Bilgi Teknolojileri Risk Yönetimi Uygulamaları
|
|
- Valentine Quentin Cain
- 8 years ago
- Views:
Transcription
1 Bilgi Teknolojileri Risk Yönetimi Uygulamaları Kurumsal Risk Yönetimi Derneği 8 Mart 2011
2 Ajanda BT risk yönetimi kavramı BT risk yönetimi uygulamaları Risk IT çerçevesi Uygulama örnekleri Sorular ve tartışma Sayfa 2
3 BT risk yönetimi kavramı Sayfa 3
4 The top 10 risks for business (ranking from 2009 in brackets) 1. Regulation and compliance (2) 2. Access to credit (1) 3. Slow recovery or double-dip recession (No change) 4. Managing talent (7) 5. Emerging markets (12) 6. Cost cutting (No change) 7. Non-traditional entrants (5) 8. Radical greening (4) 9. Social acceptance and CSR (New) 10. Executing alliances and transactions (8) Sayfa 4
5 Risk impact matrix across the sectors Sayfa 5
6 Business Risk 2010 Banking and capital markets The top 10 risks for the banking industry 1. Regulatory and compliance risk 2. Geopolitical macroeconomic shocks 3. Reputation risk 4. Residual credit quality issues 5. Weak recovery or double-dip recession 6. Human capital risks, including misaligned compensation structures 7. Organizational change 8. Corporate governance and internal control failures 9. IT risks 10. Reduced profits and valuations Sayfa 6
7 The challenge of overseeing IT risks and governance European Audit Committee Leadership Network (EACLN) Audit Committee Leadership Network (ACLN) North America Some boards are actively engaged in IT issues Boards and audit committees regularly address IT However, many European boards are much less involved; these boards generally view IT as a lower-level utility rather than a strategic advantage The audit committee is less familiar with the IT staff than the finance staff Boards draw on several resources to enhance their IT capabilities Issues covered: The full board generally hears from the chief information officer (CIO) once a year The audit committee is less familiar with the IT staff than the finance staff Directors supplement their knowledge of IT with internal and external resources Issues covered: Security of data and IT systems Security of data and IT systems Major ERP implementations Major enterprise resource planning (ERP) implementations Outsourcing IT controls over financial reporting Leveraging new technologies The IT aspects of mergers and acquisitions Outsourcing IT controls over financial reporting Leveraging new technologies Source: EACLN ViewPoints; Issue 26: 3 December 2010; Tapestry Networks Source: ACLN ViewPoints; Issue 32: November 2, 2010; Tapestry Networks Sayfa 7
8 IT Benchmarking Survey 2010 Sayfa 8
9 Global Information Security Survey 2010: New technology means new risk 60% of respondents perceived an increase in the level of risk they face due to the use of social networking, cloud computing and personal devices in the enterprise. Given current trends towards the use of such things as social networking, cloud computing and personal devices in the enterprise, have you seen or perceived a change in the risk environment facing your organization? 37% Yes, increasing level of risk No, decreasing level of risk 60% Relatively constant level of risk 3% Sayfa 9
10 GISS 2010: Top 5 IT risks From the following list, which are the top five areas of IT risk for your organization? Continuous availability of critical IT resources 31% 16% 11% 7% 6% Data (e.g., disclosure of sensitive data) 19% 18% 13% 8% 6% Applications and databases (e.g., unsupported applications, system 14% 14% 10% 9% 8% Third-party suppliers and outsourcing (e.g., lack of security, lack of 5% 7% 8% 9% 12% Operations (e.g., operator errors, breakdown of operational processes) 4% 7% 9% 10% 10% Legal and regulatory (e.g., non-compliance with regulations or contracts) 6% 7% 8% 8% 7% Staffing (e.g., mismatch of IT skills, loss of key resources) 3% 5% 6% 9% 10% Infrastructure (e.g., misconfiguration of hardware, inflexible architecture) 3% 6% 8% 10% 6% Programs and projects (e.g., budget overruns, delays, poor quality) 4% 4% 7% 9% 8% Strategy and alignment (e.g., misaligned priorities, lack of business 4% 4% 6% 6% 8% Fraud and theft (e.g., theft of laptops and servers, intentional data 4% 6% 5% 7% 6% Physical environment (e.g., utilities failures, natural disasters) 3% 4% 4% 6% Technology (e.g., wrong technologies, failure to exploit new technologies) 3% 4% 6% Top IT risk 2nd 3rd 4th 5th IT risk Sayfa 10
11 GISS 2010: Cloud computing 39% of respondents cited the loss of visibility of what happens to company data as an increasing risk when using cloud based solutions. Which of the following new or increased risks have you identified? Data leakage risks Loss of visibility of what happens to company data 39% Unauthorized access 34% Difficulty in technical and procedural monitoring 29% Increased collaboration with individuals outside the enterprise 22% 52% Contract risks 18% Availability risks 17% Challenges in updating internal audit and compliance plans 15% Capacity management risks 13% Performance management risks 11% Sayfa 11
12 BT risk yönetimi uygulamaları Sayfa 12
13 Expressing IT risk in business terms IT Risk: Business risk related to the use of IT. Source: Risk IT Framework Sayfa 13
14 The Risk IT Framework: Overview Source: Risk IT Framework Sayfa 14
15 The Risk IT Framework: Some key concepts Source: Risk IT Framework Sayfa 15
16 Risk IT: Generic Risk Scenarios Source: Risk IT Framework Sayfa 16
17 Source: Risk IT Framework Risk IT: Control selection Sayfa 17
18 Evolution of threats Sayfa 18
19 Countering the evolving threat landscape Sayfa 19
20 GISS 2010: Data leakage controls Which of the following actions has your organization taken to control data leakage of sensitive information? Defined a specific policy for classification and handling of sensitive information 73% Implemented additional security mechanisms for protecting information 65% Utilized internal auditing for testing of controls Implemented content monitoring/filtering tools Defined specific requirements for telecommuting Locked down/restricted use of certain hardware components Restricted or prohibited use of instant messaging or for sensitive data Implemented log review tools 54% 51% 48% 45% 45% 44% Prohibited use of camera devices within sensitive or restricted areas 29% Restricted access to sensitive information to specific time periods 18% Sayfa 20
21 Varlık tabanlı BT risk değerlendirme örneği Sayfa 21
22 Varlık tabanlı BT risk değerlendirme örneği: BT envanter kırılımı IT Inventory Software Inventory Hardware Inventory Data Inventory Location Inventory Application PC Office Software System Software Web Service Software Physical Server Systems Business Application Operating System Software Virtual Server Systems Business Support Applications Middleware Security Systems Reporting Application Development Application Database Management Software Storage Unit Security Application Network Equipment System Management Application Sayfa 22
23 Finansal denetimde BT risk değerlendirme Kurum Seviyesi Kontroller / İç Kontrol ve İç Denetim Muhasebe Kayıtları / Mali Tablolar İş Süreci 1 İş Süreci 2 İş Süreci 3 İş Süreci 4 Uygulama Kontrolleri A Uygulaması B Uygulaması C Uygulaması BT Genel Kontrolleri Veri Yedekleme 1 Uygulama Geliştirme - 1 Bilgi Güvenliği Veri Yedekleme 2 Uyg. Geliştirme - 2 Sayfa 23
24 Sorular ve tartışma Sayfa 24
25 Teşekkür ederiz
26 Ek: BT risk grupları Sayfa 26
27 Ernst & Young Generic RiskUniverse Strategic Operations Compliance Financial Governance: Board Performance Tone at The Top Control Environment Corporate Social Responsibility Planning and Resource Allocation: Organizational Structure 3 rd Party Relationships Strategic Planning HR Strategy & Planning Annual Budgeting Forecasting JV s /Alliances and Partnerships Outsourcing Arrangements Special Purpose Entities Tax Planning Major Initiatives: Vision and Direction Planning and Execution Measurement & Monitoring Technology Implementations Business Acceptance Mergers, Acquisition & Divesture: Valuation and Pricing Due Diligence Planning, Execution and Integration Market Dynamics: Competition Macro-Economic Factors Lifestyle Trends Socio-Political Communication & Investor Relations: Media Relations Crisis Communications Misuse of Technology for Communication Employee Communication Sales & Marketing: Marketing Advertising Research & Development Sales and Pricing Technology Enabled Sales Customer/Support Management Supply Chain: Master Planning & Forecasting Procurement & Inventory Production Distribution Transportation & Logistics Indirect Taxes Transfer Pricing People/Human Resources: Culture Recruiting & Retention Development & Performance Succession Planning Compensation and Benefits Pay Programs & Practices Labor Relations Information Technology: IT Management IT Security / Access IT Availability/Continuity IT Spend IT Integrity IT Infrastructure Hazards: Natural Events, Terror & Malicious Acts Outages Physical Assets: Real Estate Property Plant & Equipment Inventory Tax Operations: Tax Technology and Knowledge Management Tax Department Operations Code of Conduct : Ethics Fraud Legal: Contract Liability Intellectual Property Anti-Corruption International Dealings Regulatory: Trade Customs Labor Securities Environment Data Protection & Privacy Product Quality/Safety Health and Safety International Dealings Competitive Practices / Anti-trade Tax Compliance and Audit Management Sales & Marketing Market: Interest Rate Foreign Currency Commodity Derivatives Liquidity Risk Management: Cash Management Funding Hedging Credit & Collections Insurance Accounting and Reporting Accounting, Reporting & Disclosure Internal Control Requirements Capital Structure: Debt Equity Pension Funds Stock Options Sayfa 27
28 IT Risk Groups IT Management Failure to prioritize technology initiatives and effectively allocate and direct IT resources in order to achieve the strategic corporate goals and objectives IT Security/Access Failure of information systems to adequately protect the critical data and infrastructure from theft, corruption, unauthorized usage, viruses, or sabotage IT Availability/Continuity The inability to recover from, and continue uninterrupted operations in the event of extraordinary events, systems and implementation failures IT Spend IT directly or indirectly contributes to higher operating costs resulting in a material decrease to the company's profitability and earnings. IT Integrity Information systems do not provide reliable information when it is needed or perform so slowly that operations are not efficient IT Infrastructure The computer and telecommunications systems with supporting software do not capture, retain and transfer data in a secure and reliable environment and do not meet the expected requirements of the business at a reasonable cost Sayfa 28
Anti-Fraud Management Example In Accounts Payable. Michael Heckner October 12, 2012
Anti-Fraud Management Example In Accounts Payable Michael Heckner October 12, 2012 GRC Top Reasons Customers Invest Today Business Process Improvements Systematic, reliable processes Improve predictability
More information08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview
Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationSocial Networking and its Implications on your Data Security
Social Networking and its Implications on your Data Security Canadian Chamber of Commerce of the Philippines June 8, 2011 Warren R Bituin Partner -SGV & Co. About the Speaker Warren R. Bituin SGV & Co./Ernst
More informationDON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? FREEMAN WOOD HEAD OF MERCER SENTINEL NORTH AMERICA GREGG SOMMER HEAD OF OPERATIONAL RISK ASSESSMENTS MERCER
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationNORTH CAROLINA DEPARTMENT OF STATE TREASURER INVESTMENT MANAGEMENT DIVISION. External Investment Manager and Vehicle Selection Policy and Procedures
I. Background NORTH CAROLINA DEPARTMENT OF STATE TREASURER INVESTMENT MANAGEMENT DIVISION External Investment Manager and Vehicle Selection Policy and Procedures The North Carolina Retirement Systems include
More informationOur Service Offering to SASOL
Our Service Offering to SASOL MEMBER FIRM ALIGNED WITH LIKE-MINDED FIRMS IN OVER 70 OFFICES ACROSS 25 COUNTRIES Giving our clients a competitive advantage by providing access to best practice. A BRIEF
More informationSIEM Implementation Approach Discussion. April 2012
SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual
More informationTHIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s
MANAGING THIRD PARTY RISK T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s Experis -- a different kind of talent company. Experis Tuesday, January 08,
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationtrends and audit considerations
Bring your own device (BYOD) trends and audit considerations SIFMA IT audit session 4 October 2012 Disclaimer Ernst & Young refers to the global organization of member firms of Ernst & Young Global Limited,
More informationSTRATEGIES FOR ADAPTING AND REMODELING ACTIVITIES IN ROMANIAN INSURANCE COMPANIES
DIANA MIRUNA HANCU STRATEGIES FOR ADAPTING AND REMODELING ACTIVITIES IN ROMANIAN INSURANCE COMPANIES Ph.D. Thesis - SUMMARY - Ph.D. Coordinators: Prof. Dan CÂNDEA, Ph.D. Prof. Dumitru MATIŞ, Ph.D. 2009
More informationAudit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland
Audit Report Effectiveness of IT Controls at the Global Fund Follow-up report GF-OIG-15-20b Geneva, Switzerland Table of Contents I. Background and scope... 3 II. Executive Summary... 4 III. Status of
More informationBEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT
BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT Communications Company One Company s Supply Chain Transformation Journey INTERVIEWS Senior Manager Supply Chain Operations Strategy Manager Procurement
More informationForensic Services. Third Party Risks. March 2013
Forensic Services Third Party Risks Landscape of third party risk Focus on third parties that: perform functions on behalf of the company provide products and services that the company does not originate
More informationAccounting and Management Information Systems Course Descriptions
Accounting and Management Information Systems Course Descriptions Accounting Course Descriptions ACCT 110 Introduction to Financial Accounting This introductory course to financial accounting aims to develop
More informationVENDOR MANAGEMENT. General Overview
VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor
More informationBUILDING FUTURES ADVANCED DIPLOMA MCT
BUILDING FUTURES ADVANCED DIPLOMA MCT SYLLABUS ADVANCED DIPLOMA MCT Study Unit 1: Treasury strategy Study Unit 2: Treasury applications Study Unit 3 Strategic treasury solutions INTRODUCTION The MCT Advanced
More informationUniversity of Sunderland Business Assurance Information Security Policy
University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant
More informationConcepts in Enterprise Resource Planning. 2 nd Edition. Business Functions, Processes, and Data Requirements
Concepts in Enterprise Resource Planning 2 nd Edition Business Functions, Processes, and Data Requirements Chapter Objectives Name a business's main areas of operation. Differentiate a business process
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationExecutive Leadership MBA Course Descriptions
Executive Leadership MBA Course Descriptions MBA 608: Interpersonal Leadership and Managing Organizational Behavior (3 credits) This course provides rising stars learning opportunities to take the next
More informationAPICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES
APICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES APICS INSIGHTS AND INNOVATIONS ABOUT THIS REPORT This report examines the role that supply chain risk management plays in organizations
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More information11/12/2013. Role of the Board. Risk Appetite. Strategy, Planning and Performance. Risk Governance Framework. Assembling an effective team
Role of the Board Risk Appetite Strategy, Planning and Performance Risk Governance Framework Assembling an effective team Role of the CEO Accountability and Disclosure 1 Board members should act on a fully
More informationThe following are guidelines on the type of questions and their approximate weightings:
Purpose Advanced Management Accounting [MA2] Examination Blueprint 2014-2015 The Advanced Management Accounting [MA2] examination has been constructed using an examination blueprint. The blueprint, also
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationCredit Union Liability with Third-Party Processors
World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with
More informationRisk Considerations for Internal Audit
Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013
More informationPrincipal risk Change Impact Mitigation Relevance to
6 Spirax-Sarco Engineering plc Annual Report and Accounts 03 Strategic report continued risks Principal risks A summary of the principal risks, their likely impact and an explanation of how the Group mitigates
More informationInformation Security in the framework of Enterprise Risk Management (ERM)
ERM, a widespread practice in Financial Institutions Value based ERM is driven by shareholder value Strategic ERM is driven by the internal control imperative Integral part of sound business management
More informationRisk Management. Risk Policy and Procedures. Risk Management Framework
Risk Management Risk Policy and Procedures Risk management is attempting to identify and then manage threats that could severely impact or bring down the organization. Generally, this involves reviewing
More informationVendor Management. Outsourcing Technology Services
Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationNAPCS Product List for NAICS 54161: Management Consulting Services
NAPCS List for NAICS 54161: National 54161 1 Management Providing advice and guidance in the areas of strategic and organizational, financial, human resources, marketing, and operations and supply chain
More informationBusiness Continuity Planning in IT
Introduction: Business Continuity Planning in IT The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationVendor Risk Management Financial Organizations
Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current
More informationENTERPRISE MANAGEMENT AND SUPPORT IN THE TELECOMMUNICATIONS INDUSTRY
ENTERPRISE MANAGEMENT AND SUPPORT IN THE TELECOMMUNICATIONS INDUSTRY The Telecommunications Industry Companies in the telecommunications industry face a number of challenges as market saturation, slow
More informationAccounting and Management Informatics No. 1 -st year (2012-2013) ECTS
Bachelor's degree Accounting and Management Informatics No. 1 -st year (2012-201) ECTS 1. Financial Mathematics 4 2. Basics of Information Technology 4. Principles of Accounting I 6 4. Business Law 5.
More informationHow to build a great compliance program for your U.S. imports
How to build a great compliance program for your U.S. imports For the importer of record, compliance means the complete and accurate recording of all internal processes through books and records, from
More informationHP Inc. Reports Hewlett-Packard Company Fiscal 2015 Full-Year and Fourth Quarter Results
HP Inc. 1501 Page Mill Road Palo Alto, CA 94304 hp.com News Release HP Inc. Reports Hewlett-Packard Company Fiscal 2015 Full-Year and Fourth Quarter Results Editorial contacts HP Inc. Media Relations MediaRelations@hp.com
More informationExercising Your Enterprise Cyber Response Crisis Management Capabilities
Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.
More informationFord Credit Earns Full-Year 2014 Pre-Tax Profit of $1.9 Billion; Net Income of $1.7 Billion*
Ford Credit Earns Full-Year Pre-Tax Profit of $1.9 Billion; Net Income of $1.7 Billion* DEARBORN, Mich., Jan. 29, 2015 Ford Motor Credit Company reported a pre-tax profit of $1.9 billion in, its highest
More informationELECTRONIC INFORMATION SECURITY A.R.
A.R. Number: 2.6 Effective Date: 2/1/2009 Page: 1 of 7 I. PURPOSE In recognition of the critical role that electronic information systems play in City of Richmond (COR) business activities, this policy
More informationThe CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).
Page 1 of 7 The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Domain I provides a solid foundation for the governance of
More informationManaging Cyber Risk through Insurance
Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationAlex Beath and Jody MacIntosh
Rotman International Journal of Pension Management Volume 6 Issue 1 Spring 2013 Risk-Management Practices at Large Pension Plans: Findings from a Unique 27-Fund Survey Alex Beath and Jody MacIntosh Alex
More informationColumbus City Schools Office of Internal Audit FY 2015 Work Plan Overview. January 21, 2015
Columbus City Schools Office of Internal Audit Overview January 21, 2015 Development of the Risk Assessment Definition of the Audit Universe: The Audit Universe is made up of auditable units, which consist
More informationBorderless security. Ernst & Young s 2010 Global Information Security Survey
Borderless security Ernst & Young s 2010 Global Information Security Survey Foreword... 1 Borderless security... 2 Data on the move... 4 Processing in the clouds... 8 Web connections... 12 Summary... 16
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationTax, Legal, Bookkeeping & Payroll Services 2015 kpmg.hr
KPMG IN CROATIA Tax, Legal, Bookkeeping & Payroll Services 2015 kpmg.hr High performing people cutting through complexity to deliver informed perspectives and clear solutions that our clients and stakeholders
More informationTECHNOLOGY STRATEGY AUDIT
TECHNOLOGY STRATEGY AUDIT Executive Summary It is our intention to facilitate the understanding of technology strategy and its integration with business strategies. This guideline is organized as series
More informationPillar 3 Disclosures:
Pillar 3 Disclosures: Pillar 3 Overview/Introduction Pillar 3 is the third element of the CRD s 3 pillar concept: Pillar 1 minimum capital requirements; Pillar 2 ICAAP and determination by firms if they
More informationWHS Risk Assessment and Control Form
WHS Risk Assessment and Control Form Step 1: Who has conducted the Risk Assessment Risk Assessment completed by (name): Staff / Student Number: Signature: Date: Step 4: Documentation and initial approval
More informationAs of July 1, 2013. Risk Management and Administration
Risk Management Risk Control The ORIX Group allocates management resources by taking into account Group-wide risk preference based on management strategies and the strategy of individual business units.
More informationRISK MANAGEMENt AND INtERNAL CONtROL
RISK MANAGEMENt AND INtERNAL CONtROL Overview 02-09 Internal control the Board meets regularly throughout the year and has adopted a schedule of matters which are required to be brought to it for decision.
More informationBlackBerry Reports Strong Software Revenue and Positive Cash Flow for the Fiscal 2016 First Quarter
FOR IMMEDIATE RELEASE June 23, BlackBerry Reports Strong Software Revenue and Positive Cash Flow for the Fiscal 2016 First Quarter Waterloo, ON BlackBerry Limited (NASDAQ: BBRY; TSX: BB), a global leader
More informationFlorida A&M University O CTOBER 2008
Florida A&M University O CTOBER 2008 2013-14 Risk assessment and internal audit plan May 2013 Contents 2013-14 Risk assessment & internal audit plan... 1 Risk assessment matrix development process... 2
More informationRISK MANAGEMENT IN A FOR-
RISK MANAGEMENT IN A FOR- PROFIT ORGANISATION 1 OBJECTIVES Explain the risk management framework The underlying process and cycle, and resources and people involved The framework can be applied in for
More informationExecutive Leadership MBA Course Descriptions
Executive Leadership MBA Course Descriptions MBA 608: Interpersonal Leadership and Managing Organizational Behavior (3 credits) This course provides rising stars learning opportunities to take the next
More informationRisks and uncertainties
Risks and uncertainties Our risk management approach We have a well-established risk management methodology which we use throughout the business to allow us to identify and manage the principal risks that
More informationMBA IQ Course Syllabus
MBA IQ Course Syllabus Module 1: General Management, Leadership, and Strategy Understand Scope & Nature of Corporate Strategies Understand Importance of Planning & Organizing Skills Understand Importance
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee
More informationMEMORANDUM. 2015 Risk Assessment, 2015 Audit Plan, and 2014 Audit Plan
ORANGE COUNTY EMPLOYEES RETIREMENT SYSTEM MEMORANDUM DATE: January 21, 2015 TO: FROM: SUBJECT: s of the Audit Committee David James, Director of Internal Audit 2015 Risk Assessment, 2015 Audit Plan, and
More informationINFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION
INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,
More informationAudit Director Roundtable Asia Emerging Risks Report
Audit Director Roundtable Asia Emerging Risks Report Q3 2012 A FRAMEWORK FOR MEMBER CONVERSATIONS The mission of The Corporate Executive Board Company and its affiliates (CEB) is to unlock the potential
More informationINSEEC Group- Paris, Bordeaux, & Lyon
INSEEC Group- Paris, Bordeaux, & Lyon COURSES IN ENGLISH- FALL SEMESTER Paris: Advertising & Communication: New Information & Communication Technologies Marketing International Media Image Rights Strategic
More informationDepartment of Management
Department of Management Course Student Learning Outcomes (ITM and MGMT) ITM 1270: Fundamentals of Information Systems and Applications Upon successful completion of the course, a student will be able
More informationPractical and ethical considerations on the use of cloud computing in accounting
Practical and ethical considerations on the use of cloud computing in accounting ABSTRACT Katherine Kinkela Iona College Cloud Computing promises cost cutting efficiencies to businesses and specifically
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationOCCUPATIONAL GROUP: Information Technology. CLASS FAMILY: Security CLASS FAMILY DESCRIPTION:
OCCUPATIONAL GROUP: Information Technology CLASS FAMILY: Security CLASS FAMILY DESCRIPTION: This family of positions provides security and monitoring for the transmission of information in voice, data,
More informationRisk Management. Risk Identification
Management This part provides guidance on the treatment of risks on a PPP project, and; Identifies the major risks common to many PPP projects across all sectors; Allocates the identified risks between
More informationGet More Out of Your Risk Assessment. Austin Chapter of the IIA
Get More Out of Your Risk Assessment Austin Chapter of the IIA Speakers Alyssa G. Martin, CPA Dallas Executive Partner, Advisory Services 25 years of public accounting experience, with a practice emphasis
More informationStatement of Policy for the Risk Management Program
Statement of Policy for the Risk Management Program I. Purpose The Illinois State Board of Investment (the Board ) has adopted this Statement of Policy for the Risk Management Program ( Risk Policy ) for
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationPRIVACY OF CONSUMERS' FINANCIAL INFORMATION PART 12 501(b) AND BANK MANAGEMENT
PRIVACY OF CONSUMERS' FINANCIAL INFORMATION PART 12 501(b) AND BANK MANAGEMENT RESOURCES PROVIDED THROUGH APRIL 2001 Slides Narration In the last presentation, you learned about some of the general responsibilities
More informationCGA Competency Framework
CG Competency Framework 2010 cademic Year Revised July 2009 Contents Introduction to the CG Competency Framework.... 3. Purpose.of.the.Competency.Framework.... 3. Competency.Groups.....4. Required.Proficiency.Levels.....5.
More informationOVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii
The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationJOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More informationInformation Security Team
Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface
More informationWork Toward Your Bachelor s Degree
By completing a series of Walden s Professional Development courses, you can earn credits toward a number of bachelor s programs at Walden University. To receive credit, you will need to complete all of
More informationHigh Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director
High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role
More informationBlackBerry Reports Software and Services Growth of 106 Percent for Q4 and 113 Percent for Fiscal 2016
April 1, FOR IMMEDIATE RELEASE BlackBerry Reports Software and Services Growth of 106 Percent for Q4 and 113 Percent for Fiscal Company reports positive free cash flow for eighth consecutive quarter and
More informationVendor Management Best Practices
23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion
More informationEvaluating the Business Impacts of Poor Data Quality
Evaluating the Business Impacts of Poor Data Quality Submitted by: David Loshin President, Knowledge Integrity, Inc. (301) 754-6350 loshin@knowledge-integrity.com Knowledge Integrity, Inc. Page 1 www.knowledge-integrity.com
More informationDo you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape
January 2013 Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape At a glance Threats to data security both
More informationmicros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.
micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5
More informationIMTC SPECIAL TRAINING CALENDAR FOR 2015/2016
SPECIAL TRAINING CALENDAR FOR 2015/2016 PUBLIC RELATIONS & PROTOCOL OFFICERS COURSE 1. Protocol and Event Management 2. Planning & Managing PR Campaigns 3. Protocol Etiquette and Civility Course 4. International
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationForensic Audit Building a World Class Program
Forensic Audit Building a World Class Program PAUL E. ZIKMUND DIRECTOR GLOBAL INTEGRITY AND FORENSIC AUDIT 1 2012 ACFE ANNUAL FRAUD CONFERENCE ORLANDO, FL Why the Need for Forensic Audit Program In response
More information