From the course: CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors

Unlock the full course today

Join today to access over 22,500 courses taught by industry experts or purchase this course individually.

IT governance

IT governance

- [Instructor] Alright, let's talk a little bit about IT governance. We talked previously about the difference between governance and management and how governance is all about setting a strategic directive and then issuing directives down to management who actually executes on those directives and runs the organization. Well, in information systems auditing, it's all about auditing controls. It's important from a auditor's perspective to understand where those controls came from, who chose what controls we need, and how many controllers we need. And that typically comes all the way up from the strategic level from governance. So, ISACA defines four key practices for IT governance. They first say an organization should follow some kind of framework for governance. So, the governing body, whoever that is, the board of directors, the governing entity, should decide that there's a framework that they're going to follow to do their governance and to build the security program of the…

Contents