Navigating the New Health Economy
|
|
- Rosaline Berry
- 6 years ago
- Views:
Transcription
1 Navigating the New Health Economy How non-traditional healthcare players are using the HITRUST CSF to drive their security programs forward
2 Speakers Dennis Quandt Risk Assurance Director, PwC Boston, MA (617) Adrian Christie Risk Assurance Director, PwC Boston, MA (617)
3 Agenda 1. The New Health Economy 2. Issues facing non-traditional healthcare participants 3. HITRUST CSF a unifying framework 4. Benefits realized through adoption 5. Questions and Answers 3
4 The New Health Economy 4
5 An interconnected world The Evolution: Technology-led innovation has enabled business and care delivery models to evolve The extended enterprise has moved beyond technology and patient-provider integration Connectivity and collaboration now extends to all facets of business Leading To: A dynamic environment that is increasingly interconnected, integrated, and interdependent An environment where changing business drivers create both opportunity and risk Non-traditional players, including many of our clients outside the healthcare industry, are finding ways to carve out their niche in the $3 trillion New Health Economy 5
6 Growth of non-traditional players in HC Increasing complexity in the healthcare industry is driving the need for non-traditional solutions. With many payer/provider/pharma organizations increasingly focusing on their core business, outsourcing back/middle office operations has become a popular trend to take advantage of scale and efficiency. As a result.more and more organizations are coming in contact with PHI: BPO Providers Payment Processing Claims Management Secure Printing Technology Hosting 6
7 Security budget spending with these new entrants Security budgets at traditional healthcare organizations have more than doubled in the past four years. In 2016, the top drivers of security spending are medical devices, interactive communications and cloud adoption. Information security budget for % $2.1 million $2.4 million $4.0 million $4.3 million $4.8 million Increase in information security spending in 2016* * Information security budget refers to funds specifically and explicitly dedicated to information security, including money for hardware, software, services, education and information security staff. 7
8 Issues facing nontraditional participants 8
9 The considerations are diverse Multiple Regulatory Considerations SEC, NYDFS, industry-specific, etc. Need for multiple internal compliance/risk organizations HIPAA jurisdiction given BA inclusion / OCR Audit Program purview Expanding Universe of Controls Control guidance/versioning how do you ensure that you stay current? Compliance/reporting requirements distracting from control implementation, monitoring and remediation Multiple Industry Impacts Siloed compliance efforts based on business focus Difficulty obtaining expertise across all involved business areas Complex governance structures and organizational barriers Burdensome Reporting Requirements Duplicative questionnaires and assessments Different formats, audiences (e.g., customers, business partners, regulators) How do you ensure consistency? 9
10 Understanding the healthcare trends HIPAA is passed The ARRA/ HITECH Act introduced a fourth rule, The Breach Notification Rule and gave enforcement power to the Office for Civil Rights (OCR) Large healthcare related organizations announce breaches which impact potentially over 100 million customers Major payers finalize new cybersecurity licensing standard requiring Plans to exercise oversight of Business Associate controls OCR begins its Phase 2 audit program, which will focus on Business Associates in addition to Covered Entities June 2015 Dec Q1 Q Sept Health and Human Services (HHS) promulgated, among other rules, what is known as the Security Rule, Privacy Rule and Enforcement Rule The HIPAA Final Omnibus Rule finalized the HIPAA Rules and heightened the risks associated with non-compliance through increased monetary penalties and official inclusion of Business Associate liability HITRUST announces on June 29 th that several national healthcare payers will be requiring all Business Associates get HITRUST CSF Certification The American Institute of Certified Public Accountants (AICPA) announces a partnership with HITRUST that provides a new thirdparty reporting option SOC 2 + HITRUST CSF 10
11 OCR audits not just Covered Entities Any Covered Entity Any Business Associate Health Plans of All Types Selection through Covered Entities Health Care Clearinghouses Individual & Organizational Providers 11
12 Enforcement actions are raising the stakes Regulatory fines Internal cost Credit monitoring and remediation expense Impact of enforcement Class action lawsuits State Attorney General actions Impacts to the organization Additional resource commitment Implementation of new tools Policy and procedure updates Retraining Engaging new vendors Increased audit focus 12
13 HITRUST CSF a unifying framework 13
14 The expansive reach of the HITRUST CSF Relevant Standards Included AICPA CC5 FISMA FTC Red Flags Rule HIPAA Security Rule IRS Pub ISO 27001, MARS-E NIST CSF NIST PCI DSS Impact Identifying and documenting applicable regulations/standards is an arduous task the heavy lifting has already been done for you Where there is not a direct mapping to your organization, the HITRUSTCSF provides an instructive glimpse into cross-industry best practices Once a framework is established and adopted, performing a gap assessment against your framework is more straightforward and repeatable Assess once, report many! 14
15 Taking steps towards adoption Take stock of requirements Identifying common controls or processes Document policy, controls and criteria that meet minimum requirements across standards Execute integrated program MA-201 PCI HITECH HIPAA ISO Access Control Passwords Encryption Training HITRUST CSF Identify Data Sources Define & Assess Risk Develop & Implement Controls Audit and Correct Enforce, Monitor & Support 15
16 Benefits realized through adoption 16
17 The benefits are multi-faceted Security Alignment Use common language across your organization to communicate risk and processes to mitigate risk Focuses compliance/risk/internal audit groups into a smaller set of security processes Promotes consistency in responses to due diligence Third Party Risk Mgmt Develop your vendor assessment methodology using the HITRUST CSF Require HITRUST certification as an alternative to save time and money associated with onsite audits Incorporate HITRUST requirements into the contract negotiation process Management Reporting Leverage the HITRUST CSF as a foundation for communicating strengths/weaknesses to your Board Provides an indicator of current program maturity, and the maturity journey over time Helps to identify relevant KPIs and KRIs 17
18 Integrated risk and compliance The integrated model can yield a number of tangible benefits which may improve the bottom line of total cost of compliance while increasing risk coverage. Control reduction Consolidated risk and control assessments End user impact Reduction in overlapping controls Consolidated risk assessment, risk response and assessment processes that address the various external and internal requirements Hours Significant number of hours can be reduced in risk and compliance-related activities Time and effort saved due to elimination of redundant activities that can be used for other important initiatives 18
19 Metrics and dashboards Audience-specific reporting will bring visibility into risks across the enterprise, along with a summary of compliance-related issues, and the actions underway to manage risk and compliance. Board reporting Provides visibility into the key risks being managed as part of the information security program. 1 2 Executive reporting Provides, corporate/business units with visibility into the overall state of the program. Key risks linked to business objectives 3 Metrics supported analytics and trending Management reporting Provides functional leadership with visibility into the risks and compliance issues relevant to their function. 4 Operational reporting Provides operations teams with visibility into the metrics that support the management and executive reporting. 19
20 Reporting examples 20
21 Q&A 2017 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors. Not for further distribution without the permission of PwC. 21
22 Visit for more information To view our latest documents, visit the Content Spotlight 22
HITRUST CSF Assurance Program. The Common Healthcare Industry Approach for Assessing Security and Reporting Compliance
The Common Healthcare Industry Approach for Assessing Security and Reporting Compliance February 2017 Contents Background and Challenges.... 3 Improving Risk Management While Reducing Cost and Complexity...
More informationHITRUST CSF Assurance Program
HITRUST CSF Assurance Program Common healthcare industry approach for assessing security and reporting compliance Background and challenges Compliance requirements for healthcare organizations and their
More informationLessons Learned in Streamlining the Third-party Risk Assessment Process
Lessons Learned in Streamlining the Third-party Risk Assessment Process Agenda Welcome & Introductions Overview of the Third Party Risk Management Lifecycle Three Unique Perspectives on: Third Party Inventories
More informationFrom the Front Lines: Navigating the OCR Phase 2 HIPAA Audits
View the Replay From the Front Lines: Navigating the OCR Phase 2 HIPAA Audits June 16, 2016 Executive Series Webinar Today s Speakers Carla Wagner, HCISPP Privacy Officer Beacon Health System Trish A.
More informationAdopting HITRUST as the Backbone of Your Information Security Program. Mangoné Fall, Kelly Robertson, Sean Murphy
Adopting HITRUST as the Backbone of Your Information Security Program Mangoné Fall, Kelly Robertson, Sean Murphy Overview of Topics Discuss the process your organization went through to select an information
More informationHCL s HITRUST SOLUTION Redefining Healthcare Security Compliance
www.hcltech.com HCL s HITRUST SOLUTION Redefining Healthcare Security Compliance How can HCL help with your HITRUST initiatives? Why is HITRUST important? Healthcare faces a wide variety of data privacy
More informationCONSULTING & CYBERSECURITY SOLUTIONS
CONSULTING & CYBERSECURITY SOLUTIONS Who We Are Since 1996, Crossroads has been established as a respected Technology and Business Availability Enterprise with strategic competencies in Consulting, Compliance,
More informationDo You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi?
Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi? Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com HCCA 2017 Compliance Institute
More informationDo You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi?
Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi? Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com HCCA 2017 Compliance Institute
More informationEffects of GDPR and NY DFS on your Third Party Risk Management Program
Effects of GDPR and NY DFS on your Third Party Risk Management Program Please disable popup blocking software before viewing this webcast June 27, 2017 Grant Thornton LLP. All rights reserved. 1 CPE Reminders
More informationBest Practices: Vendor Risk Questionnaires PROCESSUNITY WEBINAR SERIES
Best Practices: Vendor Risk Questionnaires PROCESSUNITY WEBINAR SERIES Today s Presenters Tom Garrubba Senior Director Shared Assessments Bryan Burnhart Head of Strategic Alliances ProcessUnity Ed Thomas
More informationAssessments for Certified and Non-Certified Vendors
Assessments for Certified and Non-Certified Vendors 3rd party Vendors Security Risk Profile 63% of all 2016 data breaches resulted from third party vendor s risk Small companies are high risk - security
More informationENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS. Dan Julevich and Chris Dawes April 17, 2015
ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS Dan Julevich and Chris Dawes April 17, 2015 Agenda ERM What, Why, How? ERM Keys to Success Fail, Survive, or Thrive? ERM Current State Overview ERM Leading
More informationAn integrated model approach to improve the management of marketed products
Insight brief Regulatory and safety integration An integrated model approach to improve the management of marketed products Leo Dodds, Principal, Quintiles Advisory Services John Rogers, Engagement Leader,
More informationHCCA Compliance Institute : Intersection of Internal Audit & Compliance. April 17, Agenda. Where are we today?
HCCA Institute 2018 708: Intersection of & April 17, 2018 Agenda Objectives Where are we today? Corporate Integrity: The intersection of, and Privacy Questions 2 Where are we today? 3 1 Regulatory change
More informationThird Party Risk Management ( TPRM ) Transformation
Third Party Risk Management ( TPRM ) Transformation September 20, 2017 Internal use only An introduction to TPRM What is a Third Party relationship? A Third Party relationship is any business arrangement
More informationManaging the Business Associate Relationship: From Onboarding to Breaches. March 27, 2016
Managing the Business Associate Relationship: From Onboarding to Breaches March 27, 2016 HCCA s 21 st Annual Compliance Institute National Harbor, MD Today s Agenda Onboarding: Health care providers and
More information3/21/2017. How and when should you leverage internal audit? March 28, Agenda. What are your initial thoughts on internal audit?
How and when should you leverage internal audit? March 28, 2017 Agenda Internal Audit foundation 3 lines of defense Trends in consultative & value enhancement work Why you should care Key takeaways 2 What
More informationSTRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES. September 2017
STRATEGIES FOR EFFECTIVELY WORKING WITH THIRD-PARTIES September 2017 Your presenters Nancy Aubrey Partner Boston, MA Nancy.aubrey@rsmus.com Rick Shriner Principal McLean, VA Rick.shriner@rsmus.com 2 Agenda
More informationInternal Audit s Role in Third Party Risk Management (TPRM)
www.pwc.com Internal Audit s Role in Third (TPRM) Jon Pastore, Nick Fullmer Third (TPRM) Framework What is Third? Third Party risk management is focused on understanding and managing risks associated with
More informationView the Recording. Webinar: Accounting of Disclosures: Practical Approaches & Enforcement Update. November 17 th, FairWarning, Inc.
Webinar: Accounting of Disclosures: Practical Approaches & Enforcement Update November 17 th, 2011 View the Recording Learning objectives Enforcement update and lessons learned from past HIPAA audits Accounting
More informationCFO Perspectives CFO Speaks
India CFO Newsletter August 2016 CFO Perspectives CFO Speaks Mr. Jaimin Bhatt President & Group Chief Financial Officer Kotak Mahindra Bank Limited 1. From your latest experience, what are some of the
More informationLEGAL AND REGULATORY CONSIDERATIONS IN THE US AND INTERNATIONALLY
LEGAL AND REGULATORY CONSIDERATIONS IN THE US AND INTERNATIONALLY Kirk J. Nahra Wiley Rein LLP Washington, D.C. 202.719.7335 KNahra@wileyrein.com @kirkjnahrawork 2 February 20, 2018 2018 HITRUST Alliance
More informationIntelligent automation and internal audit
Intelligent automation and internal audit Adding value through governance, risk management, and controls Second article in the series kpmg.ch Contents Governing intelligent automation across the enterprise
More informationCloud Computing Opportunities & Challenges
Cloud Computing Opportunities & Challenges AICPA & CPA/SEA Interchange State Regulatory & Legislative Affairs Emerging Technologies July 11, 2017 Presented by Donny C. Shimamoto, CPA.CITP, CGMA 1 Unless
More informationThird Party Vendor Management and FDR Compliance
Smart decisions. Lasting value. Third Party Vendor Management and FDR Compliance Healthcare Summit 2018: Simplifying Healthcare September 18, 2018 Jason Lackey, Cigna-HealthSpring Scott Gerard, Crowe Matt
More informationHOW TO AVOID THE DANGER OF WEAK CONTROLS IN THIRD-PARTY RISK MANAGEMENT
E-Guide HOW TO AVOID THE DANGER OF WEAK CONTROLS IN THIRD-PARTY RISK MANAGEMENT SearchSecurity S ecurity expert Michael Cobb explains how to put in place additional safeguards to protect the system and
More informationThe power of the Converge platform lies in the ability to share data across all aspects of risk management over a secure workspace.
Converge Platform The transition to value-based care is breaking down the barriers between the CNO, CMO, and Chief Legal Counsel in managing enterprise risk. It s time to take a proactive systems approach
More informationRick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP Senior Manager, Wipfli Risk Advisory Services OBJECTIVES
Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP Senior Manager, Wipfli Risk Advisory Services 1 OBJECTIVES What should be done before you sign a contract with a vendor Your responsibilities throughout the
More informationNational Disclosure Summit
www.pwc.com National Disclosure Summit Best Practices in implementing a coordinated Global Transparency Program February 7, 2014 Agenda Global transparency overview Your path to a global transparency program
More informationContents. Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule
BEST PRACTICES Iron Mountain Document Conversion Services HEALTHCARE HIPAA Omnibus and the Implications for Document Conversion Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule Contents
More informationUnified SaaS Solution for Cybersecurity and Risk. Curran Data Technologies
Unified SaaS Solution for Cybersecurity and Risk Curran Data Technologies 317-974-1009 www.currandata.com Solution Discover the effective simplicity of a unified RSC solution Discover Solution Diagnose
More informationIDENTITY AND ACCESS MANAGEMENT SOLUTIONS
IDENTITY AND ACCESS MANAGEMENT SOLUTIONS Help Ensure Success in Moving from a Tactical to Strategic IAM Program Overview While identity and access management (IAM) provides many benefits to your organization
More informationACA COMPLIANCE PROVIDER REQUEST FOR PROPOSAL (RFP)
ACA COMPLIANCE PROVIDER REQUEST FOR PROPOSAL (RFP) SEPTEMBER 2016 The purpose of this RFP is to identify and engage an outsourcing solution partner to provide ACA Compliance services to CLIENT with efficiency,
More informationACHIEVING TOTAL COMPLIANCE IN THE CLOUD
WHITE PAPER ACHIEVING TOTAL COMPLIANCE IN THE CLOUD Ensure Your Cloud Infrastructure is Audit-Ready for 35 Regulatory Standards with Cloud Management www.cloudcheckr.com ACHIEVING TOTAL COMPLIANCE IN THE
More informationIT Executive Programs
IT Executive Programs Why IDC? 50 years of providing global, regional and local IT advisory services to businesses and governments on technology and line-of-business related issues, in 110 countries. 1,100
More informationCase Study Webinar: Vendor Risk Management at Global Lending Services
Case Study Webinar: Vendor Risk Management at Global Lending Services Al Palmer, SVP Compliance, Global Lending Services LLC (GLS) Melissa Brown, Compliance Manager, Global Lending Services LLC (GLS) John
More informationEGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY Created for mike elfassi
Created for mike elfassi Bridging The Gap Between Healthcare & Hipaa Compliant Cloud Technology and outsource computing resources to external entities, would provide substantial relief to healthcare service
More informationPerformance Risk Management Jonathan Blackmore, May 2013
Performance Risk Management Jonathan Blackmore, May 2013!@# Topics The world is changing How leading companies turn risk into results Back to basics 2 Company focus Market Risk Management an evolving journey
More informationW207: How should you leverage internal audit? October 26, 2016
W207: How should you leverage internal audit? October 26, 2016 Agenda Internal Audit Framework 3 Lines of Defense Value Enhancement Work Internal Audit vs. Compliance Areas of Focus Key takeaways 2 What
More informationThe past, present and future of service organization control reporting
The past, present and future of service organization control reporting Key takeaways from EY s Annual SOCR Client Conference March 2016 Study the past if you would define the future. Confucius b 1 Conference
More informationPreparing for an OCR Audit: What is Expected of You
Preparing for an OCR Audit: What is Expected of You Speakers Chuck Burbank CISO and Director of Managed Privacy Services FairWarning Robert Mireles, CIPM Sr. Healthcare Privacy Specialist for Managed Privacy
More informationLaw Firm Procurement Survey Executive Summary
Law Firm Procurement Survey Executive Summary www.hbrconsulting.com info@hbrconsulting.com 312.201.8400 advisory managed services software solutions ins ights SURVEY OVERVIEW With heightened client expectations,
More informationLaw Firm Procurement Survey Executive Summary
Law Firm Procurement Survey Executive Summary www.hbrconsulting.com info@hbrconsulting.com 312.201.8400 advisory managed services software solutions insights EXECUTIVE SUMMARY SURVEY OVERVIEW With heightened
More informationOptimizing an Enterprise Wide Effective Vendor Risk Management Program. Pam Schott Head and VP Enterprise Supplier Governance
Optimizing an Enterprise Wide Effective Vendor Risk Program Pam Schott Head and VP Enterprise Supplier Governance June 1, 2015 Emerging Industry Trends As Procurement organizations mature; their focus
More informationTexas Tech University System
Texas Tech University System October 31, 2017 ERM Overview Evolution of Risk Management Risk Traditional Definition The possibility that something bad or unpleasant will happen. Merriam-Webster Minimizing
More informationISACA Systems Implementation Assurance February 2009
ISACA Pressures Today Pressure to increase realization of value from IT spending Pressure to deliver on IT projects at a time when resources/budgets are constrained Pressure from risk of technology-based
More informationDelivered by Sandra Fuller, MA, RHIA, FAHIMA. April 29, 2009
A Statement by the American Health Information Management Association on Determining the Definition of Meaningful Use to the National Committee on Vital and Health Statistics, April 2009 Delivered by Sandra
More informationWelcome to today s Live Event we will begin shortly. Please feel free to use Chat or Q&A to tell us any burning questions you may have in advance
Welcome to today s Live Event we will begin shortly Please feel free to use Chat or Q&A to tell us any burning questions you may have in advance 1 Welcome to How to Develop Your HIPAA Security Policies
More informationHow to Measure the Value of Your Internal Audit Group
How to Measure the Value of Your Internal Audit Group Best practices to follow, pitfalls to avoid and success metrics to measure May 17, 2012 Agenda Strategic challenges: Implications for the enterprise
More informationRole Based Access Governance and HIPAA Compliance: A Pragmatic Approach
WHITE PAPER Role Based Access Governance and HIPAA Compliance: A Pragmatic Approach JULY 2009 Executive Summary The joiner/mover/leaver framework provides a useful mechanism for entitles to use as a basis
More informationHealth Solutions. Commercial Health Solutions Overview EXPANDING INSIGHT. ENSURING VALUE. IMPROVING OUTCOMES.
Health Solutions Commercial Health Solutions Overview EXPANDING INSIGHT. ENSURING VALUE. IMPROVING OUTCOMES. Expanding Insight. Ensuring Value. Improving Outcomes. Organizations look to experienced solutions
More informationEHR AND ERP INTEGRATION. January 25, 2018
EHR AND ERP INTEGRATION January 25, 2018 Your Instructor Agenda Introduction to EHR and ERP EHR and ERP integration opportunities Evaluating the potential impact of EHR and ERP integration to your organization
More informationPayments the new player domain. How EY can assist
Payments the new player domain How EY can assist Payment is defined as an exchange of financial value between two parties for goods or services. Contents Current trend... 1 Importance of an end-to-end
More informationFirm Profile TURNING RISKS INTO OPPORTUNITIES
Firm Profile TURNING RISKS INTO OPPORTUNITIES You can measure opportunity with the same yardstick that measures the risk involved. They go together. Earl Nightingale TRUSTED ADVISORS RiSK Opportunities
More informationIT GOVERNANCE. WITH ROBERT GOODSELL, MANAGING DIRECTOR JOE BRUTSCHE, DIRECTOR PwC. April 4, 2013
IT GOVERNANCE WITH ROBERT GOODSELL, MANAGING DIRECTOR JOE BRUTSCHE, DIRECTOR PwC April 4, 2013 Agenda The challenge IT Governance defined IT Governance components Next steps Questions THE CHALLENGE The
More informationAccelerate GDPR compliance with the Microsoft Cloud Samuel Marín Sr. Sales Solutions Specialist
Accelerate GDPR compliance with the Microsoft Cloud Samuel Marín Sr. Sales Solutions Specialist This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.
More informationMaking intelligent decisions about identities and their access
Making intelligent decisions about identities and their access Provision users and mitigate risks with Identity Governance and Intelligence Highlights Provide a business-centric approach to risk-based
More informationAligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00
Aligning and Integrating ERM and Business Process Federal ERM Summit September 9, 2013 11:00-12:00 1 Agenda Defining Risk and ERM The ERM Value Proposition An Integrated ERM Framework Aligning ERM with
More informationMINEFIELD? OR GREENFIELD? Challenges and Opportunities for Mid-Tier Sourcing Clients
Challenges and Opportunities for Mid-Tier Sourcing Clients Debora Card, Partner, ISG, and Stanton Jones, Emerging Technology Analyst, ISG ISG WHITE PAPER 2013 Information Services Group, Inc. All Rights
More informationRamifications of the New COSO Framework & Recent PCAOB Actions
Ramifications of the New COSO Framework & Recent PCAOB Actions Panelists Moderator Bob Meyer, Senior Vice President of Finance & Corporate Controller, American Tower Joann Cangelosi, Partner, Grant Thornton
More informationSimple, Scalable, Real-time Protection
Data Sheet Simple, Scalable, Real-time Protection Practical Content Security With Egnyte Protect, companies can quickly find and safeguard the content that matters most. It is simple to use, requires almost
More informationTECHNOLOGY AND AUDIT: A MUTUAL FUTURE THERESA GRAFENSTINE CHAIR, ISACA BOARD OF DIRECTORS 2/15/2018
TECHNOLOGY AND AUDIT: A MUTUAL FUTURE THERESA GRAFENSTINE CHAIR, ISACA BOARD OF DIRECTORS 2/15/2018 1 AGENDA THE AUDIT LANDSCAPE PROCESSES AND TRENDS CHANGES LOOKING FORWARD AUDIT OF THE FUTURE ENTERPRISE
More informationISACA San Francisco Chapter
ISACA San Francisco Chapter The 2007 Privacy Panel Rena Mears, CISSP, CIPP, CPA, CISA Partner, Deloitte & Touche LLP March 23, 2007 San Francisco 0 What is Privacy and Why Now? Definition of PII The definition
More informationa physicians guide to security risk assessment
PAGE//1 a physicians guide to security risk assessment isalus healthcare isalus healthcare a physicians guide to security risk assessment table of contents INTRO 1 DO I NEED TO OUTSOURCE MY SECURITY RISK
More informationService Organization Controls (SOC) Reporting Discussion: Perspectives and Opportunities
IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Service Organization Controls (SOC) Reporting Discussion: Perspectives and Opportunities
More informationEnsuring Organizational & Enterprise Resiliency with Third Parties
Ensuring Organizational & Enterprise Resiliency with Third Parties Geno Pandolfi Tuesday, May 17, 2016 Room 7&8 (1:30-2:15 PM) Session Review Objectives Approaches to Third Party Risk Management Core Concepts
More informationOutsourcing transparency evolution
Outsourcing transparency evolution How information transparency creates value across the extended enterprise Outsourcing transparency evolution Transparent communication is evolving for outsource service
More informationSTEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS. April 25, 2018 In-House Counsel Conference
STEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS April 25, 2018 In-House Counsel Conference Presenters: Daniela Ivancikova, Assistant General Counsel, University of Delaware Evan
More informationStrengthening Vendor Risk Management Program
Strengthening Vendor Risk Management Program ACUIA Region 5 Fall Meeting Portsmouth, N.H. October 2017 PKF O Connor Davies Risk Advisory Services Governance & Regulations Cyber-Security Risk Management
More informationIIA ERM Summit. August 22, 2010
IIA ERM Summit August 22, 2010 Key market drivers have created a perfect storm for risk transformation Trends Challenges Opporties SEC rule changes requiring additional disclosures in proxy and information
More informationIACA Compliance Benchmark Questionnaire
27 June 2018 Reference No.: IACA-2018-CCA-0001-22 IACA Compliance Benchmark Questionnaire This questionnaire has been prepared in the context of the IACA Compliance Benchmark Project. It is addressed to
More informationOutsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise
Outsourcing Transparency Evolution: Creating Value Across the Third-Party Extended Enterprise @ComplianceWeek #CW2017 Release for answers to polling questions I understand that any data or information
More informationREGULATORY HOT TOPIC Third Party IT Vendor Management
REGULATORY HOT TOPIC Third Party IT Vendor Management 1 Todays Outsourced Technology Services Core Processing Internet Banking Mobile Banking Managed Security Services Managed Data Center Services And
More informationVENDOR RISK MANAGEMENT FCC SERVICES
VENDOR RISK MANAGEMENT FCC SERVICES Introductions Chris Tait, CISA, CFSA, CCSK, CCSFP Principal, Financial Services Baker Tilly Russ Sommers, CPA, CISA Senior Manager, Financial Services Baker Tilly Agenda
More informationMaximizing value from your lines of defense
Insights on governance, risk and compliance December 2013 Maximizing value from your lines of defense A pragmatic approach to establishing and optimizing your LOD model Contents Introduction Are you getting
More informationGallagher Healthcare Practice
Gallagher Healthcare Practice Keeping Your Organization in Good Health As the healthcare industry transitions from volume to value, you need a partner with access to a wide set of solutions that can be
More informationAre you prepared for this Challenge? The new COSO Enterprise Risk Management Framework
Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework CAGFO 2018 Conference Winnipeg, MB September 13, 2018; 10:30am Agenda 01 What is being said of ERM today? 02 What
More informationEffective Data Governance & GDPR Compliance for the Nonprofit CFP
Effective Data Governance & GDPR Compliance for the Nonprofit CFP March 22, 2018 BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited
More informationRSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, anti-virus, intrusion prevention systems, intrusion
More informationSHIFTING TO THE CLOUD: UNDERSTANDING IT INVESTMENT MANAGEMENT BEYOND YOUR DATA CENTER WALLS
1 SHIFTING TO THE CLOUD: UNDERSTANDING IT INVESTMENT MANAGEMENT BEYOND YOUR DATA CENTER WALLS KATHERINE FORE JENNIFER MCGILL CAROLINAS HEALTHCARE SYSTEM AHIA 35th Annual Conference September 11-14, 2016
More informationBack to School for Business Services how to get it right?
Back to School for Business Services how to get it right? CORE conference November 8, 2016 1 Shared Services and Outsourcing Advisory WHO WE ARE KPMG s Shared Services and Outsourcing Advisory practice
More informationManaging Legal and Operational Risk in IT Agreements
Managing Legal and Operational Risk in IT Agreements Presented by: Donna Pond, Senior Director, Lead Counsel, Shire Pharmaceuticals Evan J. Foster, Partner, Saul Ewing LLP Agenda: Special issues in: Conventional
More informationHow to Stand Up a Privacy Program: Privacy in a Box
How to Stand Up a Privacy Program: Privacy in a Box Part III of III: Maturing a Privacy Program Presented by the IT, Privacy, & ecommerce global committee of ACC Thanks to: Nick Holland, Fieldfisher (ITPEC
More informationThe Relationship Between HIPAA Compliance and Business Associates
The Relationship Between HIPAA Compliance and Business Associates 2007-2016 1 What is HIPAA? HIPAA / HITECH Protect patient confidentiality while furthering innovation and patient care Omnibus (September
More informationHCCA Audit & Compliance Committee Conference. February 29-March 1, Drivers of ERM. Enterprise Risk Management in Healthcare.
Enterprise Risk Management in Healthcare Deloitte & Touche LLP Heather Hagan, Senior Manager Nancy Perilstein, Senior Manager February 29, 2016 Discussion Items Drivers of Enterprise Risk Management (ERM)
More informationOutsourcing Procurement Services Deliver Higher Performance at a Lower Cost
Outsourcing Procurement Services Deliver Higher Performance at a Lower Cost As the hospitality industry looks to generate more operational efficiencies while maintaining brand diversity, a paradigm shift
More informationPresentation for INCC LUMS 2008 May 2, 2008 Presented by Shahed Latif, KPMG LLP, Silicon Valley
MAINTAINING A SECURE GLOBAL ENTERPRISE : Challenges and Emerging Solutions Presentation for INCC LUMS 2008 May 2, 2008 Presented by Shahed Latif, KPMG LLP, Silicon Valley The 2008 Chief Information Security
More informationIt s time to revisit your anti-corruption compliance program How to design an effective and defensible compliance program in response to global trends
It s time to revisit your anti-corruption compliance program How to design an effective and defensible compliance program in response to global trends Many legal and compliance officers are revisiting
More informationprivate equity we do a great deal
private equity we do a great deal private equity there when it counts With one simple point of contact, you have access to a breadth of services and numerous advantages. Private equity groups demand a
More informationDriving healthy growth
Health Care Of special interest to Boards of directors The C-suite Health care executives 5Insights for executives Driving healthy growth The value of a proactive stance to compliance Organizations throughout
More informationEmerging & disruptive technology risks
Emerging & disruptive technology risks Shawn W. Lafferty, KPMG Partner IT Internal Audit/Risk Assurance April 2018 Why IT internal audit? find ways to overcome resource and budgetary constraints. This
More informationPCF Analytics Workshop
PCF Analytics Workshop Asking the Right Risk Questions to Power Your Advanced Analytics Strategy November 7, 2018 Welcome! 19th Annual Pharmaceutical and Medical Device Compliance Congress Preconference
More informationExtended Enterprise Risk Management
Extended Enterprise Risk Management Driving performance through the extended enterprise October 2015 A network within a network The Extended Enterprise is the concept that an organization does not operate
More informationAdvanced Monitoring and Testing to Enable Performance. SCCE Boston Regional Conference
www.pwc.com Advanced Monitoring and Testing to Enable Performance SCCE Boston Regional Conference Presenters Jon Mackenzie Managing Director, Office: (267) 330 8111 Email: jonathan.b.mackenzie@pwc.com
More informationThe Role of Oversight and Monitoring and the Use of Analytics to Increase Effectiveness of your Compliance Program
The Role of Oversight and Monitoring and the Use of Analytics to Increase Effectiveness of your Compliance Program Presented by: David Curé, Vice President and Chief Auditor Christopher Price, Sr. Director,
More informationIdentity & Access Management Unlocking the Business Value
Identity & Management Unlocking the Business Value Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Unlocking the Value of Identity and Management Defining the IAM challenge
More informationIT Strategic Plan Portland Community College 2017 Office of the CIO
IT Strategic Plan Portland Community College 2017 Office of the CIO 1 Our Vision Information Technology To be a nationally recognized standard for Higher Education Information Technology organizations
More informationMSP Purpose, Value & ROI
PERSPECTIVE ARTICLE MSP Purpose, Value & ROI A Comprehensive Look at Today s Global Managed Service Provider Programs In this perspective article, Bartech an industry professional services firm delivering
More informationEffective Risk Management With AML Risk Assessment. January 25, 2017
Effective Risk Management With AML Risk Assessment January 25, 2017 2017 2017 Crowe Crowe Horwath Horwath LLP LLP Agenda Regulatory Trends in Risk Assessment Crowe Approach to Anti-Money Laundering (AML)
More information