| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
IT Resource Management
This episode of the ISACA Certified Information Systems Auditor (CISA) exam prep series introduces the broad discipline of IT resource management. It covers how to judge the value of technology investments, how portfolio management steers spending strategically, how the people side of technology is governed, how enterprise change is managed, how IT costs are handled, and what information security management encompasses.
What this episode covers
- IT investment value — weighing financial and nonfinancial benefits against costs to determine whether a technology investment delivers real value.
- Portfolio management — the strategic discipline of deciding where to invest and divest across the full set of technology projects.
- Human resource management — hiring controls, training, cross-training, performance management, fraud-prevention practices such as mandatory vacations and job rotation, and secure termination procedures.
- Enterprise change management — the documented process for applying improvements, securing commitment, communicating with users, and gathering feedback throughout a change.
- IT financial management — chargebacks, budgeting, and the distinction between capital and operating software expenses.
- Information security management — the full remit covering risk assessments, policy, incident response, security architecture, vulnerability management, continuity planning, and identity and access management.
- Key resilience metrics — recovery time objective and recovery point objective as measures that guide continuity and backup planning.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
How does portfolio management differ from simple cost tracking?
Portfolio management is directive and strategic, asking whether the organization is funding the best set of projects overall and deciding where to invest more or divest. Simple cost tracking merely monitors what is being spent, whereas portfolio management continuously realigns spending with business objectives and requires every project to have a documented business case.
What human resource controls help prevent fraud in an IT department?
Required vacations force someone else to perform a role at least once a year, which makes it much harder to sustain hidden schemes. Job rotation achieves the same effect on a rolling basis, and both controls are most valuable in roles with elevated access or financial authority.
How are IT costs classified between operating and capital expenses?
Software bought and installed on-site is usually treated as a capital expense, while cloud software purchased as a subscription is usually treated as an operating expense. Misclassifying these costs can misstate the financials, so auditors confirm that costs are tracked against an approved budget and classified correctly.
What do recovery time objective and recovery point objective measure?
Recovery time objective is how fast a system must be restored after an incident, setting the maximum allowable downtime. Recovery point objective is how much data loss the organization can tolerate, effectively determining how frequently backups or replications must occur.
📚 Master the ISACA CISA Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISACA CISA certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in IT Resource Management.