Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tan Jenny 23 September 2009 SESSION 4: Understanding Your IT Control Environment & Its Readiness.

Published byMarjory Thompson Modified over 9 years ago

Similar presentations

Presentation on theme: "Tan Jenny 23 September 2009 SESSION 4: Understanding Your IT Control Environment & Its Readiness."— Presentation transcript:

1 Tan Jenny 23 September 2009 SESSION 4: Understanding Your IT Control Environment & Its Readiness

2 Control Environ ment OVERVIEW InputOutput Process Systems & processes Tools Security Human resources

3  Are there policies (e.g. Capex, IT) established and operating in the organisation?  Procedures established and implemented to guide IT and user personnel functions?  Policies & Procedures are approved and regularly reviewed? Control Environ ment  How is the IS function reporting routinely to?  Has the relationship of the IS function to the rest of the business clearly defined and understood?  The IS function is appropriately staffed?

4  Systems & Applications – HR, Finance, Email, Network, etc  Control procedures in place to guide the system selection, development &/or implementation process?  In-house versus Outsourcing? Control Environ ment

5 Firewall & Anti-virus Access Control Physical Security Safe Box CCTV Back Up Media

6 Control Environ ment Appropriate Job Description Appropriate Candidate Relevant Experience Regular / appropriate training Vendor selection / assessment

7 Control Environ ment IT Governance IT Governance can be seen as a structure of relationships and processes to direct and control the enterprise use of IT to achieve the enterprise’s goals by adding value while balancing risk vs return over IT and its processes. Source: ISACA, IT Governance Institute, 2008

8 Control Environ ment Why Is IT Governance Important? Good corporate governance helps to prevent corporate scandals, fraud and potential civil & criminal liability of the organisation. Good governance is Good to NPOs : Enhances organisation reputation Compliance with applicable Acts, Rules & Regulations and Code of Governance Trusted by contributors (donors) Reliability of financial reporting

9 Control Environ ment Effective Risk Management HARD SIDE  Measures and reporting  Risk oversight committees  Policies & procedures  Risk assessments  Risk limits  Audit processes  Systems SOFT SIDE  Risk awareness  People  Skills  Integrity  Incentives  Culture & values  Trust & communication

10 Control Environ ment Is Your IT Control Environment Ready? How can you gauge?Remarks 1. Self-assessment, past experiences o May not have in-house specialist o No benchmark 2. Engage consultant to perform a review o IT review services not cheap – specialised group of professionals 3. Through annual audit exercises (can be internal or external audit) o May be a bit late, outcome recorded in audit report o Not all internal &/or external auditors are IT audit savvy

11 Control Environ ment Do you want to be READY? Tone from the TOP Board Members/Management

12 THE END

Download ppt "Tan Jenny 23 September 2009 SESSION 4: Understanding Your IT Control Environment & Its Readiness."

Similar presentations

Purpose, Process, Professionalism

Purpose, Process, Professionalism
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Pursuing Effective Governance in Canada’s National Sport Community June 2011.

Pursuing Effective Governance in Canada’s National Sport Community June 2011.
Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &

Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &
Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.

Sodexo.com Group Internal Audit. page 2 helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and.
INTERNAL AUDIT PROCESS Pre-Audit Presentation. OBJECTIVES OF PRESENTATION  Provide a basic understanding of internal audit  Provide a basic awareness.

INTERNAL AUDIT PROCESS Pre-Audit Presentation. OBJECTIVES OF PRESENTATION  Provide a basic understanding of internal audit  Provide a basic awareness.
Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.

Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Environmental Management Systems An Overview With Practical Applications.

Environmental Management Systems An Overview With Practical Applications.
Institute of Municipal Finance Officers & Related Professions

Institute of Municipal Finance Officers & Related Professions
© 2002 Association of Certified Fraud Examiners. All rights reserved. The Certified Fraud Examiners’ Fraud Prevention Checkup - An Introduction Toby J.F.

© 2002 Association of Certified Fraud Examiners. All rights reserved. The Certified Fraud Examiners’ Fraud Prevention Checkup - An Introduction Toby J.F.
PROJECT MANAGEMENT FACILITATES GOVERNANCE & TRANSPARENCY BY: RIZWAN MUMTAZ DIRECTOR- PMI- AGC- BB.

PROJECT MANAGEMENT FACILITATES GOVERNANCE & TRANSPARENCY BY: RIZWAN MUMTAZ DIRECTOR- PMI- AGC- BB.
Implementing and Auditing Ethics Programs

Implementing and Auditing Ethics Programs
Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

Euseden INTERNAL AUDIT & ASSURANCE SERVICES.
Purpose of the Standards

Purpose of the Standards
Presented By: Donna Denker, CPA Donna Denker & Associates.

Presented By: Donna Denker, CPA Donna Denker & Associates.
Corporate Ethics Compliance *

Corporate Ethics Compliance *
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.
Vendor Risk: Effective Management is Essential

Vendor Risk: Effective Management is Essential

Similar presentations

Ads by Google