Navigating the New Health Economy

Size: px
Start display at page:

Download "Navigating the New Health Economy"

Transcription

1 Navigating the New Health Economy How non-traditional healthcare players are using the HITRUST CSF to drive their security programs forward

2 Speakers Dennis Quandt Risk Assurance Director, PwC Boston, MA (617) Adrian Christie Risk Assurance Director, PwC Boston, MA (617)

3 Agenda 1. The New Health Economy 2. Issues facing non-traditional healthcare participants 3. HITRUST CSF a unifying framework 4. Benefits realized through adoption 5. Questions and Answers 3

4 The New Health Economy 4

5 An interconnected world The Evolution: Technology-led innovation has enabled business and care delivery models to evolve The extended enterprise has moved beyond technology and patient-provider integration Connectivity and collaboration now extends to all facets of business Leading To: A dynamic environment that is increasingly interconnected, integrated, and interdependent An environment where changing business drivers create both opportunity and risk Non-traditional players, including many of our clients outside the healthcare industry, are finding ways to carve out their niche in the $3 trillion New Health Economy 5

6 Growth of non-traditional players in HC Increasing complexity in the healthcare industry is driving the need for non-traditional solutions. With many payer/provider/pharma organizations increasingly focusing on their core business, outsourcing back/middle office operations has become a popular trend to take advantage of scale and efficiency. As a result.more and more organizations are coming in contact with PHI: BPO Providers Payment Processing Claims Management Secure Printing Technology Hosting 6

7 Security budget spending with these new entrants Security budgets at traditional healthcare organizations have more than doubled in the past four years. In 2016, the top drivers of security spending are medical devices, interactive communications and cloud adoption. Information security budget for % $2.1 million $2.4 million $4.0 million $4.3 million $4.8 million Increase in information security spending in 2016* * Information security budget refers to funds specifically and explicitly dedicated to information security, including money for hardware, software, services, education and information security staff. 7

8 Issues facing nontraditional participants 8

9 The considerations are diverse Multiple Regulatory Considerations SEC, NYDFS, industry-specific, etc. Need for multiple internal compliance/risk organizations HIPAA jurisdiction given BA inclusion / OCR Audit Program purview Expanding Universe of Controls Control guidance/versioning how do you ensure that you stay current? Compliance/reporting requirements distracting from control implementation, monitoring and remediation Multiple Industry Impacts Siloed compliance efforts based on business focus Difficulty obtaining expertise across all involved business areas Complex governance structures and organizational barriers Burdensome Reporting Requirements Duplicative questionnaires and assessments Different formats, audiences (e.g., customers, business partners, regulators) How do you ensure consistency? 9

10 Understanding the healthcare trends HIPAA is passed The ARRA/ HITECH Act introduced a fourth rule, The Breach Notification Rule and gave enforcement power to the Office for Civil Rights (OCR) Large healthcare related organizations announce breaches which impact potentially over 100 million customers Major payers finalize new cybersecurity licensing standard requiring Plans to exercise oversight of Business Associate controls OCR begins its Phase 2 audit program, which will focus on Business Associates in addition to Covered Entities June 2015 Dec Q1 Q Sept Health and Human Services (HHS) promulgated, among other rules, what is known as the Security Rule, Privacy Rule and Enforcement Rule The HIPAA Final Omnibus Rule finalized the HIPAA Rules and heightened the risks associated with non-compliance through increased monetary penalties and official inclusion of Business Associate liability HITRUST announces on June 29 th that several national healthcare payers will be requiring all Business Associates get HITRUST CSF Certification The American Institute of Certified Public Accountants (AICPA) announces a partnership with HITRUST that provides a new thirdparty reporting option SOC 2 + HITRUST CSF 10

11 OCR audits not just Covered Entities Any Covered Entity Any Business Associate Health Plans of All Types Selection through Covered Entities Health Care Clearinghouses Individual & Organizational Providers 11

12 Enforcement actions are raising the stakes Regulatory fines Internal cost Credit monitoring and remediation expense Impact of enforcement Class action lawsuits State Attorney General actions Impacts to the organization Additional resource commitment Implementation of new tools Policy and procedure updates Retraining Engaging new vendors Increased audit focus 12

13 HITRUST CSF a unifying framework 13

14 The expansive reach of the HITRUST CSF Relevant Standards Included AICPA CC5 FISMA FTC Red Flags Rule HIPAA Security Rule IRS Pub ISO 27001, MARS-E NIST CSF NIST PCI DSS Impact Identifying and documenting applicable regulations/standards is an arduous task the heavy lifting has already been done for you Where there is not a direct mapping to your organization, the HITRUSTCSF provides an instructive glimpse into cross-industry best practices Once a framework is established and adopted, performing a gap assessment against your framework is more straightforward and repeatable Assess once, report many! 14

15 Taking steps towards adoption Take stock of requirements Identifying common controls or processes Document policy, controls and criteria that meet minimum requirements across standards Execute integrated program MA-201 PCI HITECH HIPAA ISO Access Control Passwords Encryption Training HITRUST CSF Identify Data Sources Define & Assess Risk Develop & Implement Controls Audit and Correct Enforce, Monitor & Support 15

16 Benefits realized through adoption 16

17 The benefits are multi-faceted Security Alignment Use common language across your organization to communicate risk and processes to mitigate risk Focuses compliance/risk/internal audit groups into a smaller set of security processes Promotes consistency in responses to due diligence Third Party Risk Mgmt Develop your vendor assessment methodology using the HITRUST CSF Require HITRUST certification as an alternative to save time and money associated with onsite audits Incorporate HITRUST requirements into the contract negotiation process Management Reporting Leverage the HITRUST CSF as a foundation for communicating strengths/weaknesses to your Board Provides an indicator of current program maturity, and the maturity journey over time Helps to identify relevant KPIs and KRIs 17

18 Integrated risk and compliance The integrated model can yield a number of tangible benefits which may improve the bottom line of total cost of compliance while increasing risk coverage. Control reduction Consolidated risk and control assessments End user impact Reduction in overlapping controls Consolidated risk assessment, risk response and assessment processes that address the various external and internal requirements Hours Significant number of hours can be reduced in risk and compliance-related activities Time and effort saved due to elimination of redundant activities that can be used for other important initiatives 18

19 Metrics and dashboards Audience-specific reporting will bring visibility into risks across the enterprise, along with a summary of compliance-related issues, and the actions underway to manage risk and compliance. Board reporting Provides visibility into the key risks being managed as part of the information security program. 1 2 Executive reporting Provides, corporate/business units with visibility into the overall state of the program. Key risks linked to business objectives 3 Metrics supported analytics and trending Management reporting Provides functional leadership with visibility into the risks and compliance issues relevant to their function. 4 Operational reporting Provides operations teams with visibility into the metrics that support the management and executive reporting. 19

20 Reporting examples 20

21 Q&A 2017 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors. Not for further distribution without the permission of PwC. 21

22 Visit for more information To view our latest documents, visit the Content Spotlight 22

HITRUST CSF Assurance Program. The Common Healthcare Industry Approach for Assessing Security and Reporting Compliance

HITRUST CSF Assurance Program. The Common Healthcare Industry Approach for Assessing Security and Reporting Compliance The Common Healthcare Industry Approach for Assessing Security and Reporting Compliance February 2017 Contents Background and Challenges.... 3 Improving Risk Management While Reducing Cost and Complexity...

More information

HITRUST CSF Assurance Program

HITRUST CSF Assurance Program HITRUST CSF Assurance Program Common healthcare industry approach for assessing security and reporting compliance Background and challenges Compliance requirements for healthcare organizations and their

More information

Lessons Learned in Streamlining the Third-party Risk Assessment Process

Lessons Learned in Streamlining the Third-party Risk Assessment Process Lessons Learned in Streamlining the Third-party Risk Assessment Process Agenda Welcome & Introductions Overview of the Third Party Risk Management Lifecycle Three Unique Perspectives on: Third Party Inventories

More information

From the Front Lines: Navigating the OCR Phase 2 HIPAA Audits

From the Front Lines: Navigating the OCR Phase 2 HIPAA Audits View the Replay From the Front Lines: Navigating the OCR Phase 2 HIPAA Audits June 16, 2016 Executive Series Webinar Today s Speakers Carla Wagner, HCISPP Privacy Officer Beacon Health System Trish A.

More information

Adopting HITRUST as the Backbone of Your Information Security Program. Mangoné Fall, Kelly Robertson, Sean Murphy

Adopting HITRUST as the Backbone of Your Information Security Program. Mangoné Fall, Kelly Robertson, Sean Murphy Adopting HITRUST as the Backbone of Your Information Security Program Mangoné Fall, Kelly Robertson, Sean Murphy Overview of Topics Discuss the process your organization went through to select an information

More information

HCL s HITRUST SOLUTION Redefining Healthcare Security Compliance

HCL s HITRUST SOLUTION Redefining Healthcare Security Compliance www.hcltech.com HCL s HITRUST SOLUTION Redefining Healthcare Security Compliance How can HCL help with your HITRUST initiatives? Why is HITRUST important? Healthcare faces a wide variety of data privacy

More information

CONSULTING & CYBERSECURITY SOLUTIONS

CONSULTING & CYBERSECURITY SOLUTIONS CONSULTING & CYBERSECURITY SOLUTIONS Who We Are Since 1996, Crossroads has been established as a respected Technology and Business Availability Enterprise with strategic competencies in Consulting, Compliance,

More information

Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi?

Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi? Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi? Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com HCCA 2017 Compliance Institute

More information

Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi?

Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi? Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi? Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com HCCA 2017 Compliance Institute

More information

Effects of GDPR and NY DFS on your Third Party Risk Management Program

Effects of GDPR and NY DFS on your Third Party Risk Management Program Effects of GDPR and NY DFS on your Third Party Risk Management Program Please disable popup blocking software before viewing this webcast June 27, 2017 Grant Thornton LLP. All rights reserved. 1 CPE Reminders

More information

Best Practices: Vendor Risk Questionnaires PROCESSUNITY WEBINAR SERIES

Best Practices: Vendor Risk Questionnaires PROCESSUNITY WEBINAR SERIES Best Practices: Vendor Risk Questionnaires PROCESSUNITY WEBINAR SERIES Today s Presenters Tom Garrubba Senior Director Shared Assessments Bryan Burnhart Head of Strategic Alliances ProcessUnity Ed Thomas

More information

Assessments for Certified and Non-Certified Vendors

Assessments for Certified and Non-Certified Vendors Assessments for Certified and Non-Certified Vendors 3rd party Vendors Security Risk Profile 63% of all 2016 data breaches resulted from third party vendor s risk Small companies are high risk - security

More information

ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS. Dan Julevich and Chris Dawes April 17, 2015

ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS. Dan Julevich and Chris Dawes April 17, 2015 ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS Dan Julevich and Chris Dawes April 17, 2015 Agenda ERM What, Why, How? ERM Keys to Success Fail, Survive, or Thrive? ERM Current State Overview ERM Leading

More information

An integrated model approach to improve the management of marketed products

An integrated model approach to improve the management of marketed products Insight brief Regulatory and safety integration An integrated model approach to improve the management of marketed products Leo Dodds, Principal, Quintiles Advisory Services John Rogers, Engagement Leader,

More information

HCCA Compliance Institute : Intersection of Internal Audit & Compliance. April 17, Agenda. Where are we today?

HCCA Compliance Institute : Intersection of Internal Audit & Compliance. April 17, Agenda. Where are we today? HCCA Institute 2018 708: Intersection of & April 17, 2018 Agenda Objectives Where are we today? Corporate Integrity: The intersection of, and Privacy Questions 2 Where are we today? 3 1 Regulatory change

More information

Third Party Risk Management ( TPRM ) Transformation

Third Party Risk Management ( TPRM ) Transformation Third Party Risk Management ( TPRM ) Transformation September 20, 2017 Internal use only An introduction to TPRM What is a Third Party relationship? A Third Party relationship is any business arrangement

More information

Managing the Business Associate Relationship: From Onboarding to Breaches. March 27, 2016

Managing the Business Associate Relationship: From Onboarding to Breaches. March 27, 2016 Managing the Business Associate Relationship: From Onboarding to Breaches March 27, 2016 HCCA s 21 st Annual Compliance Institute National Harbor, MD Today s Agenda Onboarding: Health care providers and

More information

3/21/2017. How and when should you leverage internal audit? March 28, Agenda. What are your initial thoughts on internal audit?

3/21/2017. How and when should you leverage internal audit? March 28, Agenda. What are your initial thoughts on internal audit? How and when should you leverage internal audit? March 28, 2017 Agenda Internal Audit foundation 3 lines of defense Trends in consultative & value enhancement work Why you should care Key takeaways 2 What

More information

STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES. September 2017

STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES. September 2017 STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES September 2017 Your presenters Nancy Aubrey Partner Boston, MA Nancy.aubrey@rsmus.com Rick Shriner Principal McLean, VA Rick.shriner@rsmus.com 2 Agenda

More information

Internal Audit s Role in Third Party Risk Management (TPRM)

Internal Audit s Role in Third Party Risk Management (TPRM) www.pwc.com Internal Audit s Role in Third (TPRM) Jon Pastore, Nick Fullmer Third (TPRM) Framework What is Third? Third Party risk management is focused on understanding and managing risks associated with

More information

View the Recording. Webinar: Accounting of Disclosures: Practical Approaches & Enforcement Update. November 17 th, FairWarning, Inc.

View the Recording. Webinar: Accounting of Disclosures: Practical Approaches & Enforcement Update. November 17 th, FairWarning, Inc. Webinar: Accounting of Disclosures: Practical Approaches & Enforcement Update November 17 th, 2011 View the Recording Learning objectives Enforcement update and lessons learned from past HIPAA audits Accounting

More information

CFO Perspectives CFO Speaks

CFO Perspectives CFO Speaks India CFO Newsletter August 2016 CFO Perspectives CFO Speaks Mr. Jaimin Bhatt President & Group Chief Financial Officer Kotak Mahindra Bank Limited 1. From your latest experience, what are some of the

More information

LEGAL AND REGULATORY CONSIDERATIONS IN THE US AND INTERNATIONALLY

LEGAL AND REGULATORY CONSIDERATIONS IN THE US AND INTERNATIONALLY LEGAL AND REGULATORY CONSIDERATIONS IN THE US AND INTERNATIONALLY Kirk J. Nahra Wiley Rein LLP Washington, D.C. 202.719.7335 KNahra@wileyrein.com @kirkjnahrawork 2 February 20, 2018 2018 HITRUST Alliance

More information

Intelligent automation and internal audit

Intelligent automation and internal audit Intelligent automation and internal audit Adding value through governance, risk management, and controls Second article in the series kpmg.ch Contents Governing intelligent automation across the enterprise

More information

Cloud Computing Opportunities & Challenges

Cloud Computing Opportunities & Challenges Cloud Computing Opportunities & Challenges AICPA & CPA/SEA Interchange State Regulatory & Legislative Affairs Emerging Technologies July 11, 2017 Presented by Donny C. Shimamoto, CPA.CITP, CGMA 1 Unless

More information

Third Party Vendor Management and FDR Compliance

Third Party Vendor Management and FDR Compliance Smart decisions. Lasting value. Third Party Vendor Management and FDR Compliance Healthcare Summit 2018: Simplifying Healthcare September 18, 2018 Jason Lackey, Cigna-HealthSpring Scott Gerard, Crowe Matt

More information

HOW TO AVOID THE DANGER OF WEAK CONTROLS IN THIRD-PARTY RISK MANAGEMENT

HOW TO AVOID THE DANGER OF WEAK CONTROLS IN THIRD-PARTY RISK MANAGEMENT E-Guide HOW TO AVOID THE DANGER OF WEAK CONTROLS IN THIRD-PARTY RISK MANAGEMENT SearchSecurity S ecurity expert Michael Cobb explains how to put in place additional safeguards to protect the system and

More information

The power of the Converge platform lies in the ability to share data across all aspects of risk management over a secure workspace.

The power of the Converge platform lies in the ability to share data across all aspects of risk management over a secure workspace. Converge Platform The transition to value-based care is breaking down the barriers between the CNO, CMO, and Chief Legal Counsel in managing enterprise risk. It s time to take a proactive systems approach

More information

Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP Senior Manager, Wipfli Risk Advisory Services OBJECTIVES

Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP Senior Manager, Wipfli Risk Advisory Services OBJECTIVES Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP Senior Manager, Wipfli Risk Advisory Services 1 OBJECTIVES What should be done before you sign a contract with a vendor Your responsibilities throughout the

More information

National Disclosure Summit

National Disclosure Summit www.pwc.com National Disclosure Summit Best Practices in implementing a coordinated Global Transparency Program February 7, 2014 Agenda Global transparency overview Your path to a global transparency program

More information

Contents. Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule

Contents. Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule BEST PRACTICES Iron Mountain Document Conversion Services HEALTHCARE HIPAA Omnibus and the Implications for Document Conversion Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule Contents

More information

Unified SaaS Solution for Cybersecurity and Risk. Curran Data Technologies

Unified SaaS Solution for Cybersecurity and Risk. Curran Data Technologies Unified SaaS Solution for Cybersecurity and Risk Curran Data Technologies 317-974-1009 www.currandata.com Solution Discover the effective simplicity of a unified RSC solution Discover Solution Diagnose

More information

IDENTITY AND ACCESS MANAGEMENT SOLUTIONS

IDENTITY AND ACCESS MANAGEMENT SOLUTIONS IDENTITY AND ACCESS MANAGEMENT SOLUTIONS Help Ensure Success in Moving from a Tactical to Strategic IAM Program Overview While identity and access management (IAM) provides many benefits to your organization

More information

ACA COMPLIANCE PROVIDER REQUEST FOR PROPOSAL (RFP)

ACA COMPLIANCE PROVIDER REQUEST FOR PROPOSAL (RFP) ACA COMPLIANCE PROVIDER REQUEST FOR PROPOSAL (RFP) SEPTEMBER 2016 The purpose of this RFP is to identify and engage an outsourcing solution partner to provide ACA Compliance services to CLIENT with efficiency,

More information

ACHIEVING TOTAL COMPLIANCE IN THE CLOUD

ACHIEVING TOTAL COMPLIANCE IN THE CLOUD WHITE PAPER ACHIEVING TOTAL COMPLIANCE IN THE CLOUD Ensure Your Cloud Infrastructure is Audit-Ready for 35 Regulatory Standards with Cloud Management www.cloudcheckr.com ACHIEVING TOTAL COMPLIANCE IN THE

More information

IT Executive Programs

IT Executive Programs IT Executive Programs Why IDC? 50 years of providing global, regional and local IT advisory services to businesses and governments on technology and line-of-business related issues, in 110 countries. 1,100

More information

Case Study Webinar: Vendor Risk Management at Global Lending Services

Case Study Webinar: Vendor Risk Management at Global Lending Services Case Study Webinar: Vendor Risk Management at Global Lending Services Al Palmer, SVP Compliance, Global Lending Services LLC (GLS) Melissa Brown, Compliance Manager, Global Lending Services LLC (GLS) John

More information

EGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY Created for mike elfassi

EGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY Created for mike elfassi Created for mike elfassi Bridging The Gap Between Healthcare & Hipaa Compliant Cloud Technology and outsource computing resources to external entities, would provide substantial relief to healthcare service

More information

Performance Risk Management Jonathan Blackmore, May 2013

Performance Risk Management Jonathan Blackmore, May 2013 Performance Risk Management Jonathan Blackmore, May 2013!@# Topics The world is changing How leading companies turn risk into results Back to basics 2 Company focus Market Risk Management an evolving journey

More information

W207: How should you leverage internal audit? October 26, 2016

W207: How should you leverage internal audit? October 26, 2016 W207: How should you leverage internal audit? October 26, 2016 Agenda Internal Audit Framework 3 Lines of Defense Value Enhancement Work Internal Audit vs. Compliance Areas of Focus Key takeaways 2 What

More information

The past, present and future of service organization control reporting

The past, present and future of service organization control reporting The past, present and future of service organization control reporting Key takeaways from EY s Annual SOCR Client Conference March 2016 Study the past if you would define the future. Confucius b 1 Conference

More information

Preparing for an OCR Audit: What is Expected of You

Preparing for an OCR Audit: What is Expected of You Preparing for an OCR Audit: What is Expected of You Speakers Chuck Burbank CISO and Director of Managed Privacy Services FairWarning Robert Mireles, CIPM Sr. Healthcare Privacy Specialist for Managed Privacy

More information

Law Firm Procurement Survey Executive Summary

Law Firm Procurement Survey Executive Summary Law Firm Procurement Survey Executive Summary www.hbrconsulting.com info@hbrconsulting.com 312.201.8400 advisory managed services software solutions ins ights SURVEY OVERVIEW With heightened client expectations,

More information

Law Firm Procurement Survey Executive Summary

Law Firm Procurement Survey Executive Summary Law Firm Procurement Survey Executive Summary www.hbrconsulting.com info@hbrconsulting.com 312.201.8400 advisory managed services software solutions insights EXECUTIVE SUMMARY SURVEY OVERVIEW With heightened

More information

Optimizing an Enterprise Wide Effective Vendor Risk Management Program. Pam Schott Head and VP Enterprise Supplier Governance

Optimizing an Enterprise Wide Effective Vendor Risk Management Program. Pam Schott Head and VP Enterprise Supplier Governance Optimizing an Enterprise Wide Effective Vendor Risk Program Pam Schott Head and VP Enterprise Supplier Governance June 1, 2015 Emerging Industry Trends As Procurement organizations mature; their focus

More information

Texas Tech University System

Texas Tech University System Texas Tech University System October 31, 2017 ERM Overview Evolution of Risk Management Risk Traditional Definition The possibility that something bad or unpleasant will happen. Merriam-Webster Minimizing

More information

ISACA Systems Implementation Assurance February 2009

ISACA Systems Implementation Assurance February 2009 ISACA Pressures Today Pressure to increase realization of value from IT spending Pressure to deliver on IT projects at a time when resources/budgets are constrained Pressure from risk of technology-based

More information

Delivered by Sandra Fuller, MA, RHIA, FAHIMA. April 29, 2009

Delivered by Sandra Fuller, MA, RHIA, FAHIMA. April 29, 2009 A Statement by the American Health Information Management Association on Determining the Definition of Meaningful Use to the National Committee on Vital and Health Statistics, April 2009 Delivered by Sandra

More information

Welcome to today s Live Event we will begin shortly. Please feel free to use Chat or Q&A to tell us any burning questions you may have in advance

Welcome to today s Live Event we will begin shortly. Please feel free to use Chat or Q&A to tell us any burning questions you may have in advance Welcome to today s Live Event we will begin shortly Please feel free to use Chat or Q&A to tell us any burning questions you may have in advance 1 Welcome to How to Develop Your HIPAA Security Policies

More information

How to Measure the Value of Your Internal Audit Group

How to Measure the Value of Your Internal Audit Group How to Measure the Value of Your Internal Audit Group Best practices to follow, pitfalls to avoid and success metrics to measure May 17, 2012 Agenda Strategic challenges: Implications for the enterprise

More information

Role Based Access Governance and HIPAA Compliance: A Pragmatic Approach

Role Based Access Governance and HIPAA Compliance: A Pragmatic Approach WHITE PAPER Role Based Access Governance and HIPAA Compliance: A Pragmatic Approach JULY 2009 Executive Summary The joiner/mover/leaver framework provides a useful mechanism for entitles to use as a basis

More information

Health Solutions. Commercial Health Solutions Overview EXPANDING INSIGHT. ENSURING VALUE. IMPROVING OUTCOMES.

Health Solutions. Commercial Health Solutions Overview EXPANDING INSIGHT. ENSURING VALUE. IMPROVING OUTCOMES. Health Solutions Commercial Health Solutions Overview EXPANDING INSIGHT. ENSURING VALUE. IMPROVING OUTCOMES. Expanding Insight. Ensuring Value. Improving Outcomes. Organizations look to experienced solutions

More information

EHR AND ERP INTEGRATION. January 25, 2018

EHR AND ERP INTEGRATION. January 25, 2018 EHR AND ERP INTEGRATION January 25, 2018 Your Instructor Agenda Introduction to EHR and ERP EHR and ERP integration opportunities Evaluating the potential impact of EHR and ERP integration to your organization

More information

Payments the new player domain. How EY can assist

Payments the new player domain. How EY can assist Payments the new player domain How EY can assist Payment is defined as an exchange of financial value between two parties for goods or services. Contents Current trend... 1 Importance of an end-to-end

More information

Firm Profile TURNING RISKS INTO OPPORTUNITIES

Firm Profile TURNING RISKS INTO OPPORTUNITIES Firm Profile TURNING RISKS INTO OPPORTUNITIES You can measure opportunity with the same yardstick that measures the risk involved. They go together. Earl Nightingale TRUSTED ADVISORS RiSK Opportunities

More information

IT GOVERNANCE. WITH ROBERT GOODSELL, MANAGING DIRECTOR JOE BRUTSCHE, DIRECTOR PwC. April 4, 2013

IT GOVERNANCE. WITH ROBERT GOODSELL, MANAGING DIRECTOR JOE BRUTSCHE, DIRECTOR PwC. April 4, 2013 IT GOVERNANCE WITH ROBERT GOODSELL, MANAGING DIRECTOR JOE BRUTSCHE, DIRECTOR PwC April 4, 2013 Agenda The challenge IT Governance defined IT Governance components Next steps Questions THE CHALLENGE The

More information

Accelerate GDPR compliance with the Microsoft Cloud Samuel Marín Sr. Sales Solutions Specialist

Accelerate GDPR compliance with the Microsoft Cloud Samuel Marín Sr. Sales Solutions Specialist Accelerate GDPR compliance with the Microsoft Cloud Samuel Marín Sr. Sales Solutions Specialist This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

More information

Making intelligent decisions about identities and their access

Making intelligent decisions about identities and their access Making intelligent decisions about identities and their access Provision users and mitigate risks with Identity Governance and Intelligence Highlights Provide a business-centric approach to risk-based

More information

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00

Aligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00 Aligning and Integrating ERM and Business Process Federal ERM Summit September 9, 2013 11:00-12:00 1 Agenda Defining Risk and ERM The ERM Value Proposition An Integrated ERM Framework Aligning ERM with

More information

MINEFIELD? OR GREENFIELD? Challenges and Opportunities for Mid-Tier Sourcing Clients

MINEFIELD? OR GREENFIELD? Challenges and Opportunities for Mid-Tier Sourcing Clients Challenges and Opportunities for Mid-Tier Sourcing Clients Debora Card, Partner, ISG, and Stanton Jones, Emerging Technology Analyst, ISG ISG WHITE PAPER 2013 Information Services Group, Inc. All Rights

More information

Ramifications of the New COSO Framework & Recent PCAOB Actions

Ramifications of the New COSO Framework & Recent PCAOB Actions Ramifications of the New COSO Framework & Recent PCAOB Actions Panelists Moderator Bob Meyer, Senior Vice President of Finance & Corporate Controller, American Tower Joann Cangelosi, Partner, Grant Thornton

More information

Simple, Scalable, Real-time Protection

Simple, Scalable, Real-time Protection Data Sheet Simple, Scalable, Real-time Protection Practical Content Security With Egnyte Protect, companies can quickly find and safeguard the content that matters most. It is simple to use, requires almost

More information

TECHNOLOGY AND AUDIT: A MUTUAL FUTURE THERESA GRAFENSTINE CHAIR, ISACA BOARD OF DIRECTORS 2/15/2018

TECHNOLOGY AND AUDIT: A MUTUAL FUTURE THERESA GRAFENSTINE CHAIR, ISACA BOARD OF DIRECTORS 2/15/2018 TECHNOLOGY AND AUDIT: A MUTUAL FUTURE THERESA GRAFENSTINE CHAIR, ISACA BOARD OF DIRECTORS 2/15/2018 1 AGENDA THE AUDIT LANDSCAPE PROCESSES AND TRENDS CHANGES LOOKING FORWARD AUDIT OF THE FUTURE ENTERPRISE

More information

ISACA San Francisco Chapter

ISACA San Francisco Chapter ISACA San Francisco Chapter The 2007 Privacy Panel Rena Mears, CISSP, CIPP, CPA, CISA Partner, Deloitte & Touche LLP March 23, 2007 San Francisco 0 What is Privacy and Why Now? Definition of PII The definition

More information

a physicians guide to security risk assessment

a physicians guide to security risk assessment PAGE//1 a physicians guide to security risk assessment isalus healthcare isalus healthcare a physicians guide to security risk assessment table of contents INTRO 1 DO I NEED TO OUTSOURCE MY SECURITY RISK

More information

Service Organization Controls (SOC) Reporting Discussion: Perspectives and Opportunities

Service Organization Controls (SOC) Reporting Discussion: Perspectives and Opportunities IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Service Organization Controls (SOC) Reporting Discussion: Perspectives and Opportunities

More information

Ensuring Organizational & Enterprise Resiliency with Third Parties

Ensuring Organizational & Enterprise Resiliency with Third Parties Ensuring Organizational & Enterprise Resiliency with Third Parties Geno Pandolfi Tuesday, May 17, 2016 Room 7&8 (1:30-2:15 PM) Session Review Objectives Approaches to Third Party Risk Management Core Concepts

More information

Outsourcing transparency evolution

Outsourcing transparency evolution Outsourcing transparency evolution How information transparency creates value across the extended enterprise Outsourcing transparency evolution Transparent communication is evolving for outsource service

More information

STEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS. April 25, 2018 In-House Counsel Conference

STEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS. April 25, 2018 In-House Counsel Conference STEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS April 25, 2018 In-House Counsel Conference Presenters: Daniela Ivancikova, Assistant General Counsel, University of Delaware Evan

More information

Strengthening Vendor Risk Management Program

Strengthening Vendor Risk Management Program Strengthening Vendor Risk Management Program ACUIA Region 5 Fall Meeting Portsmouth, N.H. October 2017 PKF O Connor Davies Risk Advisory Services Governance & Regulations Cyber-Security Risk Management

More information

IIA ERM Summit. August 22, 2010

IIA ERM Summit. August 22, 2010 IIA ERM Summit August 22, 2010 Key market drivers have created a perfect storm for risk transformation Trends Challenges Opporties SEC rule changes requiring additional disclosures in proxy and information

More information

IACA Compliance Benchmark Questionnaire

IACA Compliance Benchmark Questionnaire 27 June 2018 Reference No.: IACA-2018-CCA-0001-22 IACA Compliance Benchmark Questionnaire This questionnaire has been prepared in the context of the IACA Compliance Benchmark Project. It is addressed to

More information

Outsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise

Outsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise Outsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise @ComplianceWeek #CW2017 Release for answers to polling questions I understand that any data or information

More information

REGULATORY HOT TOPIC Third Party IT Vendor Management

REGULATORY HOT TOPIC Third Party IT Vendor Management REGULATORY HOT TOPIC Third Party IT Vendor Management 1 Todays Outsourced Technology Services Core Processing Internet Banking Mobile Banking Managed Security Services Managed Data Center Services And

More information

VENDOR RISK MANAGEMENT FCC SERVICES

VENDOR RISK MANAGEMENT FCC SERVICES VENDOR RISK MANAGEMENT FCC SERVICES Introductions Chris Tait, CISA, CFSA, CCSK, CCSFP Principal, Financial Services Baker Tilly Russ Sommers, CPA, CISA Senior Manager, Financial Services Baker Tilly Agenda

More information

Maximizing value from your lines of defense

Maximizing value from your lines of defense Insights on governance, risk and compliance December 2013 Maximizing value from your lines of defense A pragmatic approach to establishing and optimizing your LOD model Contents Introduction Are you getting

More information

Gallagher Healthcare Practice

Gallagher Healthcare Practice Gallagher Healthcare Practice Keeping Your Organization in Good Health As the healthcare industry transitions from volume to value, you need a partner with access to a wide set of solutions that can be

More information

Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework

Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework CAGFO 2018 Conference Winnipeg, MB September 13, 2018; 10:30am Agenda 01 What is being said of ERM today? 02 What

More information

Effective Data Governance & GDPR Compliance for the Nonprofit CFP

Effective Data Governance & GDPR Compliance for the Nonprofit CFP Effective Data Governance & GDPR Compliance for the Nonprofit CFP March 22, 2018 BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited

More information

RSA ARCHER IT & SECURITY RISK MANAGEMENT

RSA ARCHER IT & SECURITY RISK MANAGEMENT RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, anti-virus, intrusion prevention systems, intrusion

More information

SHIFTING TO THE CLOUD: UNDERSTANDING IT INVESTMENT MANAGEMENT BEYOND YOUR DATA CENTER WALLS

SHIFTING TO THE CLOUD: UNDERSTANDING IT INVESTMENT MANAGEMENT BEYOND YOUR DATA CENTER WALLS 1 SHIFTING TO THE CLOUD: UNDERSTANDING IT INVESTMENT MANAGEMENT BEYOND YOUR DATA CENTER WALLS KATHERINE FORE JENNIFER MCGILL CAROLINAS HEALTHCARE SYSTEM AHIA 35th Annual Conference September 11-14, 2016

More information

Back to School for Business Services how to get it right?

Back to School for Business Services how to get it right? Back to School for Business Services how to get it right? CORE conference November 8, 2016 1 Shared Services and Outsourcing Advisory WHO WE ARE KPMG s Shared Services and Outsourcing Advisory practice

More information

Managing Legal and Operational Risk in IT Agreements

Managing Legal and Operational Risk in IT Agreements Managing Legal and Operational Risk in IT Agreements Presented by: Donna Pond, Senior Director, Lead Counsel, Shire Pharmaceuticals Evan J. Foster, Partner, Saul Ewing LLP Agenda: Special issues in: Conventional

More information

How to Stand Up a Privacy Program: Privacy in a Box

How to Stand Up a Privacy Program: Privacy in a Box How to Stand Up a Privacy Program: Privacy in a Box Part III of III: Maturing a Privacy Program Presented by the IT, Privacy, & ecommerce global committee of ACC Thanks to: Nick Holland, Fieldfisher (ITPEC

More information

The Relationship Between HIPAA Compliance and Business Associates

The Relationship Between HIPAA Compliance and Business Associates The Relationship Between HIPAA Compliance and Business Associates 2007-2016 1 What is HIPAA? HIPAA / HITECH Protect patient confidentiality while furthering innovation and patient care Omnibus (September

More information

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.

HCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare. Enterprise Risk Management in Healthcare Deloitte & Touche LLP Heather Hagan, Senior Manager Nancy Perilstein, Senior Manager February 29, 2016 Discussion Items Drivers of Enterprise Risk Management (ERM)

More information

Outsourcing Procurement Services Deliver Higher Performance at a Lower Cost

Outsourcing Procurement Services Deliver Higher Performance at a Lower Cost Outsourcing Procurement Services Deliver Higher Performance at a Lower Cost As the hospitality industry looks to generate more operational efficiencies while maintaining brand diversity, a paradigm shift

More information

Presentation for INCC LUMS 2008 May 2, 2008 Presented by Shahed Latif, KPMG LLP, Silicon Valley

Presentation for INCC LUMS 2008 May 2, 2008 Presented by Shahed Latif, KPMG LLP, Silicon Valley MAINTAINING A SECURE GLOBAL ENTERPRISE : Challenges and Emerging Solutions Presentation for INCC LUMS 2008 May 2, 2008 Presented by Shahed Latif, KPMG LLP, Silicon Valley The 2008 Chief Information Security

More information

It s time to revisit your anti-corruption compliance program How to design an effective and defensible compliance program in response to global trends

It s time to revisit your anti-corruption compliance program How to design an effective and defensible compliance program in response to global trends It s time to revisit your anti-corruption compliance program How to design an effective and defensible compliance program in response to global trends Many legal and compliance officers are revisiting

More information

private equity we do a great deal

private equity we do a great deal private equity we do a great deal private equity there when it counts With one simple point of contact, you have access to a breadth of services and numerous advantages. Private equity groups demand a

More information

Driving healthy growth

Driving healthy growth Health Care Of special interest to Boards of directors The C-suite Health care executives 5Insights for executives Driving healthy growth The value of a proactive stance to compliance Organizations throughout

More information

Emerging & disruptive technology risks

Emerging & disruptive technology risks Emerging & disruptive technology risks Shawn W. Lafferty, KPMG Partner IT Internal Audit/Risk Assurance April 2018 Why IT internal audit? find ways to overcome resource and budgetary constraints. This

More information

PCF Analytics Workshop

PCF Analytics Workshop PCF Analytics Workshop Asking the Right Risk Questions to Power Your Advanced Analytics Strategy November 7, 2018 Welcome! 19th Annual Pharmaceutical and Medical Device Compliance Congress Preconference

More information

Extended Enterprise Risk Management

Extended Enterprise Risk Management Extended Enterprise Risk Management Driving performance through the extended enterprise October 2015 A network within a network The Extended Enterprise is the concept that an organization does not operate

More information

Advanced Monitoring and Testing to Enable Performance. SCCE Boston Regional Conference

Advanced Monitoring and Testing to Enable Performance. SCCE Boston Regional Conference www.pwc.com Advanced Monitoring and Testing to Enable Performance SCCE Boston Regional Conference Presenters Jon Mackenzie Managing Director, Office: (267) 330 8111 Email: jonathan.b.mackenzie@pwc.com

More information

The Role of Oversight and Monitoring and the Use of Analytics to Increase Effectiveness of your Compliance Program

The Role of Oversight and Monitoring and the Use of Analytics to Increase Effectiveness of your Compliance Program The Role of Oversight and Monitoring and the Use of Analytics to Increase Effectiveness of your Compliance Program Presented by: David Curé, Vice President and Chief Auditor Christopher Price, Sr. Director,

More information

Identity & Access Management Unlocking the Business Value

Identity & Access Management Unlocking the Business Value Identity & Management Unlocking the Business Value Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Unlocking the Value of Identity and Management Defining the IAM challenge

More information

IT Strategic Plan Portland Community College 2017 Office of the CIO

IT Strategic Plan Portland Community College 2017 Office of the CIO IT Strategic Plan Portland Community College 2017 Office of the CIO 1 Our Vision Information Technology To be a nationally recognized standard for Higher Education Information Technology organizations

More information

MSP Purpose, Value & ROI

MSP Purpose, Value & ROI PERSPECTIVE ARTICLE MSP Purpose, Value & ROI A Comprehensive Look at Today s Global Managed Service Provider Programs In this perspective article, Bartech an industry professional services firm delivering

More information

Effective Risk Management With AML Risk Assessment. January 25, 2017

Effective Risk Management With AML Risk Assessment. January 25, 2017 Effective Risk Management With AML Risk Assessment January 25, 2017 2017 2017 Crowe Crowe Horwath Horwath LLP LLP Agenda Regulatory Trends in Risk Assessment Crowe Approach to Anti-Money Laundering (AML)

More information