IT Data destruction audit proposal

Slides:



Advertisements
Similar presentations
Financial Monitoring Techniques
Advertisements

WHO, WHAT, HOW Your Internal Audit Team …by your side. …at your service. …in your best interests.
 Capacity Development; National Systems / Global Fund Summary of the implementation capacities for National Programs and Global Fund Grants For HIV /TB.
1 FACTA ID Theft Programs Auditing for Compliance Steven Nyren, CRCM Sheshunoff Consulting & Solutions BCAC Program – September 2008.
Internal Controls Protect resources against waste and fraud Ensure accuracy and reliability Secure compliance Evaluate the level of performance in all.
October 3, 2006TCBC Meeting October, 2006Slide 1 TCB Code of Practice Art Wall
Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Security Controls – What Works
S11: Risk Based Audit Approach. Session Objectives  To define audit risks and establish the relationship between materiality and audit risk  To discuss.
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
HEDIS Audit – Appropriate Monitoring and Oversight of Vendors Presenter: Yolanda Strozier, MBA Project Manager, EQRO Services.
OHSAS 18001: Occupational health and safety management systems - Specification Karen Lawrence.
Session 3 – Information Security Policies
ISO 9000 Certification ISO 9001 and ISO
Fraud Prevention and Risk Management
IT Service Delivery And Support Week Five IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA CISA CISSP) 1.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Consultancy.
SEC835 Database and Web application security Information Security Architecture.
Your Internal Audit Team …by your side …at your service …in your best interests.
NASC Presentation – March 2014 An Overview of Pennsylvania’s Internal Controls By: Anna Maria Kiehl, CPA State Comptroller/Chief Accounting Officer Governor’s.
Fraud & Internal Control Frank M. Klaus, CPA. Fraud Definition  Fraud is the misappropriation of assets for the benefit of an individual.  “Willful.
What is it? Why it is so important?
Financial management Management and control systems Training for Programme Operators March 2012.
Effort Reporting: Back to the Basics NCURA FRA 2013 New Orleans Patrick Fitzgerald Associate Dean for Research Administration Harvard University Faculty.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
FRAUD Students name: Professors name: Course: Date:
Chapter 5 Internal Control over Financial Reporting
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 4 – 1 Transaction Processing and the Internal Control.
Internal Audit’s Role in Compliance Laurisa Riggan, CPA, CHE Children’s Mercy Hospitals and Clinics September 26, 2000.
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Chapter 4 of the Executive Guide manual
Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.
Mechanical Integrity Written Procedures. Lesson Objectives  Describe Required Written Procedures for Establishing an MI Program  List Acceptable Sources.
Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.
How to audit the role of the vendor in the conduct of outsourced studies Kristel Van de Voorde Director Global Quality Regulatory Compliance Bristol-Myers.
May 14, 2014 Presented by Ken Shim. Background April CFPB issued Bulletin Federal Reserve, OCC and FDIC issued similar guidance on vendor.
College Reviews An Overview Presented by Howard Lutwak, CIA Director of Internal Audit January 2004.
IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can.
Development of a Clean Room/Highly Restricted Zone June 12, 2012 Thomas Garrubba - CVS Caremark; Manager, Technical Assessments Group ©2011 The Shared.
Doane Pet Care Company Pet Food Safety System (PFSS) M.W. Merkel September 23, 2003 Animal Feed Safety System Public Meeting.
Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.
Chapter 8 Auditing in an E-commerce Environment
Tracking Assets Spot Audit Inventory Accounting The University of Texas at Austin.
Accounting and Information Systems: a powerful combination.
Internal Controls For Municipalities Vermont State Auditor’s Office – August 2008.
 Standard format has been developed by SALGAG  Auditing compliance with s125, but restricted to specific components specified in s129.
Electric System Financial Results Financial Planning Budget and Rates Building Community Reliability Standard Advisory Service NERC Onsite Visit, Feb 2013.
Managed IT Services JND Consulting Group LLC
NANCY CHOBIN, RN, AAS, ACSP, CSPM, CFER CHOBIN & ASSOCIATES CONSULTING HOT TOPICS IN STERILIZATION AND DISINFECTION.
Copyright © 2011 Pearson Canada Inc. Auditing: The Art and Science of Assurance Engagements Chapter 2: The Public Accounting Profession.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Validus Auditor Training
Michael Romeu-Lugo MBA, CISA March 27, 2017
Errors, Fraud, Risk Management, and Internal Controls
Auditing Cloud Services
Safety Accountabilities
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Audit Plan Michelangelo Collura, Folake Stella Alabede, Felice Walden, Matthew Zimmerman.
Service & Vendor Provider Oversight
Internal Audit Overview UTHSC Business Managers’ Meeting
مبانی ممیزی فناوری اطلاعات
A+ A+ CORPORATION PRESENTS: INFORMATION TECHNOLOGY DEPARTMENT
Trading Supervision Obligations
Internal controls 01-Nov-2017.
Managing Federal grants
Neopay Practical Guides #2 PSD2 (Should I be worried?)
An overview of Internal Controls Structure & Mechanism
Presentation transcript:

IT Data destruction audit proposal Ryan Boyce, sheena Thomas, candace nelson, Jason wulf, folake stella alabede

CRS InfoSec Solution’s Proposed Objective and Scope Ensure effectiveness of the IT Data Destruction Policy and assess the sufficiency of associated controls and procedures Appropriate mechanisms to enforce and monitor adherence Compliance with Policy

Assets Subject to Audit Hard Drives RAM Removable Storage Devices

Risk 1: The Wrong Hardware is Identified for Destruction Preventive Controls Asset Inventory Management Tool Asset Tagging (e.g. Barcodes) Help Desk Ticketing Tool Detective Control Physical Inventory

Risk 2: Failure to Adequately Wipe Hardware Preventive Control Help Desk Ticketing Tool Detective Control Independent Sampling Mitigating Control Physical Destruction

Risk 3: Wrong Hardware Transferred to Vendor Preventive Controls Help Desk Ticketing Tool Service Level Agreement Detective Controls IT Oversight Certificate of Destruction

Risk 4: Vendor Fails to Adequately Destroy Equipment Preventive Controls On-Site Destruction Visual Verification Certificate of Destruction Service Level Agreement   Detective Controls Management Oversight

Other Controls to be Considered: Segregation of Duties Monitoring Independent Oversight of IT Physical Inventories Employee Training Independent Audits of Systems Asset Inventory Management Tool Help Desk Ticketing Tool Contract Audits (e.g. Compliance with SLA’s)

Wrap Up Global leader in IT GR&C consulting > 15 years experience Provides leading edge consulting services CISA, CISSP and COBIT certified auditors

Questions??

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.