IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE
|
|
- Mabel Katherine Leonard
- 8 years ago
- Views:
Transcription
1 1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH PLAN SERVICES & HARRINGTON HEALTH AHIA 32 nd Annual Conference August 25-28, 2013 Chicago, Illinois
2 Contents 2 Introduction IT Governance Q&A References 2
3 Objectives 3 Discuss the five key components of IT Governance Understand the key IT governance frameworks and standards The values of IT Governance ROI research and case studies Audit IT Governance and the 10 quick wins in improving IT Governance Ask your questions And more... 3
4 Auditing and IT Governance 4 IIA Standard 2011: Governance states, the internal audit activity it must assess whether the information technology governance of the organization supports the organization s strategies and objectives. 4
5 Healthcare IT Characteristics 5 Diversified IT environment Medical Devices and IT System coming together Meaningful use and HIE are changing g the IT environment Many regulatory requirements Constantly new and changing threats/risks related to the use of technology Immature IT/Information Security 5
6 GRC G Governance (Corporate Governance) R Risk (Enterprise Risk Management) C Compliance IT Governance 6
7 Shift the IT Perspective: 7 Area From To Scope: Technical problem Enterprise problem/opportunity Ownership: IT Enterprise Funding: Expense Investment Application: Platform/practice Process Approach: Adhoc Managed & Strategic 7
8 Contents 8 Introduction IT Governance Q&A References 8
9 Enterprise Governance 9 is a set of responsibilities and practices exercised by the board and executive management with the goal of Providing strategic direction Ensuring that objectives are achieved Ascertaining that risks are managed appropriately Verifying that the enterprise s resources are used responsibly is about Conformance: adhering to legislation, internal policies, audit requirements, etc. Performance: improving profitability, efficiency, effectiveness, growth, etc. 9
10 What is IT Governance? 10 IT governance is a subset of enterprise governance. Governance of IT encompasses several initiatives for board members and executive management. They must be aware of the role and impact of IT on the enterprise, define constraints within which IT professionals should operate, measure performance, understand risk and obtain assurance. IT Governance Institute 10
11 Balance of IT Governance Goals 11 The board must direct the balance between conformance and performance goals. 11
12 IT Governance Areas Process Maturity Rating 0 Non-existent: The process (control/procedures) does not exist. 1 Initial/Ad hoc: The process is informal, undocumented and reactive. 2 Repeatable: The process is repeatable but may be applied inconsistently as needed. 3 Defined: The process is documented and communicated. 4 Managed: The process is implemented and measurable. 5 Optimizing: Managed process with continuous performance improvements utilizing best practices. N/A Not Applicable: The process is not applicable to the review or has not been reviewed for other reasons. 12
13 Value of IT Governance 13 How the Masters of IT Deliver More Value and Less Risk IT Policy Compliance Group, December 2010 How High Performance Organizations Manage IT IT Policy Compliance Group, April
14 Value of IT Governance 14 Mature IT Governance has a strong business value that improves the organization s performance. The most mature organizations show: 7% higher profit margins than average 7-8% higher customer/patient satisfaction and retention than average Less than half in regulatory compliance spending 14
15 Profile Masters of IT: Practices of Best Performers Revenue and profits that are 75 percent higher than industry peers Customer retention-rates that are 50 percent higher than industry peers Spending on IT budgets that is 30 percent higher than industry peers Spending on information security that t is 37 percent higher h than peers Business disruptions that are 100 percent lower than industry peers Data loss or theft incidents that are 75 percent lower than industry peers Audit deficiencies that are 65 percent less than industry peers Page 15 15
16 Best Performers Masters of IT IT Balanced Scorecards that are linked to business Balanced Scorecards Ongoing IT Portfolio revision for effective management of asset use, growth strategy, value and risk Strategic IT Maps that align value and risk between the business of the enterprise and IT Standardization on COBIT, ISO and CIS benchmarks to preserve value, manage controls and mitigate risk Page 16
17 Best Performers Masters of IT Electronic systems of record in IT GRC systems for values, policies, controls, risks, assets and regulatory mandates Automation of key procedures to manage value and risk Daily, weekly and bi-monthly assessments to manage value and risk Dashboards, scorecards and reporting focused on operating units, business units, business functions, regulatory mandates, across silos and people Page 17
18 IT Governance you can not manage what you can not measure. 18
19 Resource Management Risk Management 19 Performance Measurement Accountability Roles and Responsibilities Major/Main Responsibilities Board Strategic Direction CEO Delivery of Strategy t CIO Implementation of Strategy
20 Roles/Responsibilities ACCOUNTABILITY Accountability applies to those who own the required resources and have the authority to approve the execution and/or accept the outcome of an activity within specific Risk IT processes. RESPONSIBILITY: Responsibility belongs to those who must ensure that the activities are completed successfully. Legend of the table: When a cell is YELLOW, the role carries responsibility and/or partial accountability for the process When a cell is GREEN, the role carries main accountability for the process. Only one role can be the main accountable for a given process. 20
21 Responsibilities & Accountability (RISK-IT) ROLE DEFINITIONS, RESPONSIBILITIES & ACCOUNTABILITY RISK GOVERNANCE RISK EVALUATION RISK RESPONSE Role Board Chief Executive Officer (CEO) Chief Risk Officer (CRO) Chief Information Officer (CIO) Chief Financial Officer (CFO) Enterprise Risk Committee Business Management Business Process Owner Risk Control Functions Definition of the Role This group of most senior and/or non-executives of the enterprise who are accountable for the governance of the enterprise and have overall control of its resources. The highest ranking officer who is in charge of the total management of the enterprise. The individual who oversees all aspects of risk management across the enterprise. An IT risk officer function may be established to oversee IT-related risk. The most senior official of the enterprise who is accountable for IT advocacy; aligning IT and business strategies; and planning, resourcing and managing the delivery of IT services and information and the deployment of associated human resources. The CIO typically chairs the governance council that manages the portfolio. The most senior official of the enterprise who is accountable for financial planning, record keeping, investor relations and financial risks. The group of executives of the enterprise who are accountable for the enterprise-level collaboration and consensus required to support enterprise risk management activities and decisions. Common Risk View A Integrate with ERM Risk- Aware Decisions A (Accountable) Collect Data Analyze Risk Maintain Risk Profile Articulate Risk Manage Risk R R (Responsible) A React to Events R R R A R R A R R R R R R R R R R R R R R R R Business individuals with roles related to managing (a) programme(s). R R A A A R R R The individual responsible for identifying process requirements, approving process design and managing process performance. In general, a business process owner must at an appropriately high level in the enterprise and have authority to commit resources to process-specific risk management activities. The functions in the enterprise responsible for managing specific risk domains (e.g. Chief Information Security Officer, business continuity plan disaster recovery, supply chain, Project Management Office). Human The most senior official of the enterprise who is accountable for planning and policies with respect to all human resources R resources (HR) in the enterprise. Compliance and Audit R R R R R R R R A R R R R R R R R R The functions in the enterprise responsible for compliance and audit. R R 21
22 IT Governance Framework in Place (COBIT 5) 22 22
23 IT Governance Control Areas 23 23
24 IT Governance Architecture Header Drivers PERFORMANCE: Business Goals CONFORMANCE HIPAA, PCI, etc. 24 Enterprise Governance Balanced Scorecards COSO IT Governance COBIT Best Practice Standards RISK IT ITIL ISO27000/ HITRUST PMI CMMi Processes and Procedures IT Risk Management IT Service Security/Risk Management Principles Project Management Principles System Development (adapted from ITGI, 2007, p. 12) 24
25 IT Governance Framework 25 COSO COBIT NIST ISO 9000 WHAT HOW ITIL SCOPE OF COVERAGE 25
26 COBIT 5 26 Governance of Enterprise IT Evolut tion of sco ope IT Governance Management Control Audit Val IT 2.0 (2008) Risk IT (2009) COBIT1 COBIT2 COBIT3 COBIT4.0/4.1 COBIT / An business framework from ISACA, at 26
27 ISACA 2010 IT Governance Global Study Wllk Well-known frameworks and solutions. Selected IT governance frameworks 27
28 COBIT
29 COBIT Principles and Enablers COBIT 5 Enterprise Enablers 29 29
30 COBIT Principle
31 COBIT 5 Processes 31
32 COBIT 5 Information Security 32 Business Model for Information Security (BMIS) The focus on information security management system (ISMS) in the align, plan and organize (APO) management domain, APO13 Manage security, establishes the prominence of information security within the COBIT 5 process framework. 32
33 Enterprise Risk Management RISK IT Enterprise Risk Strategic Risk Environmental Risk Market Risk Credit Risk Operational Risk Compliance Risk IT-related Risk IT Benefit/Value Enablement IT Program and IT Operations and Risk Project Delivery Risk Service Delivery Risk Technology enabler for new business initiativesiti Technology enabler for efficient operations Project relevance Project quality Projects overrun IT Service interruptions Security issues Compliance issues 33
34 Risk to Controls 34 34
35 Contents 35 Introduction IT Governance Q&A References 35
36 Contents 36 Introduction IT Governance Q&A References 36
37 References 37 ISACA COBIT RISK-IT IT IT Governance Institute IIA GTAG 7 IT Governance IT Policy Compliance Group ( HIMSS (IT Governance in Healthcare & Hospitals) 37
38 Question & Answers 38 Page 38
39 Save the Date September 21-24, rd Annual Conference Austin, Texas 39
COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)
COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA
More informationEnhancing IT Governance, Risk and Compliance Management (IT GRC)
Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT
More informationChayuth Singtongthumrongkul
IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional
More informationStrategic IT audit. Develop an IT Strategic IT Assurance Plan
Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized
More informationIT Governance: framework and case study. 22 September 2010
IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT
More informationSecurity & IT Governance: Strategies to Building a Sustainable Model for Your Organization
Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Outside View of Increased Regulatory Requirements Regulatory compliance is often seen as sand in the gears requirements
More informationIntroduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors
Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Importance of Effective Internal Controls and COSO COSO
More informationITIL AND COBIT EXPLAINED
ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison
More informationMoving Forward with IT Governance and COBIT
Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around
More informationMapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA
Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationSITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre
SITA Service Management Strategy Implementation Presented by: SITA Service Management Centre Contents What is a Service? What is Service Management? SITA Service Management Strategy Methodology Service
More informationDoes Your Information Security Program Measure Up? Session #74
Does Your Information Security Program Measure Up? Session #74 DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy
More informationCOBIT Helps Organizations Meet Performance and Compliance Requirements
DISCUSS THIS ARTICLE COBIT Helps Organizations Meet Performance and Compliance Requirements By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert,
More informationBased on 2008 Survey of 255 Non-IT CEOs/Executives
Based on 2008 Survey of 255 Non-IT CEOs/Executives > 50% Ranked ITG as very important > 75% of businesses consider ITG to be an integral part of enterprise governance, but the overall maturity level is
More informationCOBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process
Proceedings of FIKUSZ 13 Symposium for Young Researchers, 2013, 67-76 pp The Author(s). Conference Proceedings compilation Obuda University Keleti Faculty of Business and Management 2013. Published by
More informationGobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI
Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory
More informationRevised October 2013
Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience
More informationEnabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013
Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities
More informationIT Risk Management Life Cycle and enabling it with GRC Technology
IT Risk Management Life Cycle and enabling it with GRC Technology Debbie Lew (debbie.lew@ey.com), Senior Manager, E&Y Steven Jones (steven.jones@ey.com), Senior Manager, E&Y Overview 1. What is risk management?
More informationASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT
Accounting and Management Information Systems Vol. 11, No. 1, pp. 44 55, 2012 ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Pavel NĂSTASE 1 and Simona Felicia UNCHIAŞU
More informationHow the Masters of IT Deliver More Value and Less Risk
December 2010 How the Masters of IT Deliver More Value and Less Risk IT Policy Compliance Group Contents Executive Summary Overview 3 The Best Performing Masters of IT 3 Guidance and Recommendations 4
More informationBenchmark of controls over IT activities. 2011 Report. ABC Ltd
www.pwc.com/cy Benchmark of controls over IT activities 2011 Report ABC Ltd... 2012 Scope and approach We wish to provide you with our IT Benchmarking report over IT activities at ABC Ltd (the Company)
More informationGlobal Technology Audit Guide. Auditing IT Governance
Global Technology Audit Guide Auditing IT Governance Global Technology Audit Guide (GTAG ) 17 Auditing IT Governance July 2012 GTAG Table of Contents Executive Summary... 1 1. Introduction... 2 2. IT
More informationIT Governance Dr. Michael Shaw Term Project
IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationFeature. Developing an Information Security and Risk Management Strategy
Feature Developing an Information Security and Risk Management Strategy John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC. He has designed and implemented enterprisewide
More informationGeoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com
COBIT 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com 1 Copyright Notice COBIT is 1996, 1998, 2000, 2005 2012 ISACA and IT Governance Institute.
More informationIT Governance. What is it and how to audit it. 21 April 2009
What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationIT Governance Regulatory. P.K.Patel AGM, MoF
IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation
More informationBeyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist
Beyond Mandates: Getting to Sustainable IT Governance Best Practices Steve Romero PMP, CISSP, CPM IT Governance Evangelist Agenda > IT Governance Definition > IT Governance Principles > IT Governance Decisions
More informationCOBIT 5 Introduction. 28 February 2012
COBIT 5 Introduction 28 February 2012 COBIT 5 Executive Summary 2012 ISACA. All rights reserved. 2 Information! Information is a key resource for all enterprises. Information is created, used, retained,
More informationJOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK
JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK INDEX 1 Introduction... 2 Contextual background... 2.1 The CobiT 5 framework (2012)... 2.2 The ISO 27000 series (2005, 2011)... 2.3 The Risk IT
More informationDISASTER RECOVERY/ BUSINESS CONTINUITY AUDITING: A CASE STUDY
1 DISASTER RECOVERY/ BUSINESS CONTINUITY AUDITING: A CASE STUDY WAYNE PURVES DIRECTOR CHRISTA VOIE IT AUDITOR MULTICARE HEALTH SYSTEM TACOMA, WA AHIA 32 nd Annual Conference August 25-28, 2013 Chicago,
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationAn Introduction to the Information Security Program Model (ISPM)
SECURELY ENABLING BUSINESS An Introduction to the Information Security Program Model (ISPM) Presented by: Nick Puetz VP of Strategic Services, FishNet Security David Robinson CIO, Lockton Companies AGENDA
More informationAPPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES
APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company
More informationENTERPRISE RISK MANAGEMENT SURVEY. 2013 RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY:
t RIMS2013 ENTERPRISE RISK MANAGEMENT SURVEY 2013 RIMS Enterprise Risk Management (ERM) Survey SPONSORED BY: Administered by: Advisen Ltd. Zurich Authored by: RIMS and Advisen Ltd. Publishers: Mary Roth,
More informationDomain 5 Information Security Governance and Risk Management
Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association
More information10 Best-Selling Modules For Home Information Technology Professionals
Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich
More informationBusiness Continuity in Healthcare
Business Continuity in Healthcare Cynthia Simeone, CBCP, PMP Director Business Resilience Catholic Health Initiatives Scott Ream President Virtual Corporation 1 Session Speakers Cynthia Simeone, CBCP,
More informationHow To Use Risk It
Risk IT A set of guiding principles and the first framework to help enterprises identify, govern and effectively manage IT risk. In business today, risk plays a critical role. Almost every business decision
More information2009 Solvay Brussels School and IT Governance institute
IT Governance Masterclass Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA International VP, IT Governance Institute Professor, Solvay Business School Managing Partner, ICT Control NV 1 Georges Ataya
More informationWEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER
WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER MAY 2012 INDEX 1 Introduction... 1 2 Contextual background... 3 2.1 The CobiT 5 framework (2012)... 4 2.2 The ISO 27000 series (2005,
More informationMeasuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia
Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia MARIO SPREMIĆ, Ph.D., CGEIT, Full Professor Faculty of Economics and Business Zagreb, University of Zagreb
More informationIT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP
IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP 1 An executive view of governance Based on 2009 Survey of 255 Non-IT CEOs/Executives 50% Ranked ITG as very important 75% of
More informationHow to Lead the People in a Program Based Environment
SESSION ID: GRC-W01 Balancing Compliance and Operational Security Demands Steve Winterfeld Bank Information Security Officer CISSP, PCIP What is more important? Compliance with laws / regulations Following
More informationCOBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30
COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net
More informationPresented by. Denis Darveau CISM, CISA, CRISC, CISSP
Presented by Denis Darveau CISM, CISA, CRISC, CISSP Las Vegas ISACA Chapter, February 19, 2013 2 COBIT Definition Control Objectives for Information and Related Technology (COBIT) is an IT governance framework
More informationS11 - Implementing IT Governance An Introduction Debra Mallette
S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Introduction to IT Governance Implementation using COBIT and Val IT Speaker: Debra Mallette, CGEIT, CISA, CSSBB Session Objectives
More informationPractical Approaches to Achieving Sustainable IT Governance
Practical Approaches to Achieving Sustainable IT Governance Beyond Mandates: Getting to Sustainable IT Governance Best Practices Agenda IT Governance Definition IT Governance Principles IT Governance Decisions
More informationManage Third Party Information Technology Services
Manage Third Party Information Technology Services City of Tulsa Internal Auditing June 2013 MANAGE THIRD PARTY INFORMATION TECHNOLOGY SERVICES City of Tulsa Internal Auditing Ron Maxwell, CIA, CFE Chief
More informationThe Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach
The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25
More informationfs viewpoint www.pwc.com/fsi
fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a
More informationITIL's IT Service Lifecycle - The Five New Silos of IT
The workable, practical guide to Do IT Yourself Vol. 4.01 January 1, 2008 ITIL's IT Service Lifecycle - The Five New Silos of IT By Rick Lemieux In my last article I spoke about IT s evolution from its
More informationAN OVERVIEW OF INFORMATION SECURITY STANDARDS
AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationEnterprise Risk Management Program
Enterprise Risk Management Program APPA s Risk Management & Insurance Meeting Austin, Texas March 29, 2007 Presented by: L.D. Hollingsworth Agenda Introduction - Why ERM? Governance & Reporting Structure
More informationIT Service Management ITIL, COBIT
IT Service Management ITIL, COBIT Bülent Ekuklu Business Development Executive IBM Global Services Global Conditions are Changing 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Agriculture Manufacturing Service
More informationIT risk management discussion 2013 PIAA Leadership Camp May 15, 2013
IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2
More informationCompany size matters: Perspectives on IT Governance
www.pwc.com/ca/technology-consulting Company size matters: Perspectives on IT Governance versus large Canadian organizations and IT Governance PwC conducted research for the 4th edition of the IT Governance
More informationIT Governance, Risk, and Compliance
May 2008 2008 Annual Report IT Governance, Risk, and Compliance Improving business results and mitigating financial risk IT Policy Compliance Group Contents Executive summary...........................................................
More informationMaking Compliance Work for You
white paper Making Compliance Work for You with application lifecycle management Rocket bluezone.rocketsoftware.com Making Compliance Work for You with Application Lifecycle Management A White Paper by
More informationFormulating and Implementing an HP IT program strategy using CobiT and HP ITSM
Formulating and Implementing an HP IT program strategy using CobiT and HP ITSM Mathias Sallé HP Research Laboratories mathias.salle@hp.com Steve Rosenthal Management Software Organization steve.rosenthal@hp.com
More informationGovernance and Management of Information Security
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
More informationCertified Information Security Manager (CISM)
Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security
More informationBEST PRACTICES. March 29, 2005 IT Governance Framework. by Craig Symons. Helping Business Thrive On Technology Change
March 29, 2005 IT Governance Framework by Craig Symons BEST PRACTICES Helping Business Thrive On Technology Change BEST PRAC TICES March 29, 2005 IT Governance Framework Structures, Processes, And Communication
More informationSHARED ASSESSMENTS PROGRAM STANDARDIZED INFORMATION GATHERING (SIG) QUESTIONNAIRE
SHARED ASSESSMENTS PROGRAM STANDARDIZED INFORMATION GATHERING (SIG) QUESTIONNAIRE The Shared Assessments Trust, But Verify Model The Shared Assessments Program Tools are used for managing the vendor risk
More informationEffectively Using CobiT in IT Service Management
Effectively Using CobiT in IT Service Management Crown copyright material is reproduced with the permission of the Controller of HMSO and Queen s Printer for Scotland. ITIL is a Registered Trade Mark of
More informationImplementing Practical Information Security Programs
Implementing Practical Information Security Programs CISO Summit March 17-19, 2013 Presented by: David Cass, SVP & Chief Information Security Officer, Elsevier Information Security & Data Protection Office
More informationGuidance for Best Practices in Information Security and IT Audit
September 2009 Guidance for Best Practices in Information Security and IT Audit IT Policy Compliance Group Contents Executive Summary Practices Covered 2 Key Findings 2 Only One-in-Ten Experience the Best
More informationIT Charter and IT Governance Framework
IT Charter and IT Governance Framework Status: Custodian: Approved Director: Information Technology Date approved: 2013-12-04 Implementation date: 2013-12-05 Decision number: SAQA 02102/13 Due for review:
More informationCITY OF HOUSTON. Executive Order. Information Technology (IT) Governance
CITY OF HOUSTON Executive Order E.O. No: 1-44 Effective Date: December 20, 2012 1. AUTHORITY 1.1 Article VI, Section 7a, of the City Charter of the City of Houston. 2. PURPOSE 2.1 The City of Houston seeks
More informationENTERPRISE RISK MANAGEMENT POLICY
ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving
More informationThe MSS Approach to BPM
The MSS Approach to BPM Ryan McMahon, PMP MSS Management Consulting Agenda BPM defined MSS BPM Offerings and Approach Key BPM Benefits Q&A - Improve the Big Picture - Identify Problem Areas and Bottlenecks
More informationQuestion: 1 Which of the following should be the FIRST step in developing an information security plan?
1 ISACA - CISM Certified Information Security Manager Exam Set: 1, INFORMATION SECURITY GOVERNANCE Question: 1 Which of the following should be the FIRST step in developing an information security plan?
More informationAPPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014
WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles
More informationInformation Security Management Systems
Information Security Management Systems Øivind Høiem CISA, CRISC, ISO27001 Lead Implementer Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector
More informationBusiness Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting
Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What
More informationOffice of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015
Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...
More informationExecutive's Guide to
Executive's Guide to IT Governance Improving Systems Processes with Service Management, COBIT, and ITIL ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS
More informationTrends in Information Technology (IT) Auditing
Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan
More informationTop Priorities for Internal Auditors in U.S. Healthcare Provider Organizations
Top Priorities for Internal Auditors in U.S. Healthcare Provider Organizations Key Areas for Improvement Include Compliance, Information Security, Social Media and Quality Assurance INTRODUCTION Historic
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationRSA Archer Risk Intelligence
RSA Archer Risk Intelligence Harnessing Risk to Exploit Opportunity June 4, 2014 Steve Schlarman GRC Strategist 1 Risk and Compliance Where is it today? 2 Governance, Risk, & Compliance Today 3 4 A New
More informationCreating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services
Creating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services Managing Governance, Risk, and Compliance for Cloud Information Security Introduction Businesses today are
More informationEnterprise Service Management (ESM)
Enterprise Service Management (ESM) A Reference Model for Adopting and Adapting IT Best Practices Across and Enterprise itsm003 v.3.0 Agenda and Objectives What are ESM Best Practices? What is the ESM
More informationGLOBAL STANDARD FOR INFORMATION MANAGEMENT
GLOBAL STANDARD FOR INFORMATION MANAGEMENT Manohar Ganshani Businesses have today expanded beyond local geographies. Global presence demands uniformity within the processes across disparate locations of
More informationNEW PERSPECTIVES. Data Analysis Challenges: C1 is customer provided. Anticipate IRS Audits: System Development and Implementation Projects:
NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 31, No. 2, Summer, 2012 C1 is customer provided Data Analysis
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationfor Information Security
for Information Security The following pages provide a preview of the information contained in COBIT 5 for Information Security. The publication provides guidance to help IT and Security professionals
More informationContents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.
iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 1.1 Overview 4 1.2 Context 4 1.3 Purpose 8 1.4 Usage 8 2 Management
More informationCISOs Share Advice on Managing Both Information Security & Risk
CISOs Share Advice on Managing Both Information Security & Risk Learn how CISOs from top companies are tackling their new dual role of information security & risk management WISEGATE COMMUNITY VIEWPOINTS
More informationSan Francisco Chapter. Cassius Downs Network Edge LLC
Cassius Downs Network Edge LLC ITIL History ITIL Books V3 Objectives Business Benefits of V3 V3 Changes Training & Certification V2 or V3? Summary 2 The 12 Rules 1. EXERCISE Rule #1: Exercise boosts brain
More informationHow RSA has helped EMC to secure its Virtual Infrastructure
How RSA has helped EMC to secure its Virtual Infrastructure A new solution, the RSA solution for Cloud Security and Compliance, has been developed and is now available to all of our customers. Luciano
More informationEnterprise Risk Management & Information Technology
Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationTHE BOARD S ROLE AND RESPONSIBILITIES OVER THE CONTROL ENVIRONMENT. Session 4
THE BOARD S ROLE AND RESPONSIBILITIES OVER THE CONTROL ENVIRONMENT Session 4 Road Map of Presentation Review of the key responsibilities of the Board - the direct links to the IC System & IA function Analyze
More informationComply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan
Comply, Improve, Transform: Regulatory Compliance Management for Software Development Jim Duggan You Can Offset the Costs of Compliance! Complexity Drives Cost UP Sarbanes-Oxley HIPAA EPA Basel II M&A
More informationCobiT Strategy and Long Term Vision
CobiT Strategy and Long Term Vision Urs Fischer VP Head IT Risk Mgmt, Security & ICS SwissLife Seite 2 1 Seite 3 Seite 4 2 Session Objective Provide those interested stakeholders with a clear and single
More information