Presentation is loading. Please wait.

Presentation is loading. Please wait.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Participating in the Community.

Published byLenard Holland Modified over 8 years ago

Similar presentations

Presentation on theme: "© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Participating in the Community."— Presentation transcript:

1 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Participating in the Community

2 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit The 1 st Audit failed mid 2009 Primary reason: lack of capacity Deeper reason: “someone (else) is doing it.” Realisation that Auditor doesn't 'do' the audit Board cannot 'do' the audit Only the Community can muster the capacity

3 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit New strategy for audit Many-part strategy: 1. Change the message 2. Build up the capacity... 3. Teams fix the problems 4. Engage an Auditor

4 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit Change the message from... “the board / auditor is doing the audit” To...

5 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit YOU are doing the audit!

6 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit Example 1 – communications Ask not: When is my audit done for me, Rather, ask: What can I do for my audit?

7 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit (easy) Example 2 - contributions ● Smaller audit checks → the Community. ● But, reliability for audit? ● Reliability comes from framework... ● We have the basics: ● the CAP form! ● the certificate!

8 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit CARS – CAcert Assurer Reliable Statement To: Event Team Leader I presented ATE material to X Assurers Iang, CARS

9 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit ● Add CARS to report ● Has meaning: ● We the Community can RELY ● Similar (same?) meaning as certs, CAP form ● Backed up by: CCA, DRP ● team leaders can collate, reliably

10 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit (harder) Example 3 - process Assurance Team is doing it's bit: Requirement: A.2.y The CP details how the CA verifies that RAs operate in accord with CA's policies.

11 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit Solution: Education team creates the ATEs Events team rolls it out to all Assurers, Co-audit team checks the Assurers at each ATE, Assurance Officer collects (CARS), collates, presents. Here, today, you are contributing to the Audit!

12 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Helping CAcert? 2. Building the teams i. Policy + Documentation + Internal Audit ii. Assurance, Events, Education, Org-Assurers iii. Dispute Resolution: Arbitrators + Case Managers iv. Support: Triage + Support Engineers v. Software: Testing, Development, Assessment vi. Sysadm: Critical, Access, Infrastructure, Hosting

13 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Basic s Every role requires... ✔ Familiarity with the breadth and basics of CAcert. ✔ Assurer c.f., CARS. ✔ Helping with recruiting and training. ✔ Following Policies and Practices. Some roles go through SP 9.2 process: Arbitrated Background Check + Board approval because of the access to data or special features.

14 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 i. Consultants Business Consultants lead Policies and practices to approval, and support Audit. They are strongly aware of the policies and principles of the Community. They are familiar with Security, IT standards and general business processes.

15 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 ii. Senior Assurers Senior Assurers help and run ATEs, develop the reach of Assurance, and develop the CATS Assurer Challenge. They are very strong on Assurance. They are comfortable with people, presentations, and Community.

16 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 ii. Organisation Assurers Organisation Assurers verify Orgs. They are good with org regulations, careful and methodical. They are strong on Assurance and understand the needs of business.

17 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Arbitrators are people who show exceptionally good judgement in resolving difficult situations. They are strongly aware of the policies and principles of the Community. Good at listening, researching, thinking, reducing and writing. iii. Arbitrators

18 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Case Managers are organised, good with detail, on top of email, and comfortable with working to the tune of the Arbitrator. And, they do not fall in the trap of letting their opinions carry them away. iii. Case Managers

19 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Support Engineers are people with lots of time, able to communicate with humans and techies. SEs are very patient, cautious and reliable. SEs are “completers,” very methodical. SP: ABC+approval iv. Support Engineers

20 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Triage have: some time, daily, comfortable with webapps (OTRS), able to quickly dive into messy emails, and slice and dice them to the right place. Triage is the starting place for a lot of things... iv. Triage

21 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 New: larger architecture + design (later) mix of Java, PHP, Javascript, C/C++ likely. Old: patience with old, undocumented PHP. And a desire to get us back on track with fixes! Testers: patient, communicative with techies and can see the human/user view. Software Assessors: approve changes SP: ABC+approval. Software

22 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Infrastructure Sysadms are very good with Linux, and know quite a lot about security practices. Because of our need for 4 eyes and dual control and redundant access to our systems, all sysadms work with 1-3 others in small teams. Follow doco, share brief reports on actions. Infra Team

23 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Access Engineers: located near Ede, NL. Strongly familiar with security access controls and with basics of hardware and hosting. Watches for proper procedures and controls. Follows Security Policy, records actions. SP: ABC+approval. Access Engineers

24 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 The systems administrators on the critical team work to Security Policy (“the bible”) and other documentation. Strongly familiar with security. Always working with at least 1 other under 4 eyes or dual control. Follows Security Policy, records actions. SP: ABC+approval. Critical Sysadms

25 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Helping CAcert? Building the teams (redux) i. All of these teams exist ii. More info in January's Annual Report iii. svn.cacert.org/CAcert_Inc/General_Meetings/ iv. AGM-20100130/CAcert_Annual_Report_2009.pdf v. 13 teams, 28 pages, 20 cats, 3 kangaroos... vi. Straw poll: 3+4+5+5+4+2+4+5+6+2 = 39 vii. No invitation, just ask...

26 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Towards Audit What can I do for my audit?

Download ppt "© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Participating in the Community."

Similar presentations

Www.theiia.org WHO, WHAT, HOW Your Internal Audit Team …by your side. …at your service. …in your best interests.

WHO, WHAT, HOW Your Internal Audit Team …by your side. …at your service. …in your best interests.
DIGNITY THROUGH ACTION WORKSHOP

DIGNITY THROUGH ACTION WORKSHOP
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
You can type your own categories and points values in this game board. Type your questions and answers in the slides we’ve provided. When you’re in slide.

You can type your own categories and points values in this game board. Type your questions and answers in the slides we’ve provided. When you’re in slide.
Purpose of the Standards

Purpose of the Standards
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
Workforce Engagement Survey Engaging the workforce in simple and effective action planning.

Workforce Engagement Survey Engaging the workforce in simple and effective action planning.
University of Sunderland CIFM03Lecture 3 1 QMS / Standards CIFM03 Lecture 3.

University of Sunderland CIFM03Lecture 3 1 QMS / Standards CIFM03 Lecture 3.
Unit 2: Managing the development of self and others Life Science and Chemical Science Professionals Higher Apprenticeships Unit 2 Managing the development.

Unit 2: Managing the development of self and others Life Science and Chemical Science Professionals Higher Apprenticeships Unit 2 Managing the development.
Thinking Actively in a Social Context T A S C.

Thinking Actively in a Social Context T A S C.
Test Organization and Management

Test Organization and Management
1 How to Recruit, Organize, and Retain Volunteers Breakout Session # 1&2, 4&5 Jack Bishop, CPCM, Mentor, Rio Grande Chapter How to Recruit, Organize, and.

1 How to Recruit, Organize, and Retain Volunteers Breakout Session # 1&2, 4&5 Jack Bishop, CPCM, Mentor, Rio Grande Chapter How to Recruit, Organize, and.
HPN/HCS Update Mandy Fallon HCA Education and Research.

HPN/HCS Update Mandy Fallon HCA Education and Research.
New international standard on complaints handling Bill Dee SOCAP International Symposium Melbourne 2004.

New international standard on complaints handling Bill Dee SOCAP International Symposium Melbourne 2004.
Recruit, Train, and Educate Airmen to Deliver Airpower for America How Focus Groups Can Help Your Unit 1.

Recruit, Train, and Educate Airmen to Deliver Airpower for America How Focus Groups Can Help Your Unit 1.
M I N I S T R Y O F I N D U S T R Y, E M P L O Y M E N T A N D C O M M U N I C A T I O N S OECD Guidelines on Corporate Governance of State Owned Enterprises.

M I N I S T R Y O F I N D U S T R Y, E M P L O Y M E N T A N D C O M M U N I C A T I O N S OECD Guidelines on Corporate Governance of State Owned Enterprises.
Challenges to successful quality improvement HAIVN 2012.

Challenges to successful quality improvement HAIVN 2012.
Copyright © 2007 Pearson Education Canada 7-1 Chapter 7: Audit Planning and Documentation.

Copyright © 2007 Pearson Education Canada 7-1 Chapter 7: Audit Planning and Documentation.
Pro-active Security Measures

Pro-active Security Measures
S3: Understanding the Business. Session objective To explain why understanding of the business of the entity is important for the auditor To explain why.

S3: Understanding the Business. Session objective To explain why understanding of the business of the entity is important for the auditor To explain why.

Similar presentations

Ads by Google