© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit.

Slides:



Advertisements
Similar presentations
Principles of Management System Auditing Managing the Internal Audit Program Planning the Internal Audit Conducting the Internal Audit Reporting the Audit.
Advertisements

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
More CMM Part Two : Details.
[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO] [ENTITY NAME] [FUNCTION CERTIFYING] Certification [LOCATION] – [DATES OF ON-SITE VISIT] [Presenter Name,
Integration of Quality Into Accident Investigation Processes ASQ Columbia Basin Section 614 John Cornelison January 2008.
Project Procurement Management Sections of this presentation were adapted from A Guide to the Project Management Body of Knowledge 4 th Edition, Project.
Audit Planning and Documentation
The Camp Audit “Keep your friends close and your auditor closer”
The Key Process Areas for Level 2: Repeatable Ralph Covington David Wang.
Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security
7 - 1 Copyright  2003 Pearson Education Canada Inc. CHAPTER 7 Audit Planning and Documentation.
[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO] [ENTITY NAME] [FUNCTION CERTIFYING] Certification Review for [RELATED ENTITIES] [LOCATION] – [DATES OF ON-SITE.
Implementation of IAASB’s Clarity ISAs in the UK CCAB TRAINING PROVIDERS’ EVENT 17 November 2008.
Fatigue Management Rule Russell Smith Nuclear Energy Institute (NEI)
Project Tracking. Questions... Why should we track a project that is underway? What aspects of a project need tracking?
Monitoring Schedule David Chappell, or
Chapter 21 Internal, Operational, and Compliance Auditing McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
9-Sep-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 9 September 2003 David Kelsey CCLRC/RAL, UK
Outsourcing Arrangements John Sudano, Senior Associate Hall & Wilcox, Lawyers.
Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
ACCA/PAB/ICAJ/ICAC Practice Monitoring Reviews OVERVIEW OF FINDINGS 19 July 2014.
© CAcert, 2009 Ulrich Schroeter, Assurer Training Evetns, April 2009, #2 Welcome!
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 How Cacert responded to audit...
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 What is the CCA?
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Participating in the Community.
© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 The Purpose of an Assurance.
2.0 Assurance Practice.
Introduction for the Implementation of Software Configuration Management I thought I knew it all !
Auditing Concepts.
Configuration Management
CSAE 3416 Views from a Service Provider FMI PD Day – May 19, 2016
CAcert A Communities Way To Professionalism
12.3 Control Procurements The process of managing procurement relationships, monitoring contract performance and making changes or corrections as needed.
DROPS Focus Groups Human Factors
Int’l Sales Contract Elements
Administration of a FIDIC Contract - Pre-Contract Phase -
Configuration Management
CHAPTER 7 Audit Planning and Documentation
Audit Evidence and Documentation
Int’l Sales Contract Elements
How to Communicate Assurance?
Kode Etik dan IA Standard Dr Rilla Gantino, SE., AK., MM
Audit of <insert title and audit #>
Models of Software Development Life Cycle (SDLC)
Self Identified Issues
CAcert and the Audit.
2. Assurance Practice.
Workforce Engagement in Safety
Overview of the FEPAC Accreditation Process
Air Carrier Continuing Analysis and Surveillance System (CASS)
CMMI – Staged Representation
Child Outcomes Summary (COS) Process Training Module
Data Security and Protection Toolkit
Methods and Assistance Program (MAP) Reviews Lori Fetterman, MAP Supervisor Emily Hightree, MAP Team Lead Property Tax Assistance Division October 12,
[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO]
Software Assurance Maturity Model
Student Information System Project: (Shorthand: SIS!!!!)
[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO]
Project Procurement Management
Chapter 26 Operating Partnership Section 3 Goals
Week Ten – IT Audit Reporting
By: Dorian Lockhart Wilston Johnston
How to conduct Effective Stage-1 Audit
Sponsor Ballot Comment Resolution
QA Reviews Lecture # 6.
Company X Process Mapping Training
Project Procurement Management
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT Topic 5.
OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL STATEMENTS Lecture 2.
Computer System Validation
Presentation transcript:

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit To get CAcert Root into Browsers => Audit is required => which requires: management policies + practices review of business & systems (against policies and practices).

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit ➢ CAcert has two major business areas: ➔ Assurance ➔ Systems

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit a. Assurance Assurance Policy now is in full POLICY status ➔ It is binding on all Assurers The process of Assurance can be reviewed.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit a.i Auditor on (ATE) Tour Assurers shall assure the Auditor == Evidence of Assurance to policy. verifies quality of assurance (Increased quality of assurance?)

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit a.ii In the absence of the Auditor A Senior and Experienced Assurer should stand in his stead and be assured by each Assurer. (If already assured, then she should instead oversite the assurance of another person) Make a statement that: „assurances were conducted to Assurance Policy” "Secondary evidence" in the audit process

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit a.iii The review of assurances the gathering of evidence is planned to be completed 16 th May Munich.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit b. Systems Review of the systems was delayed by lack of a secure hosting service. The systems were moved 1 st October, 2008 from Vienna to the secure data center at BIT, a company in Ede, NL.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit b. Systems (cont.) A new team of systems administrators Approval of the Security Policy to DRAFT mode => Binding on the systems administrators and the Access Engineers => now possible to review the systems against the policy.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit b.i On-Site Inspection 1 st visit on 4, 5, 6 th May, 2009 warm-up: personnel, Roots, Access, inventory probably 1 st of 3 visits. Next scheduled mid-June

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit b.ii We still lack the CPS (which is nearly ready)

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit b.iii Review of the software Innsbruck software camp Week 20 th April Serious difficulties in maintenance, improvement and securing Cannot form a conclusion over software New software development team, new design, new build

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background The audit criteria: DRC for "David Ross Criteria". David is a retired quality engineer He started Cacert's Audit He was called to Grand Jury duty

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background DRC has a strong feature: requires the ➔ Risks, ➔ Liabilities, and ➔ Obligations to be clearly stated to everyone!

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background This raised several huge barriers for the CA: what exactly are the R/L/O? who do they apply to? are they reasonable? and, how do we deal with them?

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background These barriers are subtle: ➔ DRC doesn't ask them to be fair, but ➔ disclosure of R/L/O makes us consider them but CAcert people want them to be fair. which means we have to deal with them!

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background One big result of this thinking process we required: ➔ a CAcert Community Agreement ● and it had to do following things:

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background a. make Members a mutually binding Community. b. to state the R/L/O c. to limit the liabilities ➔ 1000 Euros ➔ to *allocate the liabilities* back to the Members

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background How do we allocate the liabilities? ➔ By making our own „forum of dispute resolution“, ➔ agreeing to be bound to that resolution, ➔ writing a Policy to control that process: ==> Arbitration.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background Summary: The original “Why” of Arbitration: ➔ Audit (DRC) forced disclosure of Liabilities ➔ simple fix: limiting ➔ complex fix: allocation ➔ the safe and cheap way to allocate is: ➔ to use our own Arbitration (Last section discusses „How“.)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.