Presentation is loading. Please wait.

Presentation is loading. Please wait.

© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit.

Published byCandice Warren Modified over 8 years ago

Similar presentations

Presentation on theme: "© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit."— Presentation transcript:

1 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit

2 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit To get CAcert Root into Browsers => Audit is required => which requires: management policies + practices review of business & systems (against policies and practices).

3 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit ➢ CAcert has two major business areas: ➔ Assurance ➔ Systems

4 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit a. Assurance Assurance Policy now is in full POLICY status ➔ It is binding on all Assurers The process of Assurance can be reviewed.

5 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit a.i Auditor on (ATE) Tour Assurers shall assure the Auditor == Evidence of Assurance to policy. verifies quality of assurance (Increased quality of assurance?)

6 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit a.ii In the absence of the Auditor A Senior and Experienced Assurer should stand in his stead and be assured by each Assurer. (If already assured, then she should instead oversite the assurance of another person) Make a statement that: „assurances were conducted to Assurance Policy” "Secondary evidence" in the audit process

7 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit a.iii The review of assurances the gathering of evidence is planned to be completed 16 th May Munich.

8 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit b. Systems Review of the systems was delayed by lack of a secure hosting service. The systems were moved 1 st October, 2008 from Vienna to the secure data center at BIT, a company in Ede, NL.

9 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit b. Systems (cont.) A new team of systems administrators Approval of the Security Policy to DRAFT mode => Binding on the systems administrators and the Access Engineers => now possible to review the systems against the policy.

10 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit b.i On-Site Inspection 1 st visit on 4, 5, 6 th May, 2009 warm-up: personnel, Roots, Access, inventory probably 1 st of 3 visits. Next scheduled mid-June

11 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit b.ii We still lack the CPS (which is nearly ready)

12 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit b.iii Review of the software Innsbruck software camp Week 20 th April Serious difficulties in maintenance, improvement and securing Cannot form a conclusion over software New software development team, new design, new build

13 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background

14 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background The audit criteria: DRC for "David Ross Criteria". David is a retired quality engineer He started Cacert's Audit He was called to Grand Jury duty

15 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background DRC has a strong feature: requires the ➔ Risks, ➔ Liabilities, and ➔ Obligations to be clearly stated to everyone!

16 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background This raised several huge barriers for the CA: what exactly are the R/L/O? who do they apply to? are they reasonable? and, how do we deal with them?

17 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background These barriers are subtle: ➔ DRC doesn't ask them to be fair, but ➔ disclosure of R/L/O makes us consider them but CAcert people want them to be fair. which means we have to deal with them!

18 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background One big result of this thinking process we required: ➔ a CAcert Community Agreement ● and it had to do following things:

19 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background a. make Members a mutually binding Community. b. to state the R/L/O c. to limit the liabilities ➔ 1000 Euros ➔ to *allocate the liabilities* back to the Members

20 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background How do we allocate the liabilities? ➔ By making our own „forum of dispute resolution“, ➔ agreeing to be bound to that resolution, ➔ writing a Policy to control that process: ==> Arbitration.

21 www.cacert.orgwww.cacert.org © CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 Audit Background Summary: The original “Why” of Arbitration: ➔ Audit (DRC) forced disclosure of Liabilities ➔ simple fix: limiting ➔ complex fix: allocation ➔ the safe and cheap way to allocate is: ➔ to use our own Arbitration (Last section discusses „How“.)

Download ppt "© CAcert, 2009 Ulrich Schroeter, Assurer Training Events, April 2009 CAcert and the Audit."

Similar presentations

Principles of Management System Auditing Managing the Internal Audit Program Planning the Internal Audit Conducting the Internal Audit Reporting the Audit.

Principles of Management System Auditing Managing the Internal Audit Program Planning the Internal Audit Conducting the Internal Audit Reporting the Audit.
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
More CMM Part Two : Details.

More CMM Part Two : Details.
[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO] [ENTITY NAME] [FUNCTION CERTIFYING] Certification [LOCATION] – [DATES OF ON-SITE VISIT] [Presenter Name,

[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO] [ENTITY NAME] [FUNCTION CERTIFYING] Certification [LOCATION] – [DATES OF ON-SITE VISIT] [Presenter Name,
Integration of Quality Into Accident Investigation Processes ASQ Columbia Basin Section 614 John Cornelison January 2008.

Integration of Quality Into Accident Investigation Processes ASQ Columbia Basin Section 614 John Cornelison January 2008.
Project Procurement Management Sections of this presentation were adapted from A Guide to the Project Management Body of Knowledge 4 th Edition, Project.

Project Procurement Management Sections of this presentation were adapted from A Guide to the Project Management Body of Knowledge 4 th Edition, Project.
Audit Planning and Documentation

Audit Planning and Documentation
The Camp Audit “Keep your friends close and your auditor closer”

The Camp Audit “Keep your friends close and your auditor closer”
The Key Process Areas for Level 2: Repeatable Ralph Covington David Wang.

The Key Process Areas for Level 2: Repeatable Ralph Covington David Wang.
Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security

Lisa Wood, CISA, CBRM, CBRA Compliance Auditor, Cyber Security
7 - 1 Copyright  2003 Pearson Education Canada Inc. CHAPTER 7 Audit Planning and Documentation.

7 - 1 Copyright  2003 Pearson Education Canada Inc. CHAPTER 7 Audit Planning and Documentation.
[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO] [ENTITY NAME] [FUNCTION CERTIFYING] Certification Review for [RELATED ENTITIES] [LOCATION] – [DATES OF ON-SITE.

[INSERT APPLICABLE REGIONAL ENTITY NAME/LOGO] [ENTITY NAME] [FUNCTION CERTIFYING] Certification Review for [RELATED ENTITIES] [LOCATION] – [DATES OF ON-SITE.
Implementation of IAASB’s Clarity ISAs in the UK CCAB TRAINING PROVIDERS’ EVENT 17 November 2008.

Implementation of IAASB’s Clarity ISAs in the UK CCAB TRAINING PROVIDERS’ EVENT 17 November 2008.
Fatigue Management Rule Russell Smith Nuclear Energy Institute (NEI)

Fatigue Management Rule Russell Smith Nuclear Energy Institute (NEI)
Project Tracking. Questions... Why should we track a project that is underway? What aspects of a project need tracking?

Project Tracking. Questions... Why should we track a project that is underway? What aspects of a project need tracking?
Monitoring Schedule David Chappell, 202-401-9356 or

Monitoring Schedule David Chappell, or
Chapter 21 Internal, Operational, and Compliance Auditing McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 21 Internal, Operational, and Compliance Auditing McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
9-Sep-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 9 September 2003 David Kelsey CCLRC/RAL, UK

9-Sep-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 9 September 2003 David Kelsey CCLRC/RAL, UK
Outsourcing Arrangements John Sudano, Senior Associate Hall & Wilcox, Lawyers.

Outsourcing Arrangements John Sudano, Senior Associate Hall & Wilcox, Lawyers.
Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Similar presentations

Ads by Google