Motorola GSD Self-Audits How does it work / what do we do? –1.) What is an audit? –2.) What is the procedure? –3.) What are the “judgement parameters”

Slides:



Advertisements
Similar presentations
The New GMP Annex 11 and Chapter 4 Deadline for coming into operation: 30 June 2011.
Advertisements

Proposal to provide audit services to Vivacity Culture and Leisure October 2010.
Process and Procedure Documentation. Agenda Why document processes and procedures? What is process and procedure documentation? Who creates and uses this.
Copyright 2010, The World Bank Group. All Rights Reserved. Statistical Project Monitoring Section B 1.
TITLE OF PROJECT PROPOSAL NUMBER Principal Investigator PI’s Organization ESTCP Selection Meeting DATE.
More CMM Part Two : Details.
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)
Managing Contractor Safety Operator Forum. Roundtable Goals PICS – The Nature of the Consortium – An Operator’s Perspective (Tommy Braaten) Services –
SE 450 Software Processes & Product Metrics Assessments.
Quality evaluation and improvement for Internal Audit
Office of Inspector General (OIG) Internal Audit
10.5 Report Performance The process of collecting and distributing performance information, including status reports, progress measurements and forecasts.
Human Resource Auditing
Internal Control and Internal Audit
Management Responsibility Procedure Tutorial. Introduction to Management Responsibility In this presentation we will discuss how to write a procedure.
Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.
Chapter 11: Follow-up Reviews and Audit Evaluation ACCT620 Internal Auditing Otto Chang Professor of Accounting.
Network security policy: best practices
Security Assessments FITSP-M Module 5. Security control assessments are not about checklists, simple pass-fail results, or generating paperwork to pass.
Business Acquisition Process Implementation & transition Closing Negotiation of the transaction Due Diligence Engagement TargetIdentification.
REVIEW AND QUALITY CONTROL
Joy Hamerman Matsumoto.  St Jude Medical Cardiac Rhythm Management Division manufactures implantable cardiac devices ◦ Pacemakers ◦ Implanted defibrillators.
Office of Project Management Metrics Report Presentation
What is Business Analysis Planning & Monitoring?
High Potential Incident Intervention. Background 2 The principle policy of Downer Blasting Services regarding to our staff is “Zero Harm” The success.
Loss Control Program Compliance Audits An overview of the purpose and procedures of program auditing.
Ken Weinberg El Segundo, CA November 19, 2003 Adapting Small Projects Processes to CMMI.
Security Assessments FITSP-A Module 5
Audit objectives, Planning The Audit
E nvironmental P erformance R eview - A udit. 2 DELPHI CONFIDENCIAL/CONFIDENTIAL Agenda u Introductions and Plant Safety Orientation u Organization Chart.
Performance and Development Culture Preparing for P&D Culture accreditation April 2008.
Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.
Conditions and Terms of Use
Lecture #9 Project Quality Management Quality Processes- Quality Assurance and Quality Control Ghazala Amin.
Security Guidelines Working Group Update CIPC Meeting Phoenix, AZ Mar 16, 2006 Seiki Harada SGWG Chair CIPC Confidentiality: Public Release.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
GBA IT Project Management Final Project - Establishment of a Project Management Management Office 10 July, 2003.
Appendix E – Checklist for Review of Performance Audits Presented by: Ashton Coleman Department of Defense Office of the Inspector General August 16, 2012.
© OECD A joint initiative of the OECD and the European Union, principally financed by the EU. Quality Assurance José Viegas Ribeiro IGF, Portugal SIGMA.
CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -
SacProNet An Overview of Project Management Techniques.
Commission on Teacher Credentialing Ensuring Educator Excellence 1 Biennial Report October 2008.
ISM 5316 Week 3 Learning Objectives You should be able to: u Define and list issues and steps in Project Integration u List and describe the components.
10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.
Material Adopted From: “The Internal Auditing Pocket Guide” --- J.P. Russell.
Audit Planning Process
BSBPMG501A Manage Project Integrative Processes Manage Project Integrative Processes Project Integration Processes – Part 1 Diploma of Project Management.
Grid Operations Centre LCG SLAs and Site Audits Trevor Daniels, John Gordon GDB 8 Mar 2004.
Compliance Monitoring and Enforcement Audit Program - The Audit Process.
Continuous Improvement. Focus of the Review: Continuous Improvement The unit will engage in continuous improvement between on-site visits. Submit annual.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
15 The Research Report.
Commission on Teacher Credentialing Ensuring Educator Excellence 1 Program Assessment Technical Assistance Meetings December 2009.
Committee on University Effectiveness Working Group on Institutional Assessment April 8, 2011.
Audit Evidence Process
Continual Service Improvement Methods & Techniques.
Verification, Validation and Internal Audits - Jose Jimenez Federal Facilities Program Manager – EPA Region III.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
MODULE 7: CONDUCT OF GOVERNANCE AUDIT GOVERNANCE AUDITOR ACCREDITATION COURSE.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Doc.: IEEE /0451r0 Submission May 2005 Kobayashi, Trachewsky, Victor, Broadcom CorpSlide 1 Cairns: Proposed Over the Air Test Methodology Draft.
Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.
Sound Financial Management
Description of Revision
Alabede, Collura, Walden, Zimmerman
IS4550 Security Policies and Implementation
Recommended Draft Policy ARIN Change timeframes for IPv4 requests to 24 months Tina Morris.
Recommended Draft Policy ARIN : Transfers for new entrants
{Project Name} Organizational Chart, Roles and Responsibilities
HR AUDIT (An Early Evaluation System) (An Early Evaluation System) S.Jayaprakash., M.Sc (IT), PGD.HRM, DLL & AL.
Presentation transcript:

Motorola GSD Self-Audits How does it work / what do we do? –1.) What is an audit? –2.) What is the procedure? –3.) What are the “judgement parameters” –4.) How are metrics (ColorChart) evaluated? –5.) What are the deliverables –6.) How can you “prepare your site / people”

What is an Audit… A "snapshot in time”, taken by qualified people in a field of endeavour to assess the competencies of people, policies & processes for compliance with a set group of guidelines (model), executed over time (in the past) that should, philosophically, predict the competencies of the people, policies & processes into the future.

Audit Schedule -1week/site Day1: team arrives, intros, logistics, audit team reviews documents (nights?) Day2-3: interview admin staff / users; audit team reviews documents Day 4: a.m.: first draft report to admin mgr & MD; p.m.: review action item list Day 5: help / update support admin staff.

Document Review: Read policy documents to determine applicability & relevance; under CM, dual author, etc. Read process document for similar content Review log-files (raw and/or filtered) for appropriate content. Log-file procedures for applicability. Log-file filtering scripts for completeness & relevance. Select documents & subject areas at random.

Interview people to evaluate: Understanding of: –Policy: - what is it, why is it there, what are the consequences of not following the policy –Process: - same –Log-file processes - why & how & consequence Tailor interview to how the interviewee: –Interacts with the issue (user / manager / admin) –Background, knowledge, culture, impact of issue

Success vs Opportunity: Judgement calls on Success vs Opportunity and [red / yellow / green] needs guidelines: Does Policy begat Process which is: Universally understood by all individuals Well documented in print / electronic form with CM Being followed, rigourously, over time with documented evidence, thereof –IF all these are true, then Yellow or Success (if true for one year, then Green)

Success vs Opportunity (2 of 2) From the Audit Color Chart Legend (pg4) –Green: all (parts of) this subject-area comply and are documented & have been followed for 1 year –Yellow: - very large majority (more than 50%) of this subject area comply (policy, process, both documented, & periodic follow-up) but do not have 1 year of documented evidence. –Red: - some portion of this subject area has no: documented policy, no documented process

Final Report: what to expect (1/2) Intro: –Who we (audit team) are, what site we audited, what our process was (document review, interviews, etc.) –What subject areas or issues we reviewed: OS security, web-access-controls, router ACLs, DRP/BIA/testing, backup, physical, POPI, others. Body: –1 short section for each issue/subject area - as the following example:

Final Report: what to expect (2/2) What we found: 1 short summary per issue: In the area of “Web Access Controls” we find: –Excellently written policy, well documented, under CM. –Adopted process / procedure template which covers 2/3 of policy. (template appears to have been adopted from another organization with minimal tailoring for local conditions) –Log-file collection system in place, set of log-file filters run on a regular basis. Little documentation that a human reviews either the raw or filtered logs on a regular basis & reports. Risk: high = potential for intrusions to go undetected Color: - Yellow: - there is some support for this area, however, the key point of regular review does not exist

Action Items:(appendix to report) Action Item List: - one “section” in the report per subject area or issue; example: Web-Access Controls: –1.) web-access-controls process template review with admin, legal, hr by: dd_mon_1999 owner: JoeAdmin –2.) put above document under configuration management by: dd_mon_1999 owner: JennySQA –3.) write policy for log-file-review by: dd_mon_1999 owner: MaryAdmin

Action Items:(appendix to report) Select individual to process / document log-file reviews by: dd_mon_2000; owner: MissyLog Etc. etc. etc. IF there is excellent policy/process/follow-up then say so. Orient all recommendations / actions as Positive…

Quick-step to success: POLICIES of focus areas on ColorChart –are the Policies Documented? PROCESS or PROCEDURE for the implementation of every POLICY area? –Are these Procedures Documented? Evidence (documentation) procedure has been followed, over time (1 year, min?)

One-Sentence Summary: Man-hours on process & documentation.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.