Chapter 3





            IT Governance, Risk, and Controls





            Learning objectives


              Recognize the objectives, strategic planning, implementation, and management of the IT function within an
               organization, as well as mitigation of risk
              Apply the management of value, resources, and performance in relation to key components and best
               practices of the IT function

              Differentiate various IT frameworks, including COSO and COBIT, and apply the integration of frameworks
               with IT assessments

              Determine key control areas for IT assessments, including ITGCs, application, business process, and
               change management controls

              Identify the purposes for SOC reporting, the users of SOC reports, and the responsibilities of user auditors




            Introduction

            Certified Information Technology Professionals (CITPs) play a critical role in helping organizations to
            understand the risks and controls associated with technology. From understanding the role of
            governance to being in a position to identify and properly assess these risks, CITPs are expected to
            understand and identify the best practices surrounding IT risk and to have a thorough understanding of
            underlying IT general controls. CITPs should also have a clear and thorough understanding of the
            underlying purpose and process for performing various type of system and organization controls (SOC)
            engagements and readiness assessments.


            © 2019 Association of International Certified Professional Accountants. All rights reserved.    3-1