Internal Risk Assessments and Corrective Action Planning IT Decentralized Risk Assessment Corrective Action Planning Workgroup February, 2010.

Slides:



Advertisements
Similar presentations
MONITORING OF SUBGRANTEES
Advertisements

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
1 NORTH CAROLINA COUNCIL OF INTERNAL AUDITING October 31, 2007.
Arizona Department of Homeland Security SAA Site Monitoring 6 th Annual Homeland Security UASI Conference May 2012 May 2012 Governor Janice K. BrewerDirector.
Software Quality Assurance Plan
School Board Audit Committee Training Module 7 Evaluation of the Audit Committee 1.
A Multi-Year Improvement System and Schedule
A Presentation on the Management and Curriculum Audit for the Guam Public School System April 14, 2009.
1 Guidance for the American Recovery and Reinvestment Act of 2009 By David G. Bullock, Partner Macias Gini & O’Connell LLP.
Compliance Application Notice Process Update and Discussion with NERC MRC.
BUSINESS PROCESS IMPROVEMENT INITIATIVES Chad Cleveland June 18, 2014 BAAF Meeting.
INTERNATIONAL BEST PRACTICES IN ON-SITE INSPECTIONS OF INSURERS Thomas E Power Senior Manager, Emerging Market Practice Bearing Point.
Data Ownership Responsibilities & Procedures
Introduction & Background Laurene Christensen National Center on Educational Outcomes National Center on Educational Outcomes (NCEO)
What is Program Management?
Office of Inspector General (OIG) Internal Audit
NDSU RECORDS MANAGEMENT INITIATIVE December 2007 PowerPoint.
Audit Program: Introduction. Our role Located within the Tasmanian Archives and Heritage Office (TAHO), the Government Recordkeeping team.
Florida Industrial Security Workgroup Self-Inspections What are Self-Inspections Why should Self-Inspections be conducted When should Self-Inspections.
On Site Review Process Office of Field Services.
Information Security Training for Management Complying with the HIPAA Security Law.
Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security
ISM Workshop 1 Independent Oversight Perspectives Michael A. Kilpatrick Deputy Director Office of Security and Safety Performance Assurance.
Thailand’s National Statistics Development Strategy Issues to be discussed in the meeting.
NCHPS Fall Meeting CFR Part 37 Update. Reference: IMPLEMENTATION GUIDANCE FOR 10 CFR PART 37 PHYSICAL PROTECTION OF BYPRODUCT MATERIAL CATEGORY.
Erica Cummings Grant Coordinator 1.  The New Mexico Department of Homeland Security and Emergency Management (DHSEM) is responsible for:  Monitoring.
Progress Report to the PSC Steering Committee INTOSAI PSC Subcommittee on Internal Control Standards SAI of Poland (NIK) June 2011, Wellington.
A DEPARTMENTAL PERSPECTIVE Drive Value through Compliance with the Green Book – Stop Checking the Box.
Internal Audit’s Role in Compliance Laurisa Riggan, CPA, CHE Children’s Mercy Hospitals and Clinics September 26, 2000.
Agency Risk Management & Internal Control Standards (ARMICS)
Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.
1 Economic Directorate’s Quality Audit Program Steven S. Klement Office of Statistical Methods and Research for Economic Programs.
Instructional & Information Technology Services Fall, Activities and Updates Teresa Macklin Information Security Officer Information Security.
AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.
Session 15 Self-Evaluation Tools to Jump Start and Sustain Your Cycle Of Compliance and Institutional Effectiveness Michael D. Cagle School Outreach Division,
Requirements for Public Computer Centers (PCCs) in the Broadband Technology Opportunities Program (BTOP) under the American Recovery and Reinvestment Act.
On Site Review Process Office of Field Services Last Revised 8/15/2011.
Solutions Within Reach
University of Minnesota Internal\External Sales “The Internal Sales Review Process” An Overview of What Happens During the Review.
Surviving an Audit Jeffrey Silber Cornell University March 14, 2013.
1 The Future Role of the Food and Veterinary Office M.C. Gaynor, Director, FVO EUROPEAN COMMISSION HEALTH & CONSUMER PROTECTION DIRECTORATE-GENERAL Directorate.
Innovation Software Corporation's Cultural Awareness Training Program Presentation by:
ISMS Implementation Workshop Adaptive Processes Consulting Pvt. Ltd.
Purpose of Volunteer Selection The primary purpose of volunteer screening is the protection of the youth enrolled in our programs, our volunteers and our.
Core Strategy Dublin City Development Plan
South Hunterdon Regional School District Consolidated Monitoring Report (CMR) Presentation to the SHRSD Board of Education on October 26, 2015 Audit from.
Compliance Update Larry Grimm ERCOT Compliance To The ERCOT Board of Directors September 20, 2005.
The United States Trade Representative  Is an agency within the Executive Office of the President  Approximately 200 people work at USTR  Negotiate.
Valiants Verify Compliance Program Judith W. Spain, J.D., CCEP ® Chief Ethics and Compliance Officer General Counsel (Effective March 2016) 1.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
Audit Committee Update CAFR Assistance Project March 25, 2010.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
1 Presented by David Thompson, TIA December 14, 2005 NFPA 1600 and Emergency Communications.
Arizona Department of Education Transitioning from the Past into the Future Prevention, Detection, and Investigation Leila E. Williams, PhD Associate Superintendent.
Session objectives After completing this session you will:
IT Audit Processes and Audit
NYSICA 2016Membership survey
COIT Planning & Budgeting
Securing Critical Assets: Arizona’s Security & Privacy Initiatives
Needs Assessment Proposal
Self Identified Issues
Background (history, process to date) Status of CANs
Jennifer Stradtman, Director, Technical Barriers to Trade
Risk Management: why and how to protect your health center
Preparing for Title IIA Monitoring Review (FY15)
What is IT audit? An examination of how IT systems where implemented to ensure that they meet the organization’s business needs without compromising.
Kenya Mann Faulkner Chief Ethics & Compliance Officer April 2019
Management commitment and responsibility Safety accountability of managers Appointment of key safety personnel SMS Implementation Plan Coordination.
Presentation transcript:

Internal Risk Assessments and Corrective Action Planning IT Decentralized Risk Assessment Corrective Action Planning Workgroup February, 2010

Objectives Put the risk assessments in context Lay out the timeline for corrective actions Identify corrective action planning resources Provide a general “road map”

Background Risk assessments conducted 2009 –By University Audit & Advisory Services Q2 2009: Decentralized IT Risk Assessment Q3 2009: Centralized IT Risk Assessment –Reported to ABOR –Referenced in report to Auditor General’s Office

Auditor General’s Office said… According to officials, the university intends to monitor compliance with the information security program through its risk assessments. In fiscal year 2009 the university’s [University] Audit and Advisory Services completed two risk assessments, however ASU is still developing a plan for monitoring information security program compliance, including mechanisms for responding to noncompliance and holding departments accountable.

ASU proposed… Decentralized –University-wide training, departmental outreach –Schedule Initial Risk Assessment – Q Evaluate/Develop Corrective Action Plan – Q Conduct Corrective Action Plan – 12/2009 through Q Follow-up Risk Assessment – Q Evaluate/Develop Corrective Action Plan – Q4 2010

ASU proposed… Centralized –Follows the same model –Schedule Initial Risk Assessment – Q Evaluate/Develop Corrective Action Plan – Q Conduct Corrective Action Plan – Q Follow-up Risk Assessment – Q Evaluate/Develop Corrective Action Plan – Q4 2010

Decentralized risk assessment DRA summarized 20 points of concern –Units differ in points to be addressed –Each unit may require its own plan ASU has… –Convened a working group Reviewed items requiring additional action Identified ASU-wide/departmental corrective actions Identified areas where UTO can assist Finalized the corrective action plan –Developed security awareness training For faculty/staff/employed students Addresses most of the 20 points Available through Blackboard now –Drafted a guide for unit responses

The road map Review your survey responses –1, 5, 8, 10, 18-19, 21, 23-25, 27-28, 31-32, 35, 37-38, 47, 49-50, 64, 68 –Scores of 4 or 5 Refer to the CAP guide – Walkthrough – your survey –If you have more than one, just pick one

The road map Promote the GISA training to your personnel –Details: –Include topic reinforcements in announcement Coordinate with UTO where needed –Web application scanning –Disaster Recovery plans –Potentially useful centralized services –Service Desk (feedback survey) Draft departmental documentation if needed –Business Continuity plan –Incident Response procedures

The road map Timeline –February: Training, planning, resource gathering –March: Completion –April: Follow-up risk assessments

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.