Moving Forward with IT Governance and COBIT
|
|
- Michael Gilmore
- 8 years ago
- Views:
Transcription
1 Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007
2 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around IT Governanance, Risk and Compliance Management and provides practical solutions to address them. Questions How can I reduce compliance costs? How do I move to a risk-based approach to compliance? How can I better manage the thousands of risks we are assessing and provide management a roll-up view? How can I take credit for progress made today yet still show management there is more to be done? How can I improve consistency while allowing freedom in the field? Are we making good decisions? -1-
3 Our Perspective - Cost Reduction Question Driver Deloitte s Perspective How can I reduce compliance costs? Audit, SOX team, Compliance Dept., Information Security, Business Continuity all asking similar questions of the same groups. Compliance costs continue to spiral upward. Assess Once, Test Once Integrated Assessment Programs COBIT Aligned Risk Catalog Common Information Repository Illustrative Testing Screen Case Study Solution Highlights Take credit for all the testing you are already doing; centralized planning w/ 365 Day Compliance Calendar Provides a single view of risk and compliance requirements Internal Audit, External Audit and Self Assess using the same test procedures and understanding of risk and compliance requirements Optimized sampling reduces the overload of testing Risk-based Auditor reliance on self assessments -2-
4 Case Study Highlights Source Source Text Mapped to an Integrated Requirement that is COBIT Aligned -3-
5 Case Study Highlights Integrated Requirement COBIT Aligned Control Objective Individual requirement sources used to develop the integrated requirement Cost Reduction Strategy Because Multiple requirements are mapped to a single integrated requirement you can test once and satisfy many. -4-
6 Our Perspective Risk-Based Approach Question Driver Deloitte s Perspective How do I move to a risk-based approach to compliance? Regulatory and audit demands. Just ticking boxes, not understanding true business risk. Risk-Based Framework Risk-based approach to compliance Control Baseline Common Risk Language Illustrative Risk Assessment Screen Case Study Solution Highlights Standards based risk methodology (ISO 13335, AS/NZ 4360) Tangible and measurable risk rating scale used by multiple parties (ERM, Audit, Self) Qualitative and Quantitative Measurements Compliance criteria determined after controls are selected based on risk assessment results Consider impact and likelihood across multiple dimensions (Financial, Reputation, Contracts, Regulatory, Operations, People) Information & Technology Risks managed in functional risk areas (18 Areas) -5-
7 Our Perspective Top Down and Bottoms Up Question Driver Deloitte s Perspective How can I better manage the thousands of risks we are assessing and provide management a roll-up view? Important risk grows by volumes as you move down the organization (from board to line). Demand for alignment of business goals with self assessment process. Need both Top Down & Bottoms Up Key Risk and KRI for Top Down (Board and Sr. Mgmt) Self assessment using both workshops and questionnaires for Bottoms Up (Line Mgmt) Actual dashboard display will be driven by the choice of solution. -6- Case Study Solution Highlights A business view of what is most important to monitor from a risk perspective Manages to expected losses not unexpected losses Monthly reports with drill down capabilities. Ability to turn detailed disparate data into actionable management information. Custom reports on management hot spots. Trending, analytics and data aggregation. Insight into effectiveness of control spend and where more or less spend may be needed. Integration with golden source feeds for automation
8 Case Study Highlights Key Risks Malicious Code & Virus -7-
9 Case Study Highlights Month over Month Trending Reason for improvement (better process) noted -8-
10 Our Perspective CoBIT based Diagnostics Question Driver Deloitte s Perspective How can I take credit for progress made today yet still show management there is more to be done? CEO and Board want to know where we stand from a GRC perspective. Management spend on GRC needs to be defended. CoBIT based Diagnostics CMMI Continuous Improvement Rating Scale Risk and Compliance Operating Framework with sourced Diagnostics Case Study Solution Highlights Operating Framework Template for Information & Technology Governance, Risk and Compliance (GRC) GRC Organizational Model Template CoBIT Aligned RACI Model for GRC roles CoBIT Aligned CMMI diagnostics for each GRC area to show current and target state CMMI CoBIT Based Diagnostic Template -9-
11 Case Study Highlights We start with the COBIT 4.0 organizational model to establish roles, responsibilities and interactions for each core activity and process Example Risk Management Domain with RACI Model RISK MANAGEMENT ACTIVITIES Determine risk management alignment (e.g., assess risk). CEO CFO Business Executive CIO Head Operations Business Senior Management Chief Architect Head Development Head IT Administration PMO A R/A C C R/A I I Compliance, Audit, Risk, and Security Understand relevant strategic business objectives. Understand relevant business process objectives. Determine Identify risk internal management IT objectives alignment and establish (e.g., assess risk context. risk). Identify events associated with objectives Assess risk associated with events. Evaluate risk responses. Prioritize and plan control activities. Approve and ensure funding for risk action plans. C C R/A C C I C C R/A I A/C A/C A/C A/C A/C R/A A/C A/C C A/C C A/C C A/C A/C I I A/C A R R R R C A/C A R R R R C I I A A/C A R R R R C C C A A R R C C C C A A R I I I I I Maintain and monitor a risk action plan. Legend (A)ccountable - the person who provides direction and authorizes an activity. (R)esponsibility - the person who gets the task done. A C I R R C C C C C R (C)onsulted involved in the process. (I)nformed - knowledgeable and supports the process. -10-
12 Case Study Highlights Risk Management Non Existent (0) Initial/Ad Hoc (1) Repeatable (2) Defined Process (3) Managed (4) Optimized (5) Determine risk management alignment (e.g., assess risk). Understand relevant strategic business objectives. Understand relevant business process objectives. Identify internal IT objectives and establish risk context. Identify events associated with objectives. Assess risk associated with events. Evaluate risk responses. Prioritize and plan control activities. Approve and ensure funding for risk action plans. Maintain and monitor a risk action plan. Establish and execute a process to identify, quantify, and prioritize IT risks (i.e. a risk assessment process). Determine guidelines and procedures for mitigating and treating risks. Establish risk acceptance criteria. Develop appropriate controls to reduce and/or transfer risks Current State 2008 Target State -11-
13 Our Perspective Common Framework Question Driver Deloitte s Perspective How can I improve consistency while allowing freedom in the field? Regulatory and audit demands. Conflicting results reported at Board level. Demand for risk and control decision making autonomy in the field. Single Framework Prescriptive minimum baseline Global, Regional and Local roles Reference Architectures (i.e., Configuration Items in ITIL) Self Assessment Process Template Case Study Solution Highlights End-to-end self assessment process Templates for roles and workflow Technology enabled Provides common repository of risk requirements and risk responses Leverages Reference Architectures for baseline control decisions and allows for documented deviation Allows for independent and automated QA Tracks progress and automates escalation System supported sign-off of results -12-
14 Our Perspective Decision Support Question Driver Deloitte s Perspective Are we making good decisions? Business demands a transparent method to reward risk mitigation. Backlash against best practice standards that aren t operationally sustainable. Analytic Decision Support Business Unit discretion on control selection Risk analytics provide costbenefit business case for decisions Case Study Solution Highlights Aggregate loss model that ties likelihood and impact of risk materializing together Business-unit level risk distributions can be developed Transparent cost-benefit of mitigation strategies Business decides the right risk-reward balance COBIT 4 aligned control objectives Illustrative Risk Response Screen -13-
15 Conclusion COBIT is one of the major ingredients companies use to achieve these objectives. A single view of business requirements. A common risk language (e.g. inherent, target and residual risk) and definition of high, medium, low risk. A process for aligning multiple stakeholder agendas. An IT Risk and Compliance Program integrated with ERM. IT Risk and Compliance Office established with supporting roles and responsibilities defined. A consistent way to define, engineer and assess the environment through reference architectures. A repository of collaborative risk decisions. Ability to test and report consistently across a global enterprise. Ability to validate control design and effectiveness of outsourcers and third parties. Business aligned control decisions. Risk based approach to compliance. Issue and corrective plan tracking. Ad-hoc and audience specific reporting. A 365 day risk and compliance calendar to keep stakeholders aware of activities. -14-
16 7:15 7:30 Q&A Session
17 About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms, and their respective subsidiaries and affiliates. Deloitte Touche Tohmatsu is an organization of member firms around the world devoted to excellence in providing professional services and advice, focused on client service through a global strategy executed locally in nearly 150 countries. With access to the deep intellectual capital of approximately 135,000 people worldwide, Deloitte delivers services in four professional areas audit, tax, consulting and financial advisory services and serves more than one-half of the world s largest companies, as well as large national enterprises, public institutions, locally important clients, and successful, fast-growing global growth companies. Services are not provided by the Deloitte Touche Tohmatsu Verein, and, for regulatory and other reasons, certain member firms do not provide services in all four professional areas. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other s acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names Deloitte, Deloitte & Touche, Deloitte Touche Tohmatsu, or other related names. In the US, Deloitte & Touche USA LLP is the US member firm of Deloitte Touche Tohmatsu and services are provided by the subsidiaries of Deloitte & Touche USA LLP (Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP, Deloitte Tax LLP and their subsidiaries), and not by Deloitte & Touche USA LLP. The subsidiaries of the US member firm are among the nation's leading professional services firms, providing audit, tax, consulting and financial advisory services through nearly 30,000 people in more than 80 cities. Known as employers of choice for innovative human resources programs, they are dedicated to helping their clients and their people excel. For more information, please visit the US member firm s web site at
Supporting Compliance Management with Technology
Supporting Management with Technology May 27, 2009 Agenda Observations and challenges from the marketplace Process Overview of Tools to Support Understanding Your Requirements Closing Thoughts Questions?
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationPulling it all together: Integrated Solutions for Governance, Risk and Compliance
Customer Practice Profile Pulling it all together: Integrated Solutions for Governance, Risk and Compliance The business case for a new enterprise approach to GRC Integrated solutions for Governance, Risk
More informationIT Governance. What is it and how to audit it. 21 April 2009
What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationRisk Considerations for Internal Audit
Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013
More informationSOX Optimization: Improving Compliance Efficiency and Effectiveness
SOX Optimization: Improving Compliance Efficiency and Effectiveness This publication contains general information only and Deloitte & Touche LLP is not, by means of this publication, rendering accounting,
More informationCOBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30
COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net
More informationIntegrating GRC with Performance Management Demands Enterprise Solutions
As published in the April n May n June 2008 issue of Integrating GRC with Performance Demands Enterprise Solutions by Lee Dittmar, Principal, Deloitte Consulting LLP and Peter Vogel, Senior Manager, Deloitte
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationLinking Risk Management to Business Strategy, Processes, Operations and Reporting
Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles
More informationXBRL & GRC Future opportunities?
XBRL & GRC Future opportunities? Suzanne Janse Deloitte NL Paul Hulst Deloitte / Said Tabet EMC Presenters Suzanne Janse Deloitte Netherlands Director ERP (SAP, Oracle) Risk Management GRC software Paul
More informationIdentity and Access Management Point of View
Identity and Access Management Point of View Agenda What is Identity and Access Management (IAM)? Business Drivers and Challenges Compliance and Business Benefits IAM Solution Framework IAM Implementation
More informationCOBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)
COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA
More information10 Best-Selling Modules For Home Information Technology Professionals
Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich
More informationThe College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012
The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only Agenda Introduction Basic program components Recent trends in higher education risk management Why
More informationMetrics that Matter Security Risk Analytics
Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk
More informationIT Governance: framework and case study. 22 September 2010
IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationEnterprise Risk Management in Compliance 360
Enterprise Risk Management in Compliance 360 2 Enterprise Risk Management in Compliance 360 Effective risk management involves identifying and understanding the risks the organization is faced with, analyzing
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationDallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010
Dallas IIA Chapter / ISACA N. Texas Chapter Auditing Tuesday, October Project 20, 2009 Management Controls January 7, 2010 Table of Contents Contents Page # Project Management Office Overview 3 Aligning
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationIT Compliance 24.09.2007. After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM)
IT Compliance 24.09. AHS After Hours Seminar Zurich Improving IT Risk & Compliance Management (RCM) Bruno J. Wiederkehr Member of the Board ISACA Switzerland Chapter Agenda 1. Understanding the RCM Requirements
More informationBusiness Ethics and Compliance in the Sarbanes-Oxley Era A Survey by Deloitte and Corporate Board Member Magazine
Business Ethics and Compliance in the Sarbanes-Oxley Era A Survey by Deloitte and Corporate Board Member Magazine Methodology The ethics and compliance survey was jointly conducted by Deloitte and Corporate
More informationProactive Risk Management with SAP BusinessObjects
Proactive Risk Management with SAP BusinessObjects Leveraging Technology to Gain Enterprise Transparency and Rapid Insight into Changing Business Conditions INTRODUCTION What is the totality of our enterprise
More informationSAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned
SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned Executive Summary Organizations evaluating technology solutions to enhance their governance, risk and compliance
More informationVermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0
Vermont Enterprise Architecture Framework (VEAF) Identity & Access Management (IAM) Abridged Strategy Level 0 EA APPROVALS EA Approving Authority: Revision
More information2004 Consumer-Driven Health Care Survey
Survey Synopsis 2004 Consumer-Driven Health Care Survey Background Health care cost increases were once again in the double-digit range for the majority of companies for the third consecutive year. Companies
More informationTalent Management in U.S. Financial Services: Attracting and Engaging Generation Y
Financial Services Presents: Talent Management in U.S. Financial Services: Attracting and Engaging Generation Y Andrew Liakopoulos March, 2007 Agenda What is generational talent management? The scenario
More informationEnabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013
Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities
More informationIT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE
1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH
More informationApplying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm
Applying Risk Assessment to Your Audit Plan Break-out Session T3, Tuesday, October 26 2:00-2:50pm Mike Brown Senior Vice President, Corporate Audit State Street Corporation Rich Reynolds Partner PricewaterhouseCoopers
More information<Insert Picture Here> Financial Audit Scoping Tool Blueprint for Oracle GRC Applications
Financial Audit Scoping Tool Blueprint for Oracle GRC Applications Implement Audit Standard 5 (AS5) scoping to streamline financial reporting compliance Agenda Financial Audit Scoping
More informationEnhancing IT Governance, Risk and Compliance Management (IT GRC)
Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT
More informationStrategic IT audit. Develop an IT Strategic IT Assurance Plan
Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized
More informationIT Risk Management Life Cycle and enabling it with GRC Technology
IT Risk Management Life Cycle and enabling it with GRC Technology Debbie Lew (debbie.lew@ey.com), Senior Manager, E&Y Steven Jones (steven.jones@ey.com), Senior Manager, E&Y Overview 1. What is risk management?
More informationLeveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com
Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency kpmg.com Leveraging data analytics and continuous auditing processes 1 Executive
More informationThe Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach
The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25
More informationMapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA
Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT
More informationMedicaid Enterprise Data Governance Approach. MESConference August 21, 2012 Rashmi Menon, Deloitte Consulting LLP
Medicaid Enterprise Data Governance Approach MESConference August 21, 2012 Rashmi Menon, Deloitte Consulting LLP Agenda Session Objectives Common Barriers and Key Benefits to Data Governance A Framework
More informationbuilding a business case for governance, risk and compliance
building a business case for governance, risk and compliance contents introduction...3 assurance: THe last major business function To be integrated...3 current state of grc: THe challenges... 4 building
More informationImpact of New Internal Control Frameworks
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
More informationTying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation
Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationCOBIT Helps Organizations Meet Performance and Compliance Requirements
DISCUSS THIS ARTICLE COBIT Helps Organizations Meet Performance and Compliance Requirements By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert,
More informationfs viewpoint www.pwc.com/fsi
fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a
More informationEmpower your talent with learning
Empower your talent with learning The Standard of Excellence Talent, knowledge, skills, and expertise are critical to achieving the Deloitte Touche Tohmatsu ( DTT ) vision for the decade 2010 to be the
More informationCustomer Retention Management
Customer Retention Management Course outline 2011 Outcomes In 2011, best practice dealers are getting serious about CRM, this includes: Developing their CRM model Structuring their CRM activities Employing
More informationIT Strategy: The key to winning executive support.
IT Strategy: The key to winning executive support. itsmf Atlantic Halifax May 30 th 2008 1 IT Strategy, Leadership and Value. 2007 Deloitte Inc. Objectives In this presentation you will: 1. Learn what
More informationCloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationMeasuring The Value of Information Security. Maninder Bharadwaj manbharadwaj@deloitte.com 23 th July 2011
Measuring The Value of Information Security Maninder Bharadwaj manbharadwaj@deloitte.com 23 th July 2011 Current Challenges Organisations are facing In many service organizations, clients realize that
More informationModule 6 Essentials of Enterprise Architecture Tools
Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade
More informationMatthew E. Breecher Breecher & Company PC November 12, 2008
Applying COSO s Enterprise Risk Management Integrated Framework Matthew E. Breecher Breecher & Company PC November 12, 2008 The basic outline for this presentation was provided by: Objectives for the session:
More informationCONSULTING SERVICES Managed IT services
CONSULTING SERVICES Managed IT services CONSULTING SERVICES Organizations around the globe face an array of critical issues in today s business environment. Economic conditions are requiring significant
More informationUniversity of Windsor Board of Governors. That the Board of Governors approve of the Enterprise Risk Management Framework.
University of Windsor Board of Governors BG130430-4.2.3 4.2.3 Enterprise Risk Management Framework Item for: Approval Forwarded by: Audit Committee MOTION: That the Board of Governors approve of the Enterprise
More informationIT Governance Regulatory. P.K.Patel AGM, MoF
IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation
More informationIT Risk Management Era: Research Challenges and Best Practices. Eyal Adar, Founder & CEO Eyal@WhiteCyberKnight.com Chairman of the EU SRMI
IT Risk Management Era: Research Challenges and Best Practices IARA Work Group July 1 st, 2007, Santa Clara - California Eyal Adar, Founder & CEO Eyal@WhiteCyberKnight.com Chairman of the EU SRMI (Security
More informationRevised October 2013
Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience
More informationHedge fund launch considerations Reaching new boundaries. Investment Management
Hedge fund launch considerations Reaching new boundaries Investment Management There are people who make things happen, there are people who watch things happen, and there are people who wonder what happened.
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationSarbanes-Oxley Section 404: Compliance Challenges for Foreign Private Issuers
Sarbanes-Oxley Section 404: Compliance s for Foreign Private Issuers Table of Contents Requirements of the Act.............................................................. 1 Accelerated Filer s...........................................................
More informationWe help companies operate responsibly and sustainably, grow with a clear understanding of strategic risk and
SOX Compliance We help companies operate responsibly and sustainably, We help companies operate responsibly and sustainably, grow with a clear understanding of strategic risk and grow with a clear understanding
More informationADVISORY SERVICES. Risk management in an evolving world. Making the case for social media governance. kpmg.com
ADVISORY SERVICES Risk management in an evolving world Making the case for social media governance kpmg.com Risk management in an evolving world 3 Why good governance should be the foundation of your social
More informationRSA Archer Risk Intelligence
RSA Archer Risk Intelligence Harnessing Risk to Exploit Opportunity June 4, 2014 Steve Schlarman GRC Strategist 1 Risk and Compliance Where is it today? 2 Governance, Risk, & Compliance Today 3 4 A New
More informationChayuth Singtongthumrongkul
IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional
More informationCOBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.
COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that
More information7 Practical insights for IT Asset Management
7 Practical insights for IT Asset Management Tauneel McKay Director Swiss Reinsurance Company Ltd Subbarao Chaganty Principal Consultant Infosys Ltd RELATE MANAGE.. Context KNOW. Consolidate the IT Asset
More informationIT risk management discussion 2013 PIAA Leadership Camp May 15, 2013
IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2
More informationImproving Financial Performance, Governance and Compliance
Enterprise Risk Management Improving Financial Performance, Governance and Compliance Through A Structured Approach Experis Finance By: Fred E. Lutzeier National ERM Director Fred.Lutzeier@Experis.Com
More informationGlobal Technology Audit Guide. Auditing IT Governance
Global Technology Audit Guide Auditing IT Governance Global Technology Audit Guide (GTAG ) 17 Auditing IT Governance July 2012 GTAG Table of Contents Executive Summary... 1 1. Introduction... 2 2. IT
More informationExecutive's Guide to
Executive's Guide to IT Governance Improving Systems Processes with Service Management, COBIT, and ITIL ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS
More informationThe Power of Risk, Compliance & Security Management in SAP S/4HANA
The Power of Risk, Compliance & Security Management in SAP S/4HANA OUR AGENDA Key Learnings Observations on Risk & Compliance Management Current State Current Challenges The SAP GRC and Security Solution
More informationContinuous Controls Monitoring. Virginia ISACA January Meeting 19 January 2010
Continuous Controls Monitoring Virginia ISACA January Meeting 19 January 2010 Today s Agenda What We Are Hearing About Risk Internal Controls Continuous Control Monitoring What is CCM? Framework EY Point
More informationLeveraging Data Analytics and Continuous Auditing. Internal Audit. January 9, 2014
Leveraging Data Analytics and Continuous Auditing to Transform Internal Audit January 9, 2014 Presenter Introductions John Isenberg, Director KPMG Risk Consulting Dallas Cortnye King, Manager KPMG Risk
More informationA Risk-Adjusted Operating Model for Insurers: Addressing Regulatory and Market Demands
A Risk-Adjusted Operating Model for Insurers: Addressing Regulatory and Market Demands While most insurers have recovered from the fiscal crisis of 2008, significant challenges remain on multiple fronts
More informationExecutive Summary: Internal Audit Report # 11-07 IT Governance April 13, 2011
Executive Summary: Internal Audit Report # 11-07 IT Governance Organization Impact Audit Objective & Scope Professional auditing standards require internal auditors to periodically review and assess the
More informationGlobal Industrial Manufacturer
Global Industrial Manufacturer Implements Control Self Assessment Solution Overview FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions Enterprise Risk Management
More informationERP Administrative Challenges Brian Jensen
ERP Administrative Challenges Brian Jensen Deloitte & Touche LLP February 2011 ERP Administrative Challenges Enterprise resource planning (ERP) implementations over the last two decades have generated
More informationEMEA TMC client conference Using global tax management systems to improve visibility and enhance control. The Crystal, London 9-10 June 2015
EMEA TMC client conference Using global tax management systems to improve visibility and enhance control The Crystal, London 9-10 June 2015 1 Agenda Managing global compliance and reporting Why are people
More informationAnn Geyer Tunitas Group. CGEIT Domains
1 CGEIT Exam Prep May 17, 2011 Ann Geyer Tunitas Group CGEIT Domains 2 Job Practice Areas by Domain 25% IT Gov Frameworks 20% Risk Mgmt 15% Strategic Alignment 15% Value Delivery 13% Resource Mgmt 12%
More informationand Risk Tolerance in an Effective ERM Program
The Roles of Risk Appetite and Risk Tolerance in an Effective ERM Program Eric Gerner, Risk Advisory Services Director Tuesday, July 10, 2012 General Information Share the webinar Ask a question Votes
More informationKPMG Advisory. Microsoft Dynamics CRM. Advisory, Design & Delivery Services. A KPMG Service for G-Cloud V. April 2014
KPMG Advisory Microsoft Dynamics CRM Advisory, Design & Delivery Services A KPMG Service for G-Cloud V April 2014 Table of Contents Service Definition Summary (What s the challenge?)... 3 Service Definition
More informationEnterprise Risk Management
2013 Government Accounting and Auditing Update Enterprise Risk Management Understanding and Implementing an ERM Framework Mike Sargent, Director- CliftonLarsonAllen May 2013 cliftonlarsonallen.com Discussion
More informationKPMG s Financial Management Practice. kpmg.com
KPMG s Financial Management Practice kpmg.com 1 KPMG s Financial Management Practice KPMG s Financial Management (FM) practice, within Advisory Management Consulting, supports the growing agenda and increased
More informationEvergreen Solutions Lowering the cost of EHR ownership
Evergreen Solutions Lowering the cost of EHR ownership As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the
More informationEnterprise Risk Management & Information Technology
Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management
More informationEnterprise-Wide Risk Assessment
Enterprise-Wide Risk Assessment Agenda 1. Definition of risk. 2. Risk drivers in higher education today. 3. Implementing an enterprise-wide risk management (ERM) program to effectively assess, manage,
More informationU.S. CFO Program The Four Faces of the CFO. 2010 Deloitte Touche Tohmatsu
U.S. CFO Program The Four Faces of the CFO 2010 Deloitte Touche Tohmatsu CFOs Play Four Critical Roles in Companies Catalyze behaviors across the organization to execute strategic and financial objectives
More information14 October 2015 ISACA Curaçao Conference By: Paul Helmich
Governance, Risk & Compliance A practical approach 14 October 2015 ISACA Curaçao Conference By: Paul Helmich Topics today What is GRC? How much of all the GRC literature, tools, etc. do I need to study
More informationGetting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP
Getting to strong Leading Practices for value-enhancing internal audit By Richard Reynolds and Abhinav Aggarwal - PricewaterhouseCoopers LLP Today's unpredictable business climate and challenging regulatory
More informationConsulting. PMOver Transforming the Program Management Office into a Results Management Office
Consulting PMOver Transforming the Management Office into a Results Management Office Executive summary Regardless of size and complexity, most programs encounter hurdles and issues. Many are able to address
More informationEnterprise Service Management (ESM)
Enterprise Service Management (ESM) A Reference Model for Adopting and Adapting IT Best Practices Across and Enterprise itsm003 v.3.0 Agenda and Objectives What are ESM Best Practices? What is the ESM
More informationCase Study: ICICI BANK INTERNAL AUDIT DEPARTMENT PENTANA AUDIT WORK SYSTEM IMPLEMENTATION
Introduction Emerging trends in the banking sector due to globalisation, liberalisation, increasing environment complexity, regulatory requirements & accountability is driving banks in India to adopt &
More informationEnterprise Risk Management (ERM): In Action. January 2010. Co-presented by: Michael Yip, Marsh Risk Consulting Norma Essary, DFW International Airport
January 2010 Enterprise Risk Management (ERM): In Action Co-presented by: Michael Yip, Risk Consulting Norma Essary, DFW International Airport www.marsh.com Discussion Topics Enterprise Risk Management
More informationPractical Approaches to Achieving Sustainable IT Governance
Practical Approaches to Achieving Sustainable IT Governance Beyond Mandates: Getting to Sustainable IT Governance Best Practices Agenda IT Governance Definition IT Governance Principles IT Governance Decisions
More informationData & Analytics in Internal Audit. January 13, 2015
Data & Analytics in Internal Audit January 13, 2015 With You Today KPMG Brian Greenberg, Director, Data & Analytics-enabled Internal Audit (National) Sean Mulyanto, Manager IT Advisory (Los Angeles) 1
More informationInformation Security Management System for Microsoft s Cloud Infrastructure
Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System
More informationRISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY
RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY PRESENTED BY: LEN WIATR, CHIEF RISK OFFICER Len s Risk Management Philosophy Build a
More informationPersonal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach
Personal Information Threats & Risks: Responding to an Evolving Landscape with an Integrated Data Protection Approach Don MacPherson January 2012 Discussion Items 1. Threats and risks to personal information
More information