Presentation is loading. Please wait.

Presentation is loading. Please wait.

James Nobles| Legislative Auditor

Published byJosé Francisco Valenzuela Ávila Modified over 6 years ago

Similar presentations

Presentation on theme: "James Nobles| Legislative Auditor"— Presentation transcript:

1 State Government Finance and Policy and Elections Committee Briefing January 23, 2018
James Nobles| Legislative Auditor Christopher Buse | Deputy Legislative Auditor

2 Why IT Change Management?
Dependence Nearly All Critical Government Services Rely on Information Technology Complexity IT Systems Have A Wide Array of Interconnected Hardware and Software Components Fragility Changes to Any Interconnected Components Can Lead to System Failures

3 The Discipline Criteria Vendors Compliance
Generally Accepted Best Practice Criteria Exist Vendors Vendor Products Help Organizations Implement IT Change Management Best Practices Compliance IT Change Management Requirements Embedded in Regulatory Frameworks

4 IT Change Management Process
Change Request Planning Approval Implementation Closure IT Change Management Process What Why Risks Detailed Plan Testing Back-out Process Risk Analysis Change Advisory Board Assess Success Initiate Back-out Document Results Goal: Avoid Change-related Disruptions to Services

5 Conclusion Generally adequate controls over IT change management
Enterprise policies and standards Policies and standards are being followed Several systemic issues Inadequate Adequate

6 Finding 1 Disparate change management software products and processes
Make it difficult to diagnose problems Increase the likelihood of change-related failures OLA recommends more closely integrating disparate change management processes and software products

7 Finding 2 MNIT lacks key controls to detect unauthorized changes
Few automated processes to detect unauthorized changes Inability to monitor compliance with security and regulatory baselines OLA Recommends that MNIT deploy specialized software to improve its ability to detect unauthorized changes

8 Questions?

Download ppt "James Nobles| Legislative Auditor"

Similar presentations

Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.

Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.

Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.
Building a Better Business Model Start with a discussion of Risk Higher Education Policy Commission Board of Governors Summit August 2, 2014.

Building a Better Business Model Start with a discussion of Risk Higher Education Policy Commission Board of Governors Summit August 2, 2014.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Corporate Governance in Financial Institutions OCDE/IAIS/ASSAL Conference on Insurance Regulation & Supervision in Latin America Punta Cana, Dominican.

Corporate Governance in Financial Institutions OCDE/IAIS/ASSAL Conference on Insurance Regulation & Supervision in Latin America Punta Cana, Dominican.
Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.

Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.
An Auditor’s Perspective

An Auditor’s Perspective
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Auditing Information Systems (AIS)

Auditing Information Systems (AIS)
Commonwealth of MA - ITIL Implementation Government Technology CTO Conference March 20, 2006 Bethann Pepoli, Deputy CIO.

Commonwealth of MA - ITIL Implementation Government Technology CTO Conference March 20, 2006 Bethann Pepoli, Deputy CIO.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Chapter Three IT Risks and Controls.

Chapter Three IT Risks and Controls.
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.

1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Service Transition & Planning Service Validation & Testing

Service Transition & Planning Service Validation & Testing
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.

Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.

Similar presentations

Ads by Google