James Nobles| Legislative Auditor

Slides:



Advertisements
Similar presentations
Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.
Advertisements

Introduction to Enterprise Risk Management (ERM)
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.
Building a Better Business Model Start with a discussion of Risk Higher Education Policy Commission Board of Governors Summit August 2, 2014.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Internal Auditing and Outsourcing
Corporate Governance in Financial Institutions OCDE/IAIS/ASSAL Conference on Insurance Regulation & Supervision in Latin America Punta Cana, Dominican.
Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.
An Auditor’s Perspective
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Auditing Information Systems (AIS)
Commonwealth of MA - ITIL Implementation Government Technology CTO Conference March 20, 2006 Bethann Pepoli, Deputy CIO.
Evolving IT Framework Standards (Compliance and IT)
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Chapter Three IT Risks and Controls.
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Service Transition & Planning Service Validation & Testing
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.
16 1 Installation  After development and testing, system must be put into operation  Important planning considerations Costs of operating both systems.
Change and Patch Management Controls
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
Core Banking Transformation: A Roadmap to a Successful Core Banking Product Implementation - PMI Virtual Library | | © 2008 Kannan S. Ramakrishnan.
McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
Chapter 8 Auditing in an E-commerce Environment
Screening activities Mike E. Farrell James E. Bartlett and Ghislaine C.Y. Gillessen Munich, January 2014.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
CMGT 442 TUTOR The power of possibility/cmgt442tutordotcom.
Auditors’ Dilemma – reporting requirements on Internal Financial Controls under the Companies Act 2013 and Clause 49 of the Listing agreement V. Venkataramanan.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
An Approach To Developing a PMO A Case Study
ITIL: Service Transition
7.4 Control Costs The process of monitoring the status of the project costs and managing changes to the cost baseline. Involves updating the project budget.
The Importance of an AML Programme
An Overview on Risk Management
ENTERPRISE RISK MANAGEMENT IN THE CASE OF THE FINANCIAL SERVICE SECTOR
Chapter 4 Internal Controls McGraw-Hill/Irwin
Presentation to the Portfolio Committee on Finance
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Self Identified Issues
Auditing Application Controls
CMGT 442 Competitive Success/tutorialrank.com
CMGT 442 Education for Service-- tutorialrank.com.
IT Development Initiative: Status and Next Steps
Enterprise Risk Management
IS4550 Security Policies and Implementation
IS4680 Security Auditing for Compliance
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
IS4550 Security Policies and Implementation
Information Security Risk Management
Legislative-Citizen Commission on Minnesota Resources July 18, 2018
INFORMATION SYSTEMS SECURITY and CONTROL
Tim Grow, CPA Charleston Office Managing Shareholder
Cyber security Policy development and implementation
Instrument PDR Summary of Objectives
Statement of Auditing Standard No. 94
Pillars of Internal Controls Part 1
IS Risk Management Framework Overview
IS4680 Security Auditing for Compliance
An Update of COSO’s Internal Control–Integrated Framework
Standing committee on the Auditor-General
IT OPERATIONS Session 7.
30 January 2014 Department of Agriculture, Forestry and Fisheries (DAFF) Briefing to the Portfolio Committee.
Information Resource & Security Management www. oti. fsu. edu www
Security Policies and Implementation Issues
SECURITY AND RISK MANAGEMENT CONSULTANT
Presentation transcript:

State Government Finance and Policy and Elections Committee Briefing January 23, 2018 James Nobles| Legislative Auditor Christopher Buse | Deputy Legislative Auditor

Why IT Change Management? Dependence Nearly All Critical Government Services Rely on Information Technology Complexity IT Systems Have A Wide Array of Interconnected Hardware and Software Components Fragility Changes to Any Interconnected Components Can Lead to System Failures

The Discipline Criteria Vendors Compliance Generally Accepted Best Practice Criteria Exist Vendors Vendor Products Help Organizations Implement IT Change Management Best Practices Compliance IT Change Management Requirements Embedded in Regulatory Frameworks

IT Change Management Process Change Request Planning Approval Implementation Closure IT Change Management Process What Why Risks Detailed Plan Testing Back-out Process Risk Analysis Change Advisory Board Assess Success Initiate Back-out Document Results Goal: Avoid Change-related Disruptions to Services

Conclusion Generally adequate controls over IT change management Enterprise policies and standards Policies and standards are being followed Several systemic issues Inadequate Adequate

Finding 1 Disparate change management software products and processes Make it difficult to diagnose problems Increase the likelihood of change-related failures OLA recommends more closely integrating disparate change management processes and software products

Finding 2 MNIT lacks key controls to detect unauthorized changes Few automated processes to detect unauthorized changes Inability to monitor compliance with security and regulatory baselines OLA Recommends that MNIT deploy specialized software to improve its ability to detect unauthorized changes

Questions? James.Nobles@state.mn.us Chris.Buse@state.mn.us

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.