Moving Forward with IT Governance and COBIT

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Moving Forward with IT Governance and COBIT"

Transcription

1 Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007

2 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around IT Governanance, Risk and Compliance Management and provides practical solutions to address them. Questions How can I reduce compliance costs? How do I move to a risk-based approach to compliance? How can I better manage the thousands of risks we are assessing and provide management a roll-up view? How can I take credit for progress made today yet still show management there is more to be done? How can I improve consistency while allowing freedom in the field? Are we making good decisions? -1-

3 Our Perspective - Cost Reduction Question Driver Deloitte s Perspective How can I reduce compliance costs? Audit, SOX team, Compliance Dept., Information Security, Business Continuity all asking similar questions of the same groups. Compliance costs continue to spiral upward. Assess Once, Test Once Integrated Assessment Programs COBIT Aligned Risk Catalog Common Information Repository Illustrative Testing Screen Case Study Solution Highlights Take credit for all the testing you are already doing; centralized planning w/ 365 Day Compliance Calendar Provides a single view of risk and compliance requirements Internal Audit, External Audit and Self Assess using the same test procedures and understanding of risk and compliance requirements Optimized sampling reduces the overload of testing Risk-based Auditor reliance on self assessments -2-

4 Case Study Highlights Source Source Text Mapped to an Integrated Requirement that is COBIT Aligned -3-

5 Case Study Highlights Integrated Requirement COBIT Aligned Control Objective Individual requirement sources used to develop the integrated requirement Cost Reduction Strategy Because Multiple requirements are mapped to a single integrated requirement you can test once and satisfy many. -4-

6 Our Perspective Risk-Based Approach Question Driver Deloitte s Perspective How do I move to a risk-based approach to compliance? Regulatory and audit demands. Just ticking boxes, not understanding true business risk. Risk-Based Framework Risk-based approach to compliance Control Baseline Common Risk Language Illustrative Risk Assessment Screen Case Study Solution Highlights Standards based risk methodology (ISO 13335, AS/NZ 4360) Tangible and measurable risk rating scale used by multiple parties (ERM, Audit, Self) Qualitative and Quantitative Measurements Compliance criteria determined after controls are selected based on risk assessment results Consider impact and likelihood across multiple dimensions (Financial, Reputation, Contracts, Regulatory, Operations, People) Information & Technology Risks managed in functional risk areas (18 Areas) -5-

7 Our Perspective Top Down and Bottoms Up Question Driver Deloitte s Perspective How can I better manage the thousands of risks we are assessing and provide management a roll-up view? Important risk grows by volumes as you move down the organization (from board to line). Demand for alignment of business goals with self assessment process. Need both Top Down & Bottoms Up Key Risk and KRI for Top Down (Board and Sr. Mgmt) Self assessment using both workshops and questionnaires for Bottoms Up (Line Mgmt) Actual dashboard display will be driven by the choice of solution. -6- Case Study Solution Highlights A business view of what is most important to monitor from a risk perspective Manages to expected losses not unexpected losses Monthly reports with drill down capabilities. Ability to turn detailed disparate data into actionable management information. Custom reports on management hot spots. Trending, analytics and data aggregation. Insight into effectiveness of control spend and where more or less spend may be needed. Integration with golden source feeds for automation

8 Case Study Highlights Key Risks Malicious Code & Virus -7-

9 Case Study Highlights Month over Month Trending Reason for improvement (better process) noted -8-

10 Our Perspective CoBIT based Diagnostics Question Driver Deloitte s Perspective How can I take credit for progress made today yet still show management there is more to be done? CEO and Board want to know where we stand from a GRC perspective. Management spend on GRC needs to be defended. CoBIT based Diagnostics CMMI Continuous Improvement Rating Scale Risk and Compliance Operating Framework with sourced Diagnostics Case Study Solution Highlights Operating Framework Template for Information & Technology Governance, Risk and Compliance (GRC) GRC Organizational Model Template CoBIT Aligned RACI Model for GRC roles CoBIT Aligned CMMI diagnostics for each GRC area to show current and target state CMMI CoBIT Based Diagnostic Template -9-

11 Case Study Highlights We start with the COBIT 4.0 organizational model to establish roles, responsibilities and interactions for each core activity and process Example Risk Management Domain with RACI Model RISK MANAGEMENT ACTIVITIES Determine risk management alignment (e.g., assess risk). CEO CFO Business Executive CIO Head Operations Business Senior Management Chief Architect Head Development Head IT Administration PMO A R/A C C R/A I I Compliance, Audit, Risk, and Security Understand relevant strategic business objectives. Understand relevant business process objectives. Determine Identify risk internal management IT objectives alignment and establish (e.g., assess risk context. risk). Identify events associated with objectives Assess risk associated with events. Evaluate risk responses. Prioritize and plan control activities. Approve and ensure funding for risk action plans. C C R/A C C I C C R/A I A/C A/C A/C A/C A/C R/A A/C A/C C A/C C A/C C A/C A/C I I A/C A R R R R C A/C A R R R R C I I A A/C A R R R R C C C A A R R C C C C A A R I I I I I Maintain and monitor a risk action plan. Legend (A)ccountable - the person who provides direction and authorizes an activity. (R)esponsibility - the person who gets the task done. A C I R R C C C C C R (C)onsulted involved in the process. (I)nformed - knowledgeable and supports the process. -10-

12 Case Study Highlights Risk Management Non Existent (0) Initial/Ad Hoc (1) Repeatable (2) Defined Process (3) Managed (4) Optimized (5) Determine risk management alignment (e.g., assess risk). Understand relevant strategic business objectives. Understand relevant business process objectives. Identify internal IT objectives and establish risk context. Identify events associated with objectives. Assess risk associated with events. Evaluate risk responses. Prioritize and plan control activities. Approve and ensure funding for risk action plans. Maintain and monitor a risk action plan. Establish and execute a process to identify, quantify, and prioritize IT risks (i.e. a risk assessment process). Determine guidelines and procedures for mitigating and treating risks. Establish risk acceptance criteria. Develop appropriate controls to reduce and/or transfer risks Current State 2008 Target State -11-

13 Our Perspective Common Framework Question Driver Deloitte s Perspective How can I improve consistency while allowing freedom in the field? Regulatory and audit demands. Conflicting results reported at Board level. Demand for risk and control decision making autonomy in the field. Single Framework Prescriptive minimum baseline Global, Regional and Local roles Reference Architectures (i.e., Configuration Items in ITIL) Self Assessment Process Template Case Study Solution Highlights End-to-end self assessment process Templates for roles and workflow Technology enabled Provides common repository of risk requirements and risk responses Leverages Reference Architectures for baseline control decisions and allows for documented deviation Allows for independent and automated QA Tracks progress and automates escalation System supported sign-off of results -12-

14 Our Perspective Decision Support Question Driver Deloitte s Perspective Are we making good decisions? Business demands a transparent method to reward risk mitigation. Backlash against best practice standards that aren t operationally sustainable. Analytic Decision Support Business Unit discretion on control selection Risk analytics provide costbenefit business case for decisions Case Study Solution Highlights Aggregate loss model that ties likelihood and impact of risk materializing together Business-unit level risk distributions can be developed Transparent cost-benefit of mitigation strategies Business decides the right risk-reward balance COBIT 4 aligned control objectives Illustrative Risk Response Screen -13-

15 Conclusion COBIT is one of the major ingredients companies use to achieve these objectives. A single view of business requirements. A common risk language (e.g. inherent, target and residual risk) and definition of high, medium, low risk. A process for aligning multiple stakeholder agendas. An IT Risk and Compliance Program integrated with ERM. IT Risk and Compliance Office established with supporting roles and responsibilities defined. A consistent way to define, engineer and assess the environment through reference architectures. A repository of collaborative risk decisions. Ability to test and report consistently across a global enterprise. Ability to validate control design and effectiveness of outsourcers and third parties. Business aligned control decisions. Risk based approach to compliance. Issue and corrective plan tracking. Ad-hoc and audience specific reporting. A 365 day risk and compliance calendar to keep stakeholders aware of activities. -14-

16 7:15 7:30 Q&A Session

17 About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms, and their respective subsidiaries and affiliates. Deloitte Touche Tohmatsu is an organization of member firms around the world devoted to excellence in providing professional services and advice, focused on client service through a global strategy executed locally in nearly 150 countries. With access to the deep intellectual capital of approximately 135,000 people worldwide, Deloitte delivers services in four professional areas audit, tax, consulting and financial advisory services and serves more than one-half of the world s largest companies, as well as large national enterprises, public institutions, locally important clients, and successful, fast-growing global growth companies. Services are not provided by the Deloitte Touche Tohmatsu Verein, and, for regulatory and other reasons, certain member firms do not provide services in all four professional areas. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other s acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names Deloitte, Deloitte & Touche, Deloitte Touche Tohmatsu, or other related names. In the US, Deloitte & Touche USA LLP is the US member firm of Deloitte Touche Tohmatsu and services are provided by the subsidiaries of Deloitte & Touche USA LLP (Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP, Deloitte Tax LLP and their subsidiaries), and not by Deloitte & Touche USA LLP. The subsidiaries of the US member firm are among the nation's leading professional services firms, providing audit, tax, consulting and financial advisory services through nearly 30,000 people in more than 80 cities. Known as employers of choice for innovative human resources programs, they are dedicated to helping their clients and their people excel. For more information, please visit the US member firm s web site at

Supporting Compliance Management with Technology

Supporting Compliance Management with Technology Supporting Management with Technology May 27, 2009 Agenda Observations and challenges from the marketplace Process Overview of Tools to Support Understanding Your Requirements Closing Thoughts Questions?

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Pulling it all together: Integrated Solutions for Governance, Risk and Compliance

Pulling it all together: Integrated Solutions for Governance, Risk and Compliance Customer Practice Profile Pulling it all together: Integrated Solutions for Governance, Risk and Compliance The business case for a new enterprise approach to GRC Integrated solutions for Governance, Risk

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

Risk Considerations for Internal Audit

Risk Considerations for Internal Audit Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013

More information

Risikostyring Integrated Performance and Risk Management Torbjørn Undeland, Senior Manager

Risikostyring Integrated Performance and Risk Management Torbjørn Undeland, Senior Manager Risikostyring Integrated Performance and Risk Management Torbjørn Undeland, Senior Manager Oslo, 3. juni 2009 Table of Contents Why integrate the management of performance and risk? Key principles of IPRM

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

SOX Optimization: Improving Compliance Efficiency and Effectiveness

SOX Optimization: Improving Compliance Efficiency and Effectiveness SOX Optimization: Improving Compliance Efficiency and Effectiveness This publication contains general information only and Deloitte & Touche LLP is not, by means of this publication, rendering accounting,

More information

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net

More information

Integrating GRC with Performance Management Demands Enterprise Solutions

Integrating GRC with Performance Management Demands Enterprise Solutions As published in the April n May n June 2008 issue of Integrating GRC with Performance Demands Enterprise Solutions by Lee Dittmar, Principal, Deloitte Consulting LLP and Peter Vogel, Senior Manager, Deloitte

More information

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013 IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends

More information

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA

More information

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012 The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why

More information

XBRL & GRC Future opportunities?

XBRL & GRC Future opportunities? XBRL & GRC Future opportunities? Suzanne Janse Deloitte NL Paul Hulst Deloitte / Said Tabet EMC Presenters Suzanne Janse Deloitte Netherlands Director ERP (SAP, Oracle) Risk Management GRC software Paul

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

IT Governance: framework and case study. 22 September 2010

IT Governance: framework and case study. 22 September 2010 IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT

More information

Identity and Access Management Point of View

Identity and Access Management Point of View Identity and Access Management Point of View Agenda What is Identity and Access Management (IAM)? Business Drivers and Challenges Compliance and Business Benefits IAM Solution Framework IAM Implementation

More information

www.pwc.com Third Party Risk Management 12 April 2012

www.pwc.com Third Party Risk Management 12 April 2012 www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.

More information

The Core of V3 Service Strategy

The Core of V3 Service Strategy Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich

More information

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The Changing IT Risk Landscape Understanding and managing existing and emerging risks The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015

More information

Metrics that Matter Security Risk Analytics

Metrics that Matter Security Risk Analytics Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk

More information

<Insert Picture Here> Financial Audit Scoping Tool Blueprint for Oracle GRC Applications

<Insert Picture Here> Financial Audit Scoping Tool Blueprint for Oracle GRC Applications Financial Audit Scoping Tool Blueprint for Oracle GRC Applications Implement Audit Standard 5 (AS5) scoping to streamline financial reporting compliance Agenda Financial Audit Scoping

More information

The Value of Vulnerability Management*

The Value of Vulnerability Management* The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda

More information

Dallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010

Dallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010 Dallas IIA Chapter / ISACA N. Texas Chapter Auditing Tuesday, October Project 20, 2009 Management Controls January 7, 2010 Table of Contents Contents Page # Project Management Office Overview 3 Aligning

More information

Enterprise Risk Management in Compliance 360

Enterprise Risk Management in Compliance 360 Enterprise Risk Management in Compliance 360 2 Enterprise Risk Management in Compliance 360 Effective risk management involves identifying and understanding the risks the organization is faced with, analyzing

More information

Business Ethics and Compliance in the Sarbanes-Oxley Era A Survey by Deloitte and Corporate Board Member Magazine

Business Ethics and Compliance in the Sarbanes-Oxley Era A Survey by Deloitte and Corporate Board Member Magazine Business Ethics and Compliance in the Sarbanes-Oxley Era A Survey by Deloitte and Corporate Board Member Magazine Methodology The ethics and compliance survey was jointly conducted by Deloitte and Corporate

More information

2004 Consumer-Driven Health Care Survey

2004 Consumer-Driven Health Care Survey Survey Synopsis 2004 Consumer-Driven Health Care Survey Background Health care cost increases were once again in the double-digit range for the majority of companies for the third consecutive year. Companies

More information

Talent Management in U.S. Financial Services: Attracting and Engaging Generation Y

Talent Management in U.S. Financial Services: Attracting and Engaging Generation Y Financial Services Presents: Talent Management in U.S. Financial Services: Attracting and Engaging Generation Y Andrew Liakopoulos March, 2007 Agenda What is generational talent management? The scenario

More information

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm

Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm Mike Brown Senior Vice President, Corporate Audit State Street Corporation Rich Reynolds Partner PricewaterhouseCoopers

More information

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013 Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities

More information

Medicaid Enterprise Data Governance Approach. MESConference August 21, 2012 Rashmi Menon, Deloitte Consulting LLP

Medicaid Enterprise Data Governance Approach. MESConference August 21, 2012 Rashmi Menon, Deloitte Consulting LLP Medicaid Enterprise Data Governance Approach MESConference August 21, 2012 Rashmi Menon, Deloitte Consulting LLP Agenda Session Objectives Common Barriers and Key Benefits to Data Governance A Framework

More information

IIA Luxembourg January 25, 2008

IIA Luxembourg January 25, 2008 How internal ICAAP. audit shall concretely address the IIA Luxembourg January 25, 2008 This presentation is incomplete without the accompanying discussion. Agenda What is the ICAAP? L. Berliner Role of

More information

IT Compliance 24.09.2007. After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM)

IT Compliance 24.09.2007. After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM) IT Compliance 24.09. AHS After Hours Seminar Zurich Improving IT Risk & Compliance Management (RCM) Bruno J. Wiederkehr Member of the Board ISACA Switzerland Chapter Agenda 1. Understanding the RCM Requirements

More information

Proactive Risk Management with SAP BusinessObjects

Proactive Risk Management with SAP BusinessObjects Proactive Risk Management with SAP BusinessObjects Leveraging Technology to Gain Enterprise Transparency and Rapid Insight into Changing Business Conditions INTRODUCTION What is the totality of our enterprise

More information

Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0

Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0 Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0 EA APPROVALS EA Approving Authority: Revision

More information

Empower your talent with learning

Empower your talent with learning Empower your talent with learning The Standard of Excellence Talent, knowledge, skills, and expertise are critical to achieving the Deloitte Touche Tohmatsu ( DTT ) vision for the decade 2010 to be the

More information

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency kpmg.com Leveraging data analytics and continuous auditing processes 1 Executive

More information

SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned

SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned Executive Summary Organizations evaluating technology solutions to enhance their governance, risk and compliance

More information

Matthew E. Breecher Breecher & Company PC November 12, 2008

Matthew E. Breecher Breecher & Company PC November 12, 2008 Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:

More information

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE 1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH

More information

University of Windsor Board of Governors. That the Board of Governors approve of the Enterprise Risk Management Framework.

University of Windsor Board of Governors. That the Board of Governors approve of the Enterprise Risk Management Framework. University of Windsor Board of Governors BG130430-4.2.3 4.2.3 Enterprise Risk Management Framework Item for: Approval Forwarded by: Audit Committee MOTION: That the Board of Governors approve of the Enterprise

More information

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT

More information

Customer Retention Management

Customer Retention Management Customer Retention Management Course outline 2011 Outcomes In 2011, best practice dealers are getting serious about CRM, this includes: Developing their CRM model Structuring their CRM activities Employing

More information

Impact of New Internal Control Frameworks

Impact of New Internal Control Frameworks Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com

More information

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25

More information

Strategic IT audit. Develop an IT Strategic IT Assurance Plan

Strategic IT audit. Develop an IT Strategic IT Assurance Plan Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized

More information

Cloud Computing An Auditor s Perspective

Cloud Computing An Auditor s Perspective Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

IT Risk Management Life Cycle and enabling it with GRC Technology

IT Risk Management Life Cycle and enabling it with GRC Technology IT Risk Management Life Cycle and enabling it with GRC Technology Debbie Lew (debbie.lew@ey.com), Senior Manager, E&Y Steven Jones (steven.jones@ey.com), Senior Manager, E&Y Overview 1. What is risk management?

More information

Hedge fund launch considerations Reaching new boundaries. Investment Management

Hedge fund launch considerations Reaching new boundaries. Investment Management Hedge fund launch considerations Reaching new boundaries Investment Management There are people who make things happen, there are people who watch things happen, and there are people who wonder what happened.

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

building a business case for governance, risk and compliance

building a business case for governance, risk and compliance building a business case for governance, risk and compliance contents introduction...3 assurance: THe last major business function To be integrated...3 current state of grc: THe challenges... 4 building

More information

COBIT & ITIL usage for SOX current and future

COBIT & ITIL usage for SOX current and future COBIT & ITIL usage for SOX current and future Robert E Stroud International Vice President ISACA Evangelist ITSM & IT Governance CA, Inc. Japan, November 8, 2007 Trademark Notice ITIL is a registered trademark

More information

COBIT Helps Organizations Meet Performance and Compliance Requirements

COBIT Helps Organizations Meet Performance and Compliance Requirements DISCUSS THIS ARTICLE COBIT Helps Organizations Meet Performance and Compliance Requirements By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert,

More information

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus

More information

7 Practical insights for IT Asset Management

7 Practical insights for IT Asset Management 7 Practical insights for IT Asset Management Tauneel McKay Director Swiss Reinsurance Company Ltd Subbarao Chaganty Principal Consultant Infosys Ltd RELATE MANAGE.. Context KNOW. Consolidate the IT Asset

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers

Sarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers Sarbanes-Oxley Section 404: Compliance s for Foreign Private Issuers Table of Contents Requirements of the Act.............................................................. 1 Accelerated Filer s...........................................................

More information

ADVISORY SERVICES. Risk management in an evolving world. Making the case for social media governance. kpmg.com

ADVISORY SERVICES. Risk management in an evolving world. Making the case for social media governance. kpmg.com ADVISORY SERVICES Risk management in an evolving world Making the case for social media governance kpmg.com Risk management in an evolving world 3 Why good governance should be the foundation of your social

More information

fs viewpoint www.pwc.com/fsi

fs viewpoint www.pwc.com/fsi fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a

More information

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell. COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that

More information

Revised October 2013

Revised October 2013 Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience

More information

Module 6 Essentials of Enterprise Architecture Tools

Module 6 Essentials of Enterprise Architecture Tools Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade

More information

ERP Administrative Challenges Brian Jensen

ERP Administrative Challenges Brian Jensen ERP Administrative Challenges Brian Jensen Deloitte & Touche LLP February 2011 ERP Administrative Challenges Enterprise resource planning (ERP) implementations over the last two decades have generated

More information

IT Risk Management Era: Research Challenges and Best Practices. Eyal Adar, Founder & CEO Eyal@WhiteCyberKnight.com Chairman of the EU SRMI

IT Risk Management Era: Research Challenges and Best Practices. Eyal Adar, Founder & CEO Eyal@WhiteCyberKnight.com Chairman of the EU SRMI IT Risk Management Era: Research Challenges and Best Practices IARA Work Group July 1 st, 2007, Santa Clara - California Eyal Adar, Founder & CEO Eyal@WhiteCyberKnight.com Chairman of the EU SRMI (Security

More information

Measuring The Value of Information Security. Maninder Bharadwaj manbharadwaj@deloitte.com 23 th July 2011

Measuring The Value of Information Security. Maninder Bharadwaj manbharadwaj@deloitte.com 23 th July 2011 Measuring The Value of Information Security Maninder Bharadwaj manbharadwaj@deloitte.com 23 th July 2011 Current Challenges Organisations are facing In many service organizations, clients realize that

More information

Leveraging Data Analytics and Continuous Auditing. Internal Audit. January 9, 2014

Leveraging Data Analytics and Continuous Auditing. Internal Audit. January 9, 2014 Leveraging Data Analytics and Continuous Auditing to Transform Internal Audit January 9, 2014 Presenter Introductions John Isenberg, Director KPMG Risk Consulting Dallas Cortnye King, Manager KPMG Risk

More information

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2

More information

IT Governance Regulatory. P.K.Patel AGM, MoF

IT Governance Regulatory. P.K.Patel AGM, MoF IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation

More information

CONSULTING SERVICES Managed IT services

CONSULTING SERVICES Managed IT services CONSULTING SERVICES Managed IT services CONSULTING SERVICES Organizations around the globe face an array of critical issues in today s business environment. Economic conditions are requiring significant

More information

Global Technology Audit Guide. Auditing IT Governance

Global Technology Audit Guide. Auditing IT Governance Global Technology Audit Guide Auditing IT Governance Global Technology Audit Guide (GTAG ) 17 Auditing IT Governance July 2012 GTAG Table of Contents Executive Summary... 1 1. Introduction... 2 2. IT

More information

Executive Summary: Internal Audit Report # 11-07 IT Governance April 13, 2011

Executive Summary: Internal Audit Report # 11-07 IT Governance April 13, 2011 Executive Summary: Internal Audit Report # 11-07 IT Governance Organization Impact Audit Objective & Scope Professional auditing standards require internal auditors to periodically review and assess the

More information

EMEA TMC client conference Using global tax management systems to improve visibility and enhance control. The Crystal, London 9-10 June 2015

EMEA TMC client conference Using global tax management systems to improve visibility and enhance control. The Crystal, London 9-10 June 2015 EMEA TMC client conference Using global tax management systems to improve visibility and enhance control The Crystal, London 9-10 June 2015 1 Agenda Managing global compliance and reporting Why are people

More information

KPMG s Financial Management Practice. kpmg.com

KPMG s Financial Management Practice. kpmg.com KPMG s Financial Management Practice kpmg.com 1 KPMG s Financial Management Practice KPMG s Financial Management (FM) practice, within Advisory Management Consulting, supports the growing agenda and increased

More information

The Power of Risk, Compliance & Security Management in SAP S/4HANA

The Power of Risk, Compliance & Security Management in SAP S/4HANA The Power of Risk, Compliance & Security Management in SAP S/4HANA OUR AGENDA Key Learnings Observations on Risk & Compliance Management Current State Current Challenges The SAP GRC and Security Solution

More information

Modern Treaty Self Governance Forum Measuring Socio-economic benefits to Treaty. Andrew Pau March 11, 2015 Vancouver, British Columbia

Modern Treaty Self Governance Forum Measuring Socio-economic benefits to Treaty. Andrew Pau March 11, 2015 Vancouver, British Columbia Modern Treaty Self Governance Forum Measuring Socio-economic benefits to Treaty Andrew Pau March 11, 2015 Vancouver, British Columbia Topics Background of study Early findings Beyond economic measures

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

IT Strategy: The key to winning executive support.

IT Strategy: The key to winning executive support. IT Strategy: The key to winning executive support. itsmf Atlantic Halifax May 30 th 2008 1 IT Strategy, Leadership and Value. 2007 Deloitte Inc. Objectives In this presentation you will: 1. Learn what

More information

U.S. CFO Program The Four Faces of the CFO. 2010 Deloitte Touche Tohmatsu

U.S. CFO Program The Four Faces of the CFO. 2010 Deloitte Touche Tohmatsu U.S. CFO Program The Four Faces of the CFO 2010 Deloitte Touche Tohmatsu CFOs Play Four Critical Roles in Companies Catalyze behaviors across the organization to execute strategic and financial objectives

More information

We help companies operate responsibly and sustainably, grow with a clear understanding of strategic risk and

We help companies operate responsibly and sustainably, grow with a clear understanding of strategic risk and SOX Compliance We help companies operate responsibly and sustainably, We help companies operate responsibly and sustainably, grow with a clear understanding of strategic risk and grow with a clear understanding

More information

KPMG Advisory. Microsoft Dynamics CRM. Advisory, Design & Delivery Services. A KPMG Service for G-Cloud V. April 2014

KPMG Advisory. Microsoft Dynamics CRM. Advisory, Design & Delivery Services. A KPMG Service for G-Cloud V. April 2014 KPMG Advisory Microsoft Dynamics CRM Advisory, Design & Delivery Services A KPMG Service for G-Cloud V April 2014 Table of Contents Service Definition Summary (What s the challenge?)... 3 Service Definition

More information

Chayuth Singtongthumrongkul

Chayuth Singtongthumrongkul IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional

More information

and Risk Tolerance in an Effective ERM Program

and Risk Tolerance in an Effective ERM Program The Roles of Risk Appetite and Risk Tolerance in an Effective ERM Program Eric Gerner, Risk Advisory Services Director Tuesday, July 10, 2012 General Information Share the webinar Ask a question Votes

More information

Enterprise-Wide Risk Assessment

Enterprise-Wide Risk Assessment Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,

More information

Executive's Guide to

Executive's Guide to Executive's Guide to IT Governance Improving Systems Processes with Service Management, COBIT, and ITIL ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS

More information

Data & Analytics in Internal Audit. January 13, 2015

Data & Analytics in Internal Audit. January 13, 2015 Data & Analytics in Internal Audit January 13, 2015 With You Today KPMG Brian Greenberg, Director, Data & Analytics-enabled Internal Audit (National) Sean Mulyanto, Manager IT Advisory (Los Angeles) 1

More information

Enterprise Risk Management

Enterprise Risk Management 2013 Government Accounting and Auditing Update Enterprise Risk Management Understanding and Implementing an ERM Framework Mike Sargent, Director- CliftonLarsonAllen May 2013 cliftonlarsonallen.com Discussion

More information

A Risk-Adjusted Operating Model for Insurers: Addressing Regulatory and Market Demands

A Risk-Adjusted Operating Model for Insurers: Addressing Regulatory and Market Demands A Risk-Adjusted Operating Model for Insurers: Addressing Regulatory and Market Demands While most insurers have recovered from the fiscal crisis of 2008, significant challenges remain on multiple fronts

More information

Case Study: ICICI BANK INTERNAL AUDIT DEPARTMENT PENTANA AUDIT WORK SYSTEM IMPLEMENTATION

Case Study: ICICI BANK INTERNAL AUDIT DEPARTMENT PENTANA AUDIT WORK SYSTEM IMPLEMENTATION Introduction Emerging trends in the banking sector due to globalisation, liberalisation, increasing environment complexity, regulatory requirements & accountability is driving banks in India to adopt &

More information

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP

Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Today's unpredictable business climate and challenging regulatory

More information

Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach

Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach Don MacPherson January 2012 Discussion Items 1. Threats and risks to personal information

More information

What is Master Data Management and why is it so important? Date: February 2016

What is Master Data Management and why is it so important? Date: February 2016 What is Master Data Management and why is it so important? Date: February 2016 Agenda Introductions KPMG Approach to Master Data Management Panel Discussion Questions from the Audience 2015 KPMG LLP, a

More information

Consulting. PMOver Transforming the Program Management Office into a Results Management Office

Consulting. PMOver Transforming the Program Management Office into a Results Management Office Consulting PMOver Transforming the Management Office into a Results Management Office Executive summary Regardless of size and complexity, most programs encounter hurdles and issues. Many are able to address

More information

Information Security Management System for Microsoft s Cloud Infrastructure

Information Security Management System for Microsoft s Cloud Infrastructure Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System

More information

www.pwc.com Leveraging Continuous Auditing / Continuous Monitoring in internal audit April 10, 2012

www.pwc.com Leveraging Continuous Auditing / Continuous Monitoring in internal audit April 10, 2012 www.pwc.com Leveraging Continuous Auditing / Continuous Monitoring in internal audit April 10, 2012 Agenda 1. Introductions to DA, CA & CM [] 2. Inventory management continuous monitoring [The Gap] 3.

More information

EnergySec Partnered Webinar with MetricStream Transitioning to NERC CIP Version 5: What Does it Mean for Electric Utilities JANUARY 28, 2015

EnergySec Partnered Webinar with MetricStream Transitioning to NERC CIP Version 5: What Does it Mean for Electric Utilities JANUARY 28, 2015 EnergySec Partnered Webinar with MetricStream Transitioning to NERC CIP Version 5: What Does it Mean for Electric Utilities JANUARY 28, 2015 Housekeeping Items Submit questions using control panel Contact

More information

Streamlining the Annual Risk Assessment Process

Streamlining the Annual Risk Assessment Process Streamlining the Annual Risk Assessment Process Presenter: Gregory Jordan, CPA, CIA, CRMA, FLMI Senior Vice President, Chief Audit Executive Nationwide Insurance Gregory Jordan, CPA, CIA, CRMA, FLMI Chief

More information

2012 Deloitte-NASCIO Cybersecurity Study State Officials Questionnaire - Aggregate Results (NASACT)

2012 Deloitte-NASCIO Cybersecurity Study State Officials Questionnaire - Aggregate Results (NASACT) 2012 Deloitte-NASCIO Cybersecurity Study State Officials Questionnaire - Aggregate Results (NASACT) November, 2012 Note: This document has been produced for the sole use of National Association of State

More information

Ann Geyer Tunitas Group. CGEIT Domains

Ann Geyer Tunitas Group. CGEIT Domains 1 CGEIT Exam Prep May 17, 2011 Ann Geyer Tunitas Group CGEIT Domains 2 Job Practice Areas by Domain 25% IT Gov Frameworks 20% Risk Mgmt 15% Strategic Alignment 15% Value Delivery 13% Resource Mgmt 12%

More information

Global Industrial Manufacturer

Global Industrial Manufacturer Global Industrial Manufacturer Implements Control Self Assessment Solution Overview FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions Enterprise Risk Management

More information

Enterprise Risk Management & Information Technology

Enterprise Risk Management & Information Technology Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management

More information