Ashutosh Pednekar, FCA, CISA, ISA (ICA), LLB (Gen), B.Com. Partner, M P Chitale & Co. November 6, 2007 IRDA – ICAI Round Table Meeting on Insurance Industry.

Slides:

Advertisements

Similar presentations

Conducting your own Data Life Cycle Audit

Advertisements

ETHICAL HACKING A LICENCE TO HACK

Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski.

CHIEF FINANCIAL OFFICER

photo CFO Award Mr. Anuj Mathur - FCA 92466

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

A © 2001 Arthur Andersen. All rights reserved. The Accountants Role in the New Economy Robert A. Johnson February 5, 2001.

1 IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1,

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Module N° 7 – Introduction to SMS

Public B2B Exchanges and Support Services

ES Sales Learning & Performance Processing Options.

REVENUE IMPACT OF OPTIMIZED NETWORKS Egbert Clarke Vice President International Business.

EMS Checklist (ISO model)

1 Dr. Ashraf El-Farghly SECC. 2 Level 3 focus on the organization - Best practices are gathered across the organization. - Processes are tailored depending.

Copyright 2007 EcoSys Management LLC All Rights Reserved. Confidential and Proprietary Information. 1 Integrating Financial Management with Project Management.

Effective Contract Management Planning

New Products for © 2009 ANGEL Learning, Inc. Proprietary and Confidential, 2 Update Summary Enrich teaching and learning Meet accountability needs.

Evaluating administrative and institutional capacity building

1 The Antecedents of Internal Auditors Adoption of Continuous Auditing Technology: Exploring UTAUT in an Organizational Context Ray Henrickson CAIT, CACISA.

Internal Control–Integrated Framework

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

Member Training ALARM South East - November 2007 Abigail Simpson and Bob Ellison.

The New Regulatory Policy Landscape Dr Dianne Orr Australian Skills Quality Authority.

System Testing 2  Effective March 3, 2014, new requirements for system testing were implemented  State Agencies are now required to provide to FNS:

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

© May not be reproduced without permission of Financial Ombudsman Service Ltd 1 what is “information risk” and what should we be doing about it? Christina.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.

© Prentice-Hall of India Private Limited, All rights reserved.1 Financial Accounting: A Managerial Perspective Second Edition Prepared by R. Narayanaswamy.

Building an EMS Database on a Company Intranet By: Nicholas Bollons Sally Goodman.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

Outsourcing Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Spreadsheet Management. Sarbanes-Oxley Act (SOX, 2002) Requires “an effective system of internal control” for financial reporting in publicly- held companies.

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

SEC835 Database and Web application security Information Security Architecture.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

Overview of Systems Audit

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Chapter Three IT Risks and Controls.

David N. Wozei Systems Administrator, IT Auditor.

Security Architecture

Looking beyond the obvious!! HOW SECURE IS BANKS’ CORE DATA? Prashant Pande Head Professional Services IDBI Intech Ltd.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

The Minnesota State Colleges and Universities system is an Equal Opportunity employer and educator. Information Technology Enterprise Strategic Investment.

Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Raya for Information Technology. About US  Raya IT, established in 1998, operates in the field of systems integration and IT business solutions.  A.

Risk Management for Small & Medium Sized Enterprises

Mark Gilbert Microsoft Corporation Services Taxonomy Building Block Services Attached Services Finished Services.

Introduction to ITIL and ITIS. CONFIDENTIAL Agenda ITIL Introduction  What is ITIL?  ITIL History  ITIL Phases  ITIL Certification Introduction to.

Protecting your Managed Services Practice: Are you at Risk?

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Win Phillips, Ph.D Win Phillips, Ph.D. Clinical Assistant Professor University of Missouri Columbia, MO.

MS in IT Auditing, Cyber Security, and Risk Assessment

Data and database administration

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Unit 7 – Organisational Systems Security

AMI Security Roadmap April 13, 2007.

Presentation transcript:

Ashutosh Pednekar, FCA, CISA, ISA (ICA), LLB (Gen), B.Com. Partner, M P Chitale & Co. November 6, 2007 IRDA – ICAI Round Table Meeting on Insurance Industry IS Audit & IT systems in Insurance Industry

© Ashutosh Pednekar, M.P.Chitale & Co. 2 Acknowledgements Material published by Information Systems Audit & Control Association (ISACA) – the leading association of professionals in Information Systems (IS) Audit, Control, Security & Governance Thoughts of Mr.Samir Shah, CFO, HDFC General Insurance Co. Ltd. & Ms.Anagha Thatte, Partner, M P Chitale & Co.

© Ashutosh Pednekar, M.P.Chitale & Co. 3 Disclaimers No representation or warranties are made by the ISACA with regard to this presentation by Ashutosh Pednekar. ISACA has no responsibility for its contents. These are my personal views and can not be construed to be the views of M/s. M. P. Chitale & Co., Chartered Accountants or IRDA or ICAI. These views do not and shall not be considered as professional advice. This presentation should not be reproduced in part or in whole, in any manner or form, without my written permission.

© Ashutosh Pednekar, M.P.Chitale & Co. 4 IT systems in Insurance Industry Need to cater to two broad segments Policy Management Premium / Commission / Claims / Opex Fund (Investment) Management Needs of the industry Flexibility & scalability to handle complexities of existing & new products various delivery channels Regulatory compliances and its reportings Integration capabilities between multiple systems Robustness a labour intensive industry with wide geographical spread Availability

© Ashutosh Pednekar, M.P.Chitale & Co. 5 Growing Complexities & Pressures are Increasing Risks... Increased Operationa l Risk Market Convention Regulatory Demands Increased Transaction Volumes Complex Instruments and Strategies Increasing HR Complexities Reliance on Technology & Information Systems

© Ashutosh Pednekar, M.P.Chitale & Co. 6 Business Process & Information Assets These two are inextricably linked. Each Business Process leads to Creation of Information at every stage Storing it Updating on real-time basis Using it Protecting from misuse – intentional or otherwise

© Ashutosh Pednekar, M.P.Chitale & Co. 7 = Data and information embedded/stored in Data Information and IT Resource Management Enterprise-wide Information Assets Knowledge Management (Digitizing Knowledge) Knowledge Management (Digitizing Knowledge) ComputersPeople

© Ashutosh Pednekar, M.P.Chitale & Co. 8 IS Risk Management Objective : likelihood intensity Minimizing likelihood (frequency) and intensity (business impact) of loss of : confidentiality C integrity I availability A of information. CIA …. the CIA Principle

© Ashutosh Pednekar, M.P.Chitale & Co. 9 CIA - Vulnerabilities & Exposures Confidentiality Information Manipulating processes Competitors Integrity Availability HackersSystems Bugs Acts of God Users Human errors

© Ashutosh Pednekar, M.P.Chitale & Co. 10 IS Audit Initial Steps Assess reliance placed by the Management on the system efficacy & the reliance placed by them on IT systems to take managerial decisions take operating level decisions conduct operations Get a feel of the IS Risk as perceived by the Top Management

© Ashutosh Pednekar, M.P.Chitale & Co. 11 IS Risk Mitigation : Building Blocks Building Blocks Business Process Reengineering Management, Planning & Organization of IS Business Application Systems & Controls Systems Development Life Cycle Disaster Recovery & Business Continuity Protection of Information Assets Technical Infrastructure & Operational Practices

© Ashutosh Pednekar, M.P.Chitale & Co. 12 IS Audit Areas Compliance with IS Security Policy & Procedures Includes an assessment of the understanding of the policy & procedure requirements across the organization Hardware Monitoring Sizing Upgradations

© Ashutosh Pednekar, M.P.Chitale & Co. 13 IS Audit Areas… Software – core as well as end-user applications Licensing Version Control Upgradations Patch implementation

© Ashutosh Pednekar, M.P.Chitale & Co. 14 IS Audit Areas… Logical Controls Need to do basis Controls have to be for data as well as programs Authorization protocols Conflict of interest, if any to be identified Physical Controls Network management

© Ashutosh Pednekar, M.P.Chitale & Co. 15 IS Audit Areas… Operations Management Within data center At Ops level At corporate level At branches & outlets With field staff Controls over outsourced agencies have to be equally stringent, if not more Focus on vulnerabilities at the agency level Adequacy of SLAs BCP / DRP

© Ashutosh Pednekar, M.P.Chitale & Co. 16 IS Audit Methodology is achieved by Key Controls by focusing on Summary of IT Goals that satisfies the Business Requirements for IT Control over the IT Processes is measured by Key Metrics C OBI T ® Technique

© Ashutosh Pednekar, M.P.Chitale & Co. 17 IS Audit value adds Vetting the IS Policy & Procedures for their adequacy Functionality Reviews Pre Implementation Reviews Post Implementation Reviews Source Code Audit Ethical Hacking / Penetration Testing

© Ashutosh Pednekar, M.P.Chitale & Co. 18 Thank you :