maximize benefits and exploit opportunities to help your enterprise.
IT resources should not be misused, and IT-related risks should be managed appropriately

The key element of GEIT lies in the alignment of IT and business, which leads to the creation of business value.
Here are some examples of GEIT: COBIT 5 was developed by ISACA and includes five principles, five domains and 210 practices.