Bilgi Teknolojileri Risk Yönetimi Uygulamaları

Size: px
Start display at page:

Download "Bilgi Teknolojileri Risk Yönetimi Uygulamaları"

Transcription

1 Bilgi Teknolojileri Risk Yönetimi Uygulamaları Kurumsal Risk Yönetimi Derneği 8 Mart 2011

2 Ajanda BT risk yönetimi kavramı BT risk yönetimi uygulamaları Risk IT çerçevesi Uygulama örnekleri Sorular ve tartışma Sayfa 2

3 BT risk yönetimi kavramı Sayfa 3

4 The top 10 risks for business (ranking from 2009 in brackets) 1. Regulation and compliance (2) 2. Access to credit (1) 3. Slow recovery or double-dip recession (No change) 4. Managing talent (7) 5. Emerging markets (12) 6. Cost cutting (No change) 7. Non-traditional entrants (5) 8. Radical greening (4) 9. Social acceptance and CSR (New) 10. Executing alliances and transactions (8) Sayfa 4

5 Risk impact matrix across the sectors Sayfa 5

6 Business Risk 2010 Banking and capital markets The top 10 risks for the banking industry 1. Regulatory and compliance risk 2. Geopolitical macroeconomic shocks 3. Reputation risk 4. Residual credit quality issues 5. Weak recovery or double-dip recession 6. Human capital risks, including misaligned compensation structures 7. Organizational change 8. Corporate governance and internal control failures 9. IT risks 10. Reduced profits and valuations Sayfa 6

7 The challenge of overseeing IT risks and governance European Audit Committee Leadership Network (EACLN) Audit Committee Leadership Network (ACLN) North America Some boards are actively engaged in IT issues Boards and audit committees regularly address IT However, many European boards are much less involved; these boards generally view IT as a lower-level utility rather than a strategic advantage The audit committee is less familiar with the IT staff than the finance staff Boards draw on several resources to enhance their IT capabilities Issues covered: The full board generally hears from the chief information officer (CIO) once a year The audit committee is less familiar with the IT staff than the finance staff Directors supplement their knowledge of IT with internal and external resources Issues covered: Security of data and IT systems Security of data and IT systems Major ERP implementations Major enterprise resource planning (ERP) implementations Outsourcing IT controls over financial reporting Leveraging new technologies The IT aspects of mergers and acquisitions Outsourcing IT controls over financial reporting Leveraging new technologies Source: EACLN ViewPoints; Issue 26: 3 December 2010; Tapestry Networks Source: ACLN ViewPoints; Issue 32: November 2, 2010; Tapestry Networks Sayfa 7

8 IT Benchmarking Survey 2010 Sayfa 8

9 Global Information Security Survey 2010: New technology means new risk 60% of respondents perceived an increase in the level of risk they face due to the use of social networking, cloud computing and personal devices in the enterprise. Given current trends towards the use of such things as social networking, cloud computing and personal devices in the enterprise, have you seen or perceived a change in the risk environment facing your organization? 37% Yes, increasing level of risk No, decreasing level of risk 60% Relatively constant level of risk 3% Sayfa 9

10 GISS 2010: Top 5 IT risks From the following list, which are the top five areas of IT risk for your organization? Continuous availability of critical IT resources 31% 16% 11% 7% 6% Data (e.g., disclosure of sensitive data) 19% 18% 13% 8% 6% Applications and databases (e.g., unsupported applications, system 14% 14% 10% 9% 8% Third-party suppliers and outsourcing (e.g., lack of security, lack of 5% 7% 8% 9% 12% Operations (e.g., operator errors, breakdown of operational processes) 4% 7% 9% 10% 10% Legal and regulatory (e.g., non-compliance with regulations or contracts) 6% 7% 8% 8% 7% Staffing (e.g., mismatch of IT skills, loss of key resources) 3% 5% 6% 9% 10% Infrastructure (e.g., misconfiguration of hardware, inflexible architecture) 3% 6% 8% 10% 6% Programs and projects (e.g., budget overruns, delays, poor quality) 4% 4% 7% 9% 8% Strategy and alignment (e.g., misaligned priorities, lack of business 4% 4% 6% 6% 8% Fraud and theft (e.g., theft of laptops and servers, intentional data 4% 6% 5% 7% 6% Physical environment (e.g., utilities failures, natural disasters) 3% 4% 4% 6% Technology (e.g., wrong technologies, failure to exploit new technologies) 3% 4% 6% Top IT risk 2nd 3rd 4th 5th IT risk Sayfa 10

11 GISS 2010: Cloud computing 39% of respondents cited the loss of visibility of what happens to company data as an increasing risk when using cloud based solutions. Which of the following new or increased risks have you identified? Data leakage risks Loss of visibility of what happens to company data 39% Unauthorized access 34% Difficulty in technical and procedural monitoring 29% Increased collaboration with individuals outside the enterprise 22% 52% Contract risks 18% Availability risks 17% Challenges in updating internal audit and compliance plans 15% Capacity management risks 13% Performance management risks 11% Sayfa 11

12 BT risk yönetimi uygulamaları Sayfa 12

13 Expressing IT risk in business terms IT Risk: Business risk related to the use of IT. Source: Risk IT Framework Sayfa 13

14 The Risk IT Framework: Overview Source: Risk IT Framework Sayfa 14

15 The Risk IT Framework: Some key concepts Source: Risk IT Framework Sayfa 15

16 Risk IT: Generic Risk Scenarios Source: Risk IT Framework Sayfa 16

17 Source: Risk IT Framework Risk IT: Control selection Sayfa 17

18 Evolution of threats Sayfa 18

19 Countering the evolving threat landscape Sayfa 19

20 GISS 2010: Data leakage controls Which of the following actions has your organization taken to control data leakage of sensitive information? Defined a specific policy for classification and handling of sensitive information 73% Implemented additional security mechanisms for protecting information 65% Utilized internal auditing for testing of controls Implemented content monitoring/filtering tools Defined specific requirements for telecommuting Locked down/restricted use of certain hardware components Restricted or prohibited use of instant messaging or for sensitive data Implemented log review tools 54% 51% 48% 45% 45% 44% Prohibited use of camera devices within sensitive or restricted areas 29% Restricted access to sensitive information to specific time periods 18% Sayfa 20

21 Varlık tabanlı BT risk değerlendirme örneği Sayfa 21

22 Varlık tabanlı BT risk değerlendirme örneği: BT envanter kırılımı IT Inventory Software Inventory Hardware Inventory Data Inventory Location Inventory Application PC Office Software System Software Web Service Software Physical Server Systems Business Application Operating System Software Virtual Server Systems Business Support Applications Middleware Security Systems Reporting Application Development Application Database Management Software Storage Unit Security Application Network Equipment System Management Application Sayfa 22

23 Finansal denetimde BT risk değerlendirme Kurum Seviyesi Kontroller / İç Kontrol ve İç Denetim Muhasebe Kayıtları / Mali Tablolar İş Süreci 1 İş Süreci 2 İş Süreci 3 İş Süreci 4 Uygulama Kontrolleri A Uygulaması B Uygulaması C Uygulaması BT Genel Kontrolleri Veri Yedekleme 1 Uygulama Geliştirme - 1 Bilgi Güvenliği Veri Yedekleme 2 Uyg. Geliştirme - 2 Sayfa 23

24 Sorular ve tartışma Sayfa 24

25 Teşekkür ederiz

26 Ek: BT risk grupları Sayfa 26

27 Ernst & Young Generic RiskUniverse Strategic Operations Compliance Financial Governance: Board Performance Tone at The Top Control Environment Corporate Social Responsibility Planning and Resource Allocation: Organizational Structure 3 rd Party Relationships Strategic Planning HR Strategy & Planning Annual Budgeting Forecasting JV s /Alliances and Partnerships Outsourcing Arrangements Special Purpose Entities Tax Planning Major Initiatives: Vision and Direction Planning and Execution Measurement & Monitoring Technology Implementations Business Acceptance Mergers, Acquisition & Divesture: Valuation and Pricing Due Diligence Planning, Execution and Integration Market Dynamics: Competition Macro-Economic Factors Lifestyle Trends Socio-Political Communication & Investor Relations: Media Relations Crisis Communications Misuse of Technology for Communication Employee Communication Sales & Marketing: Marketing Advertising Research & Development Sales and Pricing Technology Enabled Sales Customer/Support Management Supply Chain: Master Planning & Forecasting Procurement & Inventory Production Distribution Transportation & Logistics Indirect Taxes Transfer Pricing People/Human Resources: Culture Recruiting & Retention Development & Performance Succession Planning Compensation and Benefits Pay Programs & Practices Labor Relations Information Technology: IT Management IT Security / Access IT Availability/Continuity IT Spend IT Integrity IT Infrastructure Hazards: Natural Events, Terror & Malicious Acts Outages Physical Assets: Real Estate Property Plant & Equipment Inventory Tax Operations: Tax Technology and Knowledge Management Tax Department Operations Code of Conduct : Ethics Fraud Legal: Contract Liability Intellectual Property Anti-Corruption International Dealings Regulatory: Trade Customs Labor Securities Environment Data Protection & Privacy Product Quality/Safety Health and Safety International Dealings Competitive Practices / Anti-trade Tax Compliance and Audit Management Sales & Marketing Market: Interest Rate Foreign Currency Commodity Derivatives Liquidity Risk Management: Cash Management Funding Hedging Credit & Collections Insurance Accounting and Reporting Accounting, Reporting & Disclosure Internal Control Requirements Capital Structure: Debt Equity Pension Funds Stock Options Sayfa 27

28 IT Risk Groups IT Management Failure to prioritize technology initiatives and effectively allocate and direct IT resources in order to achieve the strategic corporate goals and objectives IT Security/Access Failure of information systems to adequately protect the critical data and infrastructure from theft, corruption, unauthorized usage, viruses, or sabotage IT Availability/Continuity The inability to recover from, and continue uninterrupted operations in the event of extraordinary events, systems and implementation failures IT Spend IT directly or indirectly contributes to higher operating costs resulting in a material decrease to the company's profitability and earnings. IT Integrity Information systems do not provide reliable information when it is needed or perform so slowly that operations are not efficient IT Infrastructure The computer and telecommunications systems with supporting software do not capture, retain and transfer data in a secure and reliable environment and do not meet the expected requirements of the business at a reasonable cost Sayfa 28

Anti-Fraud Management Example In Accounts Payable. Michael Heckner October 12, 2012

Anti-Fraud Management Example In Accounts Payable. Michael Heckner October 12, 2012 Anti-Fraud Management Example In Accounts Payable Michael Heckner October 12, 2012 GRC Top Reasons Customers Invest Today Business Process Improvements Systematic, reliable processes Improve predictability

More information

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data

More information

www.pwc.com Third Party Risk Management 12 April 2012

www.pwc.com Third Party Risk Management 12 April 2012 www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.

More information

Social Networking and its Implications on your Data Security

Social Networking and its Implications on your Data Security Social Networking and its Implications on your Data Security Canadian Chamber of Commerce of the Philippines June 8, 2011 Warren R Bituin Partner -SGV & Co. About the Speaker Warren R. Bituin SGV & Co./Ernst

More information

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? FREEMAN WOOD HEAD OF MERCER SENTINEL NORTH AMERICA GREGG SOMMER HEAD OF OPERATIONAL RISK ASSESSMENTS MERCER

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

STRATEGIES FOR ADAPTING AND REMODELING ACTIVITIES IN ROMANIAN INSURANCE COMPANIES

STRATEGIES FOR ADAPTING AND REMODELING ACTIVITIES IN ROMANIAN INSURANCE COMPANIES DIANA MIRUNA HANCU STRATEGIES FOR ADAPTING AND REMODELING ACTIVITIES IN ROMANIAN INSURANCE COMPANIES Ph.D. Thesis - SUMMARY - Ph.D. Coordinators: Prof. Dan CÂNDEA, Ph.D. Prof. Dumitru MATIŞ, Ph.D. 2009

More information

NORTH CAROLINA DEPARTMENT OF STATE TREASURER INVESTMENT MANAGEMENT DIVISION. External Investment Manager and Vehicle Selection Policy and Procedures

NORTH CAROLINA DEPARTMENT OF STATE TREASURER INVESTMENT MANAGEMENT DIVISION. External Investment Manager and Vehicle Selection Policy and Procedures I. Background NORTH CAROLINA DEPARTMENT OF STATE TREASURER INVESTMENT MANAGEMENT DIVISION External Investment Manager and Vehicle Selection Policy and Procedures The North Carolina Retirement Systems include

More information

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland Audit Report Effectiveness of IT Controls at the Global Fund Follow-up report GF-OIG-15-20b Geneva, Switzerland Table of Contents I. Background and scope... 3 II. Executive Summary... 4 III. Status of

More information

THIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s

THIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s MANAGING THIRD PARTY RISK T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s Experis -- a different kind of talent company. Experis Tuesday, January 08,

More information

Our Service Offering to SASOL

Our Service Offering to SASOL Our Service Offering to SASOL MEMBER FIRM ALIGNED WITH LIKE-MINDED FIRMS IN OVER 70 OFFICES ACROSS 25 COUNTRIES Giving our clients a competitive advantage by providing access to best practice. A BRIEF

More information

Accounting and Management Information Systems Course Descriptions

Accounting and Management Information Systems Course Descriptions Accounting and Management Information Systems Course Descriptions Accounting Course Descriptions ACCT 110 Introduction to Financial Accounting This introductory course to financial accounting aims to develop

More information

SIEM Implementation Approach Discussion. April 2012

SIEM Implementation Approach Discussion. April 2012 SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

trends and audit considerations

trends and audit considerations Bring your own device (BYOD) trends and audit considerations SIFMA IT audit session 4 October 2012 Disclaimer Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited,

More information

Executive Leadership MBA Course Descriptions

Executive Leadership MBA Course Descriptions Executive Leadership MBA Course Descriptions MBA 608: Interpersonal Leadership and Managing Organizational Behavior (3 credits) This course provides rising stars learning opportunities to take the next

More information

APICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES

APICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES APICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES APICS INSIGHTS AND INNOVATIONS ABOUT THIS REPORT This report examines the role that supply chain risk management plays in organizations

More information

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT Communications Company One Company s Supply Chain Transformation Journey INTERVIEWS Senior Manager Supply Chain Operations Strategy Manager Procurement

More information

Risk Considerations for Internal Audit

Risk Considerations for Internal Audit Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013

More information

Forensic Services. Third Party Risks. March 2013

Forensic Services. Third Party Risks. March 2013 Forensic Services Third Party Risks Landscape of third party risk Focus on third parties that: perform functions on behalf of the company provide products and services that the company does not originate

More information

BUILDING FUTURES ADVANCED DIPLOMA MCT

BUILDING FUTURES ADVANCED DIPLOMA MCT BUILDING FUTURES ADVANCED DIPLOMA MCT SYLLABUS ADVANCED DIPLOMA MCT Study Unit 1: Treasury strategy Study Unit 2: Treasury applications Study Unit 3 Strategic treasury solutions INTRODUCTION The MCT Advanced

More information

The following are guidelines on the type of questions and their approximate weightings:

The following are guidelines on the type of questions and their approximate weightings: Purpose Advanced Management Accounting [MA2] Examination Blueprint 2014-2015 The Advanced Management Accounting [MA2] examination has been constructed using an examination blueprint. The blueprint, also

More information

Concepts in Enterprise Resource Planning. 2 nd Edition. Business Functions, Processes, and Data Requirements

Concepts in Enterprise Resource Planning. 2 nd Edition. Business Functions, Processes, and Data Requirements Concepts in Enterprise Resource Planning 2 nd Edition Business Functions, Processes, and Data Requirements Chapter Objectives Name a business's main areas of operation. Differentiate a business process

More information

Information Security in the framework of Enterprise Risk Management (ERM)

Information Security in the framework of Enterprise Risk Management (ERM) ERM, a widespread practice in Financial Institutions Value based ERM is driven by shareholder value Strategic ERM is driven by the internal control imperative Integral part of sound business management

More information

VENDOR MANAGEMENT. General Overview

VENDOR MANAGEMENT. General Overview VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

11/12/2013. Role of the Board. Risk Appetite. Strategy, Planning and Performance. Risk Governance Framework. Assembling an effective team

11/12/2013. Role of the Board. Risk Appetite. Strategy, Planning and Performance. Risk Governance Framework. Assembling an effective team Role of the Board Risk Appetite Strategy, Planning and Performance Risk Governance Framework Assembling an effective team Role of the CEO Accountability and Disclosure 1 Board members should act on a fully

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Vendor Risk Management Financial Organizations

Vendor Risk Management Financial Organizations Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

Florida A&M University O CTOBER 2008

Florida A&M University O CTOBER 2008 Florida A&M University O CTOBER 2008 2013-14 Risk assessment and internal audit plan May 2013 Contents 2013-14 Risk assessment & internal audit plan... 1 Risk assessment matrix development process... 2

More information

Credit Union Liability with Third-Party Processors

Credit Union Liability with Third-Party Processors World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with

More information

Vendor Management. Outsourcing Technology Services

Vendor Management. Outsourcing Technology Services Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring

More information

Alex Beath and Jody MacIntosh

Alex Beath and Jody MacIntosh Rotman International Journal of Pension Management Volume 6 Issue 1 Spring 2013 Risk-Management Practices at Large Pension Plans: Findings from a Unique 27-Fund Survey Alex Beath and Jody MacIntosh Alex

More information

WHS Risk Assessment and Control Form

WHS Risk Assessment and Control Form WHS Risk Assessment and Control Form Step 1: Who has conducted the Risk Assessment Risk Assessment completed by (name): Staff / Student Number: Signature: Date: Step 4: Documentation and initial approval

More information

Risk Management. Risk Policy and Procedures. Risk Management Framework

Risk Management. Risk Policy and Procedures. Risk Management Framework Risk Management Risk Policy and Procedures Risk management is attempting to identify and then manage threats that could severely impact or bring down the organization. Generally, this involves reviewing

More information

NAPCS Product List for NAICS 54161: Management Consulting Services

NAPCS Product List for NAICS 54161: Management Consulting Services NAPCS List for NAICS 54161: National 54161 1 Management Providing advice and guidance in the areas of strategic and organizational, financial, human resources, marketing, and operations and supply chain

More information

INSEEC Group- Paris, Bordeaux, & Lyon

INSEEC Group- Paris, Bordeaux, & Lyon INSEEC Group- Paris, Bordeaux, & Lyon COURSES IN ENGLISH- FALL SEMESTER Paris: Advertising & Communication: New Information & Communication Technologies Marketing International Media Image Rights Strategic

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

MBA IQ Course Syllabus

MBA IQ Course Syllabus MBA IQ Course Syllabus Module 1: General Management, Leadership, and Strategy Understand Scope & Nature of Corporate Strategies Understand Importance of Planning & Organizing Skills Understand Importance

More information

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

REGULATIONS FOR THE SECURITY OF INTERNET BANKING REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY

More information

Business Continuity Planning in IT

Business Continuity Planning in IT Introduction: Business Continuity Planning in IT The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions

More information

Executive Leadership MBA Course Descriptions

Executive Leadership MBA Course Descriptions Executive Leadership MBA Course Descriptions MBA 608: Interpersonal Leadership and Managing Organizational Behavior (3 credits) This course provides rising stars learning opportunities to take the next

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

How to build a great compliance program for your U.S. imports

How to build a great compliance program for your U.S. imports How to build a great compliance program for your U.S. imports For the importer of record, compliance means the complete and accurate recording of all internal processes through books and records, from

More information

HP Inc. Reports Hewlett-Packard Company Fiscal 2015 Full-Year and Fourth Quarter Results

HP Inc. Reports Hewlett-Packard Company Fiscal 2015 Full-Year and Fourth Quarter Results HP Inc. 1501 Page Mill Road Palo Alto, CA 94304 hp.com News Release HP Inc. Reports Hewlett-Packard Company Fiscal 2015 Full-Year and Fourth Quarter Results Editorial contacts HP Inc. Media Relations MediaRelations@hp.com

More information

ENTERPRISE MANAGEMENT AND SUPPORT IN THE TELECOMMUNICATIONS INDUSTRY

ENTERPRISE MANAGEMENT AND SUPPORT IN THE TELECOMMUNICATIONS INDUSTRY ENTERPRISE MANAGEMENT AND SUPPORT IN THE TELECOMMUNICATIONS INDUSTRY The Telecommunications Industry Companies in the telecommunications industry face a number of challenges as market saturation, slow

More information

Risks and uncertainties

Risks and uncertainties Risks and uncertainties Our risk management approach We have a well-established risk management methodology which we use throughout the business to allow us to identify and manage the principal risks that

More information

Ford Credit Earns Full-Year 2014 Pre-Tax Profit of $1.9 Billion; Net Income of $1.7 Billion*

Ford Credit Earns Full-Year 2014 Pre-Tax Profit of $1.9 Billion; Net Income of $1.7 Billion* Ford Credit Earns Full-Year Pre-Tax Profit of $1.9 Billion; Net Income of $1.7 Billion* DEARBORN, Mich., Jan. 29, 2015 Ford Motor Credit Company reported a pre-tax profit of $1.9 billion in, its highest

More information

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

Exercising Your Enterprise Cyber Response Crisis Management Capabilities Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.

More information

Principal risk Change Impact Mitigation Relevance to

Principal risk Change Impact Mitigation Relevance to 6 Spirax-Sarco Engineering plc Annual Report and Accounts 03 Strategic report continued risks Principal risks A summary of the principal risks, their likely impact and an explanation of how the Group mitigates

More information

Practical and ethical considerations on the use of cloud computing in accounting

Practical and ethical considerations on the use of cloud computing in accounting Practical and ethical considerations on the use of cloud computing in accounting ABSTRACT Katherine Kinkela Iona College Cloud Computing promises cost cutting efficiencies to businesses and specifically

More information

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,

More information

Department of Management

Department of Management Department of Management Course Student Learning Outcomes (ITM and MGMT) ITM 1270: Fundamentals of Information Systems and Applications Upon successful completion of the course, a student will be able

More information

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Page 1 of 7 The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Domain I provides a solid foundation for the governance of

More information

ELECTRONIC INFORMATION SECURITY A.R.

ELECTRONIC INFORMATION SECURITY A.R. A.R. Number: 2.6 Effective Date: 2/1/2009 Page: 1 of 7 I. PURPOSE In recognition of the critical role that electronic information systems play in City of Richmond (COR) business activities, this policy

More information

Borderless security. Ernst & Young s 2010 Global Information Security Survey

Borderless security. Ernst & Young s 2010 Global Information Security Survey Borderless security Ernst & Young s 2010 Global Information Security Survey Foreword... 1 Borderless security... 2 Data on the move... 4 Processing in the clouds... 8 Web connections... 12 Summary... 16

More information

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The Changing IT Risk Landscape Understanding and managing existing and emerging risks The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015

More information

Columbus City Schools Office of Internal Audit FY 2015 Work Plan Overview. January 21, 2015

Columbus City Schools Office of Internal Audit FY 2015 Work Plan Overview. January 21, 2015 Columbus City Schools Office of Internal Audit Overview January 21, 2015 Development of the Risk Assessment Definition of the Audit Universe: The Audit Universe is made up of auditable units, which consist

More information

Managing Cyber Risk through Insurance

Managing Cyber Risk through Insurance Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

As of July 1, 2013. Risk Management and Administration

As of July 1, 2013. Risk Management and Administration Risk Management Risk Control The ORIX Group allocates management resources by taking into account Group-wide risk preference based on management strategies and the strategy of individual business units.

More information

Tax, Legal, Bookkeeping & Payroll Services 2015 kpmg.hr

Tax, Legal, Bookkeeping & Payroll Services 2015 kpmg.hr KPMG IN CROATIA Tax, Legal, Bookkeeping & Payroll Services 2015 kpmg.hr High performing people cutting through complexity to deliver informed perspectives and clear solutions that our clients and stakeholders

More information

Pillar 3 Disclosures:

Pillar 3 Disclosures: Pillar 3 Disclosures: Pillar 3 Overview/Introduction Pillar 3 is the third element of the CRD s 3 pillar concept: Pillar 1 minimum capital requirements; Pillar 2 ICAAP and determination by firms if they

More information

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc. JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President

More information

TECHNOLOGY STRATEGY AUDIT

TECHNOLOGY STRATEGY AUDIT TECHNOLOGY STRATEGY AUDIT Executive Summary It is our intention to facilitate the understanding of technology strategy and its integration with business strategies. This guideline is organized as series

More information

CGA Competency Framework

CGA Competency Framework CG Competency Framework 2010 cademic Year Revised July 2009 Contents Introduction to the CG Competency Framework.... 3. Purpose.of.the.Competency.Framework.... 3. Competency.Groups.....4. Required.Proficiency.Levels.....5.

More information

IMTC SPECIAL TRAINING CALENDAR FOR 2015/2016

IMTC SPECIAL TRAINING CALENDAR FOR 2015/2016 SPECIAL TRAINING CALENDAR FOR 2015/2016 PUBLIC RELATIONS & PROTOCOL OFFICERS COURSE 1. Protocol and Event Management 2. Planning & Managing PR Campaigns 3. Protocol Etiquette and Civility Course 4. International

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role

More information

RISK MANAGEMENt AND INtERNAL CONtROL

RISK MANAGEMENt AND INtERNAL CONtROL RISK MANAGEMENt AND INtERNAL CONtROL Overview 02-09 Internal control the Board meets regularly throughout the year and has adopted a schedule of matters which are required to be brought to it for decision.

More information

BlackBerry Reports Strong Software Revenue and Positive Cash Flow for the Fiscal 2016 First Quarter

BlackBerry Reports Strong Software Revenue and Positive Cash Flow for the Fiscal 2016 First Quarter FOR IMMEDIATE RELEASE June 23, BlackBerry Reports Strong Software Revenue and Positive Cash Flow for the Fiscal 2016 First Quarter Waterloo, ON BlackBerry Limited (NASDAQ: BBRY; TSX: BB), a global leader

More information

RISK MANAGEMENT IN A FOR-

RISK MANAGEMENT IN A FOR- RISK MANAGEMENT IN A FOR- PROFIT ORGANISATION 1 OBJECTIVES Explain the risk management framework The underlying process and cycle, and resources and people involved The framework can be applied in for

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee

More information

MBA REQUIRED (CORE) COURSES

MBA REQUIRED (CORE) COURSES MBA REQUIRED (CORE) COURSES ACCT 720 - Strategic Cost Management Study of the role of cost management methods in aiding managers in all of their planning, controlling and evaluating activities; focus on

More information

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance 3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security

More information

INTERNAL CONTROLS EVALUATION

INTERNAL CONTROLS EVALUATION INTERNAL CONTROLS EVALUATION Planning an Internal Controls Evaluation Project Internal Control Documentation Internal Control Testing Evaluation of Internal Control Deficiency Reporting Internal Control

More information

Accounting and Management Informatics No. 1 -st year (2012-2013) ECTS

Accounting and Management Informatics No. 1 -st year (2012-2013) ECTS Bachelor's degree Accounting and Management Informatics No. 1 -st year (2012-201) ECTS 1. Financial Mathematics 4 2. Basics of Information Technology 4. Principles of Accounting I 6 4. Business Law 5.

More information

DEPARTMENT OF MANAGEMENT STUDIES MBA Master of Business Administration

DEPARTMENT OF MANAGEMENT STUDIES MBA Master of Business Administration DEPARTMENT OF MANAGEMENT STUDIES MBA Master of Business Administration Course No Course Title L T E P O TH C MS 5003 Basics of Probability and Statistics 2 0 0 0 4 6 3 MS 5004 Basics of Accounting and

More information

Risk Management. Risk Identification

Risk Management. Risk Identification Management This part provides guidance on the treatment of risks on a PPP project, and; Identifies the major risks common to many PPP projects across all sectors; Allocates the identified risks between

More information

MEMORANDUM. 2015 Risk Assessment, 2015 Audit Plan, and 2014 Audit Plan

MEMORANDUM. 2015 Risk Assessment, 2015 Audit Plan, and 2014 Audit Plan ORANGE COUNTY EMPLOYEES RETIREMENT SYSTEM MEMORANDUM DATE: January 21, 2015 TO: FROM: SUBJECT: s of the Audit Committee David James, Director of Internal Audit 2015 Risk Assessment, 2015 Audit Plan, and

More information

Audit Director Roundtable Asia Emerging Risks Report

Audit Director Roundtable Asia Emerging Risks Report Audit Director Roundtable Asia Emerging Risks Report Q3 2012 A FRAMEWORK FOR MEMBER CONVERSATIONS The mission of The Corporate Executive Board Company and its affiliates (CEB) is to unlock the potential

More information

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for

More information

OCCUPATIONAL GROUP: Information Technology. CLASS FAMILY: Security CLASS FAMILY DESCRIPTION:

OCCUPATIONAL GROUP: Information Technology. CLASS FAMILY: Security CLASS FAMILY DESCRIPTION: OCCUPATIONAL GROUP: Information Technology CLASS FAMILY: Security CLASS FAMILY DESCRIPTION: This family of positions provides security and monitoring for the transmission of information in voice, data,

More information

Get More Out of Your Risk Assessment. Austin Chapter of the IIA

Get More Out of Your Risk Assessment. Austin Chapter of the IIA Get More Out of Your Risk Assessment Austin Chapter of the IIA Speakers Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25 years of public accounting experience, with a practice emphasis

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015 Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key

More information

Work Toward Your Bachelor s Degree

Work Toward Your Bachelor s Degree By completing a series of Walden s Professional Development courses, you can earn credits toward a number of bachelor s programs at Walden University. To receive credit, you will need to complete all of

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department

More information

MBAProgramme. The College of The Bahamas

MBAProgramme. The College of The Bahamas c o u r s e o u t l i n e MBAProgramme The College of The Bahamas Year 1 Fall Financial/Managerial Accounting (3 credits) Introduces students to the financial and managerial accounting disciplines; develops

More information

Guide for the Role and Responsibilities of an Information Security Officer Within State Government

Guide for the Role and Responsibilities of an Information Security Officer Within State Government Guide for the Role and Responsibilities of an Information Security Officer Within State Government Table of Contents Introduction 3 The ISO in State Government 4 Successful ISOs Necessary Skills and Abilities

More information

Statement of Policy for the Risk Management Program

Statement of Policy for the Risk Management Program Statement of Policy for the Risk Management Program I. Purpose The Illinois State Board of Investment (the Board ) has adopted this Statement of Policy for the Risk Management Program ( Risk Policy ) for

More information

Information Security Team

Information Security Team Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface

More information

GUIDANCE FOR MANAGING THIRD-PARTY RISK

GUIDANCE FOR MANAGING THIRD-PARTY RISK GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,

More information

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape January 2013 Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape At a glance Threats to data security both

More information