Purposing the entirety of COBIT5 for the Assurance Professional. Ross E. Wescott MA CISA CIA CCP CUERME Wescott & Associates
|
|
- Milo Burke
- 6 years ago
- Views:
Transcription
1 Purposing the entirety of COBIT5 for the Assurance Professional Ross E. Wescott MA CISA CIA CCP CUERME Wescott & Associates The Conference that Counts, Albany New York Monday March 19, 2018 ROSS WESCOTT is Principal of Wescott and Associates, established in 2016 to provide IT audit, risk, governance, and control consulting to a variety of industries and government. He has experience in IT audit program development and implementation using leading standards including Cobit5 IT governance Internal Audit strategy, policy, standards, procedures, and guidelines development and maintenance Risk identification and assessment Controls identification, design and evaluation Data analytics End-to-end IT audit management and execution IT SOX program development and operation Disaster recovery plan development and review, scenario/exercise development and testing Recruiting, team building, development, teaching. Ross Wescott graduated from Portland State University in 1975 with a major in Mathematics/Computer Science. He also graduated in 1986 from Marylhurst University with a Master in Management. He is a Certified Internal Auditor, Certified Information Systems Auditor, Certified Computer Professional, and a Credit Union Enterprise Risk Management Expert. He is a current and active member of the Institute of Internal Auditors and the Information Systems Audit and Control Association. He has been published in the major Internal Auditing publications and has been a speaker at conventions and conferences on many Internal Audit topics. 2 1
2 IT assurance professionals have successfully used ISACA s COBIT products for many years. The IT assurance professional focus of these products made them the right tool to perform the right audits of IT. However, the IT management and governance focus of COBIT5 is a noticeable departure from previous versions. With the refocus of COBIT5, how can the IT Assurance professional take advantage of the advances and concepts of COBIT5 in the performance of their work? In this session, you will learn: the history of COBIT and its predecessor assurance vs. governance vs. management the guiding principles of COBIT 5 transitioning to COBIT 5 turning COBIT 5 into an IT Audit assurance tool 3 Before I begin, there is a bit of a conundrum 4 2
3 I want to set the foundation for COBIT as thoroughly as possible. But There is so much information on COBIT available, it would take days to do it justice. So I will give you a taste of COBIT just to get started. The rest you will have to do on your own. But, we will cover COBIT for the Assurance professional more thoroughly. 5 From the 70s, a compilation of guidelines, procedures, best practices, and standards for conducting EDP audits entitled "Control Objectives updated four times between 1980 and COBIT (1996) and COBIT 2nd Edition (1998). Focus: Control Objectives COBIT 3rd Edition (2000), Focus: Management Guidelines added COBIT 4.0 (2005) and COBIT 4.1 (2007). Focus: Governance and compliance processes added COBIT 5.0 (2012) Focus: Assurance processes removed, Full focus on IT governance and management 6 3
4 7 COBIT 5 is primarily a business framework made by, and for, practitioners and includes insights from IT and general management literature, including concepts and models such as strategic alignment, balanced scorecard, IT savviness and organizational systems. The core elements of COBIT 5 are built on these IT and general management insights. * ISACA COBIT Series White Paper 2014 ISACA. All rights reserved. For usage guidelines, see 8 4
5 And that can be audited: For Gaining Compliance: because it outlines the steps a business needs to take to be in accordance with legislative constraints by offering a set of best/good practices that will improve weaknesses in IT control areas. For Assessing Risk: because the uniform approach to IT/business integration can identify and help to mitigate organizational risk for IT and business as a whole. For Achieving Strategy: because it relates IT-goals to enterprise goals in a goal cascade that help define priorities improvements. 9 COBIT 5 is based on 5 principles that enable the organization to build an effective governance and management framework that optimizes information and technology investment and use for the benefit of a wide range of organizational stakeholders. These 5 COBIT principles are specifically designed to be generic so that, while they provide guidance, they are at the same time applicable for enterprises of all sizes, whether commercial, not for profit, or in the public sector. 10 5
6 The 5 Principles 11 Enablers are aspects that, separately and together, guide whether something will work in the case of COBIT 5: governance and management over enterprise IT. Enablers are driven by COBIT goals, where higher-level IT-related goals define what the different enablers should achieve. 12 6
7 1. Principles, policies and frameworks are the vehicle to translate the desired behavior into practical guidance for day-to-day management. 2. Processes describe an organized set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals. 3. Organizational structures are the key decision-making entities in an enterprise. 4. Culture, ethics and behavior of individuals and of the enterprise are very often underestimated as a success factor in governance and management activities Information is required for keeping the organization running and well governed, but at the operational level, information is very often the key product of the enterprise itself. 6. Services, infrastructure and applications include the infrastructure, technology and applications that provide the enterprise with information technology processing and services. 7. People, skills and competencies are required for successful completion of all activities, and for making correct decisions and taking corrective actions. 14 7
8 Also, COBIT Assessment Guide 15 Unlike COBIT (1996) and COBIT 2nd Edition (1998) where the focus was on assurance and the control objective as a bridge from the 1970 s, COBIT 5 is NOT about control objectives. In fact, control objectives are gone. Control objectives were turned into best or good management practices. The audience for the product is not the assurance professional but IT management. So what is the assurance professional to do when the COBIT product seems to not be for them? 16 8
9 CRY? 17 Get Angry? 18 9
10 Give Up? 19 Or, figure out how to make it work? 20 10
11 I decided to figure it out! 21 From COBIT 5 Enabling Processes Documentation 22 11
12 COBIT 4.1 to COBIT5 Mapping - From COBIT 5 Enabling Processes 23 VAL-IT - Framework for Business Technology Management - set of guiding principles for governance framework, and supporting publications addressing the governance of IT-enabled business investments RISK-IT - Framework for Management of IT Related Business Risks - provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues 24 12
13 VAL IT 2.0 to COBIT 5 - From COBIT 5 Enabling Processes 25 From RISK IT to COBIT 5: From COBIT 5 Enabling Processes 26 13
14 Using COBIT 5 as the foundation Using the related linkages to COBIT 4.1, RISK IT, and VAL IT And changing the wording of the COBIT5 Management Objectives to turn them into Assurance Objectives COBIT5 became instantly usable to me as an assurance professional. 27 Let s look at an example
15 Let s use EDM01 as the basis for our example. 29 Let s use EDM01 as the basis for our example
16 Let s use EDM01 as the basis for our example. 31 Let s use EDM01 as the basis for our example
17 Let s Briefly See What I Did With This 33 It took me 6 months of effort in 2013 to take COBIT 5 and do exactly what ISACA told us to do, albeit late, in 2014 but without the ways to do it. I customized COBIT5 for my assurance practice. What I came out with in the end was a fully functional audit program using 100% of my own tests and approach that covered all of COBIT5 supplemented with CobIT 4.1, RISK IT, and VAL IT. Over 1000 audit objectives and nearly 1500 tests, all based on these management objectives. I put it into practice from 2014 to 2015 and audited our IT group against Cobit5. All in all, the whole effort took 3 years
18 Process Background An IT governance framework allows IT to bridge the gaps effectively among control requirements, technical issues, and business risks. A well-established system of IT governance also enables clear policy development and good practice for IT control throughout, emphasizes regulatory compliance, and helps to increase the value attains from IT. IT governance puts structure around how to align IT strategy with business strategy, ensuring that stays on track to achieve stated strategies and goals, and implements good ways to measure IT s performance. An IT governance framework answers some key questions such as: how the IT department is functioning overall, what key metrics management needs and what return IT is giving back to the business from the investment it s making. Every organization needs a way to ensure that the IT function sustains the organization s strategies and objectives. To ensure that IT-related decisions are made in line with strategies and objectives, IT-related processes should receive effective and transparent oversight, comply with legal and regulatory requirements, and meet Board requirements. 35 Process Description Analyze and articulate the requirements for the governance of enterprise IT, and put in place and maintain effective enabling structures, principles, processes and practices, with clarity of responsibilities and authority to achieve the enterprise s mission, goals and objectives. Process Purpose Statement Provide a consistent approach integrated and aligned with the enterprise governance approach. To ensure that IT-related decisions are made in line with the enterprise s strategies and objectives, ensure that IT-related processes are overseen effectively and transparently, compliance with legal and regulatory requirements is confirmed, and the governance requirements for board members are met
19 Process Assessment Objectives The objectives of this assessment are to determine if A consistent and integrated approach aligned with the enterprise governance approach is provided. IT-related decisions are made in line with the enterprise s strategies and objectives. IT-related processes are overseen effectively and transparently. Compliance with legal and regulatory requirements is confirmed. The governance requirements for board members are met. 37 Process Risk Drivers (partial list) Controls not operating as expected Decreased stakeholder confidence High effort required to achieve compliance because of wrong or late decisions Ineffective responsibilities and accountabilities established for IT processes Non-compliance with regulatory requirements Organizational failure to maximize the use of emerging technological opportunities to improve business and IT capability 38 19
20 EDM01.01 Governance Practice Original My Change Evaluate the governance system. Continually identify and engage with the enterprise s stakeholders, document an understanding of the requirements, and make a judgement on the current and future design of governance of enterprise IT. Evaluate the governance system. IT should continually identify and engage with the enterprise s stakeholders, document an understanding of the requirements, and make a judgement on the current and future design of governance of enterprise IT. 39 Activity Title: EDM Activity Assessment Objective: Continually identify and engage with the enterprise s stakeholders, document an understanding of the requirements, and make a judgement on the current and future design of governance of enterprise IT. Activity Assessment Objective: Identify and analyze the internal and external environmental factors (e.g., legal, regulatory, and contractual obligations) and trends in the business environment that may influence governance design
21 Note: I rarely changed the activity wording, just the overall activity objective. Activities became audit steps. The activity assessments (tests) I created from scratch
22 The audit programs are fully aligned with COBIT 5: They explicitly reference all seven enablers. In other words, they are not exclusively process-focused; they also use the different dimensions of the enabler model to cover all aspects contributing to the performance of the enablers. They reference the COBIT 5 goals cascade to ensure that detailed objectives of the audit engagement can be put into the enterprise and IT context, and concurrently they enable linkage of the assurance objectives to enterprise and IT risk and benefits. 43 In practice, assurance professionals need to use their own professional judgment to develop their own customized audit programs based on these assurance guidelines. The reason: the guidelines are very comprehensive, very academic, and, as stated in the guidance, cannot be used directly as is. They must be tailored. It is up to the advanced assurance professional to take the material, customize it to their organizations format, and then execute their own version of COBIT5. I did and it was very revealing and compelling to my clients
23 Any Final Questions? 45 If you have any questions, please feel free to call and have a meaningful conversation: Ross Wescott MA CISA CIA CCP CUERME Principal Wescott and Associates rew5@comcast.net 46 23
24 Thank You! ISACA 2014 All rights reserved. Used with Permission Walt Disney All rights reserved
2013 COSO Internal Control Framework Update. September 5, 2013
2013 COSO Internal Control Framework Update September 5, 2013 Agenda 2013 COSO IC Framework Topic Minutes The update process 5 What is not changing / What is changing 5 The 17 principles and changes to
More informationAUDITING. Auditing PAGE 1
AUDITING Auditing 1. Professionalism The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal
More informationISACA. The recognized global leader in IT governance, control, security and assurance
ISACA The recognized global leader in IT governance, control, security and assurance High-level session overview 1. CRISC background information 2. Part I The Big Picture CRISC Background information About
More informationAn IT Governance Journey April Disclaimer: opinion being those of presenter(s) and not necessarily State Farm
An IT Governance Journey April 2018 Disclaimer: opinion being those of presenter(s) and not necessarily State Farm Agenda Opportunities Getting Ready COBIT 5 Application Benefits IT Governance Pattern
More informationImplementation of the Continuous Learning Policy for the Department of Defense Acquisition, Technology, and Logistics Workforce (DoD AT&LWF)
Implementation of the Continuous Learning Policy for the Department of Defense Acquisition, Technology, and Logistics Workforce (DoD AT&LWF) APPLICABILITY: The policy applies to all civilian and military
More informationIf It s not a Business Initiative, It s not COBIT 5
If It s not a Business Initiative, It s not COBIT 5 Steve Romero CISSP PMP CPM Romero Consulting Core Competencies C22 CRISC CGEIT CISM CISA 1 9/13/2013 1 COBIT Page 11 COBIT 5 product family 2 COBIT Page
More informationDIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015
DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015 DIRECTOR TRAINING AND QUALIFICATIONS SAMPLE SELF-ASSESSMENT TOOL INTRODUCTION The purpose of this tool is to help determine
More informationIn Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015
In Control: Getting Familiar with the New COSO Guidelines CSMFO Monterey, California February 18, 2015 1 Background on COSO Part 1 2 Development of a comprehensive framework of internal control Internal
More informationTranslate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.
Principles Principle 1 - Meeting stakeholder needs The governing body is ultimately responsible for setting the direction of the organisation and needs to account to stakeholders specifically owners or
More informationCGEIT Certification Job Practice
CGEIT Certification Job Practice Job Practice A job practice serves as the basis for the exam and the experience requirements to earn the CGEIT certification. This job practice consists of task and knowledge
More informationInternal Audit Policy and Procedures Internal Audit Charter
Mission Statement Internal Audit Policy and Procedures Internal Audit Charter The mission of the Internal Audit Department is to provide independent and objective reviews and assessments of the business
More informationAuditing Open Source Applications by Using COBIT 4.1
Auditing Open Source Applications by Using COBIT 4.1 Assist. Cristian AMANCEI, PhD candidate Academy of Economic Studies, Bucharest, Romania Department of Computer Science in Economics cristian.amancei@ie.ase.ro
More informationCOSO 2013: Updated internal control framework
COSO 2013: Updated internal control framework Athens, 10 October 2013 Background COSO's structure and mission COSO 1 is a joint initiative of five sponsoring organizations - American Accounting Association
More informationGovernance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.
Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS www.fic.gov.bc.ca INTRODUCTION The Financial Institutions Commission 1 (FICOM) holds the Board of Directors 2 (board) accountable for the stewardship
More informationFeature. Internal Audit s Contribution to the Effectiveness of Information Security (Part 2) Perceptions of Internal Auditors
Feature Paul John Steinbart is a professor in the Department of Information Systems in the W. P. Carey School of Business at Arizona State University (USA), where he also serves as the ISACA academic advocate.
More informationISO/IEC Process Mapping to COBIT 4.1 to Derive a Balanced Scorecard for IT Governance
DISCUSS THIS ARTICLE ISO/IEC 27001 Process Mapping to COBIT 4.1 to Derive a Balanced Scorecard for IT Governance By Christopher Oparaugo, CISM, CGEIT, CRISC COBIT Focus 14 December 2015 The balanced scorecard
More informationH U M A N R E S O U R C E S M A N A G E R
DESCRIPTION OF WORK: H U M A N R E S O U R C E S M A N A G E R Employees in this banded class provide leadership and supervision to professional/technical staff in the delivery of a contemporary human
More informationBRANCH MANAGER COMPETENCY MODEL
BRANCH MANAGER COMPETENCY MODEL Competencies Dealing with People Competencies Dealing with Business Through Selection Through Selection Organizational Management Oral Communications and Presentation Leading
More informationCompetency Area: Business Continuity and Information Assurance
Competency Area: Business Continuity and Information Assurance Area Description: Business Continuity and Information Assurance competency area mainly concerns the continuity, auditing and assurance of
More informationIT GOVERNANCE. WITH ROBERT GOODSELL, MANAGING DIRECTOR JOE BRUTSCHE, DIRECTOR PwC. April 4, 2013
IT GOVERNANCE WITH ROBERT GOODSELL, MANAGING DIRECTOR JOE BRUTSCHE, DIRECTOR PwC April 4, 2013 Agenda The challenge IT Governance defined IT Governance components Next steps Questions THE CHALLENGE The
More informationAudit of the Communication and Outreach programme at the United Nations Framework Convention on Climate Change EXECUTIVE SUMMARY
INTERNAL AUDIT DIVISION REPORT 2017/155 Audit of the Communication and Outreach programme at the United Nations Framework Convention on Climate Change Effectiveness of the Communication and Outreach programme
More informationFrom Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance
Sharon Hale and John Argodale May 28, 2015 2 From Dictionary.com Enterprise: A project undertaken or to be undertaken, especially one that is important or difficult or that requires boldness or energy
More informationCOBIT 5: IT is complicated. IT governance does not have to be
COBIT 5: IT is complicated. IT governance does not have to be ค ณวรางคณา ม ส กะส งข - นายกสมาคมผ ตรวจสอบและควบค มระบบสารสนเทศภาคพ น กร งเทพฯ และ Director, Assurance RCS PricewaterhouseCoopers ABAS Ltd.
More informationGLOBAL ADVOCACY PLATFORM
GLOBAL ADVOCACY PLATFORM 2 INTRODUCTION The Global Advocacy Platform has been developed to support the advocacy efforts of IIA institutes, chapters, volunteers, members, and other practitioners and stakeholders
More informationMaster of Science in Accountancy Non Thesis Industry Track
Master of Science in Accountancy Non Thesis Industry Track UE GRADUATE SCHOOL MASTER OF SCIENCE IN ACCOUNTANCY (MSA) Regular Program, Non-Thesis Total Units: 6 The proposal for the industry track substantially
More informationA GUIDE FOR APPROVED PROVIDERS
ALL YOU NEED TO KNOW ABOUT BUSINESS CREDITS: A GUIDE FOR APPROVED PROVIDERS WHAT ARE BUSINESS CREDITS? Business Credits are earned by SPHR and SPHRi certificants who complete programs or activities that
More informationMeasuring and Improving Information Technology Governance through the Balanced Scorecard
Measuring and Improving Information Technology Governance through the Balanced Scorecard Wim Van Grembergen University of Antwerp University Antwerp Management School Steven De Haes University Antwerp
More informationChoosing the Right UX Vendor
by Eric Schaffer CEO and Founder Human Factors International Many UX vendors are intent on just doing the projects. They don t focus on helping internal staff to learn UX skills or building a UX infrastructure
More informationIn October 1997, the Trade Commissioner Service (TCS) Performance measurement in the Canadian Trade Commissioner Service THE MANAGER S CORNER
Performance measurement in the Canadian Trade Commissioner Service Pierre Sabourin Ten lessons to ponder before embarking on a performance measurement initiative to improve your way of working. In October
More informationChanges Reviewed by Date. JO Technology Manager - Samer Huwwari JO Manager, Risk & Control Technology: Issa Laty. CIO, Jordan- Mohammad Aburoub
Governance and Management of Information and Related Technologies Guide 2017 Revision History Changes Reviewed by Date Version Author JO Technology Manager - Samer Huwwari JO Manager, Risk & Control Technology:
More informationMETROPOLITAN TRANSPORTATION AUTHORITY
ENTERPRISE RISK MANAGEMENT AND INTERNAL CONTROL GUIDELINES Pursuant to Public Authorities Law Section 2931 Adopted by the Board on November 16, 2016 These guidelines apply to the Metropolitan Transportation
More informationEnterprise Risk Management Defined and Explained
Enterprise Risk Management Defined and Explained Council of Engineering and Scientific Society Executives ACCESSE16 July 27, 2016 Paul Klein Managing Director Not-for-Profit Atlantic Coast Market Territory
More informationCOSO Internal Control Integrated Framework Proposed Update
COSO Internal Control Integrated Framework Proposed Update Presented by: Dustin Birashk September 20, 2012 1 DISCLOSURE STATEMENT The material appearing in this presentation is for informational purposes
More informationStrengthening Your Enterprise Risk Management Process
Strengthening Your Enterprise Risk Management Process Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400 Discussion Topics Definition of Enterprise
More informationMoving from BS to ISO The new international standard for business continuity management systems
Transition Guide Moving from BS 25999-2 to ISO 22301 The new international standard for business continuity management systems Extract from The Route Map to Business Continuity Management: Meeting the
More informationBUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017
For Exams Scheduled After March 31, 2017 CPA EXAM REVIEW BUSINESS UPDATES AND ACADEMIC HELP Click on Community and Support at www.becker.com/cpa CUSTOMER SERVICE AND TECHNICAL SUPPORT Call 1-877-CPA-EXAM
More informationValue-Added Internal Audit: Myth or Reality?
Value-Added Internal Audit: Myth or Reality? Istanbul 12 November 2013 Jean-Pierre Garitte, CIA, CCSA, CISA, CFE, RFA Past Chairman of the Board IIA Past President ECIIA Polling question #1 For how long
More informationTable of Contents 1. What s New... 1
Table of Contents Business and IT Impact Analysis Questionnaire... Impact - Risk... Scoring... 2 Facility / Business Function / Application... 3 Mandated Requirement Compliance... 4 Compliance - System
More informationIntroduction and Key Concepts Study Group Session 1
Introduction and Key Concepts Study Group Session 1 PDU: CH71563-04-2017 (3 hours) 2015, International Institute of Business Analysis (IIBA ). Permission is granted to IIBA Chapters to use and modify this
More informationREPORT 2016/033 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2016/033 Advisory engagement on the Statement on Internal Control project at the United Nations Joint Staff Pension Fund 25 April 2016 Assignment No. VS2015/800/01 CONTENTS
More informationKING III IT GOVERNANCE ALIGNED TO. Simon Liell-Cock Julio Graham Peter Hill CISA CISM CGEIT
IT GOVERNANCE ALIGNED TO KING III Simon Liell-Cock Julio Graham Peter Hill CISA CISM CGEIT IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za info@itgovernance.com 0825588732
More informationEnhancing Audit Committee Excellences through Internal Audit. 21 November 2017
Enhancing Audit Committee Excellences through Internal Audit 21 November 2017 Sharpen and Strengthen Excellences of Audit Committee Recent Trends and Emerging Challenges Global and Emerging Trends Roles
More informationnpliance IN 2008, MICROSOFT CORP. WAS FINED 899 MILLION Auditing for
IN 2008, MICROSOFT CORP. WAS FINED 899 MILLION EUROS (US $1.15 BILLION) BY EUROPEAN UNION REGULATORS for failing to comply with a 2004 antitrust order. The previous year, DaimlerChrysler paid a US $30
More informationBrink's Modern Internal Auditing
Brink's Modern Internal Auditing A Common Body of Knowledge Seventh Edition ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Preface About the Author xix XXV PART ONE CHAPTER 1 FOUNDATIONS OF MODERN INTERNAL
More informationCloudy skies. How to bring clarity to your cloud platform in order to optimize your investment. September 2016
Cloudy skies How to bring clarity to your cloud platform in order to optimize your investment September 2016 The benefits of the cloud are clear Flexibility Scalability Accessibility Decreased initial
More informationCONTINUING PROFESSIONAL DEVELOPMENT GUIDELINES
CONTINUING PROFESSIONAL DEVELOPMENT GUIDELINES Edition 12/02 Association of International Accountants 1 1.0 PROFESSIONAL RESPONSIBILITY 4 2.0 LIFELONG LEARNING 5 3.0 CPD FOR ALL 6 4.0 REQUIREMENTS 7 5.0
More informationAgenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)
The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview
More informationrisk and compliance department business plan
risk and compliance department business plan 2012-2014 TABLE OF CONTENTS 1. Our Services 1.1 Our Mandate 1.2 Lines of Business 2. Accomplishments 3. Implementing Sustainability 3.1 Strategy 1 3.2 Strategy
More informationInside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali
MANAGING OPERATIONAL RISK IN THE 21 ST CENTURY White Paper Series Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali 2 In today s competitive and
More informationTHE INSIDE STORY DISCUSSING THE HOT TOPICS FROM ORACLE LICENSE MANAGEMENT OPEN WORLD 2016
THE INSIDE STORY DISCUSSING THE HOT TOPICS FROM ORACLE LICENSE MANAGEMENT SERVICES @ OPEN WORLD 2016 An introduction from Jonathan Koop, Global Vice President, Oracle License Management Services (LMS)
More informationModule 6: Business Application Software Audit. Chapter 1: Business Application Software Audit
Module 6: Business Application Software Audit Chapter 1: Business Application Software Audit 1 Basic Learning Objectives Task Statement Knowledge Statement 2 Learning Objectives Business application software
More informationShort, engaging headline
Short, engaging headline Internal controls over financial reporting Designing a healthy program that evolves to meet changing needs kpmg.ca In this series of white papers, KPMG s Risk Consulting practice
More informationEVALUATION OF INFRASTRUCTURE INFORMATION TECHNOLOGY GOVERNANCE USING COBIT 4.1 FRAMEWORK
International Conference on Information Systems for Business Competitiveness (ICISBC 2013) 20 EVALUATION OF INFRASTRUCTURE INFORMATION TECHNOLOGY GOVERNANCE USING COBIT 4.1 FRAMEWORK Rusmala Santi 1) Syahril
More informationIoD Code of Practice for Directors
The Four Pillars of Governance Best Practice Institute of Directors in New Zealand (Inc). IoD Code of Practice for Directors This Code provides guidance to directors to assist them in carrying out their
More informationAudit Standards 6/23/2017. Outline. Let s Refresh. Changes to the IIA Standards
Audit Standards Let s Refresh Outline Changes in the Standards Changes in the Yellowbook Standards Attribute/General Standards Performance/Fieldwork Standards Reporting Standards Key Differences Changes
More informationSA 210 (REVISED) AGREEING THE TERMS OF AUDIT ENGAGEMENTS (EFFECTIVE FOR ALL AUDITS RELATING TO ACCOUNTING PERIODS BEGINNING ON OR AFTER APRIL 1, 2010)
Part I : Engagement and Quality Control Standards I.53 SA 210 (REVISED) AGREEING THE TERMS OF AUDIT ENGAGEMENTS (EFFECTIVE FOR ALL AUDITS RELATING TO ACCOUNTING PERIODS BEGINNING ON OR AFTER APRIL 1, 2010)
More informationThe IT Balanced Scorecard Revisited
The IT Balanced Scorecard Revisited By Alec Cram, CISA, CISSP, Volume 5, 2007 "What gets measured is what gets done." 1 Carly Fiorina The intense spotlight on information technology (IT) governance within
More informationMEASURING YOUR HIGH RELIABILITY ORGANIZATION (HRO) VITAL SIGNS
MILITARY HEALTH MEASURING YOUR HIGH RELIABILITY ORGANIZATION (HRO) VITAL SIGNS Scott Barr Senior Vice President Barr_Scott@bah.com Stephanie Keyser Principal Keyser_Stephanie@bah.com MEASURING YOUR HIGH
More informationCORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE
CORPORATE GOVERNANCE THEORY, SCOPE AND IMPORTANCE What is on the agenda Corporate Governance: In Theory Brief history The concept Principles Corporate Governance: In Practice Corporate governance elements
More informationFRAMEWORK FOR POLICY DEVELOPMENT
Achieving Excellence in Catholic Education through Learning, Leadership and Service FRAMEWORK FOR POLICY DEVELOPMENT Approved: May 27, 2014 *Revised July 18, 2016 Introduction Policy is a set of organizational
More informationPortfolio, Program and Project Management Using COBIT 5
DISCUSS THIS ARTICLE Portfolio, Program and Project Using COBIT 5 By Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP COBIT Focus 11 September 2017 Many
More informationCertified Human Resources Professional (CHRP) Competency Framework
Certified Human Resources Professional (CHRP) Competency Framework 11.15 Table of Contents About the CHRP... 3 Application of the Competency Framework... 3 Path to Obtain the CHRP... 4 Maintaining the
More informationKPI Professional (KPI-P) Certification Program
In Association With: Strategy Management Group (SMG) KPI Professional (KPI-P) Certification Program A 5 Day Program (3 day + 2 day) Benefits Of At ending This Course: Learn best practice techniques to
More informationLeadership Agility Profile: 360 Assessment. Prepared for J. SAMPLE DATE
Prepared for J. SAMPLE About this Report Introduction LEADERSHIP that special quality that enables leaders to achieve extraordinary success. In today's uncertain world the need for leadership is at an
More informationISO Standards in Strengthening Organizational Resilience, Mitigating Risk & Addressing Sustainability Concerns
ISO Standards in Strengthening Organizational Resilience, Mitigating Risk & Addressing Sustainability Concerns 13 December 2016 Joe Muratore Copyright 2012 BSI. All rights reserved. Enterprise Risk Management
More informationERM: Risk Maps and Registers. Performing an ISO Risk Assessment
ERM: Risk Maps and Registers Performing an ISO 31000 Risk Assessment Agenda Following a Standard? Framework First Performing a Risk Assessment Assigning Risk Ownership Data Management Questions? Following
More informationDirector Procurement & Value Delivery
Position Reports to Direct Reports Band Director Procurement & Value Delivery Chief Executive Heads of Procurement (3), Sustainability Officer (1), Head Procurement Operations (1), Head Clinical Engagement
More informationBOARD GUIDELINES ON SIGNIFICANT CORPORATE GOVERNANCE ISSUES
BOARD GUIDELINES ON SIGNIFICANT CORPORATE GOVERNANCE ISSUES Management and the Board of Directors ( Board ) of Nabors Industries Ltd. (the Company ) are committed to conducting business consistent with
More informationInternal controls over financial reporting
Internal controls over financial reporting Outlining a program that meets stakeholder expectations kpmg.com After showing why a company s internal controls over financial reporting (ICOFR) program may
More informationChallenges Facing the Accountancy Profession in Emerging Economies
Challenges Facing the Accountancy Profession in Emerging Economies M. Zubaidur Rahman Financial Management Unit Operations Policy and Country Services The World Bank The World Bank Group Working for a
More informationSystem Council November 2017 paper
Draft: 25 October 2017 ANNEX B.2 System Council November 2017 paper Terms of Reference for the CGIAR System Internal Audit Function arrangements for approval by the SMB after considering inputs of the
More information2014 Global Council. Dubai, UAE 6-9 March 2014 DAY 2. globaliia.org
2014 Global Council Dubai, UAE 6-9 March 2014 DAY 2 Opening Remarks Paul J. Sobel, Chairman of the Board Agenda - Tuesday Opening Remarks P. Sobel Expanding the Umbrella of the IIA D. Beran Tuesday Discussion
More informationDecember 2015 THE STATUS OF GOVERNMENT S GENERAL COMPUTING CONTROLS:
December 2015 THE STATUS OF GOVERNMENT S GENERAL COMPUTING CONTROLS: 2014 www.bcauditor.com CONTENTS Auditor General s Comments 3 623 Fort Street Victoria, British Columbia Canada V8W 1G1 P: 250.419.6100
More informationThe New COSO Framework: Avoiding Deficiencies and Driving Change
The New COSO Framework: Avoiding Deficiencies and Driving Change Session #308 Speaker Introductions Kimberley Mobley, CPA, CISA Ryan Isbell, CPA Greg Daniel, CISA, CRMA Partner Controller Manager Johnson
More informationCorporate Governance and Financial Markets
Corporate Governance and Financial Markets World Congress of Accountants Istanbul, Turkey 14 November 2006 Jerry Edwards Senior Advisor on Accounting and Auditing Policy Financial Stability Forum Basel,
More informationDeveloping a successful governance strategy. By Muhammad Iqbal Hanafri, S.Pi., M.Kom. IT GOVERNANCE STMIK BINA SARANA GLOBAL
Developing a successful governance strategy By Muhammad Iqbal Hanafri, S.Pi., M.Kom. IT GOVERNANCE STMIK BINA SARANA GLOBAL it governance By NATIONAL COMPUTING CENTRE The effective use of information technology
More informationCLAconnect.com/creditunions. Impact the Future of Credit Unions
CLAconnect.com/creditunions Impact the Future of Credit Unions We Believe Enabling your success means a better world for all of us, but now, more than ever, a greater number of operational, regulatory,
More informationUsing the COSO Map. Unpublished Article By Larry Hubbard
Unpublished Article By Larry Hubbard Internal Control Integrated Framework published by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission How many times have we read articles
More informationMs. Maridel Piloto de Noronha, PAS Secretariat Via
October 7, 2015 Ms. Maridel Piloto de Noronha, PAS Secretariat Via email: semec@tcu.gov.br RE: Exposure Drafts ISSAI 3000 Performance Audit Standard; ISSAI 3100 Guidelines on central concepts for Performance
More informationStandard 5 Matching Operations with the Mission: Student Learning
Standard 5 Matching Operations with the Mission: Student Learning 5.1 Universal Required Competencies: As the basis for its curriculum, the program will adopt a set of required competencies related to
More informationTools & Techniques II: Lead Auditor
About This Course Tools & Techniques II: Lead Auditor Course Description Learn the skills necessary to lead an audit team with confidence. This course provides an overview of the life cycle of an audit
More informationTABLE OF CONTENTS WATER SERVICES ASSOCIATION OF AUSTRALIA PROCESS BENCHMARKING AUDIT PROTOCOLS COPYRIGHT:... 3
WATER SERVICES ASSOCIATION OF AUSTRALIA AUDIT PROTOCOL FOR THE AQUAMARK ASSET MANAGEMENT PROCESS BENCHMARKING PROJECT DECEMBER 2007 TABLE OF CONTENTS COPYRIGHT:... 3 1.0 INTRODUCTION:... 4 1.1 OVERVIEW...
More informationCompilation Engagements
IFAC Board Final Pronouncement March 2012 International Standard on Related Services ISRS 4410 (Revised), Compilation Engagements The International Auditing and Assurance Standards Board (IAASB) develops
More informationGovernance in a Multi-Supplier Environment
Governance in a Multi-Supplier Environment This paper provides advice and guidance for organisations faced with governing a multi-supplier environment. 1. The Need for Governance ISACA, the global IT governance
More informationINTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS
INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS MISSION To contribute to Ireland having a strong regulatory environment in which to do business by supervising and
More informationINTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT
INTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT What is Mission Critical to You? Before you acquire mission-critical technology from a third-party software vendor, take a few minutes
More informationEducation Quality Development for Excellence Performance with Higher Education by Using COBIT 5
Education Quality Development for Excellence Performance with Higher Education by Using COBIT 5 Kemkanit Sanyanunthana Abstract The purpose of this research is to study the management system of information
More informationCaribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function
www.pwc.com/bb Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function Strengthening the Performance and Influence of the Audit Committee
More informationPHASE TWO FOLLOW-UP REPORT ON THE AUDIT OF CONTRACTS (2008)
PHASE TWO FOLLOW-UP REPORT ON THE AUDIT OF CONTRACTS (2008) PREPARED BY: Government Audit Services Branch Government of Yukon APPROVED BY: Audit Committee Table of Contents Page PREFACE 3 EXECUTIVE SUMMARY
More informationA Framework for Audit Quality Key Elements That Create an Environment for Audit Quality
IFAC Board Feedback Statement February 2014 A Framework for Audit Quality Key Elements That Create an Environment for Audit Quality This document was prepared by the Staff of the International Auditing
More information2010 Study on the State of Performance Management. research. A report by WorldatWork and Sibson Consulting October 2010
2010 Study on the State of research A report by WorldatWork and Sibson Consulting October 2010 About WorldatWork The Total Rewards Association WorldatWork (www.worldatwork.org) is a not-for-profit organization
More informationIT and Enterprise Governance By Michael J. A. Parkinson, CISA, CIA, and Nicholas J. Baker, CPA
Copyright 2005 Information Systems Audit and Control Association. All rights reserved. www.isaca.org. IT and Enterprise Governance By Michael J. A. Parkinson, CISA, CIA, and Nicholas J. Baker, CPA Enterprise
More informationPART 6 - INTERNAL CONTROL
PART 6 - INTERNAL CONTROL INTRODUCTION The A-102 Common Rule and OMB Circular A-110 (2 CFR part 215) require that non-federal entities receiving Federal awards (i.e., auditee management) establish and
More informationPractice Guide. Developing the Internal Audit Strategic Plan
Practice Guide Developing the Internal Audit Strategic Plan JUly 2012 Table of Contents Executive Summary... 1 Introduction... 2 Strategic Plan Definition and Development... 2 Review of Strategic Plan...
More informationCertified Identity Governance Expert (CIGE) Overview & Curriculum
Overview Identity and Access Governance (IAG) provides the link between Identity and Access Management (IAM) rules and the policies within a company to protect systems and data from unauthorized access,
More informationCatching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010
Catching Fraud During a Recession Through Superior Internal Controls FICPA s 25 th Annual Accounting Show J. Stephen Nouss September 29, 2010 1 Session Objectives Fraud Facts (2008 Association of Certified
More informationIFAC Ethics Committee Meeting Agenda Item 6 February 2005 New York, United States
INTERNATIONAL FEDERATION OF ACCOUNTANTS 545 Fifth Avenue, 14th Floor Tel: +1 (212) 286-9344 New York, New York 10017 Fax: +1 (212) 856-9420 Internet: http://www.ifac.org Agenda Item 6 Committee: Ethics
More informationIPSec Professional Risk Victorian Protective Data Security Standards Compliance Services Overview in Brief
IPSec Professional Risk Victorian Protective Data Security Standards Compliance Services Overview in Brief Date: March 2017 Copyright & Confidentiality This document is copyright IPSec Pty Ltd (IPSec).
More informationIN SEARCH OF BUSINESS VALUE: HOW TO ACHIEVE THE BENEFITS OF ERP TECHNOLOGY
Introduction Panorama Consulting Group, LLC IN SEARCH OF BUSINESS VALUE: HOW TO ACHIEVE THE BENEFITS OF ERP TECHNOLOGY Eric Kimberling Panorama Consulting Group, LLC In today s increasingly competitive
More informationChapter 18. Quality Assurance and Quality Control
Chapter 18 Quality Assurance and Quality Control The following are changes, additions or deletions to the January 2016, Topic #625-000-007, Plans Preparation Manual (PPM), for use on Turnpike projects
More information