The Evolution of IT Risk & Compliance

Preview:

Click to see full reader

DESCRIPTION

The Evolution of IT Risk & Compliance. February 2012 Rosalyn Ellis, CRISC Susan Hoffman, CISA,CGEIT. Achieving SOX Compliance. Developed set of control requirements Application Change Management Application & Data Security Documented existing controls and processes - PowerPoint PPT Presentation

Citation preview

The Evolution of IT Risk & Compliance

February 2012

Rosalyn Ellis, CRISC

Susan Hoffman, CISA,CGEIT

1

Achieving SOX Compliance

Developed set of control requirements Application Change Management Application & Data Security

Documented existing controls and processes Established new controls and processes

2

Issue at hand...

Review, assess, consider materiality of issues, priority, determine level of audit issues/complexity to close gaps

Evaluated and documented IT controls Clarified “ownership” for the controls New applications / solutions introduced to

environment requiring proper controls

3

Established a team… Purpose

implement according to policy audit to the policy

Partners with...Internal & External Audit teams

Determine needed IT controls Define how to test the controls

IT staff: Build compliance into IT solutions Determine ways to align compliance efforts with IT initiatives

4

IT Risk & Compliance…

Assembled list of IT controls according to policy identifying specific frequency and owners

Established Self-Audit Program Conduct self-audit test on each IT control Identifies gaps with the existing IT controls Provides for auditor reliance on self-audit

results

5

6

Benefits of Self-Audit Program

The IT Organization Assumes responsibility for the IT controls Gains confidence that IT controls and

processes are effective and efficient Identifies control weaknesses in advance of

Internal or External Audit tests Identifies process improvements with current

controls and processes

7

Benefits of Self-Audit Program

8

Beyond Self-Audit Concepts

Database Activity Monitoring (DAM) Explore other uses for current tool

Business Processes comply with eDiscovery requirements

Self Audit of Business Application SOA Architecture Self Audit of Mobile Applications

9

Expanding Self-Audit Concepts

Coordinate Assessments Internal Risk Assessments 3rd Party Assessments

Current Topics & Technology Cloud Computing PII PCI

10

Questions?

11

Recommended

Compliance Risk Salary
Documents
Enterprise Compliance Risk Management
Documents
Compliance Riskschapters.theiia.org/rochester/Events/Presentations Archive/HR Compliance Risk...• Performance/ • Employee Management • Wage and Hour Discuss HR Compliance Risk
Documents
Thomson Reuters Risk Compliance Learning...Thomson Reuters Risk & Compliance Learning employs instructional design techniques optimised for risk and compliance training, enabling your
Documents
Gordey - risk vs compliance
Technology
Enterprise compliance The Risk Intelligent approach - … · Enterprise compliance The Risk Intelligent ... value from compliance beyond simply following the rules. ... compliance
Documents
Governance, Risk & Compliance SiG
Software
National Compliance 2013-15 Risk Assessment … Compliance 2013-15 Risk Assessment Methodology “The compliance risk management process” Table of Contents 1. BEST PRACTICE RISK
Documents
Ensuring Regulatory Compliance Integrating Risk … Regulatory Compliance Integrating Risk ... Audit with the legislative universe of ... Ensuring Regulatory Compliance Integrating
Documents
The Evolution to Know Your - Risk and Compliance Hubriskandcompliancehub.com/wp-content/uploads/2015/... · The Evolution to Know Your Customer’s Customer March 17th, 2015 ... A
Documents
Governance, Risk, Compliance & Trust
Documents
Compliance Risk Management
Documents
Managing taxation compliance: The evolution of the ATO ... · Managing taxation compliance: The evolution of the ATO ... Webley, Robben, Elffers, and ... Managing taxation compliance:
Documents
Compliance and Risk Management June 7, 2016records.emory.edu/documents/compliance-risk-management.pdf · Compliance and Risk Management June 7, 2016 This retention schedule is authorized
Documents
Crown Risk and Compliance
Documents
FIS Risk and Compliance
Economy & Finance
Performance Review Risk Analysis Compliance Checklist · Performance Review – Risk Analysis Compliance Checklist The Performance Review – Risk Analysis Compliance Checklist for
Documents
Governance, Risk, and Compliance (GRC) White Paper · 2019-05-19 · Governance Risk and Compliance (GRC) White Paper Introduction Governance, Risk and Compliance (GRC) management
Documents
Compliance Risk Assessment Process Overviewstatic1.squarespace.com/static/559fb5d6e4b0b8eb00f70a64/...Page 3 Compliance Risk Assessment What is Compliance Risk Assessment? Construction
Documents
RISK, FORENSICS AND COMPLIANCE OPTIMIZING DFARS COMPLIANCE … › ... › uploads › 2020 › 06 › Optimizing-DFARS-Com… · security officers; compliance, risk, and budgetary
Documents