TECHNOLOGY SOLUTIONS FOR THE INTERNAL AUDITOR

Similar documents

Finding The PPM Sweet Spot

Governance, Risk and Compliance (GRC) software Business needs and market trends

Rethinking Your Finance Functions

SharePoint 2013 Migration Readiness

Application Overhaul. Key Initiative Overview

Project and Portfolio Management Software Provider Request for Information

Delivering Quality Service with IBM Service Management

Cisco Network Optimization Service

Governance, Risk, and Compliance (GRC) White Paper

Implementing a Project Portfolio Management (PPM) Solution. Sean Hansen, PMP

Enaxis Consulting Overview

How To Improve Your Business

Vulnerability Management

Module 6 Essentials of Enterprise Architecture Tools

Product Overview. ebid exchange. Vendor Management. Sourcing and Bidding. Vendor Contract Management. Benefits of ebid exchange

- Cameron Haight, Gartner

Town of Bradford West Gwillimbury. Asset Management Strategy and Plan Project. Asset Management and IT Strategy Executive Summary

Altiris Asset Management Suite 7.0

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

CORPORATE PROFILE

SDLC- Key Areas to Audit in IT Projects ISACA Geek Week /21/2013. PwC

Leveraging Continuous Auditing / Continuous Monitoring in internal audit April 10, 2012

Achieve more with less

INTERNAL AUDIT SOFTWARE BUYER S GUIDE

<Insert Picture Here> Oracle Identity And Access Management

EMA Service Catalog Assessment Service

HIT System Procurement Issues and Pitfalls Session 2.03

KMS Implementation Roadmap

Software as a Service: Guiding Principles

Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP

LEVERAGE TECHNOLOGY TO EMPOWER INTERNAL AUDIT

Microsoft SharePoint THE PLATFORM ENTERPRISES NEED

Elevate Customer Experience and Engagement in the New Digital World

Cloud Computing. Key Initiative Overview

State of Oregon. State of Oregon 1

Turn Your Business Vision into Reality with Microsoft Dynamics GP

project portfolio management Effectively plan, manage, and control projects and resources Planview Enterprise Planview Project Portfolio Management

Advanced Case Management. Chris den Hoedt

AVEPOINT CLIENT SERVICES

Welcome to online seminar on. Agile PLM Overview. Presented by: Mahender Bist Partner Rapidflow Apps Inc

How We Deployed BYOD Using Mobile Device Management

Information Technology Services Project Management Office Operations Guide

How To Manage Project And Portfolio Management In Microsoft Office 2010

G Getting In and Out of CRM Doldrums (case study), H hierarchy, customer, 216 high-volume sales processes, CRM value in (case study), 12

Procurement General Session: Empowering Modern Procurement

Next presentation starting soon Next Gen Customer Experience Enabled by PwC & Oracle s Cloud CRM & CX Applications

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Information & Asset Protection with SIEM and DLP

Domain 1 The Process of Auditing Information Systems

Getting Started with Business Intelligence

California Community Colleges Educational Planning Tool (EPT) & Degree Audit System (DAS) Request for Information (RFI)

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

Planning an ERP Implementation Small and Medium Enterprises

Paisley Enterprise GRC Audit Profile. Linda Bergs

Building Your EDI Modernization Roadmap

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Survey of more than 1,500 Auditors Concludes that Audit Professionals are Not Maximizing Use of Available Audit Technology

Identity & Access Management new complex so don t start?

Turn Your Business Vision into Reality with Microsoft Dynamics SL

Simplify and Automate IT

Mobile and BYOD Strategy

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

Technical Assurance: Delivering the ON-PNT Solution. An Infowise Solutions Case Study

Streamlining Identity and Access Management through Unified Identity and Access Governance Solutions

B. Request for Information (RFI) for Contract Management and Project Management Software Solutions

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!

Customer Timeline - New in Summer Web Lead Capture - New in Summer Built-In Dashboards - New in Summer 2012

Dobre praktyki zarządzania zakupami technologicznymi

What makes SAP SRM 7.01 impressive? Rakesh Singh, GyanSys Inc. Naveen Rajan, GyanSys Inc.

Sample RFP Template: Intranets

Kiefer Consulting, Inc Job Opportunities

Better Data is Everyone s Job! Using Data Governance to Accelerate the Data Driven Organization

ECM: Key Market Trends and the Impact of Business Intelligence

Directory of. Advertising Supplement

ecms Document Management Request for Proposal: Questions & Responses

Retention & Disposition in the Cloud Do you really have control?

Establishing a Mature Identity and Access Management Program for a Financial Services Provider

Project Services. How do we do it?

Simply Sophisticated. Information Security and Compliance

Template K Implementation Requirements Instructions for RFP Response RFP #

Food & Beverage Industry Brief

How To Be Successful At Workday

This software agent helps industry professionals review compliance case investigations, find resolutions, and improve decision making.

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

FTA Technology 2009 IT Modernization and Business Rules Extraction

Transcription:

TECHNOLOGY SOLUTIONS FOR THE INTERNAL AUDITOR (BUY VS BUILD) APRIL 17, 2015

LEVERAGING TECHNOLOGY FOR AUDIT Utilizing Software to Administrate Audit Process 40% 35% 30% 37% Tools Leveraged 32% 36% Yes No 35% 65% 25% 20% 15% 10% 5% 12% 12% 7% 0% MS Excel Internally Teammate Developed Auto Audit Protiviti Portal Others Amongst 65% utilizing technology, roughly 50% opt to build or leverage existing technology (eg, Excel) while 50% opt to buy an off-the-shelf platform. Source: Protiviti s 2012 IA Capabilities and Needs Survey including more than 800 respondents. 2015 Protiviti Inc. CONFIDENTIAL 2

AUDIT TECHNOLOGY USE-CASES 100% 87% 80% 73% 71% 60% 52% 51% 40% 20% 0% Work Papers Audit Planning Reporting Tracking findings through Remediation Knowledge Sharing Organizations site electronic work-papers, audit planning, and automated reporting as key use-cases employed through technology. Source: E&Y Global IA Survey 2007 2015 Protiviti Inc. CONFIDENTIAL 3

OUR GRC TECHNOLOGY POINT OF VIEW Establish Strong Business Processes Obtain project sponsorship Define business objectives & requirements Identify relevant resources required to make the most of the investment. Enabling Technology Make the Right Technology Choice(s) Buy: Purchase off-the-shelf Build: Leverage elements of your existing infrastructure to build custom solution Best-of-Breed: Integrate multiple systems Implement Effectively Establish a measurable scorecard to track success. 2015 Protiviti Inc. CONFIDENTIAL 4

GRC TECHNOLOGY EXPERIENCE Strategic group within Protiviti that: Specializes in software development and technology integration Maintains operations in the U.S. and India Provides 24 X 5 Customer Support Responsible for the Governance Portal Released in 2003 More than 450 implementations 200 GRC customers We are Recognized by the Analysts Named as a Strong Performer in The Forrester Wave : Governance, Risk, and Compliance Platforms, Q1 2014 by Forrester Research, Inc. Positioned as a Challenger by Gartner Inc. in the September 2013 Magic Quadrant for Enterprise Governance, Risk and Compliance Platforms The Governance Portal is a Governance Risk and Compliance (GRC) software platform that integrates content and commonly accepted and proprietary frameworks with world-class consulting expertise that provides you with the visibility and insight needed to manage and mitigate your critical risk and compliance issues today and in the future. 2015 Protiviti Inc. CONFIDENTIAL 5

GRC SHAREPOINT EXPERIENCE Highly Trained, Expert Staff 14-time Microsoft Gold certified partner, 100+ SharePoint Experts on staff including top-certified SharePoint MVP s 100% of Protiviti SharePoint consultants hold SharePoint certifications, many hold multiple, advanced certs (PMP, MCTS, MCP/T, MCSD) Protiviti SharePoint Employees spoke at every major SharePoint industry conference in 2013 100 s of Satisfied SharePoint Customers Over 300 unique SharePoint project, support, and training customers in 2013, including development of GRC business applications. 90% of all first-time clients return for a second engagement within 12 months. 2013 average SharePoint On Call Satisfaction rating is 4.68 (out of 5) Deep Microsoft Relationship Ability to leverage Software Assurance (SA) Benefits and to help navigate the Microsoft volume license discounts program. Every commercial product we reviewed required customization and implementation services in addition to the product license If we are going to go down that path, why not do it on a platform that we already own? Paraphrased from two separate companies: Financial Services Company, Hospitality Industry Company Direct access to Microsoft SharePoint product team personnel 2015 Protiviti Inc. CONFIDENTIAL 6

GRC TECHNOLOGY IMPLEMENTATION APPROACH Project Management j Objectives & Requirements Definition Buy vs Build Build Identify Platform & Schedule Resources Develop Roadmap for Implementation Buy Develop and issue RFI Develop and issue RFP Proposal Review Demonstrations Final Analysis & Selection 2015 Protiviti Inc. CONFIDENTIAL 7

Project Management j PROJECT MANAGEMENT Define B/B Resource Roadmap RFI RFP Review Demo Analysis Establish Steering Committee & Project Team Confirm scope, approach, deliverables, and time schedule. Recognize potential schedule conflicts Monitor through defined checkpoints. 2015 Protiviti Inc. CONFIDENTIAL 8

Project Management j OBJECTIVES & REQUIREMENTS Define B/B Resource Roadmap RFI RFP Review Demo Analysis Establish business objectives Define requirement structure Seek input across teams and levels Consider long-term vs near-term goals Solicit awareness demonstrations 2015 Protiviti Inc. CONFIDENTIAL 9

Buy Project Management j BUY VS BUILD DECISION Define B/B Resource Roadmap RFI RFP Review Demo Analysis GRC Program Goal Value Buy Build Embedded, integrated enterprise GRC Alignment of strategies and operations to achieve business goals Support of evolving requirements Single, or Synergistic Departmental GRC Program Implementation Increased departmental efficiency Reduction of operational losses and incidents Project or Initiative Focused Compliance with regulatory filings or public reporting Agile, time sensitive approach without large capital acquisition IT Model SaaS (Low IT involvement) Off-the-shelf software Prefer to license Program Qualities Single or synergistic departmental efficiency Mature, known requirements Build IT Model On-Premise (IT involvement) Customizable platform Prefer to own IP Program Qualities Embedded, integrated enterprise GRC Evolving, agile requirements Project or initiative focused 2015 Protiviti Inc. CONFIDENTIAL 10

Project Management j BUY: DEVELOP & ISSUE RFI / RFP Define B/B Resource Roadmap RFI RFP Review Demo Analysis Review analyst reports, colleagues, conferences, IA events. Synthesize your requirements Identify long-list of vendors for RFI. Identify short-list for RFP. 2015 Protiviti Inc. CONFIDENTIAL 11

Project Management j BUY: PROPOSAL REVIEW Define B/B Resource Roadmap RFI RFP Review Demo Analysis Sample Scorecard Category # Requirement / Questions Vendor 1 Vendor 2 Vendor 3 Vendor 4 Risk Assessment 1 Audit Execution 2 Configurable risk assessment with 5x5 scoring against risk categories per entity. Multi-stage workpaper workflow including varied level of review by workpaper type. 8 6 4 9 7 5 2 9 Reporting 3 Automated Audit Report, exportable to word for offline viewing. 5 4 8 9 Summary Analysis 20 15 14 27 Establish weighted scorecard: core vs value-add requirements. Recognize first reaction vs functional alignment Document individual & aggregated scores Identify gaps in information or items for demonstration 2015 Protiviti Inc. CONFIDENTIAL 12

Project Management j BUY: DEMONSTRATIONS Define B/B Resource Roadmap RFI RFP Review Demo Analysis Demonstration Flow Example Risk Assessment Audit Execution Remediation Reports & Other 1. Risk categorization 2. Assessment criteria 3. Ranking significant risk 4. Annual audit planning 1. Resource allocation 2. Workpaper assignment 3. Manager review 4. Workflow and alerts 1. Issue identification 2. Action plan assignment 3. Business user updates 4. Audit review 1. Automated audit report 2. Report configuration options 3. Security and administration 4. Data migration Focus on critical & complex requirements Consider narrative driven use-cases vs step-by-step Leverage live data Recognize marketing vs reality (understand effort involved) Update scorecard 2015 Protiviti Inc. CONFIDENTIAL 13

Project Management j BUY: FINAL ANALYSIS & SELECTION Define B/B Resource Roadmap RFI RFP Review Demo Analysis Review scorecards Consider follow-up demonstrations Consider Proof-of- Concept Perform Fit analysis 2015 Protiviti Inc. CONFIDENTIAL 14

Project Management j BUILD: PLATFORM & RESOURCE Define B/B Resource Roadmap RFI RFP Review Demo Analysis Inventory relevant elements of infrastructure & 3rd party tools. Identify internal and external capabilities 2015 Protiviti Inc. CONFIDENTIAL 15

2015 Protiviti Inc. CONFIDENTIAL 16

Project Management j ROADMAP FOR IMPLEMENTATION Define B/B Resource Roadmap RFI RFP Review Demo Analysis Audit Planning Scope & Design Configuration User Acceptance Training Pilot & Go- Live Audit Execution Issue Tracking Audit Close & Reporting Establish logical, definable configuration topics Define configuration topic leads and support resources Prioritize focus areas and establish timeline with milestones 2015 Protiviti Inc. CONFIDENTIAL 17

QUESTIONS 2015 Protiviti Inc. CONFIDENTIAL 18