Bilgi Teknolojileri Risk Yönetimi Uygulamaları

Size: px
Start display at page:

Download "Bilgi Teknolojileri Risk Yönetimi Uygulamaları"

Transcription

1 Bilgi Teknolojileri Risk Yönetimi Uygulamaları Kurumsal Risk Yönetimi Derneği 8 Mart 2011

2 Ajanda BT risk yönetimi kavramı BT risk yönetimi uygulamaları Risk IT çerçevesi Uygulama örnekleri Sorular ve tartışma Sayfa 2

3 BT risk yönetimi kavramı Sayfa 3

4 The top 10 risks for business (ranking from 2009 in brackets) 1. Regulation and compliance (2) 2. Access to credit (1) 3. Slow recovery or double-dip recession (No change) 4. Managing talent (7) 5. Emerging markets (12) 6. Cost cutting (No change) 7. Non-traditional entrants (5) 8. Radical greening (4) 9. Social acceptance and CSR (New) 10. Executing alliances and transactions (8) Sayfa 4

5 Risk impact matrix across the sectors Sayfa 5

6 Business Risk 2010 Banking and capital markets The top 10 risks for the banking industry 1. Regulatory and compliance risk 2. Geopolitical macroeconomic shocks 3. Reputation risk 4. Residual credit quality issues 5. Weak recovery or double-dip recession 6. Human capital risks, including misaligned compensation structures 7. Organizational change 8. Corporate governance and internal control failures 9. IT risks 10. Reduced profits and valuations Sayfa 6

7 The challenge of overseeing IT risks and governance European Audit Committee Leadership Network (EACLN) Audit Committee Leadership Network (ACLN) North America Some boards are actively engaged in IT issues Boards and audit committees regularly address IT However, many European boards are much less involved; these boards generally view IT as a lower-level utility rather than a strategic advantage The audit committee is less familiar with the IT staff than the finance staff Boards draw on several resources to enhance their IT capabilities Issues covered: The full board generally hears from the chief information officer (CIO) once a year The audit committee is less familiar with the IT staff than the finance staff Directors supplement their knowledge of IT with internal and external resources Issues covered: Security of data and IT systems Security of data and IT systems Major ERP implementations Major enterprise resource planning (ERP) implementations Outsourcing IT controls over financial reporting Leveraging new technologies The IT aspects of mergers and acquisitions Outsourcing IT controls over financial reporting Leveraging new technologies Source: EACLN ViewPoints; Issue 26: 3 December 2010; Tapestry Networks Source: ACLN ViewPoints; Issue 32: November 2, 2010; Tapestry Networks Sayfa 7

8 IT Benchmarking Survey 2010 Sayfa 8

9 Global Information Security Survey 2010: New technology means new risk 60% of respondents perceived an increase in the level of risk they face due to the use of social networking, cloud computing and personal devices in the enterprise. Given current trends towards the use of such things as social networking, cloud computing and personal devices in the enterprise, have you seen or perceived a change in the risk environment facing your organization? 37% Yes, increasing level of risk No, decreasing level of risk 60% Relatively constant level of risk 3% Sayfa 9

10 GISS 2010: Top 5 IT risks From the following list, which are the top five areas of IT risk for your organization? Continuous availability of critical IT resources 31% 16% 11% 7% 6% Data (e.g., disclosure of sensitive data) 19% 18% 13% 8% 6% Applications and databases (e.g., unsupported applications, system 14% 14% 10% 9% 8% Third-party suppliers and outsourcing (e.g., lack of security, lack of 5% 7% 8% 9% 12% Operations (e.g., operator errors, breakdown of operational processes) 4% 7% 9% 10% 10% Legal and regulatory (e.g., non-compliance with regulations or contracts) 6% 7% 8% 8% 7% Staffing (e.g., mismatch of IT skills, loss of key resources) 3% 5% 6% 9% 10% Infrastructure (e.g., misconfiguration of hardware, inflexible architecture) 3% 6% 8% 10% 6% Programs and projects (e.g., budget overruns, delays, poor quality) 4% 4% 7% 9% 8% Strategy and alignment (e.g., misaligned priorities, lack of business 4% 4% 6% 6% 8% Fraud and theft (e.g., theft of laptops and servers, intentional data 4% 6% 5% 7% 6% Physical environment (e.g., utilities failures, natural disasters) 3% 4% 4% 6% Technology (e.g., wrong technologies, failure to exploit new technologies) 3% 4% 6% Top IT risk 2nd 3rd 4th 5th IT risk Sayfa 10

11 GISS 2010: Cloud computing 39% of respondents cited the loss of visibility of what happens to company data as an increasing risk when using cloud based solutions. Which of the following new or increased risks have you identified? Data leakage risks Loss of visibility of what happens to company data 39% Unauthorized access 34% Difficulty in technical and procedural monitoring 29% Increased collaboration with individuals outside the enterprise 22% 52% Contract risks 18% Availability risks 17% Challenges in updating internal audit and compliance plans 15% Capacity management risks 13% Performance management risks 11% Sayfa 11

12 BT risk yönetimi uygulamaları Sayfa 12

13 Expressing IT risk in business terms IT Risk: Business risk related to the use of IT. Source: Risk IT Framework Sayfa 13

14 The Risk IT Framework: Overview Source: Risk IT Framework Sayfa 14

15 The Risk IT Framework: Some key concepts Source: Risk IT Framework Sayfa 15

16 Risk IT: Generic Risk Scenarios Source: Risk IT Framework Sayfa 16

17 Source: Risk IT Framework Risk IT: Control selection Sayfa 17

18 Evolution of threats Sayfa 18

19 Countering the evolving threat landscape Sayfa 19

20 GISS 2010: Data leakage controls Which of the following actions has your organization taken to control data leakage of sensitive information? Defined a specific policy for classification and handling of sensitive information 73% Implemented additional security mechanisms for protecting information 65% Utilized internal auditing for testing of controls Implemented content monitoring/filtering tools Defined specific requirements for telecommuting Locked down/restricted use of certain hardware components Restricted or prohibited use of instant messaging or for sensitive data Implemented log review tools 54% 51% 48% 45% 45% 44% Prohibited use of camera devices within sensitive or restricted areas 29% Restricted access to sensitive information to specific time periods 18% Sayfa 20

21 Varlık tabanlı BT risk değerlendirme örneği Sayfa 21

22 Varlık tabanlı BT risk değerlendirme örneği: BT envanter kırılımı IT Inventory Software Inventory Hardware Inventory Data Inventory Location Inventory Application PC Office Software System Software Web Service Software Physical Server Systems Business Application Operating System Software Virtual Server Systems Business Support Applications Middleware Security Systems Reporting Application Development Application Database Management Software Storage Unit Security Application Network Equipment System Management Application Sayfa 22

23 Finansal denetimde BT risk değerlendirme Kurum Seviyesi Kontroller / İç Kontrol ve İç Denetim Muhasebe Kayıtları / Mali Tablolar İş Süreci 1 İş Süreci 2 İş Süreci 3 İş Süreci 4 Uygulama Kontrolleri A Uygulaması B Uygulaması C Uygulaması BT Genel Kontrolleri Veri Yedekleme 1 Uygulama Geliştirme - 1 Bilgi Güvenliği Veri Yedekleme 2 Uyg. Geliştirme - 2 Sayfa 23

24 Sorular ve tartışma Sayfa 24

25 Teşekkür ederiz

26 Ek: BT risk grupları Sayfa 26

27 Ernst & Young Generic RiskUniverse Strategic Operations Compliance Financial Governance: Board Performance Tone at The Top Control Environment Corporate Social Responsibility Planning and Resource Allocation: Organizational Structure 3 rd Party Relationships Strategic Planning HR Strategy & Planning Annual Budgeting Forecasting JV s /Alliances and Partnerships Outsourcing Arrangements Special Purpose Entities Tax Planning Major Initiatives: Vision and Direction Planning and Execution Measurement & Monitoring Technology Implementations Business Acceptance Mergers, Acquisition & Divesture: Valuation and Pricing Due Diligence Planning, Execution and Integration Market Dynamics: Competition Macro-Economic Factors Lifestyle Trends Socio-Political Communication & Investor Relations: Media Relations Crisis Communications Misuse of Technology for Communication Employee Communication Sales & Marketing: Marketing Advertising Research & Development Sales and Pricing Technology Enabled Sales Customer/Support Management Supply Chain: Master Planning & Forecasting Procurement & Inventory Production Distribution Transportation & Logistics Indirect Taxes Transfer Pricing People/Human Resources: Culture Recruiting & Retention Development & Performance Succession Planning Compensation and Benefits Pay Programs & Practices Labor Relations Information Technology: IT Management IT Security / Access IT Availability/Continuity IT Spend IT Integrity IT Infrastructure Hazards: Natural Events, Terror & Malicious Acts Outages Physical Assets: Real Estate Property Plant & Equipment Inventory Tax Operations: Tax Technology and Knowledge Management Tax Department Operations Code of Conduct : Ethics Fraud Legal: Contract Liability Intellectual Property Anti-Corruption International Dealings Regulatory: Trade Customs Labor Securities Environment Data Protection & Privacy Product Quality/Safety Health and Safety International Dealings Competitive Practices / Anti-trade Tax Compliance and Audit Management Sales & Marketing Market: Interest Rate Foreign Currency Commodity Derivatives Liquidity Risk Management: Cash Management Funding Hedging Credit & Collections Insurance Accounting and Reporting Accounting, Reporting & Disclosure Internal Control Requirements Capital Structure: Debt Equity Pension Funds Stock Options Sayfa 27

28 IT Risk Groups IT Management Failure to prioritize technology initiatives and effectively allocate and direct IT resources in order to achieve the strategic corporate goals and objectives IT Security/Access Failure of information systems to adequately protect the critical data and infrastructure from theft, corruption, unauthorized usage, viruses, or sabotage IT Availability/Continuity The inability to recover from, and continue uninterrupted operations in the event of extraordinary events, systems and implementation failures IT Spend IT directly or indirectly contributes to higher operating costs resulting in a material decrease to the company's profitability and earnings. IT Integrity Information systems do not provide reliable information when it is needed or perform so slowly that operations are not efficient IT Infrastructure The computer and telecommunications systems with supporting software do not capture, retain and transfer data in a secure and reliable environment and do not meet the expected requirements of the business at a reasonable cost Sayfa 28

Anti-Fraud Management Example In Accounts Payable. Michael Heckner October 12, 2012

Anti-Fraud Management Example In Accounts Payable. Michael Heckner October 12, 2012 Anti-Fraud Management Example In Accounts Payable Michael Heckner October 12, 2012 GRC Top Reasons Customers Invest Today Business Process Improvements Systematic, reliable processes Improve predictability

More information

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data

More information

www.pwc.com Third Party Risk Management 12 April 2012

www.pwc.com Third Party Risk Management 12 April 2012 www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.

More information

Accounting and Management Information Systems Course Descriptions

Accounting and Management Information Systems Course Descriptions Accounting and Management Information Systems Course Descriptions Accounting Course Descriptions ACCT 110 Introduction to Financial Accounting This introductory course to financial accounting aims to develop

More information

Social Networking and its Implications on your Data Security

Social Networking and its Implications on your Data Security Social Networking and its Implications on your Data Security Canadian Chamber of Commerce of the Philippines June 8, 2011 Warren R Bituin Partner -SGV & Co. About the Speaker Warren R. Bituin SGV & Co./Ernst

More information

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? FREEMAN WOOD HEAD OF MERCER SENTINEL NORTH AMERICA GREGG SOMMER HEAD OF OPERATIONAL RISK ASSESSMENTS MERCER

More information

STRATEGIES FOR ADAPTING AND REMODELING ACTIVITIES IN ROMANIAN INSURANCE COMPANIES

STRATEGIES FOR ADAPTING AND REMODELING ACTIVITIES IN ROMANIAN INSURANCE COMPANIES DIANA MIRUNA HANCU STRATEGIES FOR ADAPTING AND REMODELING ACTIVITIES IN ROMANIAN INSURANCE COMPANIES Ph.D. Thesis - SUMMARY - Ph.D. Coordinators: Prof. Dan CÂNDEA, Ph.D. Prof. Dumitru MATIŞ, Ph.D. 2009

More information

NORTH CAROLINA DEPARTMENT OF STATE TREASURER INVESTMENT MANAGEMENT DIVISION. External Investment Manager and Vehicle Selection Policy and Procedures

NORTH CAROLINA DEPARTMENT OF STATE TREASURER INVESTMENT MANAGEMENT DIVISION. External Investment Manager and Vehicle Selection Policy and Procedures I. Background NORTH CAROLINA DEPARTMENT OF STATE TREASURER INVESTMENT MANAGEMENT DIVISION External Investment Manager and Vehicle Selection Policy and Procedures The North Carolina Retirement Systems include

More information

trends and audit considerations

trends and audit considerations Bring your own device (BYOD) trends and audit considerations SIFMA IT audit session 4 October 2012 Disclaimer Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited,

More information

Executive Leadership MBA Course Descriptions

Executive Leadership MBA Course Descriptions Executive Leadership MBA Course Descriptions MBA 608: Interpersonal Leadership and Managing Organizational Behavior (3 credits) This course provides rising stars learning opportunities to take the next

More information

Credit Union Liability with Third-Party Processors

Credit Union Liability with Third-Party Processors World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with

More information

Executive Leadership MBA Course Descriptions

Executive Leadership MBA Course Descriptions Executive Leadership MBA Course Descriptions MBA 608: Interpersonal Leadership and Managing Organizational Behavior (3 credits) This course provides rising stars learning opportunities to take the next

More information

APICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES

APICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES APICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES APICS INSIGHTS AND INNOVATIONS ABOUT THIS REPORT This report examines the role that supply chain risk management plays in organizations

More information

Concepts in Enterprise Resource Planning. 2 nd Edition. Business Functions, Processes, and Data Requirements

Concepts in Enterprise Resource Planning. 2 nd Edition. Business Functions, Processes, and Data Requirements Concepts in Enterprise Resource Planning 2 nd Edition Business Functions, Processes, and Data Requirements Chapter Objectives Name a business's main areas of operation. Differentiate a business process

More information

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland

Audit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland Audit Report Effectiveness of IT Controls at the Global Fund Follow-up report GF-OIG-15-20b Geneva, Switzerland Table of Contents I. Background and scope... 3 II. Executive Summary... 4 III. Status of

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

Risk Considerations for Internal Audit

Risk Considerations for Internal Audit Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013

More information

Risk Management. Risk Policy and Procedures. Risk Management Framework

Risk Management. Risk Policy and Procedures. Risk Management Framework Risk Management Risk Policy and Procedures Risk management is attempting to identify and then manage threats that could severely impact or bring down the organization. Generally, this involves reviewing

More information

IIA OC CHAPTER OCTOBER 2010 BREAKFAST EVENT. The Risks of Outsourcing: Considerations for IT and Operational Auditors.

IIA OC CHAPTER OCTOBER 2010 BREAKFAST EVENT. The Risks of Outsourcing: Considerations for IT and Operational Auditors. SHARED SERVICES AND OUTSOURCING ADVISORY IIA OC CHAPTER OCTOBER 2010 BREAKFAST EVENT The Risks of Outsourcing: Considerations for IT and Operational Auditors October 13, 2010 K P M G L L P (U S) Introductions

More information

THIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s

THIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s MANAGING THIRD PARTY RISK T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s Experis -- a different kind of talent company. Experis Tuesday, January 08,

More information

Our Service Offering to SASOL

Our Service Offering to SASOL Our Service Offering to SASOL MEMBER FIRM ALIGNED WITH LIKE-MINDED FIRMS IN OVER 70 OFFICES ACROSS 25 COUNTRIES Giving our clients a competitive advantage by providing access to best practice. A BRIEF

More information

The following are guidelines on the type of questions and their approximate weightings:

The following are guidelines on the type of questions and their approximate weightings: Purpose Advanced Management Accounting [MA2] Examination Blueprint 2014-2015 The Advanced Management Accounting [MA2] examination has been constructed using an examination blueprint. The blueprint, also

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

VENDOR MANAGEMENT. General Overview

VENDOR MANAGEMENT. General Overview VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor

More information

BUILDING FUTURES ADVANCED DIPLOMA MCT

BUILDING FUTURES ADVANCED DIPLOMA MCT BUILDING FUTURES ADVANCED DIPLOMA MCT SYLLABUS ADVANCED DIPLOMA MCT Study Unit 1: Treasury strategy Study Unit 2: Treasury applications Study Unit 3 Strategic treasury solutions INTRODUCTION The MCT Advanced

More information

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Tax, Legal, Bookkeeping & Payroll Services 2015 kpmg.hr

Tax, Legal, Bookkeeping & Payroll Services 2015 kpmg.hr KPMG IN CROATIA Tax, Legal, Bookkeeping & Payroll Services 2015 kpmg.hr High performing people cutting through complexity to deliver informed perspectives and clear solutions that our clients and stakeholders

More information

Ford Credit Earns Full-Year 2014 Pre-Tax Profit of $1.9 Billion; Net Income of $1.7 Billion*

Ford Credit Earns Full-Year 2014 Pre-Tax Profit of $1.9 Billion; Net Income of $1.7 Billion* Ford Credit Earns Full-Year Pre-Tax Profit of $1.9 Billion; Net Income of $1.7 Billion* DEARBORN, Mich., Jan. 29, 2015 Ford Motor Credit Company reported a pre-tax profit of $1.9 billion in, its highest

More information

Forensic Services. Third Party Risks. March 2013

Forensic Services. Third Party Risks. March 2013 Forensic Services Third Party Risks Landscape of third party risk Focus on third parties that: perform functions on behalf of the company provide products and services that the company does not originate

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT

BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT Communications Company One Company s Supply Chain Transformation Journey INTERVIEWS Senior Manager Supply Chain Operations Strategy Manager Procurement

More information

Vendor Risk Management Financial Organizations

Vendor Risk Management Financial Organizations Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current

More information

MBA IQ Course Syllabus

MBA IQ Course Syllabus MBA IQ Course Syllabus Module 1: General Management, Leadership, and Strategy Understand Scope & Nature of Corporate Strategies Understand Importance of Planning & Organizing Skills Understand Importance

More information

HP Inc. Reports Hewlett-Packard Company Fiscal 2015 Full-Year and Fourth Quarter Results

HP Inc. Reports Hewlett-Packard Company Fiscal 2015 Full-Year and Fourth Quarter Results HP Inc. 1501 Page Mill Road Palo Alto, CA 94304 hp.com News Release HP Inc. Reports Hewlett-Packard Company Fiscal 2015 Full-Year and Fourth Quarter Results Editorial contacts HP Inc. Media Relations MediaRelations@hp.com

More information

ENTERPRISE MANAGEMENT AND SUPPORT IN THE TELECOMMUNICATIONS INDUSTRY

ENTERPRISE MANAGEMENT AND SUPPORT IN THE TELECOMMUNICATIONS INDUSTRY ENTERPRISE MANAGEMENT AND SUPPORT IN THE TELECOMMUNICATIONS INDUSTRY The Telecommunications Industry Companies in the telecommunications industry face a number of challenges as market saturation, slow

More information

Risks and uncertainties

Risks and uncertainties Risks and uncertainties Our risk management approach We have a well-established risk management methodology which we use throughout the business to allow us to identify and manage the principal risks that

More information

Sample Information Security Policies

Sample Information Security Policies Sample Information Security Policies Sample Information Security Policies May 31, 2011 1 13740 Research Blvd Suite 2, Building T Austin, TX 78750 512.351.3700 www.aboundresources.com Boston Austin Atlanta

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

SIEM Implementation Approach Discussion. April 2012

SIEM Implementation Approach Discussion. April 2012 SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual

More information

BlackBerry Reports Strong Software Revenue and Positive Cash Flow for the Fiscal 2016 First Quarter

BlackBerry Reports Strong Software Revenue and Positive Cash Flow for the Fiscal 2016 First Quarter FOR IMMEDIATE RELEASE June 23, BlackBerry Reports Strong Software Revenue and Positive Cash Flow for the Fiscal 2016 First Quarter Waterloo, ON BlackBerry Limited (NASDAQ: BBRY; TSX: BB), a global leader

More information

Alex Beath and Jody MacIntosh

Alex Beath and Jody MacIntosh Rotman International Journal of Pension Management Volume 6 Issue 1 Spring 2013 Risk-Management Practices at Large Pension Plans: Findings from a Unique 27-Fund Survey Alex Beath and Jody MacIntosh Alex

More information

NAPCS Product List for NAICS 54161: Management Consulting Services

NAPCS Product List for NAICS 54161: Management Consulting Services NAPCS List for NAICS 54161: National 54161 1 Management Providing advice and guidance in the areas of strategic and organizational, financial, human resources, marketing, and operations and supply chain

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

MBA REQUIRED (CORE) COURSES

MBA REQUIRED (CORE) COURSES MBA REQUIRED (CORE) COURSES ACCT 720 - Strategic Cost Management Study of the role of cost management methods in aiding managers in all of their planning, controlling and evaluating activities; focus on

More information

Information Security in the framework of Enterprise Risk Management (ERM)

Information Security in the framework of Enterprise Risk Management (ERM) ERM, a widespread practice in Financial Institutions Value based ERM is driven by shareholder value Strategic ERM is driven by the internal control imperative Integral part of sound business management

More information

Accounting, M.S. About the Program. Admission Requirements and Deadlines. Program Requirements. Contacts. Department Web Address:

Accounting, M.S. About the Program. Admission Requirements and Deadlines. Program Requirements. Contacts. Department Web Address: Accounting, M.S. 1 Accounting, M.S. FOX SCHOOL OF BUSINESS AND MANAGEMENT (http://www.fox.temple.edu) About the Program Areas of Specialization: An optional concentration in Corporate Accounting is offered.

More information

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

Exercising Your Enterprise Cyber Response Crisis Management Capabilities Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.

More information

German Jordanian University School of Management and Logistics Sciences. International Accounting Department. Courses Description

German Jordanian University School of Management and Logistics Sciences. International Accounting Department. Courses Description German Jordanian University School of Management and Logistics Sciences International Accounting Department Courses Description Degree: B.A. in International Accounting 2014-15 ACC101 Principles of Accounting

More information

Advisory Services. Financial. Business Risk. Administration. Understanding Creating Implementing

Advisory Services. Financial. Business Risk. Administration. Understanding Creating Implementing Advisory Services Financial. Business Risk. Administration. Understanding Creating Implementing Our Firm... Grant Thornton Advisory Services Al-Aiban & Al-Qatami Co. is a member firm incorporated with

More information

TECHNOLOGY STRATEGY AUDIT

TECHNOLOGY STRATEGY AUDIT TECHNOLOGY STRATEGY AUDIT Executive Summary It is our intention to facilitate the understanding of technology strategy and its integration with business strategies. This guideline is organized as series

More information

11/12/2013. Role of the Board. Risk Appetite. Strategy, Planning and Performance. Risk Governance Framework. Assembling an effective team

11/12/2013. Role of the Board. Risk Appetite. Strategy, Planning and Performance. Risk Governance Framework. Assembling an effective team Role of the Board Risk Appetite Strategy, Planning and Performance Risk Governance Framework Assembling an effective team Role of the CEO Accountability and Disclosure 1 Board members should act on a fully

More information

CHITTAGONG INDEPENDENT UNIVERSITY (CIU) MBA Program COURSE CURRICULUM

CHITTAGONG INDEPENDENT UNIVERSITY (CIU) MBA Program COURSE CURRICULUM CHITTAGONG INDEPENDENT UNIVERSITY (CIU) MBA Program COURSE CURRICULUM Requirements for the MBA Major in Finance Program a) In the School of Business graduate courses are grouped into 3 groups. Following

More information

Using the Cloud to fill the void between the business and the IT Department

Using the Cloud to fill the void between the business and the IT Department Using the Cloud to fill the void between the business and the IT Department David Bennett IT Consultant david.bennett@changeharbour.com Agenda The legal services market Business demands on the IT Department

More information

MEMORANDUM. 2015 Risk Assessment, 2015 Audit Plan, and 2014 Audit Plan

MEMORANDUM. 2015 Risk Assessment, 2015 Audit Plan, and 2014 Audit Plan ORANGE COUNTY EMPLOYEES RETIREMENT SYSTEM MEMORANDUM DATE: January 21, 2015 TO: FROM: SUBJECT: s of the Audit Committee David James, Director of Internal Audit 2015 Risk Assessment, 2015 Audit Plan, and

More information

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

REGULATIONS FOR THE SECURITY OF INTERNET BANKING REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY

More information

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

The Changing IT Risk Landscape Understanding and managing existing and emerging risks The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015

More information

University of Rhode Island Evening MBA Program - Course Descriptions

University of Rhode Island Evening MBA Program - Course Descriptions University of Rhode Island Evening MBA Program - Course Descriptions The following are the required courses in the Providence (Evening) MBA Program, followed by a listing of elective courses. Descriptions

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

As of July 1, 2013. Risk Management and Administration

As of July 1, 2013. Risk Management and Administration Risk Management Risk Control The ORIX Group allocates management resources by taking into account Group-wide risk preference based on management strategies and the strategy of individual business units.

More information

How to build a great compliance program for your U.S. imports

How to build a great compliance program for your U.S. imports How to build a great compliance program for your U.S. imports For the importer of record, compliance means the complete and accurate recording of all internal processes through books and records, from

More information

RISK MANAGEMENT IN A FOR-

RISK MANAGEMENT IN A FOR- RISK MANAGEMENT IN A FOR- PROFIT ORGANISATION 1 OBJECTIVES Explain the risk management framework The underlying process and cycle, and resources and people involved The framework can be applied in for

More information

Table of Contents... 1. Chapter 1 Introduction... 5. 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability...

Table of Contents... 1. Chapter 1 Introduction... 5. 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability... ... 1 Chapter 1 Introduction... 5 1.1 Goals & Objectives... 5 1.2 Required Review... 5 1.3 Applicability... 5 Chapter 2 Company Culture... 6 Chapter 3 Risk Management Governance... 7 3.1 Board of Directors...

More information

The Evolution of HR Audits

The Evolution of HR Audits Laurdan Associates, Inc. Editorial for HRM Website The Evolution of HR Audits Evolution is a process of change. Over the last 25 years we have seen significant change in the HR auditing process, the value

More information

Services Regulations Coalition Representative List of Controlled Services Transactions Eligible for the Cost-based Safe Harbor (the White List )

Services Regulations Coalition Representative List of Controlled Services Transactions Eligible for the Cost-based Safe Harbor (the White List ) Regulations Coalition Representative List of Controlled Transactions Eligible for the Cost-based Safe Harbor (the White List ) Service Offering HUMAN RESOURCES Staffing & Development Labor Relations &

More information

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape

Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape January 2013 Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape At a glance Threats to data security both

More information

Florida A&M University O CTOBER 2008

Florida A&M University O CTOBER 2008 Florida A&M University O CTOBER 2008 2013-14 Risk assessment and internal audit plan May 2013 Contents 2013-14 Risk assessment & internal audit plan... 1 Risk assessment matrix development process... 2

More information

Vendor Management. Outsourcing Technology Services

Vendor Management. Outsourcing Technology Services Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring

More information

INTERNAL CONTROLS EVALUATION

INTERNAL CONTROLS EVALUATION INTERNAL CONTROLS EVALUATION Planning an Internal Controls Evaluation Project Internal Control Documentation Internal Control Testing Evaluation of Internal Control Deficiency Reporting Internal Control

More information

Audit Director Roundtable Asia Emerging Risks Report

Audit Director Roundtable Asia Emerging Risks Report Audit Director Roundtable Asia Emerging Risks Report Q3 2012 A FRAMEWORK FOR MEMBER CONVERSATIONS The mission of The Corporate Executive Board Company and its affiliates (CEB) is to unlock the potential

More information

Borderless security. Ernst & Young s 2010 Global Information Security Survey

Borderless security. Ernst & Young s 2010 Global Information Security Survey Borderless security Ernst & Young s 2010 Global Information Security Survey Foreword... 1 Borderless security... 2 Data on the move... 4 Processing in the clouds... 8 Web connections... 12 Summary... 16

More information

Pillar 3 Disclosures:

Pillar 3 Disclosures: Pillar 3 Disclosures: Pillar 3 Overview/Introduction Pillar 3 is the third element of the CRD s 3 pillar concept: Pillar 1 minimum capital requirements; Pillar 2 ICAAP and determination by firms if they

More information

XX Bank. Enterprise Risk Management. Policy. Date

XX Bank. Enterprise Risk Management. Policy. Date XX Bank Enterprise Risk Management Policy Date 1 TABLE OF CONTENTS PURPOSE OF ENTERPRISE RISK MANAGEMENT PROGRAM... 3 PROGRAM OVERVIEW... 3 ERM FUNCTIONAL ALIGNMENT... 5 Defined Positions... 5 Defined

More information

The ongoing quest for visibility

The ongoing quest for visibility Off-Balance-Sheet Arrangements* October 2009 The ongoing quest for visibility Highlights: Both financial and nonfinancial companies will be affected by new off-balance-sheet rules. The impact goes beyond

More information

MANAGEMENT. MGMT 0021 THE MANAGEMENT PROCESS 3 cr. MGMT 0022 FINANCIAL ACCOUNTING 3 cr. MGMT 0023 MANAGERIAL ACCOUNTING 3 cr.

MANAGEMENT. MGMT 0021 THE MANAGEMENT PROCESS 3 cr. MGMT 0022 FINANCIAL ACCOUNTING 3 cr. MGMT 0023 MANAGERIAL ACCOUNTING 3 cr. MANAGEMENT MGMT 0021 THE MANAGEMENT PROCESS 3 cr. An introduction designed to emphasize the basic principles, practices, and terminology essential to the understanding of contemporary business and its

More information

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee

More information

Accounting and Management Informatics No. 1 -st year (2012-2013) ECTS

Accounting and Management Informatics No. 1 -st year (2012-2013) ECTS Bachelor's degree Accounting and Management Informatics No. 1 -st year (2012-201) ECTS 1. Financial Mathematics 4 2. Basics of Information Technology 4. Principles of Accounting I 6 4. Business Law 5.

More information

The Role of Internal Audit in Risk Governance

The Role of Internal Audit in Risk Governance The Role of Internal Audit in Risk Governance How Organizations Are Positioning the Internal Audit Function to Support Their Approach to Risk Management Executive summary Risk is inherent in running any

More information

Department of Management

Department of Management Department of Management Course Student Learning Outcomes (ITM and MGMT) ITM 1270: Fundamentals of Information Systems and Applications Upon successful completion of the course, a student will be able

More information

Statement of Policy for the Risk Management Program

Statement of Policy for the Risk Management Program Statement of Policy for the Risk Management Program I. Purpose The Illinois State Board of Investment (the Board ) has adopted this Statement of Policy for the Risk Management Program ( Risk Policy ) for

More information

Master of Science in Accounting Course Scheduling Guide 2014 2015

Master of Science in Accounting Course Scheduling Guide 2014 2015 Master of Science in Accounting Course Scheduling Guide 2014 2015 Updated: 1/24/2014 General Overview OVERVIEW The M.S. in Accounting is a 30-credit degree program. More credits may be needed if prerequisite

More information

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT

THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT THE ROLE OF FINANCE AND ACCOUNTING IN ENTERPRISE RISK MANAGEMENT Let me begin by thanking Baruch College for giving me the opportunity to present this year s prestigious Emanuel Saxe Lecture in Accounting.

More information

IT GOVERNANCE WITH ROBERT GOODSELL, MANAGING DIRECTOR JOE BRUTSCHE, DIRECTOR

IT GOVERNANCE WITH ROBERT GOODSELL, MANAGING DIRECTOR JOE BRUTSCHE, DIRECTOR IT GOVERNANCE WITH ROBERT GOODSELL, MANAGING DIRECTOR JOE BRUTSCHE, DIRECTOR PwC April 4, 2013 Agenda The challenge IT Governance defined IT Governance components Next steps Questions THE CHALLENGE The

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

IT Security Policy - Information Security Management System (ISMS)

IT Security Policy - Information Security Management System (ISMS) IT Security Policy - Information Security Management System (ISMS) Responsible Officer Contact Officer Vice-President, Finance & Operations Chief Digital Officer Superseded Documents IT Security Policy,

More information

Bell. The company has mandated the Corporate Responsibility and Environment (CR&E) department to act as the focal point for all sustainability issues,

Bell. The company has mandated the Corporate Responsibility and Environment (CR&E) department to act as the focal point for all sustainability issues, BCE is Canada's largest communications company, providing a suite of communication services to residential and business customers in Canada. Under the Bell brand, the Company's services include local,

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

Managing Cyber Risk through Insurance

Managing Cyber Risk through Insurance Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes

More information

2010 Symantec Disaster Recovery Study. Global Results

2010 Symantec Disaster Recovery Study. Global Results 2010 Symantec Disaster Recovery Study Global Results Methodology Applied Research performed survey 1,700 enterprises worldwide 5,000 employees or more Cross-industry 2 Key Findings Virtualization and Cloud

More information

Project Management/Controls and their impact on Auditing and Accounting Issues. October 31, 2012

Project Management/Controls and their impact on Auditing and Accounting Issues. October 31, 2012 Project Management/Controls and their impact on Auditing and Accounting Issues October 31, 2012 Today s presenters Patrick Hagan National Managing Partner State and Local Government patrick.hagan@mcgladrey.com

More information

Campus Recruiting. Tax. kpmgcampus.com

Campus Recruiting. Tax. kpmgcampus.com Campus Recruiting Tax kpmgcampus.com EVS KPMG s Economic and Valuation Services (EVS) professionals offer a wide range of advanced analytical services that help clients make forward-thinking decisions

More information

Are your business partners watching your back when you are watching your front?

Are your business partners watching your back when you are watching your front? Are your business partners watching your back when you are watching your front? Danny Shaw SE Practice Leader IT Risk Advisory Services Experis Thursday, October 4, 2012 1 Objectives: Organizations frequently

More information

Strength in Microsoft Cloud Highlights Q3 Results

Strength in Microsoft Cloud Highlights Q3 Results Strength in Microsoft Cloud Highlights Q3 Results Increasing usage of Microsoft Azure, Office 365, Bing and Xbox Live contributes to Q3 growth REDMOND, Wash. April 23, 2015 Microsoft Corp. today announced

More information

Job description. Hong Kong Graduate Program Assurance Audit Staff Accountant (for applicants graduating in 2016) Who we are

Job description. Hong Kong Graduate Program Assurance Audit Staff Accountant (for applicants graduating in 2016) Who we are Assurance Audit Staff Accountant (for applicants graduating in 2016) Background to Assurance Assurance professionals play a vital role in the economy by providing companies, investors and regulators with

More information

Cybersecurity in the States 2012: Priorities, Issues and Trends

Cybersecurity in the States 2012: Priorities, Issues and Trends Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State

More information

Risk Management. Risk Identification

Risk Management. Risk Identification Management This part provides guidance on the treatment of risks on a PPP project, and; Identifies the major risks common to many PPP projects across all sectors; Allocates the identified risks between

More information

Information Services Strategy 2011-2013

Information Services Strategy 2011-2013 Information Services Strategy Issue 1 1 Introduction The States of Jersey public sector is facing significant pressure for efficiencies and savings. This has created the context to take a fresh look at

More information

Get More Out of Your Risk Assessment. Austin Chapter of the IIA

Get More Out of Your Risk Assessment. Austin Chapter of the IIA Get More Out of Your Risk Assessment Austin Chapter of the IIA Speakers Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25 years of public accounting experience, with a practice emphasis

More information

INFORMATION TECHNOLOGY

INFORMATION TECHNOLOGY MISSION STATEMENT The Information Technology department provides technology, telecommunications and information systems leadership and strategic planning while ensuring efficient, cost effective implementation

More information