Auditing Application User Account Security and Identity Management with Data Analytics
|
|
- Eileen Kathlyn Jacobs
- 8 years ago
- Views:
Transcription
1 Auditing Application User Account Security and Identity Management with Data Analytics James Kidwell, JD, CISA Senior Information Systems Auditor Audit Services
2 Session Agenda and Learning Objectives Brief background and risk history Discuss continuous auditing/monitoring project design, planning and execution steps Describe continuous audit and data analytic project challenges Discuss approaches used to help management make enterprise application user account security and identity management process and control improvements Share lessons learned by auditing with data analytics 9/14/2015 2
3 Background About Carolinas HealthCare System (CHS) Audit Findings. Terminated users still had active application user accounts Active application user accounts could not be linked to enterprise identity management data sources Applications access, process, store and transmit Protected Health Information (PHI) and other confidential data Why? When some workforce members leave CHS or move jobs internally, their app user accounts are not promptly disabled? Does this occur across multiple enterprise applications? 9/14/2015 3
4 Why Use Data Analytics (DA) to Audit? Multiple process and control issue factors Complex application interfaces and infrastructures Broad geographical facility locations and remote users Coordination of remote user support and account management between Corporate and other health system entities Non-employee users, Contractors, Vendors, etc Multiple authoritative identity and user access security data sources Improve Critical Thinking with Technology Excel, Access, etc. are great CAAT tools, but sometimes a little more power is needed CHS strengthened ACL Desktop with Audit Exchange (AX) Server 9/14/2015 4
5 Using Repeatable Data Analytics 9/14/ Image Source: Data-Analytics_whp_Eng_0811.pdf (ISACA)
6 Why Use Continuous Auditing/Monitoring (CA/CM) to Mitigate Risk? Beyond Repeatable DA, other Benefits too: Advanced, pre-defined analytic scripting to support repeatability and automation Audit assurance/consultation skill/knowledge/experience increase Automated data source feeds to AX (as opposed to ad hoc IT extracts) Enhanced data file security on centralized server PHI in raw data and audit samples, Payroll, excecutive compensation, etc. AX Audit program data testing and scripting standards 9/14/2015 6
7 Key CA/CM Project Design Considerations Identify data owners, stakeholders and key players Learn where the data is maintained Determine the needed data (DB tables and fields) Define the purpose and scope of the testing Select audit tools to perform data analytic tests Define the data analytic processes and tests Establish the data request/delivery process Define audit/monitoring report distribution/timing Build client confidence in program 9/14/2015 7
8 CA/CM Project Execution/Challenges Primary client education and awareness Subject matter expert engagement Auditor education and awareness Long-term management acceptance and engagement Data source acquisition and management Segregation of duties Cultural realities Mapping business processes to workforce and software activities Audit communications 9/14/2015 8
9 CA/CM Project Lessons Learned Oh boy, where should we begin Audit project communications Mapping business processes to workforce and software activities Cultural realities Segregation of duties Data source acquisition and management Long-term management acceptance and engagement Auditor education and awareness Subject matter expert engagement Primary client education and awareness 9/14/2015 9
10 Q & A??? 9/14/
11 James Kidwell Senior Information Systems Auditor Audit Services James.Kidwell (at) CarolinasHealthCare.org O:
www.pwc.com Leveraging Continuous Auditing / Continuous Monitoring in internal audit April 10, 2012
www.pwc.com Leveraging Continuous Auditing / Continuous Monitoring in internal audit April 10, 2012 Agenda 1. Introductions to DA, CA & CM [] 2. Inventory management continuous monitoring [The Gap] 3.
More informationISACA PROFESSIONAL RESOURCES
ISACA PROFESSIONAL RESOURCES SEGREGATION OF DUTIES WITHIN INFORMATION SYSTEMS This is an excerpt from the CISA Review Manual 2005 Chapter 2 - Management, Planning and Organization of IS CISA Review Manual
More informationThe Information Systems Audit
November 25, 2009 e q 1 Institute of of Pakistan ICAP Auditorium, Karachi Sajid H. Khan Executive Director Technology and Security Risk Services e q 2 IS Environment Back Office Batch Apps MIS Online Integrated
More informationUsing data analytics and continuous auditing for effective risk management
Using data analytics and continuous auditing for effective risk management April 2014 Irakis Kanavaris Agenda Current trends Common terminology of Data Analytics and CA/CM KPMG approach & observations
More informationUsing CAAT in Compliance
Using CAAT in Compliance Auditing Suzann Hall, CPA, ACDA November 12, 2010 CHAN Founded in 1997 through the collaboration of Ascension Health and Catholic Health Initiatives, the two largest not-for-profit
More informationOur Data Analytics Journey, Methodology, and More. September 15, 2015
Our Data Analytics Journey, Methodology, and More September 15, 2015 Objectives High-level Objectives: Discuss Audit Data Analytics History Industry Personal History TIAA-CREF History Define our data analytics
More informationIT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014
IT Vendor Due Diligence Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 Carolinas HealthCare System (CHS) Second largest not-for-profit healthcare system
More informationProf. Dr. Nick Gehrke Alexander Rühle
Prof. Dr. Nick Gehrke Alexander Rühle AGENDA 15:00 16:00 Session 1 1. Introducing Process Mining 2. Case #1: Financial Process Mining 3. Introducing the profiling methodology 4. Case #2: Financial Process
More informationContinuous Auditing and Monitoring Leveraging Your Data for Compliance
Continuous Auditing and Monitoring Leveraging Your Data for Compliance A Phyllis Patrick & Associates LLC White Paper April 2014 Gail Hormats, B.S., M.B.A., C.I.A., C.I.S.A., C.R.M.A., C.A.D.A. Automated
More informationAuditing Application User Account Security and Identity Management with Data Analytics
Auditing Application User Account Security and Identity Management with Data Analytics James Kidwell, JD, CISA Senior Information Systems Auditor Audit Services Tom Valiquette, MBA, CIA Director, Corporate
More informationConducting a Successful audit on Large Systems
Using a Big CA(A)T to Tame the Big Data Jungle Cathy Blunt Manager Internal Audit Griffith University Mario Bojilov Meta Business Systems Pty Ltd Thursday 21 st November World Continuous Auditing & Reporting
More informationLeveraging Data Analytics and Continuous Auditing. Internal Audit. January 9, 2014
Leveraging Data Analytics and Continuous Auditing to Transform Internal Audit January 9, 2014 Presenter Introductions John Isenberg, Director KPMG Risk Consulting Dallas Cortnye King, Manager KPMG Risk
More informationContinuous Controls Monitoring. Virginia ISACA January Meeting 19 January 2010
Continuous Controls Monitoring Virginia ISACA January Meeting 19 January 2010 Today s Agenda What We Are Hearing About Risk Internal Controls Continuous Control Monitoring What is CCM? Framework EY Point
More informationFraud and Role of Information Technology. September 2008
Fraud and Role of Information Technology September 2008 Agenda IT Value Proposition Slide 2 Prior Interpretations of Internal Control Structure Have Addressed Three Separate Parts Which Were Audited Somewhat
More informationHealthcare Technology Audit Basics. Session Objectives
Healthcare Technology Audit Basics Jennifer McGill, CIA, CISA, CGEIT April 20, 2015 Session Objectives Review information technology basic concepts. Use real world examples to identify and understand healthcare
More information3/17/2015. Healthcare Technology Audit Basics. Session Objectives. Jennifer McGill, CIA, CISA, CGEIT April 20, 2015
Healthcare Technology Audit Basics Jennifer McGill, CIA, CISA, CGEIT April 20, 2015 Session Objectives Review information technology basic concepts. Use real world examples to identify and understand healthcare
More informationBig Data, Data Analytics, and Data Visualization building your knowledge and expertise. September 15, 2015
+ Big Data, Data Analytics, and Data Visualization building your knowledge and expertise September 15, 2015 Today s Agenda 2! Kickoff: Glossary of Terms! Data analytics! Data visualization! Big Data! Body
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationBuilding for the Future
Building for the Future Alvia Brown Director, Global Operations Sean Pinto Manager, Global Operations Our Global Analytics- Enabled Audit Strategy 4 Company Overview World s largest non-alcoholic beverage
More informationCurrent Uses and Trends in ACL and Data Mining
Current Uses and Trends in ACL and Data Mining Weaver and Tidwell, L.L.P. January 10, 2013 Marlon B Williams, CPA, ACDA Partner, Assurance Reema Parappilly, CISA Senior Manager, IT Advisory Objective Discuss
More informationmicros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.
micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5
More informationPerformance Audit of the San Diego Convention Center s Information Technology Infrastructure JULY 2012
Performance Audit of the San Diego Convention Center s Information Technology Infrastructure JULY 2012 Audit Report Office of the City Auditor City of San Diego This Page Intentionally Left Blank July
More informationTECHNOLOGY CONSULTING SERVICES DIRECTOR AH Consulting
TECHNOLOGY CONSULTING SERVICES DIRECTOR AH Consulting Present day organisations are under pressure to increase accountability and transparency as an assurance tool through: Real time reports Instant identification
More informationAUDITOR GENERAL WILLIAM O. MONROE, CPA
AUDITOR GENERAL WILLIAM O. MONROE, CPA HILLSBOROUGH COUNTY DISTRICT SCHOOL BOARD LAWSON FINANCIALS MODULE Information Technology Audit SUMMARY To support its financial management needs, the Hillsborough
More informationCONTINUOUS CONTROLS MONITORING
Clarity. Certainty. Confidence. CONTINUOUS CONTROLS MONITORING Support Regulatory Compliance Improve Cost Management Drive Operational Performance Executives today are more challenged than ever to make
More informationThird-Party Vendor Compliance Programs: The Value, the Need, the Risk
Third-Party Vendor Compliance Programs: The Value, the Need, the Risk HCCA Compliance Institute Session 602 Tuesday, April 19, 2016 1:00-2:00 PM HCCA CI - 2016 1 Presenters Corey M. Perman, JD Vice President,
More informationA Presentation to the IIA Jacksonville Chapter May 16, 2014
Data Analytics A Presentation to the IIA Jacksonville Chapter May 16, 2014 Experis Wednesday, May 14, 2014 1 Agenda Introductions Expectations What is Data Analytics Why use Data Analytics Data Data Analytics
More informationLeveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com
Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency kpmg.com Leveraging data analytics and continuous auditing processes 1 Executive
More informationOffice of the City Auditor and Clerk
Office of the City Auditor and Clerk Externally Hosted IBM iseries System Arrangement For Utility Billing System Final Executive Summary Internal Audit Report Internal Audit Project # 08-05 May 28, 2008
More informationHIPAA Compliance Issues and Mobile App Design
HIPAA Compliance Issues and Mobile App Design Washington, D.C. April 22, 2015 Presenter: Shannon Hartsfield Salimone, Holland & Knight LLP, Tallahassee and Jacksonville, Florida Agenda Whether HIPAA applies
More informationBIG DATA What is it? Data Mining: Unlocking the Intelligence in Your Data. Today s Agenda 1/16/2014. Big Data What is it? Data Mining at a Glance
Data Mining: Unlocking the Intelligence in Your Data Marlon B. Williams, CPA, ACDA Partner, IT Advisory Services Weaver Brian J. Thomas, CISA, CISSP Partner-in-Charge, IT Advisory Services Weaver 0 Today
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationProposed Audit Plan for Fiscal Year 2015-16 and Preliminary Audit Plan for Fiscal Year 2016-17
Page 1 of 13 Proposed Audit Plan for Fiscal Year 2015-16 and Preliminary Audit Plan for Fiscal Year 2016-17 A June 2015 Page 2 of 13 Table of Contents Section I FY 2015-16 Proposed Audit Plan Pension and
More informationAudit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland
Audit Report Effectiveness of IT Controls at the Global Fund Follow-up report GF-OIG-15-20b Geneva, Switzerland Table of Contents I. Background and scope... 3 II. Executive Summary... 4 III. Status of
More informationForensic Audit and Automated Oversight Federal Audit Executive Council September 24, 2009
Forensic Audit and Automated Oversight Federal Audit Executive Council September 24, 2009 Dr. Brett Baker, CPA, CISA Assistant Inspector General for Audit U.S. Department of Commerce OIG Overview Forensic
More informationData Analytics in Internal Audit. Elizabeth Dunkerley
Data Analytics in Internal Audit Elizabeth Dunkerley Who Am I? Born in Bermuda Master s degree at King s College London Joined KPMG 2014 Technology Risk Data group 1 What is Data Analytics? Why is Data
More informationCloud security with Sage Construction Anywhere
Cloud security with Sage Construction Anywhere Table of Contents Cloud computing s advantage for construction companies... 3 Security concerns... 3 The Sage commitment to security... 4 Sage application
More informationGreat Expectations : How to Detect and Prevent Fraud using Data Analysis
Technology for Business Assurance Great Expectations : How to Detect and Prevent Fraud using Data Analysis Copyright 2009 ACL Services Ltd. Peter Millar Director, Technology Application ACL Services Ltd
More informationKAREN E. RUSHING. AUDIT OF Human Capital Management System (HCMS) Application Controls
KAREN E. RUSHING Clerk of the Circuit Court and County Comptroller AUDIT OF Human Capital Management System (HCMS) Application Controls Audit Services Karen E. Rushing Clerk of the Circuit Court and County
More informationHIPAA Security Rule Changes and Impacts
HIPAA Security Rule Changes and Impacts Susan A. Miller, JD Tony Brooks, CISA, CRISC HIPAA in a HITECH WORLD American Health Lawyers Association March 22, 2013 Baltimore, MD Agenda I. Introduction II.
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the
More informationContinuous Controls Monitoring ISACA, Houston Chapter. August 17, 2006
Continuous Controls Monitoring ISACA, Houston Chapter August 17, 2006 Purpose of Discussion Understand impact of Continuous Controls Monitoring (CCM) on the Information Systems Audit community To perform
More informationSECURITY RISK MANAGEMENT
SECURITY RISK MANAGEMENT ISACA Atlanta Chapter, Geek Week August 20, 2013 Scott Ritchie, Manager, HA&W Information Assurance Services Scott Ritchie CISSP, CISA, PCI QSA, ISO 27001 Auditor Manager, HA&W
More informationSpillemyndigheden s Certification Programme Information Security Management System
SCP.03.00.EN.1.0 Table of contents Table of contents... 2 1 Objectives of the... 3 1.1 Scope of this document... 3 1.2 Version... 3 2 Certification... 3 2.1 Certification frequency... 3 2.1.1 Initial certification...
More informationLessons Learned from HIPAA Audits
Lessons Learned from HIPAA Audits October 29, 2012 Tony Brooks, CISA, CRISC Partner - IT Assurance and Risk Services HORNE LLP AGENDA HIPAA/HITECH Regulations Breaches and Fines OCR HIPAA/HITECH Compliance
More informationDatabase Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions
Database Auditing & Security Brian Flasck - IBM Louise Joosse - BPSolutions Agenda Introduction Drivers for Better DB Security InfoSphere Guardium Solution Summary Netherlands Case Study The need for additional
More informationAuditing Applications. ISACA Seminar: February 10, 2012
Auditing Applications ISACA Seminar: February 10, 2012 Planning Objectives Mapping Controls Functionality Tests Complications Financial Assertions Tools Reporting AGENDA 2 PLANNING Consideration / understanding
More informationReal life experiences with Continuous Controls Monitoring (CCM) on Master Data. Pat Culpan Jeet Kadam
Real life experiences with Continuous Controls Monitoring (CCM) on Master Data Pat Culpan Jeet Kadam What is Master Data? Master data is the core data that is essential for operating an industry. The kind
More informationAssessing the Opportunities Presented by the Modern Enterprise Archive
Assessing the Opportunities Presented by the Modern Enterprise Archive Published: November 2015 Analysts: James Haight, Research Analyst; David Houlihan, Principal Analyst Report Number: A0193 Share This
More informationAre CAATs keeping you awake at night?
Are CAATs keeping you awake at night? SUMMARY: The importance of using Computer-Assisted Audit Techniques is discussed. A challenge is made regarding the audit profession s traditional methodology. The
More informationAudit Compliance and Internal Audit Analysis for Dynamics
Fastpath Audit Compliance and Internal Audit Analysis for Dynamics: Better Audit Results with a Reliable, Repeatable Process using Fastpath Fastpath 11107 Aurora Ave. Urbandale, IA 50322 (515) 276-1779
More informationARBUTUS. Arbutus Audit Analytics ARBUTUS ANALYZER. ArbutusSoftware.com
provides auditors, business analysts, and fraud investigators with the very best in data analysis technology. Based on 25 years of software innovation excellence, Arbutus audit software will help you simplify
More informationERP IMPLEMENTATION AND MAINTENANCE FOR A LARGE ENTERPRISE.
ERP IMPLEMENTATION AND MAINTENANCE FOR A LARGE ENTERPRISE. About the Client Our client is one of the world s leading enterprise software companies, which specializes in providing software and solutions
More information2/5/2013. Session Objectives. Higher Education Headlines. Getting Started with Data Analytics. Higher Education Headlines.
+ Getting Started with Data Analytics Prepared for the UCOP Auditor s Symposium January 30, 2013 and February 14, 2013 Session Objectives 2 Higher Education Headlines New IIA Guidance Visual Risk IQ s
More informationIT Enabled System : Opportunities & Challenges for Assurance Professionals
IT Enabled System : Opportunities & Challenges for Assurance Professionals Acknowledgements: - ISACA - ITGI - Wikipedia - The Economist - ICMAB - SCB March 31, 2011; ICAB (Chartered Accountant Bhaban)
More informationWEB-BASED TIME AND ATTENDANCE & DCAA COMPLIANCE
WEB-BASED TIME AND ATTENDANCE & DCAA COMPLIANCE White Paper AUDIT CONCERNS Certain types of organizations who contract with the US Government must follow specific timekeeping guidelines set forth by the
More information4 Testing General and Automated Controls
4 Testing General and Automated Controls Learning Objectives To understand the reasons for testing; To have an idea about Audit Planning and Testing; To discuss testing critical control points; To learn
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agency IT Risk Strategy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy Overview: IT Risk Strategy
More informationData Analytics: Applying Data Analytics to a Continuous Controls Auditing / Monitoring Solution
Data Analytics: Applying Data Analytics to a Continuous Controls Auditing / Monitoring Solution December 10, 2014 Parm Lalli, CISA, ACDA Sunera Snapshot Professional consultancy with core competency in:
More informationTechnology Risk Management
1 Monetary Authority of Singapore Technology Risk Guidelines & Notices New Requirements for Financial Services Industry Mark Ames Director, Seminar Program ISACA Singapore 2 MAS Supervisory Framework Impact
More informationBest Practices for Managing Bank Transaction Risk Using a Continuous Data Analytics Approach
Best Practices for Managing Bank Transaction Risk Using a Continuous Data Analytics Approach Co-authored by: Focus Technology Group Contents Introduction The Approach Risk Assessment Risk Data Analytics
More informationFinancial and operational complexities
So l u t i o n s Harnessing the Power of Business Intelligence By Jeff Jackson and Carol Market Harris County, Texas, used business intelligence technology to automate its financial reports and become
More informationEstablishing a Mature Identity and Access Management Program for a Financial Services Provider
Customer Success Stories TEKsystems Global Services Establishing a Mature Identity and Access Management Program for a Financial Services Provider FINANCIAL SERVICES NETWORK INFRASTRUCTURE SERVICES INFORMATION
More informationInternal Audit Testing and Sampling Techniques. Chartered Institute of Internal Auditors May 2014
Internal Audit Testing and Sampling Techniques Chartered Institute of Internal Auditors May 2014 Controls Testing Slide 1 Testing Priorities Risk B1 Risk A1 Risk B2 Risk A2 Risk C2 Risk C1 Controls testing
More informationHow to set up a people based. accounting system that makes your. small business work for you. Thomas G. Post. Certified Public Accountant 281-351-2688
How to set up a people based accounting system that makes your small business work for you. By Thomas G. Post Certified Public Accountant 281-351-2688 www.texastaxman.com 1 Title How to set up a people
More informationFeature. Multiagent Model for System User Access Rights Audit
Feature Christopher A. Moturi is the head of School of Computing and Informatics at the University of Nairobi (Kenya) and has more than 20 years of experience teaching and researching on databases and
More informationU.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE. Privacy Impact Assessment
U.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE Privacy Impact Assessment Enterprise Data Warehouse (EDW) PTOC-003-00 August 5, 2015 Privacy Impact Assessment This Privacy Impact
More informationIT Risk Assessment Action Plan. South Staffordshire District Council Audit 2010/11
IT Risk Assessment Action Plan South Staffordshire District Council Audit 2010/11 The Audit Commission is a public corporation set up in 1983 to protect the public purse. The Commission appoints auditors
More informationLSF HEALTH SYSTEMS Information Technology Plan
LSF HEALTH SYSTEMS Information Technology Plan I. INTRODUCTION The LSF Health Systems software is a web-enabled, secure website providing access to LSF, the Provider Network and DCF. At this time, the
More informationCIIA South West Analytics in Internal Audit - Tackling Fraud
CIIA South West Analytics in Internal Audit - Tackling Fraud 10 December 2014 Agenda Intro to Analytics When to use analytics and how to get started Risk Monitoring and Control Automation Common Pitfalls
More informationBEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050
BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security
More informationCRYPTOGEDDON: HEALTH CARE COMPROMISE. Todd Dow, CISA, PMP Founder, cryptogeddon.com @toddhdow, toddhdow@gmail.com
CRYPTOGEDDON: HEALTH CARE COMPROMISE Todd Dow, CISA, PMP Founder, cryptogeddon.com @toddhdow, toddhdow@gmail.com WHAT IS CRYPTOGEDDON? An online scavenger hunt using hacker tools Use infosec tools to solve
More informationOVERVIEW OF THE ISSUE
Feature Automated Audit Testing for Sap Data Benefit or Just Another Black Box? Stefan Wenig is chief executive officer (CEO) of the dab:group, a company that specializes in data extraction, analysis of
More informationDesign of Database Security Policy In Enterprise Systems
Design of Database Security Policy In Enterprise Systems by Krishna R Singitam Database Architect Page 1 of 10 Table of Contents 1. Abstract... 3 2. Introduction... 3 2.1. Understanding the Necessity of
More informationVirtualization Impact on Compliance and Audit
2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance
More informationACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances
ACL WHITEPAPER Automating Fraud Detection: The Essential Guide John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances Contents EXECUTIVE SUMMARY..................................................................3
More informationHealthcare Compliance and Hybrid Entity Designation
[New OP initial posting 8/28/14] Operating Policy and Procedure : Healthcare Compliance and Hybrid Entity Designation DATE: August 28, 2014 PURPOSE: The purpose of this Texas Tech Operating Policy and
More informationBest Practices for Protecting Sensitive Data in an Oracle Applications Environment. Presented by: Jeffrey T. Hare, CPA CISA CIA
Best Practices for Protecting Sensitive Data in an Oracle Applications Environment Presented by: Jeffrey T. Hare, CPA CISA CIA Webinar Logistics Hide and unhide the Webinar control panel by clicking on
More informationContinuous Auditing with Data Analytics
Continuous Auditing with Data Analytics Brooke Miller, CPA, CIA, CPCU brooke.miller@rlicorp.com Sean Scranton, CPCU, CISSP, CISM, CISA sean.scranton@rlicorp.com Overview Understand embedding data analytics
More informationInformation Security Incident Management Policy September 2013
Information Security Incident Management Policy September 2013 Approving authority: University Executive Consultation via: Secretary's Board REALISM Project Board Approval date: September 2013 Effective
More informationwww.pwc.com PwC The Path Forward for Data Analysis and Continuous Auditing May 2011
www.pwc.com The Path Forward for Data Analysis and Continuous Auditing May 2011 Agenda What are we hearing in the market? The CA Maturity Path Where to start? What is the difference between CA & CCM? Best
More informationOFFICE OF THE CITY AUDITOR
OFFICE OF THE CITY AUDITOR AUDIT OF THE HEALTH CARE CLAIMS PROCESSING FOR CALENDAR YEARS 2002 AND 2003 Paul T. Garner Assistant City Auditor Prepared by: James R. Martin, CPA Interim Assistant City Auditor
More informationData Analytics Leveraging Data Visualization and Automation in Audit Real World Examples
Data Analytics Leveraging Data Visualization and Automation in Audit Real World Examples June 3, 2015 Cliff Stephens, CISA Agenda Introductions Technological Advances in Analytics Capitalizing on Analytics
More informationProfessional Position Description Section I Position Information Position Title
Professional Position Description Section I Position Information Update Only Classification Review Position Title Coordinator, Payroll Position # 999706 Department Human Resources Classification Level
More informationDefending the Database Techniques and best practices
ISACA Houston: Grounding Security & Compliance Where The Data Lives Mark R. Trinidad Product Manager mtrinidad@appsecinc.com March 19, 2009 Agenda Understanding the Risk Changing threat landscape The target
More informationWhen HHS Calls, Will Your Plan Be HIPAA Compliant?
When HHS Calls, Will Your Plan Be HIPAA Compliant? Petula Workman, J.D., CEBS Division Vice President Compliance Counsel Gallagher Benefit Services, Inc., Sugar Land, Texas The opinions expressed in this
More informationPeopleSoft IT General Controls
PeopleSoft IT General Controls Performance Audit December 2009 Office of the Auditor Audit Services Division City and County of Denver Dennis J. Gallagher Auditor The Auditor of the City and County of
More informationAudit Committee Meeting
ILLINOIS STATE TOLL HIGHWAY AUTHORITY Minutes of the Audit Committee Meeting Meeting Date April 27 2015 Record of Meeting April 27, 2015 The Illinois State Toll Highway Authority (the Tollway ) held the
More informationUser Accounts: Using Data Analytics to Evaluate Account Administration
User Accounts: Using Data Analytics to Evaluate Account Administration Tom Valiquette, Program Manager, Compliance Advanced Data Analytics Carolinas HealthCare System Carolinas HealthCare System (CHS)
More informationWEB-BASED TIME AND ATTENDANCE DCAA COMPLIANCE. White Paper
WEB-BASED TIME AND ATTENDANCE AND DCAA COMPLIANCE White Paper Page 1 AUDIT CONCERNS Certain types of organizations who contract with the US Government must follow specific timekeeping guidelines set forth
More informationHIPAA compliance audit: Lessons learned apply to dental practices
HIPAA compliance audit: Lessons learned apply to dental practices Executive summary In 2013, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 Omnibus Rule put healthcare providers
More informationO L A. Department of Employee Relations Department of Finance SEMA4 Information Technology Audit OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA
O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA Financial-Related Audit Department of Employee Relations AUGUST 29, 2002 02-57 Financial Audit Division The Office of the Legislative Auditor
More informationTable of Contents. Auditor's Guide to Information Systems Auditing Richard E. Cascarino Copyright 2007, John Wiley & Sons, Inc.
Table of Contents PART I. IS Audit Process. CHAPTER 1. Technology and Audit. Technology and Audit. Batch and On-Line Systems. CHAPTER 2. IS Audit Function Knowledge. Information Systems Auditing. What
More informationIT GOVERNANCE ISSUES IN THE INSTITUTIONS WE HAVE AUDITED: LESSONS LEARNED
CONTRALORIA GENERAL DE LA REPUBLICA DE COSTA RICA 5TH PERFORMANCE AUDITING SEMINAR INTOSAI STANDING COMMITTEE ON IT AUDIT MAJOR THEME: IT GOVERNANCE IT GOVERNANCE ISSUES IN THE INSTITUTIONS WE HAVE AUDITED:
More informationSurvey of more than 1,500 Auditors Concludes that Audit Professionals are Not Maximizing Use of Available Audit Technology
Survey of more than 1,500 Auditors Concludes that Audit Professionals are Not Maximizing Use of Available Audit Technology Key findings from the survey include: while audit software tools have been available
More information3. Current Auditing Computerized Tools
- 17-3. Current Auditing Computerized Tools 3.1. Objective and Structure The objective of this chapter is to provide information about technological tools and techniques currently used by auditors. Section
More informationFocus of recent Compliance Reviews. 1. Outreach with Documentation 2. Applicant Tracking 3. Understanding & Confidence with Compensation System
Focus of recent Compliance Reviews 1. Outreach with Documentation 2. Applicant Tracking 3. Understanding & Confidence with Compensation System Outreach with Documentation Kentucky OFCCP Louisville KY Office
More informationCloud Computing Thunder and Lightning on Your Horizon?
Cloud Computing Thunder and Lightning on Your Horizon? Overview As organizations automate more and more of their manual processes, the Internet is increasingly becoming an important tool in the delivery
More informationInformation audits in a perimeter-less world
Information audits in a perimeter-less world Jayesh Kamat Practice Head Risk Advisory services Seclore Partner The Business Challenge Information Value Some day, on the corporate balance sheet, there will
More information