Presentation is loading. Please wait.

Presentation is loading. Please wait.

Controls Definition: Process of exercising a restraining or guiding influence over the activities of an object, organism, or system.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Controls Definition: Process of exercising a restraining or guiding influence over the activities of an object, organism, or system."— Presentation transcript:

1 Controls Definition: Process of exercising a restraining or guiding influence over the activities of an object, organism, or system

2 COSO  Identify set of controls to guard against threat  Estimate costs and benefits of implementing controls  Evaluate whether to put controls in place  Implement controls (including training)  Monitor

3 Objective of Internal Controls To reduce likelihood that a threat will come to pass and result in a loss to the organization. (Mitigate risk) »Validity »Completeness »Accuracy »Compliance »Safeguard Assets »Authorized »Timely

4 Overall IC considerations Means to an end, standard controls are a guideline only Reasonable assurance, not perfection Cost-benefit Controls need context – the company, what it stands for, what level of risk management is willing to tolerate, industry risks involved, etc.

5 Computer systems controls Data protection –Unique ID/Password –Encryption –Firewalls Physical –Lock rooms –Access monitoring –Data transmission/Internet access restrictions Preventive –Labeling –Backup –Uninterruptible power sources –Disaster recovery

6 Control matrices Examples Link to Risks identified for groups SLP Corp

Download ppt "Controls Definition: Process of exercising a restraining or guiding influence over the activities of an object, organism, or system."

Similar presentations

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Office of Operations 2009 Fall Conference Navigating Uncertain Times October 21-22, 2009 Risk Assessment and Internal Controls Internal Controls Anna Tomassacci.

Office of Operations 2009 Fall Conference Navigating Uncertain Times October 21-22, 2009 Risk Assessment and Internal Controls Internal Controls Anna Tomassacci.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Auditing Computer Systems

Auditing Computer Systems
9 - 1 Computer-Based Information Systems Control.

9 - 1 Computer-Based Information Systems Control.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Security Policies and Standards

Information Security Policies and Standards
Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.

Chapter 9 - Control in Computerized Environment ATG 383 – Spring 2002.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS

IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.
Risk General Definition: exposure to the chance of adverse effects or loss; a hazard or dangerous chance Examples of risks to a company:  Erroneous Financial.

Risk General Definition: exposure to the chance of adverse effects or loss; a hazard or dangerous chance Examples of risks to a company:  Erroneous Financial.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Lecture 8: Risk Management Controlling Risk

Lecture 8: Risk Management Controlling Risk
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO GENERAL RISK MANAGEMENT 2.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.

Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.
Chapter 4 Internal Controls McGraw-Hill/Irwin

Chapter 4 Internal Controls McGraw-Hill/Irwin
Protecting ICT Systems

Protecting ICT Systems

Similar presentations

Ads by Google