GRC - A Strategic Approach

Slides:

Advertisements

Similar presentations

Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Advertisements

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”

Introduction to Enterprise Risk Management (ERM)

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.

Surviving an IT Audit: Five Lessons Learned Merritt Maxim CA Inc.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Oyinkan Adedun Adeleye Caitlyn Carney Tyler Nguyen.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Improving effectiveness of your tax operations 10 May 2012 CHARLOTTE RUSHTON MANAGING DIRECTOR, ASIA PACIFIC.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

HBCU National Workshop June 24, 2011 Disaster Recovery Reggie Brinson Assoc. VP/Chief Information Officer Clark Atlanta University.

GRC - Governance, Risk MANAGEMENT, and Compliance

David N. Wozei Systems Administrator, IT Auditor.

Delivering Security for Mobile Device and Mobile Application Management INSERT MSP LOGO HERE.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Private Cloud: Manage Data Center Services Business Priorities Presentation.

ERP For Payments Presented by: Greg Midtbo Oracle Corporation Industry Vice President Financial Services.

Project Portfolio Management Business Priorities Presentation.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Robert Mahowald August 26, 2015 VP, Cloud Software, IDC

Data Center Management Microsoft System Center. Objective: Drive Cost of Data Center Management 78% Maintenance 22% New Issue:Issue: 78% of IT budgets.

Management Information Systems Islamia University of Bahawalpur Delivered by: Tasawar Javed Lecture 3b.

GRC: Aligning Policy, Risk and Compliance

Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.

Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

Trinity Industries, Inc. FEI Presentation May 31, 2012.

ROLE OF ANALYTICS IN ENHANCING BUSINESS RESILIENCY.

Three Lines of Defense and Business Continuity February 18, 2016.

Business Continuity Planning 101

Blazent / ServiceNow Messaging Guide. Transforming data into actionable intelligence Improve business outcomes by contextualizing data to make informed.

Telephone : +234 (0) | Website : Registered company : Telephone : +234.

Cloud Professional Services Cloud Assessment Cloud Migration.

Performance Management

Challenges and opportunities for the CFO

Breakthrough Cloud Hosting

Cloud adoption NECOOST Advisory | June 2017.

CIM Modeling for E&U - (Short Version)

Citrix: Proactively Addressing Enterprise Wide Access Compliance with SAP® Access Violation Management Company Citrix Systems Inc. Headquarters Ft. Lauderdale,

Hybrid Management and Security

Reducing Cost and Risk During an Investigation

Speaker’s Name, SAP Month 00, 2017

SAP Access Violation Management by Greenlight

Microsoft SAM Managed Service Program

Transforming IT Management

Governance, Risk Management & Compliance (GRC) Market Share, Segmentation, Report 2024

Fundamentals of a Business Impact Analysis

Making Information Security Manageable with GRC

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Today’s Business Pain Points

Smart Team Making a Beautiful software

Presentation to the INTOSAI Working Group on IT Audit Systems assurance and data analytics for continued audit quality and improved efficiency of audits.

A Process View of the Supply Chain

JOINED AT THE HIP: DEVSECOPS AND CLOUD-BASED ASSETS

SERVICENOW GOVERNANCE, RISK, AND COMPLIANCE

Cloud adoption NECOOST Advisory | June 2017.

Risk Mitigation & Incident Response Week 12

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

MAZARS’ CONSULTING PRACTICE

Managing IT Risk in a digital Transformation AGE

KEY INITIATIVE Financial Data and Analytics

KEY INITIATIVE Finance Function Management

Capitalize on Your Business’s Technology

KEY INITIATIVE Internal Control and Technical Accounting

Presentation transcript:

GRC - A Strategic Approach Christy Thomas Sr. Cyber Security Advisor, Information Technology Group, Kuwait Integrated Petrochemical Industries Company (KIPIC)

Is GRC worth the investment ? What is GRC ? GRC Adds value to my business? GRC: Integration of Governances, Risks, Compliance and Control Activities to operate in synergy and balance. Is GRC worth the investment ? GRC: A continuous process which governs how management: Identifies and Protects against Risks. Monitor & Assess effectiveness of internal controls. Responds to Gaps. Improves by learning insights. What is GRC ? GRC: A strategy to create business value: Reduce cost. Eliminate operational inefficiencies. Rationalize controls. Identify and mitigate risks.

The Traditional Model Concerns: Oversight by Board of Directors and Executive Management Failure to Achieve Strategic & Operational Objectives Low Business Performance

Why do we need GRC Automation ? Use of spreadsheets to track compliance & manage risks Usage of homegrown soft tools Unable to adapt to changes in regulatory and risk requirements Hard to produce Audit reports Increase in expenses to manage compliance and risk Difficult to make timely and accurate reports

Operational Risk Management IT Risk Management GRC Segments: Operational Risk Management IT Risk Management IT Vendor Risk Management Management Planning & Business Continuity Audit Management Corporate Compliance and Oversight Enterprise Legal Management Courtesy: Gartner

IT Risk Management (ITRM) IT Risks: All IT Systems & Infrastructure, End Users that can create uncertainty in business flow Goal: Balance between operational and protection costs, without compromising business ITRM Solutions: Automate IT risk assessments, policy management, control and reporting IT Risk Elements

Maximize Business Value IT Risk Management - The Focus Minimize Cost People: Outsource, Optimize org. chart, Freeze headcount, Trim salaries/benefits etc. Technology: Rationalize applications, Use the cloud, Go digital, Reduce over-provisioning etc. Process: Streamline processing steps, Automate manual processes, Speed up existing automation, Simplify processes Maximize Business Value Improve quality of service Cloud for agility and flexibility Build competitive advantage Leverage digital business Innovate Minimize Risk Use accurate capacity planning Soft tools that enable fast problem resolution Cyber Security Framework and Policies

Maximize Business Value GRC - KIPIC Strategic Plans Minimize Cost: IT services and platforms in cloud Optimize staff strength K-SOC for cyber security alerts Shared resources for major incident response Local monitoring of cyber security visibility Maximize Business Value Buy only essential IT services and application Avoid home grown applications Real time end node protection Digitalization (end to end) Minimize Risk Cloud based back up and restore infrastructure Critical servers on prim IT & OT – joint team to address OT network security Security data analytics for continuous improvement

IT Vendor Risk Management (VRM) Why? Increased use and dependencies on service providers and IT vendors NECESSITATES a risk management program Benefit: Risk management programs HELPS to manage 3rd party risks with adequate controls, such as: Vendor performance, Security and Data protection Result: FAILURE to comply with strategic mandates cause significant repercussions in: -Audits -Regulatory compliance -Shareholder value -Corporate viability

IT Vendor Risk Management (VRM) In KIPIC, -We use VRM process to ensure IT service providers and IT suppliers are not a threat to business performance. What do we do ?: -Assess, Monitor and Manage the risk exposure from third-party IT suppliers and IT service providers or whoever has access to enterprise information. VRM Sequence

Operational Risk Management (ORM) ORM focuses on risks that relate to: Uncertainty of daily tactical business activities Resulting from failed processes/people/systems External events ORM Software Applications: (ORM Software Eg. RSA Archer, Oracle Financial Reporting Compliance Cloud etc..) Aggregate and normalize data of multiple data sources. (operational, financial, regulatory alerts, incidents etc.) Identify, assess and address operational risks across all departments of the business Courtesy: Gartner

Business Continuity Management Plng. Coordinate, Facilitate and Execute tasks that can identify: Business disruptions Disaster recovery Respond to disruptive events Recover critical business operations Automate: Risk assessment Business impact analysis (BIA) Recovery plan and invocation

Q&A Thank you