The Evolution of IT Risk & Compliance February 2012 Rosalyn Ellis, CRISC Susan Hoffman, CISA,CGEIT 1.

Slides:



Advertisements
Similar presentations
1 Welcome Training Programme Karachi Training Plan The objective of the workshop is to initiate the establishment of a training programme The.
Advertisements

Organizational Governance
. . . a step-by-step guide to world-class internal auditing
Program Management Office (PMO) Design
Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Unit 8: Tests, Training, and Exercises Unit Introduction and Overview Unit objectives:  Define and explain the terms tests, training, and exercises. 
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
Purpose of the Standards
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
Electronic Discovery (eDiscovery) Chad Meyer & John Vyhlidal ConAgra Foods.
Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models
Chicagoland IASA Spring Conference
D-1 McGraw-Hill/Irwin ©2005 by the McGraw-Hill Companies, Inc. All rights reserved. Module D Internal, Governmental, and Fraud Audits “I predict that audit.
Transparency, Efficiency & Accountability Why change something that works?  Drivers ◦ Government organization changes ◦ Legislative changes ◦ Compliance.
Lecture #9 Project Quality Management Quality Processes- Quality Assurance and Quality Control Ghazala Amin.
Roles and Responsibilities
Implementing and Auditing Ethics Programs
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Software Project Management
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
DEFINITION Quality assurance is the process of verifying or determining whether the products or services meet or exceed the customers expectations. Quality.
1 Implementing a Business Management System compliant to ISO 9001:2000.
Continuous Auditing Continuous Monitoring Of Business Controls Discussant’s Comments Presented by: Clyde Rogers – October, 2005.
1 Co-operation in Implementing Internal and External Audit in the Republic of Moldova Gh. Cojocari Court of Accounts (CoA) Chisinau, June 2007.
Adaptive Processes Consulting Pvt. Ltd. An ISO 9001:2000 Certified Company This document is the property of and proprietary to.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
WORLD ALLIANCE OF YMCAS ASIA AND PACIFIC ALLIANCE OF YMCAS (APAY) GENERAL ASSEMBLY – SEPTEMBER 2011.
Understanding the EHS Management System Development Process David Downs President EHS Management Partners,Inc.
Information Security IBK3IBV01 College 3 Paul J. Cornelisse.
ISMS Implementation Workshop Adaptive Processes Consulting Pvt. Ltd.
SYNOPSIS  ICS Overview  Business drivers  Investment Objectives  Benefits  CRM Software  Team strategy.
Company: Cincinnati Insurance Company Position: IT Governance Risk & Compliance Service Manager Location: Fairfield, OH About the Company : The Cincinnati.
12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)
Good Practices to Reduce Forced and/or Child Labor in Supply Chains Part 2.
Continuous Monitoring and Gaining External Audit Reliance.
Year 2000 Project Outline Alex Khassin AM Computers.
PIC EU-28 Conference Paris, 26 – 27 November 2015 PIC An EU Approach Assurance Maps An Introductory workshop Nathan Paget United Kingdom.
CLOUD-BASED VIDS A CIO’S PERSPECTIVE Stephen Alford, CIO WEP, Inc.
1 Introducing the ARC: The New Performance Appraisal Tool for RCs and UNCTs March 2016.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
AUDIT STAFF TRAINING WORKSHOP 13 TH – 14 TH NOVEMBER 2014, HILTON HOTEL NAIROBI AUDIT PLANNING 1.
© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.
The New Performance Appraisal Tool for RCs and UNCTs
IS4680 Security Auditing for Compliance
OBAFEMI AWOLOWO UNIVERSITY (OAU) ICT-DRIVEN KNOWLEDGE PARK
Service Owner: Andrea Beesing 9 February 2016
IS4680 Security Auditing for Compliance
Software Requirements
Self Identified Issues
Project proposal for ISO 27001:2013 implementation
Office 365 Security Assessment Workshop
Quality Department
Structure of the Internal Audit Service
Head, International Trade Department
Sarbanes-Oxley Act (404) An IT Viewpoint
for the year ended 31 December 2016
IS4680 Security Auditing for Compliance
Taking the STANDARDS Seriously
Executive visibility to critical business assets
Data Governance & Management Skills and Experience
KEY INITIATIVE Internal Control and Technical Accounting
Process and Procedure Documentation
Presentation transcript:

The Evolution of IT Risk & Compliance February 2012 Rosalyn Ellis, CRISC Susan Hoffman, CISA,CGEIT 1

Achieving SOX Compliance Developed set of control requirements  Application Change Management  Application & Data Security Documented existing controls and processes Established new controls and processes 2

Issue at hand... Review, assess, consider materiality of issues, priority, determine level of audit issues/complexity to close gaps Evaluated and documented IT controls Clarified “ownership” for the controls New applications / solutions introduced to environment requiring proper controls 3

Established a team… Purpose  implement according to policy  audit to the policy Partners with... Internal & External Audit teams Determine needed IT controls Define how to test the controls IT staff: Build compliance into IT solutions Determine ways to align compliance efforts with IT initiatives 4

IT Risk & Compliance… Assembled list of IT controls according to policy identifying specific frequency and owners Established Self-Audit Program Conduct self-audit test on each IT control Identifies gaps with the existing IT controls Provides for auditor reliance on self-audit results 5

6

Benefits of Self-Audit Program The IT Organization Assumes responsibility for the IT controls Gains confidence that IT controls and processes are effective and efficient Identifies control weaknesses in advance of Internal or External Audit tests Identifies process improvements with current controls and processes 7

Benefits of Self-Audit Program 8

Beyond Self-Audit Concepts Database Activity Monitoring (DAM)  Explore other uses for current tool Business Processes comply with eDiscovery requirements Self Audit of Business Application SOA Architecture Self Audit of Mobile Applications 9

Expanding Self-Audit Concepts Coordinate Assessments  Internal Risk Assessments  3 rd Party Assessments Current Topics & Technology  Cloud Computing  PII  PCI 10

Questions? 11

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.