Empowering business agility Strengthening Internal Audit s impact and value
|
|
- Daniela Allen
- 8 years ago
- Views:
Transcription
1 Empowering business agility Strengthening Internal Audit s impact and value Findings from the eighth annual survey of chief audit executives in power and utilities January 2014
2
3 How utility IA organizations plan to bolster their relevance and response to risks Authors Alan Conkle Jim Hanlon Andy Dahle Amanda Herron Jake Stricker Utilities are navigating dramatic and pronounced change. Demand management, smart grids, big data, shifting regulatory needs and growing capital investments are forcing utilities to change how they manage their businesses. At the same time, the growth of distributed generation, new sources of fossil fuel and the advent of shale gas and tight oil supplies are changing the industry s economics and demanding new strategies. Utility company internal audit (IA) groups are pivotal to their company s ability to navigate the risks inherent in these pervasive changes. However, PwC s eighth annual survey of Power and Utilities Chief Audit Executives (CAEs) found that IA groups are facing significant challenges in maintaining a central role. For example, respondents fear their groups won t have the required skills to keep pace with a growing portfolio of capital projects, increasing regulatory complexity, and new technologies. In addition, CAEs feel there is an opportunity to achieve closer alignment with the expectations of their stakeholders from the critical risks that should be IA s focus to advanced technologies that strengthen IA s efficiency and efficacy. In this year s survey, PwC delved into the challenges internal audit groups are grappling with and how they are charting a path to more vital corporate relevance: specifically, focusing on critical risks, stakeholder expectations, and new technology demands. To surmount these challenges, internal audit groups are embarking on fundamental changes to how they conduct their business. In this review of our research findings, we look at how: Risks are outpacing capabilities The increasing velocity and frequency of risks is a chief concern for IA. As a result, focusing on the critical risks their companies face is the number one improvement goal during the next 1-3 years. Technology risks are at the forefront of respondent concerns, demonstrated by the use and growing demand for IT auditors. In 2012, 17 percent of respondents to PwC s CAE survey reported that IT auditors made up 21 to 30 percent of their department s total resources. In 2013, the percentage almost doubled to 31 percent. The leap comes in response to mounting technology related risks, especially cyber security and largescale system implementations Empowering business agility 1
4 Top ten risk areas ranked by respondents 5 Critical Severe Significant Impact Moderate Marginal 1 Likelihood 5 Rare Unlikely Possible Likely Almost certain Key risks IT and cyber security Construction/major capital projects Environmental regulatory changes Emerging technology Rate making and recovery NERC CIP compliance Major system implementations and upgrades Operational compliance (electric and gas) Safety T&D asset management and maintenance There are opportunities for IA to assist in program governance, implementing more advance tools, and improving the company s capabilities to identify, protect, respond and recover from a cyber security event. Cyber security In this year s survey, respondents ranked IT and cyber security as the highest risk overall. The facts are sobering. For example, the average cost of a successful cyber-attack in the U.S. was $11.6 million in 2013, up from $8.9 million the year before, according to the Ponemon Institute s 2013 Cost of Cyber Crime Study 1. Hacktavists account for 58 percent of stolen data more than twice as much as is stolen by criminals 2. On average, attackers lurk on their victim s network for more than a year before being detected 3. Our survey also found that IA is heavily involved in security audits 84 percent of respondents say their department has covered information privacy and protection; 72 percent have focused on identity and access management; and 69 percent have addressed threat, intelligence and vulnerability management. The 2014 Global State of Information Security Survey, conducted by PwC, CIO Magazine, and CSO Magazine, which included 143 respondents from the power and utilities industry, found that most respondents have implemented blocking and tackling measures such as application firewalls, web content filters, malware/virus protection software and secure remote access. 4 However, There are opportunities for IA to assist in program governance, implementing more advance tools, 1 Ponemon Institute 2013 Cost of Cyber Crime Study 2 Verizon Data Breach Investigation Report Mandiant MTrends Report Power & Utilities Key findings from The Global State of Information Security Survey 2014, September Strengthening Internal Audit s impact and value 2014
5 Security areas covered by Internal Audit 31% 47% 53% 63% 63% 69% 72% 84% Training and awareness Strategy, governance and management Security architecture Risk and compliance management Incident and crisis management Threat, intelligence and vulnerability management Identity and access management Information privacy and protection and improving their capabilities to identify, protect, respond and recover from a cyber security event. Current state: Penetration testing IA can play a more active role in helping to build the organization s cyber defense capabilities by evaluating the current security stance. Many internal audit groups conduct penetration testing, or evaluate the results of IT s own penetration tests. Leveraging experienced professionals, penetration testing helps to identify weaknesses which hackers and other threats can try to exploit, and can help IT to prioritize remediation tactics based on risk. Penetration testing also provides evidence of any exploitation, which can be a powerful demonstration tool for raising awareness of security threats. The next step: Developing a model for evaluating security program governance Leading IA functions are going beyond penetration testing by also evaluating the effectiveness of security program governance. Strong security practices should be grounded in documented policies and procedures, and metrics should chart the progress of information security initiatives. Security measures should also include formal organization security risk management programs that define how the utility will respond if and when it detects a security event (e.g., security breach). To evaluate security program governance, IA groups can utilize a security capability maturity model to measure how security processes are defined, documented, operated, and monitored. Such a model will help the company understand how much value the organization is achieving from their security investments, and over time, how the organization is responding to changes in the security landscape. Socializing and agreeing on expectations for security capability maturity is a critical first step in developing a model that is tailored to the organization and its goals, and nurtures collaboration between IA and IT Empowering business agility 3
6 Industry/business initiatives shaping current and future year IT audit plans New system implementations 90% Mobility/mobile applications 77% NERC-CIP regulations 71% Business continuity management 68% Infrastructure changes 64% Identity (user access) management tool implementation Outsourcing (IT applications or data center) Work management processes 48% 55% 55% Note: Other responses included ERM implementation (39%), AMI (39%), outsourcing IT activities (35%), energy optimization programs (19%) alternative energy investments (19%), carbon reporting (6%) and nuclear plant development (3%). Although technologyrelated risks top respondents concerns, several business and compliance risks are also on the radar, especially given the aging workforce and increasing frequency of rate-cases and capital projects. System implementations The volume of system implementations is increasing and the push from start to completion is increasingly aggressive nearly 60 percent of 2013 CAE survey respondents say the volume of system implementations has grown over the past 12 months and practically all 90 percent agree that new system implementations are shaping their current and future audit plans. Since the costs to make system changes increases as a project s go-live date approaches, some internal audit groups are getting involved at the project initiation phase. By entering the process at the system selection and design stages, internal audit can verify that control considerations are addressed early. Trying to change a system or a business process at the end can be difficult, costly and sometimes impractical or even impossible. Business and regulatory risks Although technology-related risks top respondents concerns, several business and compliance risks are also on the radar. Workforce challenges According to our survey, 41 percent of critical leadership positions and skillsets across the utilities surveyed will become vacant during the next five years as Baby Boomers reach retirement age. However, 72 percent of respondents say that the aging workforce has not changed their IA department s focus. Organizations will be confronted with growing leadership, knowledge and expertise gaps at the same time that competition for specialized technical and managerial skills intensifies. To support their companies, several IA groups are moving to the forefront of the workforce challenge. For example, in addition to supporting the effectiveness of succession plans, IA groups are conducting more robust workforce analysis and planning. Big data is also playing a major role. By combining an organization s performance, survey and workforce data with public and other private information, companies can glean insights, predict future trends and mitigate workforce challenges. 4 Strengthening Internal Audit s impact and value 2014
7 Documentation of rate case processes and controls Yes, for most jurisdictions and filings Involvement of Internal Audit in respondent s rate case filings Yes, for some jurisdictions and filings 36% 43% No, they are not documented 2% 48% 48% 21% Highly involved Somewhat involved Not involved at all Note: Answers include only those for whom rate cases are applicable Rate making and recovery Rate making and recovery are another source of considerable concern for utilities. Rate case frequency is growing after years of inactivity and rate freezes. In addition, increasing capital projects and IT investments are creating heavier funding needs. However, the number of professionals in a utility who have rate case experience is rapidly decreasing as many of these professionals retire. In PwC s recent Rate Making Survey, only 33 percent of respondents say they were satisfied with the rate filing data in their systems. Eighty percent say that their rate case process could be improved and 70 percent have seen issues arise in rate case filings that resulted in additional work. Despite the high stakes, only 2 percent of IA respondents in this year s CAE survey say their group is highly involved in rate case filings. IA has a prime opportunity to improve results, build regulator trust in the data and confirm that costs are appropriately included in rate filings. Business continuity As a result of mounting storm costs and the scrutiny of utility response to disasters such as Hurricane Sandy, business continuity is a major risk area. However, only 56 percent of survey respondents say that their organization has fully implemented a business continuity plan. In addition, only 38 percent report that their companies have performed a business impact analysis (BIA) for all business departments. The costs to conduct a BIA for every business process and system of a company would be significant, if not prohibitive. As a result, some IA groups are working with the business and its IT organization to prioritize which systems and operations must have back up support in the event of failure Empowering business agility 5
8 Plans including formal staff rotations or co-sourced auditors Co-sourced auditors Formal staff rotation Guest auditors 3% 3% 0% >0 10% >10 20% > 20% 11% 26% 13% 7% 30% 17% 67% 31% 59% 33% Note: Meeting the skillset challenge Capital projects planning Almost every respondent 97 percent says that their organization has significant ongoing or planned capital projects. Transmission systems are aging and utilities are trying to add alternative energy sources to the grid. As environmental concerns increase on the part of government and society, utilities are converting coal-fired plants to gas or installing scrubbers to reduce dangerous emissions. More than 70 percent of respondents say that some of these projects will be subject to regulatory reasonableness reviews. Seventy percent say IA assists or advises the business on project governance, risk management and/or project controls related to capital projects planning. Increasing efficacy and efficiency The number and velocity of risks is growing faster than many IA departments ability to address them only 16 percent of respondents feel that their departments have the needed skills to address current and emerging risks. In addition, many IA groups feel that it may not be feasible to develop the needed skills to address all critical risks their companies face. To fill capability gaps, 74 percent of respondents are turning to co-sourced auditors and 43 percent have implemented guest auditor programs. Meeting the skillset challenge To make the most sound talent sourcing decisions, leading IA organizations are turning to formalized personnel plans, and assessing risk areas in conjunction with existing staff skillsets to identify shorter-term and longer-term needs, and determining whether strategic hiring, guest programs, or sourcing to fill a skills gap would be the most effective. The power of analytics Analytics is a force multiplier. It empowers auditors to audit more extensively with fewer hours which, in turn, provides opportunities to develop new skills and direct existing resources to the most pressing concerns. 6 Strengthening Internal Audit s impact and value 2014
9 Areas where respondents use continuous auditing the most Employee expense and procurement cards 72% AP, disbursements, POs, purchasing, other expenses Journal entry testing 40% 72% Fraud audits 40% Supply chain and inventory 36% Payroll, overtime, time reporting 20% Operations analytics 20% Financial statement analytic 20% Note: Lower ranking responses include construction fraud monitoring (12%), validation of monthly close process (12%), treasury and cash management compliance (8%), energy procurement and trading (4%), customer care (including call centers and billing) (4%) Leading internal audit departments stress the importance of having a seat at the table. Indicative of analytics growing importance, our survey found that the use of continuous auditing is on a steep upward trajectory. In 2012, for example, only 31 percent of respondents said continuous auditing was very important. This year, the number has increased to 57 percent. To develop a data analytics function, there are several keys to success. Building a business case to obtain buyin from senior management is critical. Understanding and leveraging tools and analytics already embedded within the company s systems eliminates duplicate efforts. Data analytics functions that fail often try to boil the ocean with several analytical projects commencing at the onset of the program starting with a pilot approach to prove a return on investment can instead lay the groundwork for a successful program. Having the right resources with deep data analytics experience is also crucial at the onset of the program sending inexperienced auditors to data analytics training and expecting immediate results can be a recipe for disaster. Synergizing extensive data analytics knowledge with IA personnel having a deep understanding of business processes has proven to drive value while spreading technical capabilities. Finally, sharing technology with the business and teaching the business how to self-monitor can improve business performance while allowing IA personnel to focus on more strategic concerns. Thinking like stakeholders Creating stronger alignment with stakeholder expectations is another top priority for IA groups over the next months. To develop and gain a deeper understanding of their company s strategy, IA should anchor its planning process in a thorough knowledge of the company s growth, costreduction, and compliance objectives. Leading internal audit departments stress the importance of having a seat at the table. This includes attendance at key strategy and planning meetings, governance and risk management discussions, and other executive sessions. With this seat, internal audit 2014 Empowering business agility 7
10 Internal Audit is evaluated by the following quantitative and qualitative metrics 35% 41% 34% 47% 53% 82% Average training hours for IA staff Multiple factors (Balanced scorecard) Time to issue reports Budget-to-actual hours spent on audits Budget-to-actual cost of the IA department Number of audits completed vs. planned 16% 35% 51% 73% 76% Positive change facilitated by IA (e.g. recommendations implemented)* Talent development Execution on IA plan projects Performance reviews Customer satisfaction results Note: 5% are also evaluated by other IA staff survery results, follow up resolutions, number of management request executed. gains a real-time understanding of the organization s objectives and the risks to achieving those objectives, and can proactively help the utility improve the most critical processes for managing those risks. A dynamic and collaborative relationship with executive management not only works to improve internal audit s understanding and alignment to key risks, but key stakeholders can see the value of internal audit when they re focusing on areas of greatest concern. Making sure risk prioritization views are in sync with other key stakeholders is another way to improve alignment. Too often risks are prioritized and reported differently by other groups to senior management and the Audit Committee. Combined risk assurance maps can be a valuable tool to support collaboration. These maps document the critical risks a company faces and what level of assurance is provided by each of three lines of defense management, functional oversight and internal audit. Yet, only 49 percent of respondents say their companies develop combined risk assurance maps, and this number remains flat with 2012 survey results. Measure and report on what matters Although key objectives for IA are focusing on critical risks and tightening alignment with stakeholders, most IA departments do not measure themselves on progress toward those objectives. More than 80 percent of respondents report that their group is measured on the number of completed audits versus planned while only 16% are measured on positive change facilitated through IA. 8 Strengthening Internal Audit s impact and value 2014
11 To establish more impactful performance metrics, leading CAEs are meeting with their Audit Committee Chair and other key stakeholders to refresh performance measures that drive continuous improvement. Once the performance measures are set, IA should report regularly on its value to senior management and the audit committee. When IA conducts audits, the business customers it works with often see the value the group provides. However, in many organizations, senior management may not be apprised of that value on an ongoing basis. The opportunity for internal audit is profound. As the utility industry confronts rapid and dramatic change, companies face ever more daunting risks. IA can become a stronger defense against those risks and, thereby, increase its relevance and value to the enterprise. Our survey found that Chief Audit Executives are already planning their paths toward more vital relevance. IA groups are sharpening their focus on risks the enterprise faces, especially technology. They are also tackling capability gaps in their departments and turning to analytics and other technologies to fortify their efficiency and effectiveness. About the research The survey included participants from 42 power and utility companies. More than 55 percent of respondent companies generate 60 percent of revenues from electric utility operations. Most respondent companies have gas utility operations and non-regulated energy operations. However, only 35 percent generate more than 20 percent of revenues from these operations. Forty-four percent of respondent companies have greater than $15 billion in assets Empowering business agility 9
12 For more information Alan Conkle US Power and Utilities Risk Assurance Leader (312) Jim Hanlon US Power and Utilities Internal Audit Leader (214) Andy Dahle US Power and Utilities Partner (312) Amanda Herron US Power and Utilities Director (214) Jake Stricker US Power and Utilities Director (612) PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the United States member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors BS
January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
More informationHealthcare Internal Audit: In a Time of Transition
The 2015 State of the Internal Audit Profession Study Healthcare Internal Audit: In a Time of Transition The healthcare industry in the United States is facing many challenges with the enactment of legislation
More informationChange is happening: Is your workforce ready? Many power and utilities companies are not, according to a recent PwC survey
January 2012 Change is happening: Is your workforce ready? Many power and utilities companies are not, according to a recent PwC survey At a glance Our utilities-industry survey shows that many companies
More informationMetrics by design A practical approach to measuring internal audit performance
Metrics by design A practical approach to measuring internal audit performance September 2014 At a glance Expectations of Internal Audit are rising. Regulatory pressure is increasing. Budgets are tightening.
More informationfs viewpoint www.pwc.com/fsi
fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationManaging the Shadow Cloud
Managing the Shadow Cloud Integrating cloud governance into your existing compliance program August 2014 Shadow IT is not a new concept and organizations are well aware of the risks associated with unauthorized
More informationRegulatory Compliance Management for Energy and Utilities
Regulatory Compliance Management for Energy and Utilities The Energy and Utility (E&U) sector is transforming as enterprises are looking for ways to replace aging infrastructure and create clean, sustainable
More informationDefending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationDo you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape
January 2013 Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape At a glance Threats to data security both
More informationeet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet
Power and Utilities Fact Sh Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry A holistic approach to business resiliency and disaster recovery
More informationInternal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation
2015 State of the Internal Audit Profession Study Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation 68% of companies have gone through or
More informationInternal audit value optimization for insurance organizations
Internal audit value optimization for insurance organizations Webinar May 13, 2015 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.
More informationJuly 2015. New Entrants: Charting the Health Industry s Risk and Regulatory Landscape Where Risk Meets Opportunity
July 2015 New Entrants: Charting the Health Industry s Risk and Regulatory Landscape Where Risk Meets Opportunity The new health economy is bringing change and new entrants from diverse industries are
More informationCybersecurity in the States 2012: Priorities, Issues and Trends
Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State
More informationEmpower loss prevention with strategic data analytics
www.pwc.com/us/lossprevention January 2015 Empower loss prevention with strategic data analytics Empower loss prevention with strategic data analytics Amid heightened levels of business competition and
More informationMike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program
Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat
More informationState of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationSecurity Awareness Training Solutions
DATA SHEET Security Awareness Training Solutions A guide to available Dell SecureWorks services At Dell SecureWorks, we strive to be a trusted security advisor to our clients. Part of building this trust
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationCommodity Price Risk Management (CPRM) - Trends and Challenges for Corporates
Advisory Commodity Price Risk Management (CPRM) - Trends and Challenges for Corporates May 2014 Agenda Industry Challenges CPRM A Business Case CPRM Maturity Model CPRM Trends What Should Companies Do?
More informationCORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT
CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information
More informationCOUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide
COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the
More informationA COMPLETE APPROACH TO SECURITY
A COMPLETE APPROACH TO SECURITY HOW TO ACHEIVE AGILE SECURITY OPERATIONS THREAT WATCH Cyber threats cost the UK economy 27 billion a year 200,000 new threats are identified every day 58% of businesses
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationIT Insights. Managing Third Party Technology Risk
IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate
More informationwww.pwc.com Developing a robust cyber security governance framework 16 April 2015
www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October
More informationCyber ROI. A practical approach to quantifying the financial benefits of cybersecurity
Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9
More informationThird-Party Risk Management for Life Sciences Companies
April 2016 Third-Party Risk Management for Life Sciences Companies Five Leading Practices for Data Protection By Mindy Herman, PMP, and Michael Lucas, CISSP Audit Tax Advisory Risk Performance Crowe Horwath
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationRSA ARCHER AUDIT MANAGEMENT
RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures
More informationThe IBM Solution Architecture for Energy and Utilities Framework
IBM Solution Architecture for Energy and Utilities Framework Accelerating Solutions for Smarter Utilities The IBM Solution Architecture for Energy and Utilities Framework Providing a foundation for solutions
More informationCybersecurity. Considerations for the audit committee
Cybersecurity Considerations for the audit committee Insights on November 2012 governance, risk and compliance Fighting to close the gap Ernst & Young s 2012 Global Information Security Survey 2012 Global
More informationBest Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper
Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationRealizing Hidden Value: Optimizing Utility Field Service Performance by Measuring the Right Things
Energy and Utility Insights Realizing Hidden Value: Optimizing Utility Field Service Performance by Measuring the Right Things Utilities Realizing Hidden Value About the Author Rob Milstead serves as the
More informationHEALTH CARE AND CYBER SECURITY:
HEALTH CARE AND CYBER SECURITY: Increasing Threats Require Increased Capabilities kpmg.com 1 HEALTH CARE AND CYBER SECURITY EXECUTIVE SUMMARY Four-fifths of executives at healthcare providers and payers
More informationPublic Company Accounting Oversight Board (PCAOB) Eighth Annual International Auditor Regulatory Institute. Washington, DC
Public Company Accounting Oversight Board (PCAOB) Eighth Annual International Auditor Regulatory Institute Washington, DC Wednesday, November 19, 2014 Remarks by BRIAN HUNT, FCPA, FCA, ICD.D CHIEF EXECUTIVE
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationUtility Supply Chain Talent Management
Utility Supply Chain Talent Management Results from the ScottMadden UMMBC 2012 Survey Copyright 2012 by ScottMadden, Inc. All rights reserved. Many companies proudly claim that their employees are their
More informationUnder the Digital Dome: State IT Priorities, Trends and Perspectives
Under the Digital Dome: State IT Priorities, Trends and Perspectives Best Practices Exchange 2014 Conference Montgomery, Alabama November 19, 2014 Doug Robinson, Executive Director National Association
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationMaximising internal audit value
www.pwc.ru/internalaudit Maximising internal audit value 2013 State of the internal audit profession survey Russia supplement April 2013 Introduction For 9 years PwC has conducted a global survey of the
More informationSuccession planning: What is the cost of doing it poorly or not at all?
Energy insights At a glance There are substantial benefits to be gained by identifying talented employees including those deep in the organization with specialized skills and coordinating their training
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More information2015 Travelers Business Risk Index. Findings from a survey of U.S. business risk decision makers May 2015
2015 Travelers Business Risk Index Findings from a survey of U.S. business risk decision makers May 2015 Contents executive summary 2 Rising medical and benefit costs 3 Cyber risks 3 Legal liability 4
More informationIncrease insight. Reduce risk. Feel confident.
Increase insight. Reduce risk. Feel confident. Define critical goals with enhanced visibility then enable security and compliance across your complex IT infrastructure. VIRTUALIZATION + CLOUD NETWORKING
More informationService supply chain as a source of competitive advantage How businesses are creating value from the service supply chain
Service supply chain as a source of competitive advantage How businesses are creating value from the service supply chain May 2014 At a glance Product companies have focused on reducing fulfillment supply
More informationConnecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm
Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom 1 Connecting the dots:
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationBuilding a Strategic Internal Audit Function. A 10-Step Framework
Building a Strategic Internal Audit Function A 10-Step Framework Ten steps to a strategically focused internal audit function With passage of the Sarbanes-Oxley Act and the push for exchange-listed companies
More informationIT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski
IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationAccess is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com
Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for
More informationCybersecurity: Mission integration to protect your assets
Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions
More informationWHITE PAPER. Attack the Attacker HOW A MANAGED SECURITY SERVICE IMPROVES EFFICIENCY AND SAVES COST
WHITE PAPER Attack the Attacker HOW A MANAGED SECURITY SERVICE IMPROVES EFFICIENCY AND SAVES COST Table of Contents THE SECURITY MAZE... 3 THE CHALLENGE... 4 THE IMPORTANCE OF MONITORING.... 6 RAPID INCIDENT
More informationTapping the benefits of business analytics and optimization
IBM Sales and Distribution Chemicals and Petroleum White Paper Tapping the benefits of business analytics and optimization A rich source of intelligence for the chemicals and petroleum industries 2 Tapping
More informationwww.pwc.com Leveraging Continuous Auditing / Continuous Monitoring in internal audit April 10, 2012
www.pwc.com Leveraging Continuous Auditing / Continuous Monitoring in internal audit April 10, 2012 Agenda 1. Introductions to DA, CA & CM [] 2. Inventory management continuous monitoring [The Gap] 3.
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationCompliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:
Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services
More informationBlind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.
Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks. For anyone familiar with the banking industry, it comes as no surprise that banks are
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More informationPREPARED DIRECT TESTIMONY OF SCOTT KING ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY
BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA Application of SOUTHERN CALIFORNIA GAS COMPANY (U 0 G) for Review of its Safety Model Assessment Proceeding Pursuant to Decision 1-1-0.
More informationBusiness Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting
Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationSimplifying the audit through innovation
Simplifying the audit through innovation Simplifying the audit through innovation New performance Smoother workflows and stronger collaboration New clarity Consistent execution and greater visibility New
More informationCybersecurity Converged Resilience :
Cybersecurity Converged Resilience : The cybersecurity of critical infrastructure 2 AECOM Port Authority of New York and New Jersey (PANYNJ), New York, New York, United States. AECOM, working with the
More informationTransforming risk management into a competitive advantage kpmg.com
INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.
More informationWHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION
WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the
More informationCyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity
Cyber threat intelligence and the lessons from law enforcement kpmg.com/cybersecurity Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many
More informationThe digital future for energy and utilities.
Digital transformation has changed the way you do business. The digital future for energy and utilities. Digital is reshaping the landscape in every industry, and the energy and utilities sectors are no
More informationState of Compliance 2014 Healthcare provider industry brief
Delve into the full analysis of the 2014 State of Compliance Survey at: pwc.com/us/ stateofcompliance State of Compliance 2014 Healthcare provider industry brief Introduction The healthcare provider industry
More informationApril 2013. Managing cloud migration Contract restructuring and retained IT
April 2013 Managing cloud migration Contract restructuring and retained IT Abstract We continually see companies restructure their IT outsourcing contracts with traditional IT providers as part of their
More informationUsing data analytics and continuous auditing for effective risk management
Using data analytics and continuous auditing for effective risk management April 2014 Irakis Kanavaris Agenda Current trends Common terminology of Data Analytics and CA/CM KPMG approach & observations
More informationHow To Transform It Risk Management
The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help
More informationENHANCING VALUE THROUGH COLLABORATION: A CALL TO ACTION GLOBAL REPORT JULY 2014
ENHANCING VALUE THROUGH COLLABORATION: A CALL TO ACTION GLOBAL REPORT JULY 2014 DISCLAIMER TABLE OF CONTENTS Introduction...1 Five Strategies for Internal Audit Success in the Year Ahead...5 Improve Upon
More informationThreat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA
www.pwc.com Vulnerability Management (TVM) Protecting IT assets through a comprehensive program Chicago IIA/ISACA 2 nd Annual Hacking Conference Introductions Paul Hinds Managing Director Cybersecurity
More information<Insert Picture Here> From Overload to Impact: An Industry Scorecard on Big Data Business Challenges
From Overload to Impact: An Industry Scorecard on Big Data Business Challenges July 17, 2012 Contents Introduction 3 Methodology 4 Key Take Aways 5 Findings 6 Industry Opportunities
More informationTransforming Internal Audit: A Maturity Model from Data Analytics to Continuous Assurance
ADVISORY SERVICES Transforming Internal Audit: A Model from Data Analytics to Assurance kpmg.com Contents Executive summary 1 Making the journey 2 The value of identifying maturity levels 4 Internal audit
More informationYour asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified.
Asset management Your asset is your business. The more challenging the economy, the more valuable the asset becomes. Decisions are magnified. Risk is amplified. Data is about more than numbers. It tells
More informationMedical Devices. Safe, but are they secure? Dan Stoker, Consultant Professional Services, Coalfire
Medical Devices Safe, but are they secure? Dan Stoker, Consultant Professional Services, Coalfire Introduction This perspective paper aims to help organizations understand the emerging issue of security
More informationOptimizing Network Vulnerability
SOLUTION BRIEF Adding Real-World Exposure Awareness to Vulnerability and Risk Management Optimizing Network Vulnerability Management Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965
More informationChairman Johnson, Ranking Member Carper, and Members of the committee:
UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationLeveraging Network and Vulnerability metrics Using RedSeal
SOLUTION BRIEF Transforming IT Security Management Via Outcome-Oriented Metrics Leveraging Network and Vulnerability metrics Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationPipeline Components Traceability Utilities companies new frontier
www.pwc.com/us/utilities Pipeline Components Traceability Utilities companies new frontier PwC's US Power and Utilities Practice Pipeline components traceability 2012 is likely to be remembered as a pivotal
More informationPRIORITIZING CYBERSECURITY
April 2016 PRIORITIZING CYBERSECURITY Five Investor Questions for Portfolio Company Boards Foreword As the frequency and severity of cyber attacks against global businesses continue to escalate, both companies
More informationGetting real about cyber threats: where are you headed?
Getting real about cyber threats: where are you headed? Energy, utilities and power generation companies that understand today s cyber threats will be in the best position to defeat them June 2011 At a
More informationThe Internal Audit Analytics Conundrum Finding your path through data
The Internal Audit Analytics Conundrum Finding your path through data December 2013 At a glance Leading organizations are able to gain significant competitive edge through data. The increasing sophistication
More informationAgile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners
Agile Master Data Management TM : Data Governance in Action A whitepaper by First San Francisco Partners First San Francisco Partners Whitepaper Executive Summary What do data management, master data management,
More informationAccenture Risk Management. Industry Report. Life Sciences
Accenture Risk Management Industry Report Life Sciences Risk management as a source of competitive advantage and high performance in the life sciences industry Risk management that enables long-term competitive
More informationAddressing FISMA Assessment Requirements
SOLUTION BRIEF Heeding FISMA s Call for Security Metrics and Continuous Network Monitoring Addressing FISMA Assessment Requirements Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom
More informationCybersecurity Strategic Consulting
Home Overview Challenges Global Resource Growth Impacting Industries Why Capgemini Capgemini & Sogeti Cybersecurity Strategic Consulting Enabling business ambitions, resilience and cost efficiency with
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More information