Download presentation
Presentation is loading. Please wait.
Published byKristina Wheeler Modified over 9 years ago
2
IT Assurance and Reliability Why Should You Care? Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation Presented to ISACA Regional Meeting Denver, CO October 17, 2001
3
Prepared by SysTrust Services Corporation 2 Today’s Discussion Valuable Assets need reliable protection Dealing with Uncertainty in Uncertain Times Ideas for assuring control
4
Prepared by SysTrust Services Corporation 3 Valuable assets need to be reliable Overcoming loss of resources Average laptops lost / day = 1,000 Identify costs to replace - Equipment and Resources Data What is cost of Data in the hands of someone you do not control?
5
Prepared by SysTrust Services Corporation 4 Business Systems Data is business foundation Decision making – too much and too little IT systems include relationships Take inventory of what you have Back ups internal and off site Data, Applications, Operations, Data Networks Documentation, Procedures manuals Redundant operations, Hot Sites Controls
6
Prepared by SysTrust Services Corporation 5 Reliable Systems Are Needed More than just financial Data to manage business processes Control at all levels Design Development Maintenance Monitoring Data, Applications, Resources People, Paper, Procedures
7
Prepared by SysTrust Services Corporation 6 Why should you care ? 7 World Trade Center
8
Prepared by SysTrust Services Corporation 7 Reliable Systems - Verification Beneficiaries Board, Management, Staff Customers Bankers, Insurers, Investors Vendors Goals Opinion for Business Continuity On time, On budget, On point
9
Prepared by SysTrust Services Corporation 8 Reliable Systems - Verification Audit Goals – Now & Future Continuous auditing and reporting Understanding IT business process Certification opportunity Controls determine CRITERIA System reliability is goal
10
Prepared by SysTrust Services Corporation 9 Reliable Systems - Assurance Internal vs External Needs Need for consistency Price vs Cost Spending for prevention Cost of recovery Resource Access vs Disaster Value of assurance Principles of SysTrust
11
Prepared by SysTrust Services Corporation 10 SysTrust from AICPA SysTrust is a report issued by a CPA or CA on the “Reliability”of an entity’s system. Reliable Systems COBIT from ISACA IT GOVERNANCE A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes.
12
Prepared by SysTrust Services Corporation 11 Why Get Involved With SysTrust When there is a system failure the CEO is going to call Structure and framework built on platform including COBIT Can be used to help decide if /when outsourcing is appropriate Due diligence issues
13
Prepared by SysTrust Services Corporation 12 Why is SysTrust Important Enterprise Resource Planning (ERP) When employees are busy, controls are put aside or forgotten Company secrets are more vulnerable Attacks can cripple business operations Outsourcing is a financial alternative
14
Prepared by SysTrust Services Corporation 13 SysTrust Services Corp. Documentation package that provides for: Definitions of principles, criteria, and controls Data center self assessment and description Auditor testing, evaluation, conclusion, plan
15
Prepared by SysTrust Services Corporation 14 Disasters Happen 10 things the SME can do
16
Prepared by SysTrust Services Corporation 15 10 Things the SME can do 1Management must be involved: executives, senior mgmt, operations, IT 2Disaster Plan must be in writing 3Backup data daily and move one copy offsite 4Practice system outage recovery 5Understand who the users of the IT system are and where they are located
17
Prepared by SysTrust Services Corporation 16 10 Things the SME can do 6IT and business documents, manuals for operations, training, etc. must be in writing 7Personnel must also have backups 8Contracts for outsourced support and services need review 9 IT recovery needs 10 Obtain expert support as needed
18
Prepared by SysTrust Services Corporation 17 How / Where / When to Begin SHORT TERM Start NOW Create procedures for tasks done regularly Assess value related to process LONG TERM Operations redundancy / Hot site Risk assessment Continuous auditing
19
Prepared by SysTrust Services Corporation 18 Resistance to Implementation $ Management priorities elsewhere Lack of personnel Lack of resources Lack of user participation Issues working against IT Assurance and Reliability
20
Prepared by SysTrust Services Corporation 19 IT Assurance & Reliability Something to care about – NOW
21
Prepared by SysTrust Services Corporation 20 IT Assurance & Reliability Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation www.systrustservices.com roppenheim@systrustservices.com 303-795-8847
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.