1. ict project management
TRANSCRIPT
![Page 1: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/1.jpg)
Introd uc tion o f Pro je c t Ma na g e me nt & Ko re a In fo rm a tio n Syste m Au d it
Young H. Choi Kor ea I T Consul t i ng I nc. ,
SW Pr of essi onal Engi neer
J un 12, 2014
![Page 2: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/2.jpg)
Co nfid e ntia l
Young H. C hoi
• Se n . Au d ito r / Ko re a IT C o n su lt in g • In d u st ry Pro fe sso r (IC T) • Pre sid e n t / Ko re a SW Q u a lity Assu ra n c e • Fo rm e r IT Dire c to r / Fa irc h ild Se m ic o n d u c to r (US) • Fo rm e r Se n . Ma n a g e r / Sa m su n g SDS • Fo rm e r Ma n a g e r / Hyu n d a i Ele c t ro n ic s • IS Pro fe ssio n a l En g in e e r • IS Se n io r Au d ito r • IC T Se n io r Au d ito r • C ISA (ISAC A, Au st in C h a p te r in Te x a s, US)
2
Profile
![Page 3: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/3.jpg)
Co nfid e ntia l 3
Contents
1. ICT Project Management
2. The introduction of Korea IS Audit
3. COBIT Framework of ISACA
4. Key challenges
5. Q&A
![Page 4: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/4.jpg)
Co nfid e ntia l 4
About 8,400 Miles (20h 50m by flight)
![Page 5: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/5.jpg)
Co nfid e ntia l 5
In the past, all roads lead to Rome
However now, all roads lead to SNS
Social System Relation
![Page 6: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/6.jpg)
Co nfid e ntia l 6
● World is small enough thru 6 stages, 4 stages via Twitter
Be Small World Network
● Word of mouth -> World of mouth
the theory that everyone and everything is six or fewer steps away, by way of introduction, from any other person in the world, so that a chain of "a friend of a friend" statements can be made to connect any two people in a maximum of six steps
![Page 7: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/7.jpg)
Co nfid e ntia l 7
1. ICT Project Management
Over Worked !! !
![Page 8: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/8.jpg)
Co nfid e ntia l 8
▶ To understand the meaning and processes of managing projects to raise its success rate
1. ICT Project Management
Wha t is ICT Pro jec t
▶ To provide benefits for people and their organizations,
and improve the quality of life of citizens,
Given the constraints of funds, time and resources, policymakers,
![Page 9: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/9.jpg)
Co nfid e ntia l 9
-Information and Communication Technologies (ICT) is not only with hardware, networking systems, software and applications to achieve a goal,
1. ICT Project Management
ICT Project
H/W
S/W
N/W
Appl.
but requires a substantial amount of human activity in the projects aligned with the larger goals of the organization.
![Page 10: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/10.jpg)
Co nfid e ntia l 10
Definition o f ICT Pro jec t Ma na gement
1. ICT Project Management
■ A set of tools
for planning, implementing, maintaining, monitoring and
evaluating progress of activities in line with larger goals and
objectives of the organization, it defines what has to be
accomplished
■ A method, a discipline, and a process
Source : AICICT (Th e Un ite d Na tio n s Ec o n o m ic a n d So c ia l C o m m issio n )
![Page 11: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/11.jpg)
Co nfid e ntia l 11
▶ People, Process and Technology which are influential factors to project performance in achieving the project’s goals or objectives.
▶ Defining, balancing and integrating the relationships among these factors can result in the project’s optimum performance.
1. ICT Project Management
Vita l Fa c to rs o f Pro jec t Ma na gement
![Page 12: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/12.jpg)
Co nfid e ntia l 12
☞ Poor project design
1. ICT Project Management
Ma jo r Rea sons o f Pro jec t Fa ilure
So process, outputs(deliverables) and resources should be managed responsibly
☞ Poor project management
![Page 13: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/13.jpg)
Co nfid e ntia l 13
▶ The project plan should detail all areas of discipline that will
answer the question, how do we achieve the goals, objectives
and requirements of the project?
1. ICT Project Management
Disc ip lines o f Pro jec t Ma na gement
▶ Qualified and competent managers must be prepared to
handle the following disciplines:
![Page 14: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/14.jpg)
Co nfid e ntia l 14
1. Scope
2. Time
3. Cost
4. Human Resources
5. Risk
6. Quality
7. Procurement
8. Communication
9. Integration
10. Issues & Acceptance
11. Change
1. ICT Project Management
Disc ip lines o f Pro jec t Ma na gement
![Page 15: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/15.jpg)
Co nfid e ntia l 15
To be successful Project, the following principles should be observed
1. Participation
– People who are part of the project should be involved at
every stage, from the initial needs assessment through to
monitoring.
1. ICT Project Management
Rec ommend ed Princ ip les fo r Suc c essful Pro jec t
![Page 16: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/16.jpg)
Co nfid e ntia l 16
2. Local ownership and capacity development
– For projects to be sustainable, they must be locally owned and accompanied by human and organizational capacity development.
1. ICT Project Management
3. Alignment
– The potential benefits for the poor are more likely to be realized when ICT activities are aligned with the larger demand-driven development efforts of partners, particularly those related to poverty reduction.
![Page 17: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/17.jpg)
Co nfid e ntia l 17
4. Institutional ownership and leadership
– A sense of ownership by and leadership of partner institutions are important.
Although successful ICT pilot programs are often driven by individuals, there must also be an institutional base to extend the project’s reach and increase the number of people involved.
1. ICT Project Management
![Page 18: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/18.jpg)
Co nfid e ntia l 18
5. Competitive enabling environment
– An enabling ICT policy environment includes respect for freedom of expression, diversity and the free flow of information, completion of ICT infrastructure provisions, and investment in service development, including local content and the adoption of open source solutions
1. ICT Project Management
![Page 19: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/19.jpg)
Co nfid e ntia l 19
6. Financial and social sustainability
– In order for projects to be financially sustainable, all potential costs and revenue generation should be included in the planning process from the start.
1. ICT Project Management
![Page 20: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/20.jpg)
Co nfid e ntia l 20
7. Risk considerations
– Possible and unforeseeable negative impacts need to be taken into account and
carefully monitored, including watching out for how the benefits of ICT-supported interventions may be unequally distributed
1. ICT Project Management
– i.e. deepening economic, social and cultural divides rather than reducing poverty.
![Page 21: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/21.jpg)
Co nfid e ntia l 21
▶ Managing the project scope and resources, particularly time, cost and people
Ma jo r Cha llenges o f Pro jec t Ma na gement
1. ICT Project Management
▶ To manage time, good project management practice observes the different phases of project management, which include: Planning, Implementation, Monitoring and Evaluation
![Page 22: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/22.jpg)
Co nfid e ntia l 22
▶ Sta rte d Silve r Dig ita l Era with Sm a rt De vic e s
Ima ge o f Sma rt World
Realize Digital Democratization
![Page 23: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/23.jpg)
Co nfid e ntia l 23
Dig ita l Divid e : Sma rtp hone Phob ia e tc
Dig ita l Toy ? Dig ita l Wea p on ?
Sma rt Devic e Boom & Knowled ge Ga p
Illite ra c y = > No PC Knowled ge = > No Sma rtp hone
Digital Divide
![Page 24: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/24.jpg)
Co nfid e ntia l 24
Break Time !!!
![Page 25: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/25.jpg)
Co nfid e ntia l 25
Contents
1. ICT Project Management
2. The introduction of Korea IS Audit
3. COBIT Framework of ISACA
4. Key challenges
5. Q&A
2. The introduction of Korea IS Audit
![Page 26: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/26.jpg)
Co nfid e ntia l 26
?
![Page 27: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/27.jpg)
Co nfid e ntia l 27
■ IOT all connection via an internet
■ Information Big data
■ Personal information
■ System security
Complex I/F & Security
![Page 28: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/28.jpg)
Co nfid e ntia l 28
As- wa s & As- Is ERP
Evolution of ERP System
![Page 29: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/29.jpg)
Co nfid e ntia l 29
2. Korea Gov. Law of IS Audit
☞ IS Auditor who must not be influenced by project owner and
system developer is to check the information system in view
of 3rd party,
to improve the efficiency and acquire the security about
things which are related for building the system and stable
operation.
- Source: Korea Act Article 2, Paragraph 14
Definition of IS Audit
![Page 30: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/30.jpg)
Co nfid e ntia l 30
Objective of IS Audit
▶ In view of 3rd party => IS Auditor should be objective of the problems and independent from project owner and other related ones
Correction notice -> Contractor
Control
No Delegation No Control
Contra c tor
IS Aud ito r
Pro jec t owner
2. Korea Gov. Law of IS Audit
![Page 31: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/31.jpg)
Co nfid e ntia l 31
▶ Improve the system effectiveness and the contribution to business profitability
▶ Acquire IT’s cost-efficiency ; Response time, Resources etc to meet the pre-defined target
▶ Ensure the system securities; Integrity, Availability and
Confidentiality
▶ Monitor whether to follow the procedures defined by IS Audit Act
2. Korea Gov. Law of IS Audit
Objective of IS Audit
![Page 32: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/32.jpg)
Co nfid e ntia l 32
▶ To lead the successful system development whilst minimizing the
significant risks ▶ What means the successful system development
Budget : Build IT enabled business system within budget Delivery : To complete the system development by the contractual
date Quality : to satisfy the business system with requirements of
functions, performance and security etc
2. Korea Gov. Law of IS Audit
Key Success Factor for System Development
![Page 33: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/33.jpg)
Co nfid e ntia l
NIA (Na tiona l
Info rma tion
Soc ie ty
Agenc y)
Ministry o f Sec urity &
Pub lic Ad ministra tion
Ko rea
Government
Sta tute
33
Digital Government Act
Enforcement of ordinance for Digital Gov. Act
Notice of IS Audit Standard
Explanation of IS Audit
Guideline of IS Audit
Order / Management
Guideline of IS Audit
Execution
Management of requirement and task execution
Business type based
Checklist (48 items)
Responsible By Audit related Law / Notice / Guidance
2/2010
5/2010
2. Korea Gov. Law of IS Audit (Law enforcement)
![Page 34: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/34.jpg)
Co nfid e ntia l 34
Type IS Audit Mandatory CY 2010 CY 2011 CY 2012
Act
Informatization promotion Act
No. 5669 (1999.1.21) Article 15 paragraph 2 (IS Audit)
Law of effective Introduction and operation of IS
No. 7816 (2005.12.30)
Digital government Law
No.10012 (2010.2.4)
Enforcement Decree
Presidential No.16458Article 10 sub-paragraph 3
Presidential No.19598
(2006. 6.30)
Presidential No. 22151 (2010.5.4)
Enforcement Rule
Enforcement rule Article 11 paragraph
1 sub-paragraph 5
Information & Communication rule No. 198 (2006. 6.30)
Standard Audit Standard of Information System (IC Notice No. 999-104)
Audit Standard of Information System (Ministry of security & public administration notice No. 2008-18)
Audit Standard of Information System (Ministry of security & public administration notice no. 2010-30 (2010.05.04) and
2010-85 (2010.12.22)
Audit Standard of Information System (Ministry of security & public administration notice no. 2010-85 (2011.7.1)
Audit Standard of Information System (Ministry of security & public administration notice no. 2012-11(2012.3.2)
Guideline Audit guideline of IS V1.0 (NIA 2009.05.28)
Audit guideline of IS V1.0 (NIA 2009.05.28)
PO Guideline of IS Audit project
(2011.7.27)
2. Korea Gov. Law of IS Audit (By period)
![Page 35: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/35.jpg)
Co nfid e ntia l 35
Required observance by Project owner who is PO Issuer (Article 57,
Paragraph 2)
▶Support IS Auditor by project owner while working with project contractor
▶ No interrupt and unreasonable order for IS Auditor
IS Audit Observance
2. IS Audit Working Process
Mandatory Remediation about issues reported after IS Audit (Article
57, Paragraph 3)
▶ Based on the level of risk IS Auditor checked, all issues must be solved based on
the type of Mandatory correction, Warning and Recommendation
![Page 36: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/36.jpg)
Co nfid e ntia l 36
IS Audit applicable for any public company investing more than about 0.5 M USD, which is excluding SW packages and HW in total cost
2. IS Audit Working Process
Mandatory IS Audit
However if investing less than 0.1 M USD which is small project and no worthy to audit, head officer of public company might request its exemption. But exceptions are as below. For any public service which is related with government administration Collaborated systems which many public companies are using each other
or building together In case of the system interface and common use by many public
companies If decided by head officer of public company, IS audit is required
![Page 37: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/37.jpg)
Co nfid e ntia l 37
As Is
Arc
To Be
Arc
QA Activity
Business Management
P R O C E D U R E
O U T P U T
S E R V I C E
Tech
nology
Process
IS
Plan
ning
Imp.
Plan
System
Architecture
Application
System
Data Base
Test
Activity
Opera
tion
Ready
Com
Ple
tion
Data
Collec
tion
&
Beta
Testing
Building
Data
Quality
Control
Provide
Service
Service
Support
Building
Data
Base
Line
Mgmt
Structure
ITA ISP System Development DB OP MA
IS Audit A
rea
▶IS Audit processes include EA (Enterprise Architecture), ISP (Info. System
Planning), DB, Operation and Maintenance etc.
2. IS Audit Working Process (Framework V4.0)
![Page 38: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/38.jpg)
Co nfid e ntia l 38
• Activities for IS audit are being taken usually at project site. They are serviced with type of stepwise IS audit and continuing audit based on
project characteristics.
• Do audit at major steps based on SW development cycle. Support steps at analysis, design and implementation
• Submit the audit report about all system areas which 4 to 10 IS auditors worked for 1-2 weeks
• Working at project site from the project beginning and guide quality and inform correction to the contractor and report to project owner
• Liaison role between project owner and contractor • Advisory for project owner in manageable and
technically with 1-2 IS auditors
Stepwise Audit
Continuous Audit
2. The execution of IS Audit (Stepwise vs. Continuous Audit)
![Page 39: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/39.jpg)
Co nfid e ntia l 39
감리평가(▶▶▶▶ 2010 - 30▶ ) 1. Highly accepted (적정) : No risk found in achieving the project goal at the time of development stage.
2. Accepted (보통) : Small issues found but which are not impacting the project delivery and can be solved with only adjusted strategy and resources
3. Partially accepted (미흡) : Significant problem found in achieving the project goal. It requires slightly changed strategy and resources
4. Not accepted (부 적정) : Significant problems found in achieving the project goal, which can not be solved with current strategy and limited resources
Op tiona l issue s Ma nd a to ry issue s
Short Te rm Short Te rm
Long Te rm Long Te rm
Project owner will decide whether recommended issues must be solved in short or long term basis (negotiable).
2. The execution of IS Audit (Evaluation Level)
![Page 40: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/40.jpg)
Co nfid e ntia l 40
Service
ISP Dev Audit
QA
Continuing Audit
Personal Security Planning for IS Security
System Analysis EA
ISMP PMO
Support
Planning
Define Requirement
Decision Selection Mgm’t Maint.
Biz. management & Control
Operation
Biz.
Acceptance
Proposal
Select Audit Partner
Contract
Start Prj.
Progress
Payment
Change
Audit
Completion
Biz. M
anagement
Issue PO
Prepare RFP
Maintenance Support Biz.
Cancellation
2. IS Audit Working Process (Management w/Service)
![Page 41: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/41.jpg)
Co nfid e ntia l 41
• Apply to the best-fit audit model for accomplishing the successful improvement after analyzing the business project with the structural
and logical process in mind
Pro jec t t ype
(Devel opment or Mai n t enance
Progress l evel o f Pro jec t (Anal ys i s , Des i gn et c )
Area al l ocat i on for aud i t process (Management , Arch i t ec t ure et c )
Fi nd check po i n t for each area
IS Audi t v i ew
(Per formance or secur i t y et c )
Pro jec t A
rea
Audit View/ Check basis
Biz. Typ e /Aud it Time
Check items Review items
Check Framework
Guidance by area
Detailed review items Review method
Compliance by a rea
2. IS Audit Working Process (By Biz. Type)
![Page 42: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/42.jpg)
Co nfid e ntia l 42
View Check Factors Description
Process
Plan Reasonability Review project plan, resources, progress etc적정성
Process Reasonability
Review procedures defined about development / operation / maintenance and r isk, quality, schedule and change etc
Compliance Review the compliance being maintained while working for the project
Product
Functionality Review the functionalities in view of completeness, integr ity and interoperability
Integr ity Review data correctness and integr ity
Usability Review the easy operation for users
Stability Review system stability in view of backup, business continuity and recovery구 신속성
Security Review system security to avoid from hacking etc
Efficiency Review business eff iciency with a reliable response t ime, scalability and adaptability
Compliance Review the output, procedure, standard and methodology to check the compliance
Consistency Requirements must be traced for any match
성과Performan
ce
Realizability ROI (Return On Investment), Achievement etc
Sufficiency Review the satisfaction of all requirements defined in the project plan
감리영역
감리관점/
점검기준
정보화전략계획수립
(ISP)
시스템개발
(SD) 유지보수
(MA)
사업유형/감리시점
데이터베이스구축
(DB)
운영
(OP)
2. IS Audit Working Process (Perspective)
![Page 43: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/43.jpg)
Co nfid e ntia l 43
Step Check Items Explanation
Execution
&
Control
1. Change Management
Does any changes in pre-defined project scope follow the proper procedures and provide a traceability ?
2. Progress Management
Is project schedule managed in time and controlled properly ?
3. Resource Management
Are all resources being taken in schedule and managed properly as defined in the project plan ?
4. Communication Is the communication between project owner and contractor in good and reliable position ?
5. Risk Management
All risks are managed well and reported in time ? And to relieve those any procedures are being taken and traced ?
6. Quality Management
Does contractor provide activities to improve the project quality as always for the project owner and report periodically ?
2. IS Audit Working Process (In Audit Management Area)
![Page 44: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/44.jpg)
Co nfid e ntia l
Process Normally stepwise IS audit is consisted of 9 sub-processes
IS Audit
Plan
Pre Audit
Start Audit
On-site
Audit
PO
Audit
Execution
Submit
Report
Audit Closing
Adjust Report
Remedy Plan토
Final Confirm
Approval of Audit plan
Confirm key issues
Inform corrections요구
Accepted or rejected인
Submit final scores and approval인
Submit
output
Interview &
Review Docs.
Reflect changes
Plan correction
Confirm correction & report
1 2 3 4 5 6 7 8 9
On site Remote
44
2. The execution of IS Audit
![Page 45: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/45.jpg)
Co nfid e ntia l
Stepwise IS Audit is being taken 3 level of activities normally
as below,
A00. Preliminary
On-site Analysis
B00. On-site
Audit
C00. Confirm
Remediation
001. Report of
Audit Plan
002. Report of
Audit Processing
003. Report of
Issue Correction
2. IS Audit Common Procedure (Activities)
![Page 46: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/46.jpg)
Co nfid e ntia l
절차도 Preliminary Audit is consisted of 3 steps as below,
A10. Prepare
Preliminary Audit
A20. Execute
Preliminary Audit A30. IS Audit Plan
A11. Scheduling A21. Receive Docs. A31. Write Audit Plan
A12. Resource plan A22. Define a scope
A23. define checklist A24. Meeting with Prj
owner & contractor
A32. Review/Confirm Audit Plan
2. IS Audit Common Procedure (Pre Audit)
![Page 47: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/47.jpg)
Co nfid e ntia l
개요 ▶ ▶▶ B10. Start IS Audit B20. Kick-off Meeting B30. Execution of IS Audit
B11. Prepare on-site audit B21. Official Audit Meeting B31. Receive documents
B12. Confirm facilities B22. Meeting minutes B32. Review documents
B33. Find issues/risks etc
B34. Communication B35. Meeting with Contractor
B36. Meeting with Prj. owner
B37. Finalize issues
B40. Prepare IS Audit Rpt B50. Closing Meeting B60. Finalize Audit report
B41. Prepare Rpt by area
B42. Report Collection
B42. Review Reports
B51. Prepare meeting
B52. Start meeting
B61. Review issues
B62. Reconciliation
B63. Finalize report
2. IS Audit Common Procedure (On-Site Audit)
![Page 48: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/48.jpg)
Co nfid e ntia l
시정조치는 ▶▶▶▶ ▶▶▶ ▶▶▶▶ ▶▶▶▶ ▶▶▶▶▶ ▶▶▶▶ ▶▶▶ ▶▶▶▶▶ ▶▶▶ ▶▶▶ ▶▶▶▶ ▶▶ C10. Check Remediation C20. Confirm correction
C30. Prepare Confirmation
C11. Receive contractor request
C12. Plan Check Schedule
C13. Share check plan
C21. Confirm results
C22. Mutual review
C31. Draft Report
C32. Review Report
C33. Revise Report
C23. Interview w/2 parties
C24. Submit opinion
C40. Submit Post Audit Rpt
C41. Finalize Report
C42. Submit Report
2. IS Audit Common Procedure (Remediation)
![Page 49: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/49.jpg)
Co nfid e ntia l 49
Ind ex o f IS Aud it Rep ort
Describes all audit areas
1. Project management
2. Application
3. Data Base
4. System Architecture
IS Audit at Design level
Describes IS Audit Plan
Summarized opinion
by Audit leader
2. The execution of IS Audit (Report)
![Page 50: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/50.jpg)
Co nfid e ntia l 50
II. Summa rized op inion
2. The execution of IS Audit (Report)
![Page 51: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/51.jpg)
Co nfid e ntia l 51
Break Time !!!
![Page 52: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/52.jpg)
Co nfid e ntia l 52
Contents
1. ICT Project Management
2. The introduction of Korea IS Audit
3. COBIT Framework of ISACA
4. Key challenges
5. Q&A
3. COBIT Framework of ISACA
![Page 53: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/53.jpg)
Co nfid e ntia l
"The advanced economy could not run for thirty seconds without computers." - Alvin To ffle r in Tommrrow’ wea lth -
53
3. COBIT Framework of ISACA
![Page 54: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/54.jpg)
Co nfid e ntia l 54
Source : CISCO 2011
■ Future world is hyper connected environmentally with IOT (Internet
of things) and M2M (machine to machine) which not constrained with
time and space and create new business growth and values
Rapidly Changing Hyper Connected Society
![Page 55: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/55.jpg)
Co nfid e ntia l 55
Not increasing World PC Market, Rapidly growing Smartphone/Tab
3. COBIT Framework of ISACA
![Page 56: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/56.jpg)
Co nfid e ntia l 56
3. COBIT Framework of ISACA
COBIT 5 is ISACA’s globally accepted framework, providing an end-to-end business view of the governance of enterprise IT that reflects the central role of information and technology in creating value for enterprises
In 1969 incorporated in US, by a small group of individuals who recognized a need for a centralized source of information and guidance in the growing field of auditing controls for computer system.
* COBIT sta nd s fo r Co ntro l o b je c tive s fo r info rma tio n a nd re la te d te c hno lo g y
![Page 57: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/57.jpg)
Co nfid e ntia l 57
• Provide a renewed and authoritative governance and
management framework for enterprise information and
related technology
• Integrate all other major ISACA
frameworks and guidance
• Align with other major frameworks
and standards
COBIT Cube
3. COBIT Framework of ISACA
![Page 58: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/58.jpg)
Co nfid e ntia l 58
▶ COBIT (Control objectives for information and related technology)
is being developed continuously.
3. COBIT Framework of ISACA (Evolution)
![Page 59: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/59.jpg)
Co nfid e ntia l 59
▶ Korea IS Audit is focused on system development in view of functions, security and effectiveness to meet business demand,
3. COBIT Framework of ISACA (vs. Korea IS Audit)
while COBIT is business process oriented in terms of 1) Plan & Organization 2) Acquire & Implementation 3) Deliver & Support 4) Monitor & Evaluate
COBIT Control Model
![Page 60: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/60.jpg)
Co nfid e ntia l 60
3. COBIT Framework of ISACA (Enablers)
![Page 61: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/61.jpg)
Co nfid e ntia l
IT Goals
61
3. COBIT Framework of ISACA (Aligned with IT & Biz Goal)
![Page 62: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/62.jpg)
Co nfid e ntia l
4 Doma ins
34 Proc esses
318 (A c t iv it ies/Ta sk s)
62
3. COBIT Framework of ISACA (Process oriented)
![Page 63: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/63.jpg)
Co nfid e ntia l 63
3. COBIT Framework of ISACA (Primary Drivers)
![Page 64: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/64.jpg)
Co nfid e ntia l 64
Contents
1. ICT Project Management
2. The introduction of Korea IS Audit
3. COBIT Framework of ISACA
4. Key challenges
5. Q&A
![Page 65: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/65.jpg)
Co nfid e ntia l 65
Key challenges in Auditing Environment
▶ Complex system with always connected !!!
![Page 66: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/66.jpg)
Co nfid e ntia l 66
Wha t is Sma rt d evic e ?
Ma ny func tions a re toge the r in integ ra ted d evic e whic h is fle xib le with c ustomer a p p lic a tio n insta lled a nd tra nsfo rma tive
Smart Device ?
![Page 67: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/67.jpg)
Co nfid e ntia l 67
Key challenges in IS Auditing
1) The scope of IS Audit
2) Communication with partners
4) Management of resource, delivery and quality
3) Process Knowledge about Information system
▶ Need to be clearly well defined about issues below !!!
![Page 68: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/68.jpg)
Co nfid e ntia l 68
For more information Please contact:
Korea IT Consulting http://www.itall.net
#1503 Leaders Bldg, Seochojungang-ro, Seocho-gu, Seoul Korea 137-912
Tel 82-2-582-2400 Fax 82-2-583-9242
Contact
![Page 69: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/69.jpg)
Co nfid e ntia l 69
Contents
1. ICT Project Management
2. The introduction of Korea IS Audit
3. COBIT Framework of ISACA
4. Key challenges
5. Q&A
Q&A
![Page 70: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/70.jpg)
Co nfid e ntia l 70
Q&A
![Page 71: 1. ICT Project Management](https://reader036.vdocuments.site/reader036/viewer/2022062401/58a19db41a28ab32438b8aad/html5/thumbnails/71.jpg)
Co nfid e ntia l 71
Gracias !!!