IT Governance and Management Framework and Controls (ITGIA)

June 15, 2020


Internal Audit Staff need to take cognizance of the Board and Business Executives’ overall burning question of:
“How is IT governed and managed in our organization?”

With IT being ever-evolving and more and more pervasive in organisations, it is inevitable that IA will need to include various IT Audits in its risk-based Audit Plans. Further, for these audits, it has become necessary for IA not to place total reliance on IT Auditors to the extent they, in turn, rely totally on outside assurance providers. To overcome such challenges, it has become vitally important for IA to have a certain level of understanding of IT Governance and Management and associated controls.

Thus, this course starts off with an overview understanding of IT in today’s opportunity filled yet challenging interconnected world and goes on to show how COBIT 5 framework (processes and control activities), when implemented effectively, will provide good IT Governance and Management – in essence, enabling effective IT Risk Management and IT Value Management. While this course will provide end-to-end insights into governance and management controls it will dwell into some detail regarding critical processes such as Data back-ups, Contract Management, Disaster Recovery, 3rd Party management, Change Management Controls and Physical Security of the IT Infrastructure.

It is believed that this course is a must for IA to enable them to play their part in answering the burning question raised above.


• Obtain an overview of IT Infrastructure in today’s interconnected world.

• Obtain an integrated overview knowledge of all COBIT 5 structured IT Governance and Management framework processes and thus be confident as what constitutes good IT Governance and Management practices.

• Formulate a better approach and planning of IT Controls.

• An understanding of IT Risk Management (based on RISKIT framework) and IT Value Management (based on VAL-IT framework)

• An understanding of the COBIT 5 control activities for Business and IT alignment, Back-ups, Contract Management, 3rd Party Suppliers, Disaster Recovery, Change Controls and Physical Infrastructure Security.

• Discussion of “Generic” IT Risks to aid the Internal Audit understanding and IT Risk Assessment undertaking.