IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

Size: px
Start display at page:

Download "IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE"

Transcription

1 1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH PLAN SERVICES & HARRINGTON HEALTH AHIA 32 nd Annual Conference August 25-28, 2013 Chicago, Illinois

2 Contents 2 Introduction IT Governance Q&A References 2

3 Objectives 3 Discuss the five key components of IT Governance Understand the key IT governance frameworks and standards The values of IT Governance ROI research and case studies Audit IT Governance and the 10 quick wins in improving IT Governance Ask your questions And more... 3

4 Auditing and IT Governance 4 IIA Standard 2011: Governance states, the internal audit activity it must assess whether the information technology governance of the organization supports the organization s strategies and objectives. 4

5 Healthcare IT Characteristics 5 Diversified IT environment Medical Devices and IT System coming together Meaningful use and HIE are changing g the IT environment Many regulatory requirements Constantly new and changing threats/risks related to the use of technology Immature IT/Information Security 5

6 GRC G Governance (Corporate Governance) R Risk (Enterprise Risk Management) C Compliance IT Governance 6

7 Shift the IT Perspective: 7 Area From To Scope: Technical problem Enterprise problem/opportunity Ownership: IT Enterprise Funding: Expense Investment Application: Platform/practice Process Approach: Adhoc Managed & Strategic 7

8 Contents 8 Introduction IT Governance Q&A References 8

9 Enterprise Governance 9 is a set of responsibilities and practices exercised by the board and executive management with the goal of Providing strategic direction Ensuring that objectives are achieved Ascertaining that risks are managed appropriately Verifying that the enterprise s resources are used responsibly is about Conformance: adhering to legislation, internal policies, audit requirements, etc. Performance: improving profitability, efficiency, effectiveness, growth, etc. 9

10 What is IT Governance? 10 IT governance is a subset of enterprise governance. Governance of IT encompasses several initiatives for board members and executive management. They must be aware of the role and impact of IT on the enterprise, define constraints within which IT professionals should operate, measure performance, understand risk and obtain assurance. IT Governance Institute 10

11 Balance of IT Governance Goals 11 The board must direct the balance between conformance and performance goals. 11

12 IT Governance Areas Process Maturity Rating 0 Non-existent: The process (control/procedures) does not exist. 1 Initial/Ad hoc: The process is informal, undocumented and reactive. 2 Repeatable: The process is repeatable but may be applied inconsistently as needed. 3 Defined: The process is documented and communicated. 4 Managed: The process is implemented and measurable. 5 Optimizing: Managed process with continuous performance improvements utilizing best practices. N/A Not Applicable: The process is not applicable to the review or has not been reviewed for other reasons. 12

13 Value of IT Governance 13 How the Masters of IT Deliver More Value and Less Risk IT Policy Compliance Group, December 2010 How High Performance Organizations Manage IT IT Policy Compliance Group, April

14 Value of IT Governance 14 Mature IT Governance has a strong business value that improves the organization s performance. The most mature organizations show: 7% higher profit margins than average 7-8% higher customer/patient satisfaction and retention than average Less than half in regulatory compliance spending 14

15 Profile Masters of IT: Practices of Best Performers Revenue and profits that are 75 percent higher than industry peers Customer retention-rates that are 50 percent higher than industry peers Spending on IT budgets that is 30 percent higher than industry peers Spending on information security that t is 37 percent higher h than peers Business disruptions that are 100 percent lower than industry peers Data loss or theft incidents that are 75 percent lower than industry peers Audit deficiencies that are 65 percent less than industry peers Page 15 15

16 Best Performers Masters of IT IT Balanced Scorecards that are linked to business Balanced Scorecards Ongoing IT Portfolio revision for effective management of asset use, growth strategy, value and risk Strategic IT Maps that align value and risk between the business of the enterprise and IT Standardization on COBIT, ISO and CIS benchmarks to preserve value, manage controls and mitigate risk Page 16

17 Best Performers Masters of IT Electronic systems of record in IT GRC systems for values, policies, controls, risks, assets and regulatory mandates Automation of key procedures to manage value and risk Daily, weekly and bi-monthly assessments to manage value and risk Dashboards, scorecards and reporting focused on operating units, business units, business functions, regulatory mandates, across silos and people Page 17

18 IT Governance you can not manage what you can not measure. 18

19 Resource Management Risk Management 19 Performance Measurement Accountability Roles and Responsibilities Major/Main Responsibilities Board Strategic Direction CEO Delivery of Strategy t CIO Implementation of Strategy

20 Roles/Responsibilities ACCOUNTABILITY Accountability applies to those who own the required resources and have the authority to approve the execution and/or accept the outcome of an activity within specific Risk IT processes. RESPONSIBILITY: Responsibility belongs to those who must ensure that the activities are completed successfully. Legend of the table: When a cell is YELLOW, the role carries responsibility and/or partial accountability for the process When a cell is GREEN, the role carries main accountability for the process. Only one role can be the main accountable for a given process. 20

21 Responsibilities & Accountability (RISK-IT) ROLE DEFINITIONS, RESPONSIBILITIES & ACCOUNTABILITY RISK GOVERNANCE RISK EVALUATION RISK RESPONSE Role Board Chief Executive Officer (CEO) Chief Risk Officer (CRO) Chief Information Officer (CIO) Chief Financial Officer (CFO) Enterprise Risk Committee Business Management Business Process Owner Risk Control Functions Definition of the Role This group of most senior and/or non-executives of the enterprise who are accountable for the governance of the enterprise and have overall control of its resources. The highest ranking officer who is in charge of the total management of the enterprise. The individual who oversees all aspects of risk management across the enterprise. An IT risk officer function may be established to oversee IT-related risk. The most senior official of the enterprise who is accountable for IT advocacy; aligning IT and business strategies; and planning, resourcing and managing the delivery of IT services and information and the deployment of associated human resources. The CIO typically chairs the governance council that manages the portfolio. The most senior official of the enterprise who is accountable for financial planning, record keeping, investor relations and financial risks. The group of executives of the enterprise who are accountable for the enterprise-level collaboration and consensus required to support enterprise risk management activities and decisions. Common Risk View A Integrate with ERM Risk- Aware Decisions A (Accountable) Collect Data Analyze Risk Maintain Risk Profile Articulate Risk Manage Risk R R (Responsible) A React to Events R R R A R R A R R R R R R R R R R R R R R R R Business individuals with roles related to managing (a) programme(s). R R A A A R R R The individual responsible for identifying process requirements, approving process design and managing process performance. In general, a business process owner must at an appropriately high level in the enterprise and have authority to commit resources to process-specific risk management activities. The functions in the enterprise responsible for managing specific risk domains (e.g. Chief Information Security Officer, business continuity plan disaster recovery, supply chain, Project Management Office). Human The most senior official of the enterprise who is accountable for planning and policies with respect to all human resources R resources (HR) in the enterprise. Compliance and Audit R R R R R R R R A R R R R R R R R R The functions in the enterprise responsible for compliance and audit. R R 21

22 IT Governance Framework in Place (COBIT 5) 22 22

23 IT Governance Control Areas 23 23

24 IT Governance Architecture Header Drivers PERFORMANCE: Business Goals CONFORMANCE HIPAA, PCI, etc. 24 Enterprise Governance Balanced Scorecards COSO IT Governance COBIT Best Practice Standards RISK IT ITIL ISO27000/ HITRUST PMI CMMi Processes and Procedures IT Risk Management IT Service Security/Risk Management Principles Project Management Principles System Development (adapted from ITGI, 2007, p. 12) 24

25 IT Governance Framework 25 COSO COBIT NIST ISO 9000 WHAT HOW ITIL SCOPE OF COVERAGE 25

26 COBIT 5 26 Governance of Enterprise IT Evolut tion of sco ope IT Governance Management Control Audit Val IT 2.0 (2008) Risk IT (2009) COBIT1 COBIT2 COBIT3 COBIT4.0/4.1 COBIT / An business framework from ISACA, at 26

27 ISACA 2010 IT Governance Global Study Wllk Well-known frameworks and solutions. Selected IT governance frameworks 27

28 COBIT

29 COBIT Principles and Enablers COBIT 5 Enterprise Enablers 29 29

30 COBIT Principle

31 COBIT 5 Processes 31

32 COBIT 5 Information Security 32 Business Model for Information Security (BMIS) The focus on information security management system (ISMS) in the align, plan and organize (APO) management domain, APO13 Manage security, establishes the prominence of information security within the COBIT 5 process framework. 32

33 Enterprise Risk Management RISK IT Enterprise Risk Strategic Risk Environmental Risk Market Risk Credit Risk Operational Risk Compliance Risk IT-related Risk IT Benefit/Value Enablement IT Program and IT Operations and Risk Project Delivery Risk Service Delivery Risk Technology enabler for new business initiativesiti Technology enabler for efficient operations Project relevance Project quality Projects overrun IT Service interruptions Security issues Compliance issues 33

34 Risk to Controls 34 34

35 Contents 35 Introduction IT Governance Q&A References 35

36 Contents 36 Introduction IT Governance Q&A References 36

37 References 37 ISACA COBIT RISK-IT IT IT Governance Institute IIA GTAG 7 IT Governance IT Policy Compliance Group (www.itpolicycompliance.com) HIMSS (IT Governance in Healthcare & Hospitals) 37

38 Question & Answers 38 Page 38

39 Save the Date September 21-24, rd Annual Conference Austin, Texas 39

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA

More information

Chayuth Singtongthumrongkul

Chayuth Singtongthumrongkul IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional

More information

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT

More information

Strategic IT audit. Develop an IT Strategic IT Assurance Plan

Strategic IT audit. Develop an IT Strategic IT Assurance Plan Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized

More information

IT Governance: framework and case study. 22 September 2010

IT Governance: framework and case study. 22 September 2010 IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT

More information

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Outside View of Increased Regulatory Requirements Regulatory compliance is often seen as sand in the gears requirements

More information

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Importance of Effective Internal Controls and COSO COSO

More information

ITIL AND COBIT EXPLAINED

ITIL AND COBIT EXPLAINED ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

Moving Forward with IT Governance and COBIT

Moving Forward with IT Governance and COBIT Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

SITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre

SITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre SITA Service Management Strategy Implementation Presented by: SITA Service Management Centre Contents What is a Service? What is Service Management? SITA Service Management Strategy Methodology Service

More information

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process Proceedings of FIKUSZ 13 Symposium for Young Researchers, 2013, 67-76 pp The Author(s). Conference Proceedings compilation Obuda University Keleti Faculty of Business and Management 2013. Published by

More information

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013 Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities

More information

Frameworks and related products that help professionals attain value from information systems.

Frameworks and related products that help professionals attain value from information systems. Frameworks and related products that help professionals attain value from information systems. Dear valued professional, In today s business landscape, executives must ensure that their IT is working as

More information

Does Your Information Security Program Measure Up? Session #74

Does Your Information Security Program Measure Up? Session #74 Does Your Information Security Program Measure Up? Session #74 DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy

More information

IT Governance Dr. Michael Shaw Term Project

IT Governance Dr. Michael Shaw Term Project IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3

More information

COBIT Helps Organizations Meet Performance and Compliance Requirements

COBIT Helps Organizations Meet Performance and Compliance Requirements DISCUSS THIS ARTICLE COBIT Helps Organizations Meet Performance and Compliance Requirements By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert,

More information

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory

More information

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Accounting and Management Information Systems Vol. 11, No. 1, pp. 44 55, 2012 ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Pavel NĂSTASE 1 and Simona Felicia UNCHIAŞU

More information

How the Masters of IT Deliver More Value and Less Risk

How the Masters of IT Deliver More Value and Less Risk December 2010 How the Masters of IT Deliver More Value and Less Risk IT Policy Compliance Group Contents Executive Summary Overview 3 The Best Performing Masters of IT 3 Guidance and Recommendations 4

More information

Revised October 2013

Revised October 2013 Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience

More information

Global Technology Audit Guide. Auditing IT Governance

Global Technology Audit Guide. Auditing IT Governance Global Technology Audit Guide Auditing IT Governance Global Technology Audit Guide (GTAG ) 17 Auditing IT Governance July 2012 GTAG Table of Contents Executive Summary... 1 1. Introduction... 2 2. IT

More information

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com COBIT 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com 1 Copyright Notice COBIT is 1996, 1998, 2000, 2005 2012 ISACA and IT Governance Institute.

More information

Based on 2008 Survey of 255 Non-IT CEOs/Executives

Based on 2008 Survey of 255 Non-IT CEOs/Executives Based on 2008 Survey of 255 Non-IT CEOs/Executives > 50% Ranked ITG as very important > 75% of businesses consider ITG to be an integral part of enterprise governance, but the overall maturity level is

More information

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013 IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

Benchmark of controls over IT activities. 2011 Report. ABC Ltd

Benchmark of controls over IT activities. 2011 Report. ABC Ltd www.pwc.com/cy Benchmark of controls over IT activities 2011 Report ABC Ltd... 2012 Scope and approach We wish to provide you with our IT Benchmarking report over IT activities at ABC Ltd (the Company)

More information

COBIT 5 Introduction. 28 February 2012

COBIT 5 Introduction. 28 February 2012 COBIT 5 Introduction 28 February 2012 COBIT 5 Executive Summary 2012 ISACA. All rights reserved. 2 Information! Information is a key resource for all enterprises. Information is created, used, retained,

More information

IT Governance Regulatory. P.K.Patel AGM, MoF

IT Governance Regulatory. P.K.Patel AGM, MoF IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation

More information

IT Risk Management Life Cycle and enabling it with GRC Technology

IT Risk Management Life Cycle and enabling it with GRC Technology IT Risk Management Life Cycle and enabling it with GRC Technology Debbie Lew (debbie.lew@ey.com), Senior Manager, E&Y Steven Jones (steven.jones@ey.com), Senior Manager, E&Y Overview 1. What is risk management?

More information

DISASTER RECOVERY/ BUSINESS CONTINUITY AUDITING: A CASE STUDY

DISASTER RECOVERY/ BUSINESS CONTINUITY AUDITING: A CASE STUDY 1 DISASTER RECOVERY/ BUSINESS CONTINUITY AUDITING: A CASE STUDY WAYNE PURVES DIRECTOR CHRISTA VOIE IT AUDITOR MULTICARE HEALTH SYSTEM TACOMA, WA AHIA 32 nd Annual Conference August 25-28, 2013 Chicago,

More information

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK INDEX 1 Introduction... 2 Contextual background... 2.1 The CobiT 5 framework (2012)... 2.2 The ISO 27000 series (2005, 2011)... 2.3 The Risk IT

More information

ENTERPRISE RISK MANAGEMENT SURVEY. 2013 RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY:

ENTERPRISE RISK MANAGEMENT SURVEY. 2013 RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY: t RIMS2013 ENTERPRISE RISK MANAGEMENT SURVEY 2013 RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY: Administered by: Advisen Ltd. Zurich Authored by: RIMS and Advisen Ltd. Publishers: Mary Roth,

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

Feature. Developing an Information Security and Risk Management Strategy

Feature. Developing an Information Security and Risk Management Strategy Feature Developing an Information Security and Risk Management Strategy John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC. He has designed and implemented enterprisewide

More information

An Introduction to the Information Security Program Model (ISPM)

An Introduction to the Information Security Program Model (ISPM) SECURELY ENABLING BUSINESS An Introduction to the Information Security Program Model (ISPM) Presented by: Nick Puetz VP of Strategic Services, FishNet Security David Robinson CIO, Lockton Companies AGENDA

More information

Domain 5 Information Security Governance and Risk Management

Domain 5 Information Security Governance and Risk Management Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association

More information

Business Continuity in Healthcare

Business Continuity in Healthcare Business Continuity in Healthcare Cynthia Simeone, CBCP, PMP Director Business Resilience Catholic Health Initiatives Scott Ream President Virtual Corporation 1 Session Speakers Cynthia Simeone, CBCP,

More information

COBIT The comprehensive IT governance. framework that addresses every aspect of IT and integrates all of the main global IT standards.

COBIT The comprehensive IT governance. framework that addresses every aspect of IT and integrates all of the main global IT standards. COBIT The comprehensive IT governance framework that addresses every aspect of IT and integrates all of the main global IT standards. COBIT4.1 Does your enterprise s IT support the business? Is it aligned

More information

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist Beyond Mandates: Getting to Sustainable IT Governance Best Practices Steve Romero PMP, CISSP, CPM IT Governance Evangelist Agenda > IT Governance Definition > IT Governance Principles > IT Governance Decisions

More information

Balancing Compliance and Operational Security Demands

Balancing Compliance and Operational Security Demands SESSION ID: GRC-W01 Balancing Compliance and Operational Security Demands Steve Winterfeld Bank Information Security Officer CISSP, PCIP What is more important? Compliance with laws / regulations Following

More information

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP Presented by Denis Darveau CISM, CISA, CRISC, CISSP Las Vegas ISACA Chapter, February 19, 2013 2 COBIT Definition Control Objectives for Information and Related Technology (COBIT) is an IT governance framework

More information

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net

More information

COBIT & ITIL usage for SOX current and future

COBIT & ITIL usage for SOX current and future COBIT & ITIL usage for SOX current and future Robert E Stroud International Vice President ISACA Evangelist ITSM & IT Governance CA, Inc. Japan, November 8, 2007 Trademark Notice ITIL is a registered trademark

More information

The Core of V3 Service Strategy

The Core of V3 Service Strategy Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich

More information

Risk IT A set of guiding principles and. the first framework to help enterprises identify, govern and effectively manage IT risk.

Risk IT A set of guiding principles and. the first framework to help enterprises identify, govern and effectively manage IT risk. Risk IT A set of guiding principles and the first framework to help enterprises identify, govern and effectively manage IT risk. In business today, risk plays a critical role. Almost every business decision

More information

Practical Approaches to Achieving Sustainable IT Governance

Practical Approaches to Achieving Sustainable IT Governance Practical Approaches to Achieving Sustainable IT Governance Beyond Mandates: Getting to Sustainable IT Governance Best Practices Agenda IT Governance Definition IT Governance Principles IT Governance Decisions

More information

IT Governance, Risk, and Compliance

IT Governance, Risk, and Compliance May 2008 2008 Annual Report IT Governance, Risk, and Compliance Improving business results and mitigating financial risk IT Policy Compliance Group Contents Executive summary...........................................................

More information

Manage Third Party Information Technology Services

Manage Third Party Information Technology Services Manage Third Party Information Technology Services City of Tulsa Internal Auditing June 2013 MANAGE THIRD PARTY INFORMATION TECHNOLOGY SERVICES City of Tulsa Internal Auditing Ron Maxwell, CIA, CFE Chief

More information

Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM) Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security

More information

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

AN OVERVIEW OF INFORMATION SECURITY STANDARDS AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

2009 Solvay Brussels School and IT Governance institute

2009 Solvay Brussels School and IT Governance institute IT Governance Masterclass Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA International VP, IT Governance Institute Professor, Solvay Business School Managing Partner, ICT Control NV 1 Georges Ataya

More information

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia MARIO SPREMIĆ, Ph.D., CGEIT, Full Professor Faculty of Economics and Business Zagreb, University of Zagreb

More information

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER MAY 2012 INDEX 1 Introduction... 1 2 Contextual background... 3 2.1 The CobiT 5 framework (2012)... 4 2.2 The ISO 27000 series (2005,

More information

Implementing Practical Information Security Programs

Implementing Practical Information Security Programs Implementing Practical Information Security Programs CISO Summit March 17-19, 2013 Presented by: David Cass, SVP & Chief Information Security Officer, Elsevier Information Security & Data Protection Office

More information

IT Service Management ITIL, COBIT

IT Service Management ITIL, COBIT IT Service Management ITIL, COBIT Bülent Ekuklu Business Development Executive IBM Global Services Global Conditions are Changing 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Agriculture Manufacturing Service

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

Governance and Management of Information Security

Governance and Management of Information Security Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information

More information

Formulating and Implementing an HP IT program strategy using CobiT and HP ITSM

Formulating and Implementing an HP IT program strategy using CobiT and HP ITSM Formulating and Implementing an HP IT program strategy using CobiT and HP ITSM Mathias Sallé HP Research Laboratories mathias.salle@hp.com Steve Rosenthal Management Software Organization steve.rosenthal@hp.com

More information

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2

More information

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25

More information

S11 - Implementing IT Governance An Introduction Debra Mallette

S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Introduction to IT Governance Implementation using COBIT and Val IT Speaker: Debra Mallette, CGEIT, CISA, CSSBB Session Objectives

More information

IT Charter and IT Governance Framework

IT Charter and IT Governance Framework IT Charter and IT Governance Framework Status: Custodian: Approved Director: Information Technology Date approved: 2013-12-04 Implementation date: 2013-12-05 Decision number: SAQA 02102/13 Due for review:

More information

NEW PERSPECTIVES. Data Analysis Challenges: C1 is customer provided. Anticipate IRS Audits: System Development and Implementation Projects:

NEW PERSPECTIVES. Data Analysis Challenges: C1 is customer provided. Anticipate IRS Audits: System Development and Implementation Projects: NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 31, No. 2, Summer, 2012 C1 is customer provided Data Analysis

More information

for Information Security

for Information Security for Information Security The following pages provide a preview of the information contained in COBIT 5 for Information Security. The publication provides guidance to help IT and Security professionals

More information

CITY OF HOUSTON. Executive Order. Information Technology (IT) Governance

CITY OF HOUSTON. Executive Order. Information Technology (IT) Governance CITY OF HOUSTON Executive Order E.O. No: 1-44 Effective Date: December 20, 2012 1. AUTHORITY 1.1 Article VI, Section 7a, of the City Charter of the City of Houston. 2. PURPOSE 2.1 The City of Houston seeks

More information

CobiT Strategy and Long Term Vision

CobiT Strategy and Long Term Vision CobiT Strategy and Long Term Vision Urs Fischer VP Head IT Risk Mgmt, Security & ICS SwissLife Seite 2 1 Seite 3 Seite 4 2 Session Objective Provide those interested stakeholders with a clear and single

More information

BEST PRACTICES. March 29, 2005 IT Governance Framework. by Craig Symons. Helping Business Thrive On Technology Change

BEST PRACTICES. March 29, 2005 IT Governance Framework. by Craig Symons. Helping Business Thrive On Technology Change March 29, 2005 IT Governance Framework by Craig Symons BEST PRACTICES Helping Business Thrive On Technology Change BEST PRAC TICES March 29, 2005 IT Governance Framework Structures, Processes, And Communication

More information

Trends in Information Technology (IT) Auditing

Trends in Information Technology (IT) Auditing Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan

More information

ITIL's IT Service Lifecycle - The Five New Silos of IT

ITIL's IT Service Lifecycle - The Five New Silos of IT The workable, practical guide to Do IT Yourself Vol. 4.01 January 1, 2008 ITIL's IT Service Lifecycle - The Five New Silos of IT By Rick Lemieux In my last article I spoke about IT s evolution from its

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

Making Compliance Work for You

Making Compliance Work for You white paper Making Compliance Work for You with application lifecycle management Rocket bluezone.rocketsoftware.com Making Compliance Work for You with Application Lifecycle Management A White Paper by

More information

Guidance for Best Practices in Information Security and IT Audit

Guidance for Best Practices in Information Security and IT Audit September 2009 Guidance for Best Practices in Information Security and IT Audit IT Policy Compliance Group Contents Executive Summary Practices Covered 2 Key Findings 2 Only One-in-Ten Experience the Best

More information

GLOBAL STANDARD FOR INFORMATION MANAGEMENT

GLOBAL STANDARD FOR INFORMATION MANAGEMENT GLOBAL STANDARD FOR INFORMATION MANAGEMENT Manohar Ganshani Businesses have today expanded beyond local geographies. Global presence demands uniformity within the processes across disparate locations of

More information

IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP

IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP 1 An executive view of governance Based on 2009 Survey of 255 Non-IT CEOs/Executives 50% Ranked ITG as very important 75% of

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

Information Security Management Systems

Information Security Management Systems Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector

More information

Enterprise Risk Management Program

Enterprise Risk Management Program Enterprise Risk Management Program APPA s Risk Management & Insurance Meeting Austin, Texas March 29, 2007 Presented by: L.D. Hollingsworth Agenda Introduction - Why ERM? Governance & Reporting Structure

More information

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015 Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...

More information

Top Priorities for Internal Auditors in U.S. Healthcare Provider Organizations

Top Priorities for Internal Auditors in U.S. Healthcare Provider Organizations Top Priorities for Internal Auditors in U.S. Healthcare Provider Organizations Key Areas for Improvement Include Compliance, Information Security, Social Media and Quality Assurance INTRODUCTION Historic

More information

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface. iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 1.1 Overview 4 1.2 Context 4 1.3 Purpose 8 1.4 Usage 8 2 Management

More information

Stepping Through the Business Continuity Plan Audit

Stepping Through the Business Continuity Plan Audit Stepping Through the Business Continuity Plan Audit Doug Menendez Graybar Electric Company Presentation to MidAmerica Contingency Planning Forum February 16, 2012 Introduction Whether it is from internal

More information

Creating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services

Creating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services Creating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services Managing Governance, Risk, and Compliance for Cloud Information Security Introduction Businesses today are

More information

THE BOARD S ROLE AND RESPONSIBILITIES OVER THE CONTROL ENVIRONMENT. Session 4

THE BOARD S ROLE AND RESPONSIBILITIES OVER THE CONTROL ENVIRONMENT. Session 4 THE BOARD S ROLE AND RESPONSIBILITIES OVER THE CONTROL ENVIRONMENT Session 4 Road Map of Presentation Review of the key responsibilities of the Board - the direct links to the IC System & IA function Analyze

More information

SHARED ASSESSMENTS PROGRAM STANDARDIZED INFORMATION GATHERING (SIG) QUESTIONNAIRE

SHARED ASSESSMENTS PROGRAM STANDARDIZED INFORMATION GATHERING (SIG) QUESTIONNAIRE SHARED ASSESSMENTS PROGRAM STANDARDIZED INFORMATION GATHERING (SIG) QUESTIONNAIRE The Shared Assessments Trust, But Verify Model The Shared Assessments Program Tools are used for managing the vendor risk

More information

fs viewpoint www.pwc.com/fsi

fs viewpoint www.pwc.com/fsi fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a

More information

The MSS Approach to BPM

The MSS Approach to BPM The MSS Approach to BPM Ryan McMahon, PMP MSS Management Consulting Agenda BPM defined MSS BPM Offerings and Approach Key BPM Benefits Q&A - Improve the Big Picture - Identify Problem Areas and Bottlenecks

More information

Comply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan

Comply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan Comply, Improve, Transform: Regulatory Compliance Management for Software Development Jim Duggan You Can Offset the Costs of Compliance! Complexity Drives Cost UP Sarbanes-Oxley HIPAA EPA Basel II M&A

More information

Question: 1 Which of the following should be the FIRST step in developing an information security plan?

Question: 1 Which of the following should be the FIRST step in developing an information security plan? 1 ISACA - CISM Certified Information Security Manager Exam Set: 1, INFORMATION SECURITY GOVERNANCE Question: 1 Which of the following should be the FIRST step in developing an information security plan?

More information

Effectively Using CobiT in IT Service Management

Effectively Using CobiT in IT Service Management Effectively Using CobiT in IT Service Management Crown copyright material is reproduced with the permission of the Controller of HMSO and Queen s Printer for Scotland. ITIL is a Registered Trade Mark of

More information

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview COBIT 5 IACA s new framework for IT Governance, Risk, ecurity and Auditing An overview M. Garsoux COBIT 5 Licensed Training rovider Introduction rinciples rocesses Implementation upporting roducts Questions

More information

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What

More information

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA Quality and security in application development Round Table Meeting/Discussion Group Wednesday 23rd May 2007 Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA 1 The International

More information

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program

Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat

More information

IT governance and business organization: some trends about the management of application portfolio

IT governance and business organization: some trends about the management of application portfolio IT governance and business organization: some trends about the management of application portfolio Roberto Candiotto, Silvia Gandini 1 1 Dipartimento di Studi per l Economia e l Impresa (Università del

More information

Executive's Guide to

Executive's Guide to Executive's Guide to IT Governance Improving Systems Processes with Service Management, COBIT, and ITIL ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS

More information

Maximizing Your IT Value with Well-Aligned Governance August 3, 2012

Maximizing Your IT Value with Well-Aligned Governance August 3, 2012 Maximizing Your IT Value with Well-Aligned Governance August 3, 2012 6 th Annual SoCal Excellence in Service Management Conference Your Presenter: Jason Brucker Associate Director within Protiviti's IT

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information