Resilience: Internal Audit s role in Strengthening Business Continuity Capabilities
|
|
- Patricia Simpson
- 6 years ago
- Views:
Transcription
1 Resilience: Internal Audit s role in Strengthening Business Continuity Capabilities Mark P. Ruppert, Cedars-Sinai Health System Bruce B. Daly, Deloitte & Touche, LLP AHIA 33 rd Annual Conference - September, 2014
2 Agenda What is resilience? 3 What does a resilience program look like? 9 Internal Audit considerations 16 Common findings and trends 26 Questions 29 1 Copyright 2014 Deloitte Development LLC. All rights reserved.
3 What is resilience?
4 What is resilience? The capacity to recover quickly from difficulties; toughness (Oxford English Dictionary) Capable of withstanding shock without permanent deformation or rupture (Merriam-Webster) Resilience is the safety net designed to support an organization s ability to bounce back from adversity (any event - natural disaster, cyber attack, terrorist attack, financial crisis, product recall, reputational event and more). Enterprise Resilience describes the strategies and processes to plan for and respond to significant disruptions while minimizing downtime and restoring operations and supporting applications within acceptable timeframes. An organization needs to work to place recovery capabilities are in place, i.e., you are not just secure and vigilant, but also resilient. Building Resilience is Your Final Play to protect the enterprise! 3 Copyright 2014 Deloitte Development LLC. All rights reserved.
5 Resilient to what? An incident / disruption timeline 4 Copyright 2014 Deloitte Development LLC. All rights reserved.
6 Enterprise resilience: from reactive, recovery-based practice to a proactive, risk-based capability The Past Disaster Recovery (DR) Business Continuity (BC) Planning Business Continuity Management (BCM) Enterprise Resilience The Future Reactive Technology centric Focused on recovery Asset-based One-time project Responsibility of IT* DR hit corporate agenda Enthusiasm for DR started to wane since more proactive approaches were needed Lessons from terrorist attacks DR was not enough Beginning of BC Global events drove awareness for not only physical threats BC become part of risk management program Pressure to deliver 24x7x365 led to techniques to identify threads and to mobilize resources Disruption handing has become a corporate capability Late 1980s Mid 1990s Early 2000s Late 2000s 2010s Pro-active Business-centric Focused on mitigation Process-based Continuous monitoring Responsibility of board * IT Information Technology Early 1990s Late 1990s Mid 2000s 5 Copyright 2014 Deloitte Development LLC. All rights reserved.
7 Why is it important? Reputation Impact and Regulatory Scrutiny Resume critical functions Work with outside vendors during the recovery period Improve life safety Enterprise Resilience Reduce confusion during a crisis Provide a specific and appropriate response to an emergency Get up and running quickly after a disaster Increase the opportunity for long term recovery 6 Copyright 2014 Deloitte Development LLC. All rights reserved.
8 Resilience requires these components to be in sync Human Resource Public / Investor Relations Systems Business Impact Focus Business Continuity Disaster Recovery Program Governance & Operating Model Emergency Response Crisis Management Incident Impact Focus Finance Brand Facilities Legal / Regulatory Life & Safety/ Community Partnerships 7 Copyright 2014 Deloitte Development LLC. All rights reserved.
9 What does a resilience program look like?
10 Know what you re protecting an asset approach BETH3 TAP (Total Asset Protection) is a practical model for classifying, estimating the value of and protecting organizational assets with physical and logical security mechanisms as well as business and disaster recovery strategies. Each asset can be evaluated individually and in a combined manner, making practical protection and recovery possible. By utilizing an asset-based approach such as BETH3 throughout the assessment process, you are able to better evaluate your current capabilities breadth of coverage, level of detail in your risk and business impact analyses, granularity of strategies and plan. 9 Copyright 2014 Deloitte Development LLC. All rights reserved.
11 Example an asset approach Business Process Process Number Division Building (Location) Equipment Technology (Applications) Human Resources 3rd Parties MTPD (hours) Process Payroll HR-180 ABC & Talent New York, NY Time Capture, Time Cards Kronos, SAP, XZY 100 ADP, Time Equip 2 Develop IT Strategy IT-010 GIT Phoenix, AZ None None 200 None 48 Develop IT Products & Services IT-040 GIT Phoenix, AZ Custom Laptops Dev Pro, QA Check, Code Mgmt None 16 Deploy IT Products & Services IT-050 GIT Phoenix, AZ Custom Laptops v2 Change Man, Code Control 350 IBM 24 Monitor/Manage Physical Assets PE-040 FAC Denver, CO Environ Control System, Security Equip Environ 101, Security Sys Pro 110 Tyco 8 Execute Plant Maintenance PE-090 FAC Denver, CO Maint. Equip PM of SAP 75 PP&E Special 40 Manage Collections O-150 FIN Nashville, TN None SAP FI,CO 50 Collect Pro 8 10 Copyright 2014 Deloitte Development LLC. All rights reserved.
12 Have a clear approach - Deloitte s resilience methodology Program Governance/Project Management Analyze (Define and Protect) Develop (Prepare) Implement (Readiness) Capabilities Assessment & Process Definitions (Industry Print TM ) Resiliency/Availability/Recovery Strategies Activities/Procedures (Plan) Development Resource Acquisition and Implementation Crisis Management Emergency Response Total Asset Protection (Risk Map TM / Catastrophic Risk) Operational Continuity (BETH3 TM ) Training and Awareness Building (Facilities) Recovery Equipment Recovery Technology (Disaster) Recovery Human Resource (Workforce) Continuity Third-Party (Supply Chain) Resilience Impact Analysis Validation Exercising and Testing Continuous Improving and Quality Assurance Our methodology is founded upon ISO22301, the leading global standard for business continuity and is aligned with related industry guidance/other standards including: those supporting PS-Prep (ASIS SPC , BS25999, NFPA 1600), ITIL, NIST, ISO27001 as well as U.S. Federal government requirements of FCD1 and Copyright 2014 Deloitte Development LLC. All rights reserved.
13 Start with an honest capabilities assessment A clear framework such as Deloitte s CARR framework - is a smart place to start. It can also serve as a measurement tool to capture progress, position within your industry, etc. An assessment or internal audit can cover any or all of the following components: The maturity level of ABC Company s BCM program was measured in following 11 categories Program Governance Strategies Resource Acquisition Process Mapping Plan Development and Validation Training and Awareness Total Asset Protection Disaster Recovery Exercising and Testing Impact Analysis Crisis Management and Emergency Response Continuous Improvement / Quality Assurance (QA) Maturity Levels Non-existent Initial / Ad-Hoc Repeatable / Intuitive Managed / Measureable Optimized 12 Copyright 2014 Deloitte Development LLC. All rights reserved.
14 Capabilities assessment sample results - executive summary BC Activity / Category Non-Existent Initial / Ad-Hoc Repeatable / Intuitive Managed / Measureable Optimized Program Governance / Process Mapping C G I Total Asset Protection C G I Impact Analysis C G I Strategies C G Plan Development and Validation C G I Disaster Recovery C G I Crisis Management and Emergency Response C G I Resource Acquisition** C G I Training and Awareness** C I Exercising and Testing C G I Continuous Improvement / QA C G I C Current Capability G Goal State I Industry Average 13 Copyright 2014 Deloitte Development LLC. All rights reserved.
15 Select program results program governance/process mapping C Current Capability G Goal State I Industry Average Rating: C G 2 3 I 4 Non-Existent Initial/Ad-Hoc Repeatable/Intuitive Managed/Measurable Optimized Current State Observations Risk / Impact A BCM policy with defined objectives and mission statement does not exist, but one has been created as part of this effort ABC Company has identified various teams to support BCM efforts across the organization Though there are various documents that highlight the establishment of BCM teams and their roles and responsibilities, the roles and responsibilities are high level and not actionable to uninitiated or untrained members of the BCM team There is no evidence substantiating a process for ABC Company to set and review the goals or objectives of the BCM program in a periodic and consistent manner There is no formal policy to guide the centralized storage, distribution, maintenance and review of continuity plans A generic set of goals and objectives is defined to guide business continuity activities While goals and objectives exist, these are limited in scope and do not explicitly account for all aspects of a robust BCM program ABC Company has determined the extent of business interruption insurance coverage that is required to sustain its critical processes, and the insurance covers expenses incurred to continue operations at hot site or alternate sites as well as equipment replacement values The lack of BCM policy results in limited and uncoordinated implementation of an effective BCM program and program activities become ad-hoc over time which affects the quality and substance of BCM capabilities Inconsistent execution of BCM related activities hampers ABC Company s overall preparedness to deal with business disruptions Formalized roles and responsibilities at the different BCM levels planning, preparation, response, and recovery are critical in facilitating a coordinated and timely response during a disaster. Clarified roles and responsibilities will be more critical as the organization changes and expands Senior management oversight, guidance and strategic considerations for continuity management activities across the company are constrained by the lack of a clearly defined set of roles and responsibilities The lack of a formal policy to guide the central storage, distribution and access control of continuity planning and recovery documents results in potentially outdated plans as well as difficulty in obtaining the most recent versions for reference in times of crisis. It also limits the importance of these documents and potentially leads to unauthorized access of sensitive information Inadequate definition of business continuity metrics limits management awareness and understanding of enterprise continuity risks and challenges and therefore constrains timely decision-making toward the protection of enterprise assets and resources A limited set of objectives constrain the entrenchment of a mature business continuity program and will ultimately limit ABC Company s ability to respond to and recover from unexpected disruptions or disasters 14 Copyright 2014 Deloitte Development LLC. All rights reserved.
16 Internal Audit considerations
17 Internal Audit s special role Four key reasons for Internal Audit to push the Resilience challenge: 1. Internal Audit clearly has the clear responsibility to assess and call-out risks and associated exposure, which may be identified through to a direct risk assessment of the organizational emergency response and business continuity (resilience) effort and/or through specific internal audit observations requiring management action; 2. Internal Audit is positioned to have the board and senior management understand and respond/react these risks and exposure; 3. Internal Audit has the opportunity to help articulate how a Resilience program can be implemented. 4. Once implemented or as implemented, Internal Audit can assess progress and desired outcomes through ongoing audit efforts and/or assisting management in developing such monitoring efforts. 16 Copyright 2014 Deloitte Development LLC. All rights reserved.
18 Some key questions Are your continuity plans out of date? How do you measure your return on the BCM investments? Are emergency response procedures in place? Does your staff know how to respond to a disaster? Are you aligning your costs with your business growth? Have you considered all your resource requirements? Do you have proper crisis communication capabilities? How effective is your program? Do you adopt a piecemeal approach to testing? Is your staff testing only under ideal conditions? Are your vital data and applications protected from the harm that a disaster could cause? Does your plan address processes that really matter? Is your business tolerant to impact? How do you plan to sustain your BCM investments? 17 Copyright 2014 Deloitte Development LLC. All rights reserved.
19 Aspects to assess Strategy People Process Technology Governance & Project Sponsorship Includes Crisis Response Strategic Approach Compliance Some key considerations Program Sponsors Enterprise Resiliency governance, policies, and procedures Definition of roles & responsibilities Program metrics Monitoring of changes to regulatory environment Definition of crisis level (tactical vs. strategic) Communication tools or protocols Board/Executive Buy-In/Support 18 Copyright 2014 Deloitte Development LLC. All rights reserved.
20 Aspects to assess Strategy People Process Technology Emergency Response Includes Training & Awareness Resiliency Roles Identification Some key considerations Resiliency team knowledge & expertise Unity of command Integration of cross-functional groups Resilience funding & executive sponsorship Frequency and depth of training sessions Resilience program awareness 19 Copyright 2014 Deloitte Development LLC. All rights reserved.
21 Aspects to assess Strategy People Process Technology Risk Assessment Business Impact Analysis Business Continuity Plan Includes Third Party Continuity Exercise & Testing Feedback Analysis Some key considerations Risk to Asset Types Integration of risk assessments into recovery procedures Scheduling/frequency of exercising and testing Use of triggers to update plans Recovery Threshold Values Awareness of critical third party vendors Frequency and depth of training sessions Formal exercise/testing feedback analysis loop. 20 Copyright 2014 Deloitte Development LLC. All rights reserved.
22 Aspects to assess Strategy People Process Technology Disaster Recovery Plans Telecommunication Includes Infrastructure Data/ Vital Records Some key considerations Identification and classification of critical applications Disaster Recovery Plans for critical applications Cohesion between business requirements and application recoverability Inclusion of telecommunications in Disaster Recovery Plans Data retention policies To support cohesion, must have coordination between operations and information technology leadership and teams 21 Copyright 2014 Deloitte Development LLC. All rights reserved.
23 Reporting For each element being assessed, use a pre-defined ranking scale in a continuum graph and indicate the rating for the assessed area by a C for the current state and G for goal state. The example below is illustrative of the pre-defined ranking scale. Rating Definitions Non-Existent Initial or Ad-Hoc Repeatable & Intuitive Managed & Measurable Optimized Complete lack of any recognizable processes or strategies. There is evidence that the enterprise has recognized that the issues exist and need to be addressed. There are however, no standardized documented processes; instead, there are ad hoc approaches that tend to be applied on an individual or case-bycase basis. The overall approach to management is disorganized. Processes have developed to the stage where similar procedures are followed by different people when developing BCM/DR documentation. There is no formal training or communication or testing of BCM/DR procedures. High degree of reliance on the knowledge of individuals. Management monitors and measures compliance with procedures and takes action where processes appear not to be working effectively. Processes are under constant improvement and provide good practice. Testing is performed with a "siloed" approach without including internal/external dependencies. Processes have been refined to a level of good practice, based on the results of continuous improvement and maturity modeling with business continuity standards and practices. Cross functional coordination has led to better integration of BC/DR plans to improve resilience and recovery in the event of a business disruption. 22 Copyright 2014 Deloitte Development LLC. All rights reserved.
24 Reporting Alternatively, consider grading each BCM component and share with senior management and other members of the organization. An illustrative example: Governance Regulatory/Industry Compliance D C Exercising and Testing D Disaster Recovery Plans D- Telecommunications C Crisis Management D Data/Vital Records D Business Impact Analysis D Facilities/Infrastructure C Business Continuity Plans D Crisis Management Plans A- Third Party Continuity D Emergency Response A- Training and Awareness D OVERALL GRADE: D+ 23 Copyright 2014 Deloitte Development LLC. All rights reserved.
25 Trends Resilience and the related disciplines of Crisis Management, Business Continuity and Disaster Recovery have not made the major strides that some might have thought. While we have witnessed innovations in mobile computing, data analytics, geographic information systems and learning...most resilience programs have been stuck in older methods and models. Some of the trends we have seen include: Mobility companies are finally moving away from paper-based plans that are not actionable. They are realizing their lack of operational benefit. They are trying to leverage mobile devices, more dynamic decision-making and more internet-based decision making. Executive Dashboards the most senior executives need transparency into the resilience program (e.g., measurement, metrics). They need to understand the Key Risk Indicators and Key Performance Indicators for their resilience program. Social Media organizations are more aware that social media can be used to monitor crisis events and it can be a very valuable tool in communicating with stakeholders. Data Analytics risk analysis and business impact analysis data can all be very valuable immediately proceeding and during a disruption. This data can be managed and be used for more analytics around strategies and actual response to events. 24 Copyright 2014 Deloitte Development LLC. All rights reserved.
26 Common findings and trends
27 Some top Internal Audit findings 1. Lack of centralized structure program elements work in SILO 2. Lack of support from Senior Management 3. Recovery and Restoration are after thought 4. Disconnect between Senior Leadership s perception of IT recoverability and actual recovery capabilities reported by technical staff 5. Mismatch between application s criticality to the business and IT recovery investments 6. Piece-meal approach to testing 7. Lack of integration between emergency response, business continuity plans and IT disaster recovery plans 26 Copyright 2014 Deloitte Development LLC. All rights reserved.
28 Some top Internal Audit findings 8. Lack of up-to-date documentation on recovery procedures dependence on a limited number of key personnel for recovery 9. Underestimation of effort & time required to recover from tape backups 10. Key vendors and service providers not included in recovery planning or testing 11. Lack of business participation in recovery testing and verification activities 12. Business-supported systems and key desktop systems lack recovery plans 13. Lack of a formal budget across the organization to support resiliency 14. Lack of a feedback loop ensuring that lessons learned from exercises and testing are incorporated into update resiliency policy, procedure and process. 27 Copyright 2014 Deloitte Development LLC. All rights reserved.
29 Some things to look for in your organization Executive visibility is limited on the quality of their capabilities No or failed CM/BC/DR Testing Poor or slow response capabilities to a real event Significant or consistent IT failures of any size IT outsourcing with insufficient contractual commitments around DR Complex supply chains with single points of failure Compliance concerns Enterprise Risk Management integration or lack thereof Resilience does not come in a bottle - maybe it does!) 28 Copyright 2014 Deloitte Development LLC. All rights reserved.
30 Questions?
31 Contact Us Bruce Daly ERS Principal Deloitte & Touche LLP 350 South Grand Los Angeles, CA Office: Mobile: Mark P. Ruppert CPA, CIA, CISA, CHFP, CHC Director, Internal Audit Cedars-Sinai Health System 6500 Wilshire Boulevard Suite 600 Los Angeles, CA Office : ruppertm@cshs.org 30 Copyright 2014 Deloitte Development LLC. All rights reserved.
32 This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation.
Extended Enterprise Risk Management
Extended Enterprise Risk Management Driving performance through the extended enterprise October 2015 A network within a network The Extended Enterprise is the concept that an organization does not operate
More informationIntroducing ISO 22301
Introducing ISO 22301 1 2 Background How was the ISO22301 formed? Contributors 3 Context 4 Source documents included BS25999-2 NFPA 1600 ASIS OR standard Singapore standards ISO 27031 ISO Guide 73 ISOPAS22399
More informationOutsourcing transparency evolution
Outsourcing transparency evolution How information transparency creates value across the extended enterprise Outsourcing transparency evolution Transparent communication is evolving for outsource service
More informationRisk Advisory Services Developing your organisation s governance for competitive advantage
Advisory Services Developing your organisation s governance for competitive advantage The Deloitte Advisory Platform of Services can help you to govern your strategic plan to guide your operations measure
More informationAgenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)
The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview
More informationISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE
Version 1b: September 5, 2009 ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE Draft Version 1b: September 5, 2009 Abstract A comprehensive management systems approach to prevent,
More informationBusiness Continuity & Disaster Recovery
Business Continuity & Disaster Recovery Richard Long, Senior Advisory Consultant MHA Consulting Presented at CopperPoint SafetyWorks Aug & Sep, 2017 2017 MHA CONSULTING. ALL RIGHTS RESERVED. COMPANY BACKGROUND
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Learning Objectives To understand the concept of Business Continuity Management; To understand the key phases and components of a Business
More informationISO Business Continuity Management. Your implementation guide
ISO 22301 Business Continuity Management Your implementation guide Build a robust and resilient organization with ISO 22301 It s never been more important to protect your business from the unexpected.
More informationINFORMATION SERVICES FY 2018 FY 2020
INFORMATION SERVICES FY 2018 FY 2020 3-Year Strategic Plan Technology Roadmap Page 0 of 14 Table of Contents Strategic Plan Executive Summary... 2 Mission, Vision & Values... 3 Strategic Planning Process...
More informationBuilding and Maintaining a Business Continuity Program
Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery 1 Building and Maintaining a Business Continuity Program Table
More informationRSA. Archer Risk Intelligence Index
RSA Archer OVERVIEW In October 2015, RSA completed a global survey of almost 400 organizations to gather insight into current trends and perceptions regarding Risk Management. The survey utilized RSA s
More informationInside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali
MANAGING OPERATIONAL RISK IN THE 21 ST CENTURY White Paper Series Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali 2 In today s competitive and
More informationBUSINESS CONTINUITY AS A SERVICE
BUSINESS CONTINUITY AS A SERVICE CONFIDENCE IN CONTINUITY From the launch of the UK s first managed online backup services over 15 years ago, to our leading Disaster Recovery as a Service (featured in
More informationHow can you improve your ability to identify, respond and adapt to significant operational interruptions?
How can you improve your ability to identify, respond and adapt to significant operational interruptions? Agenda I Introductions and objectives II Why is resilience important III Typical issues be aware
More informationUS Business Continuity Safeguarding Your Business from a Disaster
US Business Continuity Safeguarding Your Business from a Disaster Juanita Hardin BMO Harris Bank Head TPS Risk and Compliance William Simmons BMO Harris Bank Vice President Business Continuity Management
More informationCultivating a Risk Intelligent Culture A fresh perspective
Cultivating a Risk Intelligent Culture A fresh perspective October 2012 Why culture? In managing risk effectively it is important to understand what drives behaviours towards risk As the Global Financial
More informationLegal Firms and the Struggle to Protect Sensitive Data IT Disaster Recovery Planning and Preparedness Survey
Legal Firms and the Struggle to Protect Sensitive Data 2016 IT Disaster Recovery Planning and Preparedness Survey 1 Table of Contents Survey Objectives... 3 Survey Results... 4-10 Conclusion: Making Sense
More informationMaturity Modeling: A Strategic Roadmap to Improve Your Business Continuity Program
Maturity Modeling: A Strategic Roadmap to Improve Your Business Continuity Program Presentation to Association of Contingency Planners November Meeting Agenda Section 1 Metrics Section 2 Program Maturity
More informationPeople analytics: Actionable insights are the new mandate The Dbriefs HR Executives series
People analytics: Actionable insights are the new mandate The Dbriefs HR Executives series Lisa Disselkamp, Managing Director, Deloitte Consulting LLP David Fineman, Specialist Leader, Deloitte Consulting
More informationIMPLEMENT A PIPELINE SMS
GROUP HOW TO IMPLEMENT A PIPELINE SMS AN INTRODUCTORY GUIDE WITH IMPLEMENTATION SUGGESTIONS AND STRATEGIES 3 2 YOUR GUIDE TO IMPLEMENTATION. An Introductory Guide on How to Implement Pipeline SMS Implementing
More informationShared Services in the Financial Services Industry: An Operating Model to Reach Strategic Goals
Shared Services in the Financial Services Industry: An Operating Model to Reach Strategic Goals Financial institutions have sought to enhance back- and middle office operations to deliver sustainable cost
More informationBrand, Reputation and Culture Risk. January 15, 2018
Brand, Reputation and Culture Risk January 15, 2018 Speaking with you today: Today s learning objectives Claudia Douglass Managing Director, Strategic Risk Services US Health Care Providers Strategic &
More informationEnterprise Risk Management
Compliance, Audit, Risk Management and Legal Affairs Committee Enterprise Risk Management Higher Education Scorecards, Performance Based Metrics, and Faculty Compensation Alan D. Phillips Vice President
More informationSTRATEGY & RISK OVERSIGHT. David F. Larcker and Brian Tayan Corporate Governance Research Initiative Stanford Graduate School of Business
STRATEGY & RISK OVERSIGHT David F. Larcker and Brian Tayan Corporate Governance Research Initiative Stanford Graduate School of Business STRATEGIC DEVELOPMENT AND OVERSIGHT One of the primary responsibilities
More informationITIL CSI Intermediate. How to pass the exam
ITIL CSI Intermediate How to pass the exam CSI Objectives 1. Review, analyse and make recommendations on improvement opportunities in each lifecycle phase: Service Strategy, Service Design, Service Transition
More informationInternal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation
2015 State of the Internal Audit Profession Study Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation 68% of companies have gone through or
More information2016 Business Continuity / Disaster Recovery Internal Audit Report
Internal Audit 2016 Business Continuity / Disaster Recovery Internal Audit Report Approved: Isaac S. Clarke May 13, 2016 Report Reference: R-16-2 Executive Summary Background and Procedures Performed Disaster
More informationAn Overview of the AWS Cloud Adoption Framework
An Overview of the AWS Cloud Adoption Framework Version 2 February 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes
More informationThe BIG question: How can you optimize to drive growth?
The BIG question: How can you optimize to drive growth? While many transformations are undertaken to cut costs or make incremental improvements, growthfocused transformations have the potential to directly
More informationProposed Attestation Requirements for FR Y-14A/Q/M reports. Overview and Implications for Banking Institutions
Proposed Attestation Requirements for FR Y-14A/Q/M reports Overview and Implications for Banking Institutions O Background n September 16, 2015, the Board of Governors of the Federal Reserve System ( Federal
More informationDigital HR: Driving organizations to be digital, not just do digital
Digital HR: Driving organizations to be digital, not just do digital The Dbriefs HR Executive series Anthony Abbatiello, Principal, Deloitte Consulting LLP Art Mazor, Principal, Deloitte Consulting LLP
More informationBusiness Resilience They Cannot Do This Without You!
Business Resilience They Cannot Do This Without You! Maureen Roskoski, Facility Engineering Associates PC Laurie Gilmer, Facility Engineering Associates PC Meet Our Presenters: Maureen K. Roskoski, CFM,
More informationThe hidden reality of payroll & HR administration costs
The hidden reality of payroll & HR administration costs Exploring hidden cost drivers and characteristics of cost-effective organizations January 2011 Contents Executive overview 1 Methodology 3 Key findings
More informationInternal Oversight Division. Internal Audit Strategy
Internal Oversight Division Internal Audit Strategy 2018-2020 Date: January 24, 2018 page 2 TABLE OF CONTENTS LIST OF ACRONYMS 3 1. BACKGROUND 4 2. PURPOSE 4 3. WIPO STRATEGIC REALIGNMENT PROGRAM 5 (A)
More informationCLAconnect.com/creditunions. Impact the Future of Credit Unions
CLAconnect.com/creditunions Impact the Future of Credit Unions We Believe Enabling your success means a better world for all of us, but now, more than ever, a greater number of operational, regulatory,
More informationInternal Audit innovation Structured methods to unlock new value
Internal Audit innovation Structured methods to unlock new value Internal Audit innovation October 17, 2017 Organizations are demanding more from Internal Audit. Senior executives, audit committees, and
More informationUnderstanding employee engagement after a corporate acquisition A global communications company. EngagePath client spotlight
Understanding employee engagement after a corporate acquisition A global communications company EngagePath client spotlight Situation Following a complex corporate acquisition, a global communications
More informationAn intelligent approach to unlocking value in service delivery transformation Focus on risk from the start
An intelligent approach to unlocking value in service delivery transformation Focus on risk from the start A proactive approach can go a long way toward mitigating many of the risks associated with service
More informationHow Your Business Survival Depends On Disaster Recovery.
How Your Business Survival Depends On Disaster Recovery www.itgct.com 1 Business continuity and disaster recovery, known as BCDR or BC/DR, are essential for ensuring the survival of your business in the
More informationConcept of Operations. Disaster Cycle Services Program Essentials DCS WC OPS PE
Concept of Operations Disaster Cycle Services Program Essentials DCS WC OPS PE October 2014 Change Log Date Page(s) Section Change Owner: Disaster Cycle Services 2 Change Log... 2 Introduction... 4 Purpose...
More informationBusiness Continuity Management for Singapore s Logistics Sector. By Singapore Business Federation and Singapore Logistics Association
Business Continuity Management for Singapore s Logistics Sector By Singapore Business Federation and Singapore Logistics Association Are You Ready? In today s highly connected business landscape, disruptions
More informationBusiness partners needed: Results of Deloitte s 2013 Global finance talent survey
Business partners needed: Results of Deloitte s 2013 Global finance talent survey Contents Business partners needed 3 Key survey findings 5 1. Finance, we have a brand problem 5 2. The most important talent
More informationGlobal Crises: What We Really Need to Do to Be Prepared. Day One / Session C5
Global Crises: What We Really Need to Do to Be Prepared Day One / Session C5 April 12, 2010 Clyde Berger Adam Chusid 0 Today s Objectives Present practical solutions for building a viable sustainable program
More information12.0 Business Continuity Management
Number 12.0 Policy Owner Information Security and Technology Policy Business Continuity Management Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 12. Business Continuity
More informationExtended Enterprise Risk Management
Extended Enterprise Risk Management Overview of Risks and Methodologies/Tools to Address FEI Presentation June 7, 2016 Our POV on Extended Enterprise Risk Management Operational Risk Framework Organizations
More informationEngaging the workforce. Getting past once-and-done measurement surveys to achieve always-on listening and meaningful response
Engaging the workforce Getting past once-and-done measurement surveys to achieve always-on listening and meaningful response Deloitte Employee Engagement Perspectives What is employee engagement? Organizations
More informationBusiness Resilience: Proactive measures for forward-looking enterprises
IBM Global Services Business Resilience: Proactive measures for forward-looking enterprises protect deflect predict adapt Working with IBM, you can develop and implement a flexible business resilience
More informationERM: Risk Maps and Registers. Performing an ISO Risk Assessment
ERM: Risk Maps and Registers Performing an ISO 31000 Risk Assessment Agenda Following a Standard? Framework First Performing a Risk Assessment Assigning Risk Ownership Data Management Questions? Following
More informationMid-market technology trends: Leveraging disruption to drive value The Dbriefs Private Companies series Anthony Stephan, Principal, Deloitte
Mid-market technology trends: Leveraging disruption to drive value The Dbriefs Private Companies series Anthony Stephan, Principal, Deloitte Consulting LLP Chris Jackson, Senior Manager, Deloitte Consulting
More informationDeloitte s High-Impact HR Operating Model: Business HR. Deloitte Consulting LLP
Deloitte s High-Impact HR Operating Model: Business HR Deloitte s High-Impact HR Operating Model: Business HR The business of Human Resources (HR) is the business HR has a mission: High impact. A new Operating
More informationBuilding A Holistic and Risk-Based Insider Threat Program
Building A Holistic and Risk-Based Insider Threat Program An Approach to Preventing, Detecting and Responding to Insider Threats Michael G. Gelles, Psy.D March 2015 Insider Threat Types & Drivers Insider
More informationBudgetary Resource Risk Management Unliquidated Obligations (ULOs) - Recovery and Prevention September 2014
Improving Resource Effectiveness Budgetary Resource Risk Management Unliquidated Obligations (ULOs) - Recovery and Prevention September 2014 Christina Canavan Senior Manager in the Federal Advisory practice
More informationA guide to assessing your risk data aggregation strategies. How effectively are you complying with BCBS 239?
A guide to assessing your risk data aggregation strategies How effectively are you complying with BCBS 239? This page was left blank intetionally. BCBS 239: A guide to assessing your risk data aggregation
More informationHigh-Impact Talent Management in the Mid-Market November 30, 2016
High-Impact Talent Management in the Mid-Market November 30, 2016 Today s Agenda & Presenters Talent management challenges midmarket organizations face today How mid-market organizations can apply our
More informationOperational Risk Management (#DOpsRisk) Solutions suite
Operational Risk Management (#DOpsRisk) Solutions suite Design. Operate. Master. Transform. solutions with strong underlying value Our solution offering Strategy and program Measuring success Elevating
More informationAdaptive Business Continuity Manifesto
Adaptive Business Continuity Manifesto Definition: Adaptive Business Continuity (Adaptive BC) is an approach to continuously improve an organization s recovery capabilities, with a focus on the continued
More informationA Vision of an ISO Compliant Company by Bruce Hawkins, MRG, Inc.
A Vision of an ISO 55000 Compliant Company by Bruce Hawkins, MRG, Inc. ISO 55000 refers to a series of three standards outlining the purpose, requirements, and implementation guidance for an Asset Management
More informationIT GOVERNANCE AND MANAGED SERVICES Creating a win-win relationship
IT GOVERNANCE AND MANAGED SERVICES Creating a win-win relationship TABLE OF CONTENTS IT Governance and Managed Services 3 ROLE OF IT GOVERNANCE AND OUTSOURCING 3 IT GOVERNANCE AND THE OUTSOURCING CONTRACT
More informationInfrastructure and Capital Projects
Infrastructure and Capital Projects Contents Deloitte s Capabilities in Infrastructure and Capital Projects 1 Strategy and Planning 3 Financing and Procurement 4 Project Organisation, Execution and Construction
More informationRC & CRISIS MANAGEMENT. risk compliance RISK & COMPLIANCE MAGAZINE. risk & compliance REPRINTED FROM: JUL-SEP 2015 ISSUE
R E P R I N T RC & risk compliance & CRISIS MANAGEMENT REPRINTED FROM: RISK & COMPLIANCE MAGAZINE JUL-SEP 2015 ISSUE RC & risk & compliance Visit the website to request a free copy of the full e-magazine
More informationRisk Intelligent Enterprise Risk Management (ERM) Dolores Atallo-Hazelgreen, Firm Director
Risk Intelligent Enterprise Risk Management (ERM) Dolores Atallo-Hazelgreen, Firm Director March, 2010 Today s Agenda In the Spotlight More Than 15 Minutes of Fame Marketplace Perspective Deloitte Global
More informationIncident Management Systems:
Emergency Notification Incident Management Incident Management Systems: A Business Continuity Program Game-Changer Table of Contents Introduction Poised for Mainstream Adoption Marketplace Confusion Standardization
More informationYour Workday Operating Model The Build Versus Buy Decision
Aon Hewitt Cloud Solutions Your Workday Operating Model The Build Versus Buy Decision Let experience guide you in determining the optimal mix of in house and external support when defining a sustainable
More informationFocus on Resiliency: A Process Improvement Approach to Security
Focus on Resiliency: A Process Improvement Approach to Security Introducing the Resiliency Engineering Framework Rich Caralli & Lisa Young Software Engineering Institute CSI 33 rd Annual Security Conference
More informationRisk Management Strategy
Risk Management Strategy 2017-2019 Created by: Role Name Title Author / Editor Kevin McMahon Head of Risk Management & Resilience Lead Executive Margo McGurk Director of Finance & Performance Approved
More informationFAA PMIWDC LUNCHEON SERIES STRATEGIC PLANNING; WHAT, WHY, AND HOW
FAA PMIWDC LUNCHEON SERIES STRATEGIC PLANNING; WHAT, WHY, AND HOW John Lever, Managing g Partner The Lever Group February 29 th, 2012 vision mission strategy performance INTRODUCTION AND SESSION OVERVIEW
More informationNavigating the Intersection of Vendor Management and Business Continuity
Navigating the Intersection of Vendor Management and Business Continuity MICHAEL BERMAN, J.D. Table of Contents Why are we here? Business Continuity and Vendor Management Primary Intersection BCP Each
More informationDeveloping a Successful Product
Developing a Successful Product What is the appropriate level of governance? Kelly Cusick, Deloitte Consulting LLP March 30, 2014 Antitrust Notice The Casualty Actuarial Society is committed to adhering
More informationQuality Assessments what you need to know
Quality Assessments what you need to know Patty Miller, Partner Deloitte & Touche LLP Cavell Alexander, VP-Internal Audit Intermountain Healthcare Overview of requirements Scope of assessment Approaches
More informationProject Management 2020: Enabling Project Management Capabilities Outside of IT For information, contact Deloitte Touche Tohmatsu Limited.
Project Management 2020: Enabling Project Management Capabilities Outside of IT 2015. For information, contact Deloitte Touche Tohmatsu Limited. Kimberly Crayton Corley, PMP Associate Director Deloitte,
More informationA Strategic Approach to Bank Fraud
Fraud Case Study A Strategic Approach to Bank Fraud How Banks Can Move From Reactive to Proactive Fraud Prevention and Detection Fraud prevention and detection remains one of the biggest and most pressing
More informationWORK PLAN AND IV&V METHODOLOGY Information Technology - Independent Verification and Validation RFP No IVV-B
1. Work Plan & IV&V Methodology 1.1 Compass Solutions IV&V Approach The Compass Solutions Independent Verification and Validation approach is based on the Enterprise Performance Life Cycle (EPLC) framework
More informationEvaluating Your Business Continuity Plan: Beyond Checklists and Walkthroughs. Troy Harris, Director McGladrey LLP. All Rights Reserved.
Evaluating Your Business Continuity Plan: Beyond Checklists and Walkthroughs Troy Harris, Director McGladrey LLP Agenda Business Continuity Planning Overview Program Initiation and Management Disaster
More informationRSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT
RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT OVERVIEW Internal Audit (IA) plays a critical role in mitigating the risks an organization faces. Audit must do so in a world of increasing risks and compliance
More informationHealth Solutions. Commercial Health Solutions Overview EXPANDING INSIGHT. ENSURING VALUE. IMPROVING OUTCOMES.
Health Solutions Commercial Health Solutions Overview EXPANDING INSIGHT. ENSURING VALUE. IMPROVING OUTCOMES. Expanding Insight. Ensuring Value. Improving Outcomes. Organizations look to experienced solutions
More informationGlobal mobility shared service centres That s the bottom line
Global mobility shared service centres That s the bottom line September 2014 Contents Introduction 1 Why consider it? 2 How would we do it? 3 Who to contact 8 Introduction Most, if not all companies, are
More informationEnterprise Risk Management: Aligning Risk with Strategy & Performance June 26, :45 p.m. 4:45 p.m.
Enterprise Risk Management: Aligning Risk with Strategy & Performance June 26, 2017 3:45 p.m. 4:45 p.m. Presented by: Marc Winkler Director P&G Associates 646 Highway 18 East Brunswick, NJ 08816 P: 877-651-1700
More informationThe Path to Creating and Sustaining Value. The Scorecard. for Selecting, Managing & Leveraging your Services Team:
The Path to Creating and Sustaining Value The Scorecard for Selecting, Managing & Leveraging your Services Team: This presentation is only for the private consumption of ISC Session attendees. Any other
More informationInternational Finance Corporation
International Finance Corporation Corporate Governance and Internal Audit Overview Bob Lamm Independent Senior Advisor Center for Corporate Governance Deloitte LLP Neil White Global IA Analytics Leader
More informationAKTIVOV Asset Management System
AKTIVOV Asset System Aktivov means Assets We provide core expertise, business knowledge, and tools on Enterprise Asset, and Operations & Maintenance Strategies, while you concentrate on your core competence.
More informationBuilding an Integrated Talent Management Strategy. Stavros Liakakos, VP HCM Strategy Knowledge Infusion
Building an Integrated Talent Management Strategy Stavros Liakakos, VP HCM Strategy Knowledge Infusion 1 Knowledge Infusion: HCM as a Strategy 2 Vicious Cycle 3 Talent Management Strategy Alignment 4 Key
More informationManaged IT Services. Eliminating technology pains for small businesses
Eliminating technology pains for small businesses Having a complete IT department is not a viable solution for most small businesses, and very few small companies can afford to deploy even one permanent
More informationManaged IT Services. Eliminating technology pains for small businesses
Eliminating technology pains for small businesses Having a complete IT department is not a viable solution for most small businesses, and very few small companies can afford to deploy even one permanent
More informationFUTURE-PROOF YOUR WORKFORCE
FUTURE-PROOF YOUR WORKFORCE THE WHAT, WHY, WHEN AND HOW OF STRATEGIC WORKFORCE PLANNING SUSAN DEFAZIO TABLE OF CONTENTS 3 Introduction 6 What does good SWP look like? 8 Why SWP matters to risk & operational
More informationReduces the risk of downtime caused by infrastructure failure.
Description enables the ongoing and maintenance of the jurisdiction s IT infrastructure to ensure delivery of the agreed-upon level of services to the jurisdiction. IT processing requires effective of
More informationDeveloping an Effective Disaster Recovery Plan
Developing an Effective Disaster Recovery Plan We will figure it out! or What is the point, anyway? January 2017 1 MHA CONSULTING, INC. KEY FACTS A 17-year proven track record of applying industry standards
More informationStandardize, streamline, simplify: Applications rationalization during M&A Part of the Wired for Winning series on M&A technology topics
Deloitte M&A Institute Standardize, streamline, simplify: Applications rationalization during M&A Part of the Wired for Winning series on M&A technology topics Most companies tend to accumulate a large
More informationInformation Technology Specialist GS Career Path Guide
Information Technology Specialist GS-2210 Career Path Guide August 2014 (This page intentionally left blank.) HUD LEARN Information Technology Specialists Career Path Guide TABLE OF CONTENTS INFORMATION
More informationDeciphering third-party business risk in a period of weak commodity prices
Deciphering third-party business risk in a period of weak commodity prices Contents Introduction 1 Mitigating risk 2 Types of business disruption risk 4 Business Disruption Risk Analytics solution 5 Analyzing
More informationInformation Technology Risks in Today s Environment
Information Technology s in Today s Environment - Traci Mizoguchi Enterprise Services Senior Manager, Deloitte & Touche LLP Agenda Overview Top 10 Emerging IT s Summary Q&A 1 Overview Technology continues
More informationCorporate Risk Profile. National Film Board of Canada
Corporate Risk Profile National Film Board of Canada Approved by the NFB Board of Trustees March 1 st, 2013 Contents 1. Introduction... 3 1.1 Integrated risk management at the NFB Background... 3 1.2 MAF
More informationA Risk Management Framework for the CGIAR System
Agenda Item 10 For Decision Issued: 25 October 2017 A Risk Management Framework for the CGIAR System Purpose Building on core principles presented at SC4 for early input, this paper summarizes the main
More informationAligning perception with reality in shared services governance
Aligning perception with reality in shared services governance Insights from Deloitte s 2014 Voice of the Customer and Voice of the Shared Services Leader surveys Introduction When it comes to perceptions
More informationEmpower your field technicians. A smarter approach to managing field assets using mobile tools
Empower your field technicians A smarter approach to managing field assets using mobile tools Empower your field technicians A smarter approach to managing field assets For many organizations, the workforce
More informationISACA. The recognized global leader in IT governance, control, security and assurance
ISACA The recognized global leader in IT governance, control, security and assurance High-level session overview 1. CRISC background information 2. Part I The Big Picture CRISC Background information About
More informationBack to School for Business Services how to get it right?
Back to School for Business Services how to get it right? CORE conference November 8, 2016 1 Shared Services and Outsourcing Advisory WHO WE ARE KPMG s Shared Services and Outsourcing Advisory practice
More informationGlobalization of HR and How Digital Transformation can Help. In partnership with: HR.Payroll.Benefits.
Globalization of HR and How Digital Transformation can Help In partnership with: HR.Payroll.Benefits. 2 Globalization of HR and How Digital Transformation can Help Globalization of HR and How Digital Transformation
More informationFIS Wealth Solutions. Luke McCabe, EVP, FIS Simon Algar, Principal, wealth-reports April 11, 2017
FIS Wealth Solutions Luke McCabe, EVP, FIS Simon Algar, Principal, wealth-reports April 11, 2017 Today s Discussion Overview: FIS Wealth Solutions Industry view: Optimizing your operating model Looking
More information