Datasec - IT Security & Control

Meycor COBIT AG (Audit Guidelines) Print

Image

Image

Image

Image

Image 

During an Audit type assessment the user is guided through the different phases covered by the Audit as suggested in COBIT®: Obtaining an Understanding, Evaluating the Controls, Assessing the Compliance and Substantiating the Risk. Download product features (PDF)
The software allows different user types:

- Administrator
- Evaluator/Supervisor
- Evaluator
- Responsible Party
- Supervisor

These profiles allow the software to be used ranging from the pathological case of an Audit with only one auditor to Audits that encompass a large number of auditors organized into a hierarchy.

MEYCOR COBIT AG allows to perform an total or partial Audit of the COBIT® Processes. It is also possible to enter observations, recommendations and even to link files during the assessment.

The program provides six of the forms included in the COBIT® Tool Set that allow to gather information about the different processes.

For each Analysis Center you can enter Business Processes (which can be created by MEYCOR COBIT AG) or import them from the MEYCOR COSO AG software and link those Business Processes with Information Requirements through Business Goals. Information Requirements are linked using COBIT® Information Criteria and Resources. For each COBIT® Resource you can provide specific data for the Analysis Center.

All this is supported by several reports, charts and alarm messages that assist and organize the auditor in his work.


The MEYCOR COBIT AG software implements the Audit Procedures provided in the COBIT® 3rd Edition Audit Guidelines, proposing a different approach than the Control Self-Assessment (CSA) one in order to obtain the same result: an agreement between the auditor and the auditee upon an improvement plan to correct deficiencies.
MEYCOR COBIT CSA provides the following approach:

1) IT Management performs the assessment.
2) Auditors audit the assessment.
3) An improvement plan is agreed upon by the Evaluator and the Auditor.
MEYCOR COBIT AG provides de following approach:

1) Auditors perform the audit.
2) IT Management approves the audit.
3) An improvement plan is agreed upon by the Evaluator and the Auditor.

MEYCOR COBIT AG uses Audit Projects as a working unit. The software allows to create Audit Projects that include all the necessary information, such as the project type and evaluation scaled used, which auditors will be included in the project and the Analysis Centers encompassed by the audit.
There are four assessment types:

1 - IT Processes Audit
2 - Activities/Tasks Audit
3 - High-level Control Objectives Review
4 - Detailed Control Objectives Review
And three different evaluation scales:

- Maturity Model Scale
- Performance Scale
- CSA Scale (Good, Fair or Bad).