Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor.

Slides:



Advertisements
Similar presentations
ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
Advertisements

Internal Controls What Are They And Why Should I Care? 1.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
October In May 2000, Walkerton’s drinking water system became contaminated with deadly bacteria, primarily Escherichia coli O157:H7.1 Seven people.
PCard Program Roles and Responsibilities Review Karen Brookbanks, C.P.M., CPPB.
SIU School of Medicine Identity Protection Act and Associated SIU Policy.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Audit Considerations of Data Center Consolidation Jon Ingram Audit Manager Information Technology Audits Florida Auditor General 1.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Security Controls – What Works
Developing a Records & Information Retention & Disposition Program:
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Expect the Unexpected Planning the Scope of an IT Performance Audit Robin Garity, C.P.A., C.I.S.A. October 2014.
Purpose of the Standards
ISO 9000 Certification ISO 9001 and ISO
BRIEFING TO THE PORTFOLIO COMMITTEE ON THE DPSA’S RISK MANAGEMENT STRATEGY PRESENTATION TO THE PORTFOLIO COMMITTEE 12 MAY
SAS 112: The New Auditing Standard Jim Corkill Controller Accounting Services & Controls.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.
Foundation Financial Services Post Award Nancy Gomez Post Award Analyst.
Audit and Fiscal Oversight Responsibilities VAVRINEK, TRINE, DAY & CO., LLP December 15,2010.
Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.
Roles and Responsibilities
NO FRAUD LEFT BEHIND The Effect of New Risk Assessment Auditing Standards on Schools Runyon Kersteen Ouellette.
ASA (FM&C) 1 Department of the Army Mass Transportation Benefit Program (MTBP) Outside the National Capital Region (NCR) Guidance for Program Points of.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
The 2009 HIMSS Security Survey: Insights into the Status of Healthcare Security Implementation sponsored by Symantec Meeting of the HIT Standards Committee,
1 IT Security in the Commonwealth Sam A. Nixon Jr. Chief Information Officer of the Commonwealth Michael Watson Commonwealth Chief Information Security.
P- Card Training South Seattle Community College October 11, 2007.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Webinar for FY 2011 i3 Grantees February 9, 2012 Fiscal Oversight of i3 Grants Erin McHughJames Evans, CPA, CGFM, CGMA Office of Innovation and Improvement.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Value Management Group International, LLC : Vendor Reviews, RFP Management and Contract Negotiations August 6, 2002VM G I.
UWM CIO Office Institutional Data Privacy and Security Presenter: Steve Brukbacher, Information Security Architect Moderated by: Bruce Maas, CIO November.
The Privacy Symposium – Summer 2008 Identity Theft Resource Center Jay Foley, Executive Director Presents: Privacy: Pre- and Post-Breach © Aug 2007.
ANTI-MONEY LAUNDERING COMPLIANCE PROGRAM FCM TRAINING
College Reviews An Overview Presented by Howard Lutwak, CIA Director of Internal Audit January 2004.
© 2011 Delmar, Cengage Learning Part IV Control Processes in Police Management Chapter 12 Control and Productivity in the Police Setting.
Flow of ISMS endeavors based on the PDCA cycle Raise staff awareness ① Confirmation of work flow in relation to the transfer of media Create a work flow.
ISO/IEC 27001:2013 Annex A.8 Asset management
1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.
1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Welcome. Contents: 1.Organization’s Policies & Procedure 2.Internal Controls 3.Manager’s Financial Role 4.Procurement Process 5.Monthly Financial Report.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
Washington State Auditor’s Office Third Party Receipting Presented to Washington Public Ports Association June 2016 Peg Bodin, CISA.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
© 2011 Michigan State University and United Nations Industrial Development Organization, original at CC-BY-SA Suppliers Performance.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Nassau Association of School Technologists
Strategies in the Game of
Making Telework Work Erin Frisch, Child Support Director,
CPA Gilberto Rivera, VP Compliance and Operational Risk
Best Practices for Helping Foster Youth
Multnomah Education Service District
Multnomah Education Service District
Understanding an External Federal Financial Statement Audit
Careers in IT.
People Responsible For Health and Safety
Bob Siegel President Privacy Ref, Inc.
Move this to online module slides 11-56
RECORDS AND INFORMATION
Compliance….GlobalSearch……WHAT?!?!
Colorado “Protections For Consumer Data Privacy” Law
Security Policies and Implementation Issues
Presentation transcript:

Dodi Smith C.P.A., C.I.S.A Information Security Manager Michigan Office of the Auditor General Information Security & The Auditor

– Overview of Michigan – Information Security, Why Should We Care – Michigan’s Ongoing Information Security Efforts – Information Security: Before an Audit As We Audit Finishing An Audit Program Outline

A little about Michigan… State of Michigan – 18 Executive Branch Departments – 47,000+ state employees – $48.7 billion budget – 1.6 million recipients of food assistance – 1.9 million residents in the Medicaid program – 13,000 children in foster care – 1.6 million pupils – 5 million individual income taxpayers – 43,000+ prisoners – 530,000 customers in the retiree system

A little more about Michigan… Michigan Office of Auditor General – 136 employees – $20 million budget – Audits FY 2014 thru August 20 financial/single audit 33 performance 6 follow-up reports 17 contract audits

A little about me… – My role includes… Develop overall security strategy Develop policy and procedure Designated liaison with state departments for information exchange Security Awareness

What is the big deal about information security? According to PrivacyRights.org, to date in 2014, government agencies are responsible for 19 known data breaches.

Breaking down the numbers  72,358 is the number of KNOWN records that contained either bank information, credit card information, and/or ssn  The 72,358 records came from only 6 of the breaches. The other 13 breaches they were not able to measure the number of records or individuals impacted

Information is our Business The ability to obtain and analyze data has improved our audit efficiency. Data Analytics: – Better Quantify Issues – Gain a better understanding of risk – Increase/strengthen audit coverage – Facilitate discussion But we need data to realize these improvements.

With the Information Access Comes GreatER Responsibility.

Understand & Accept Responsibilities: Trustworthy Custodians Consistent interpretation and application of policies & procedures Endorse good data management practices Appropriate Disclosure

Behind the Scenes Office of Information Technology Firewalls Encryption Anti-virus Spam filters Monitoring Tools Security Awareness

Information Security Before We Audit Research applicable laws governing the data Access forms and security agreements Only request the data you need Process if you are denied access to data

Information Security As We Audit Follow policies and procedures Ensure safe handling, storage, access, and transfer Immediately report any security incidents

Information Security Finishing An Audit Ensure only necessary information is retained Ensure appropriate destruction of data Ensure all system access is removed Provide any required destruction notifications

Ongoing Challenges Increased Threats Maintaining the balance security and productivity Keeping Information Security Fresh

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.