Emerging Technology and Security Update
|
|
- Drusilla Charles
- 6 years ago
- Views:
Transcription
1 Emerging Technology and Security Update February 13, 2015 Jordan Reed Managing Director
2 Agenda 2015 Internal Audit Capabilities and Needs Survey 2014 IT Priorities Survey Results 2014 IT Security and Privacy Survey 2015 IT Audit Benchmarking Survey Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
3 Current Events Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
4 Protiviti s 2015 Internal Audit Capabilities and Needs Survey Preview
5 Survey Overview About the Survey Protiviti conducted the survey in December More than 800 respondents took the survey. The survey included close to 290 topics areas divided into four major sections: General Technical Knowledge Technical Knowledge specific to U.S. Financial Services Industry, Healthcare Provider Industry, Healthcare Payer Industry and Manufacturing Industry Audit Process Knowledge Personal Skills and Capabilities Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
6 General Technical Knowledge Three-Year Comparison S.No Need to Improve "Need to Improve" Rank Areas Evaluated by Respondents Competency (5-pt. scale) 1 45% 1 GTAG 16: Data Analysis Technologies % (Tie) NIST Cybersecurity Framework % 2 Mobile Applications % 3 Practice Advisory : Continuous Assurance % 4 The Guide to the Assessment of IT Risk (GAIT) % ISO (information security) % 5 (Tie) Cloud Computing % GTAG 17: Auditing IT Governance Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
7 General Technical Knowledge Three-Year Comparison Social media applications Recently enacted IIA Standard Functional Reporting Interpretation (Standard 1110) Recently enacted IIA Standards Audit Opinions and Conclusions (Standards 2010.A2 and 2410.A1) GTAG 16 Data Analysis Technologies Recently enacted IIA Standard Overall Opinions (Standard 2450) Cloud computing The Guide to the Assessment of IT Risk (GAIT) GTAG 13 Fraud Prevention and Detection in an Automated World ISO (information security COSO Internal Control Framework (DRAFT 2012 version) Practice Guide Assessing the Adequacy of Risk Management GTAG 6 Managing and Auditing IT Vulnerabilities Fraud risk management Mobile applications NIST Cybersecurity Framework Social media applications Cloud Computing GTAG 16: Data Analysis Technologies GTAG 16: Data Analysis Technologies NIST Cybersecurity Framework Mobile Applications Practice Advisory : Continuous Assurance The Guide to the Assessment of IT Risk (GAIT) ISO (information security) Cloud Computing GTAG 17: Auditing IT Governance Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
8 Protiviti s IT Priorities Survey
9 Top Priorities According to the survey results, IT transformation has become the new normal for companies. Nearly two-thirds of respondents (63 percent) reported that some form of major IT transformation is under way in their organizations. Most notable priorities for 2014 : Enhancing and protecting business value. All eyes on security. Managing and classifying all that data. Strengthening IT asset management. More mobile, more social Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
10 Managing Security and Privacy Key Findings Among all of the IT organization s many responsibilities, managing security and privacy ranks among its most vital priorities. Preparing for, monitoring for and responding to security incidents swiftly and effectively, based on an established policy and tested processes understandably is deemed to be a critical concern. Other significant priorities include enterprise data classification and management, identity and access management, and IT user management, as well as technical infrastructure configuration. Organizations are continuing to evolve their thirdparty/vendor management programs, especially in light of recent security breaches undertaken by using vendor credentials Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
11 IT Process Capabilities: Managing Security and Privacy Three-Year Comparison Overall Results* Managing and classifying enterprise data California Security Breach Information Act (SB 1386) Managing and classifying enterprise data Incident response Developing and maintaining security and privacy standards Monitoring Security Events U.S. Gramm-Leach-Bliley Act Monitoring security events Managing IT Users Managing user identities and access Managing third-party vendors Managing Third-Party Vendors Managing third-party vendors Incident response Monitoring security events Implementing security/privacy solutions and strategies Managing user identities and access Implementing security/privacy solutions and strategies Managing and classifying enterprise data Managing user identities and access *Certain areas in this category were not included in all years of the survey Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
12 Management and Use of Data Assets Key Findings Legacy infrastructure can limit the ability to access data in more meaningful ways. Big Data expands further the demand for information and value from data analytics, while providing increased technical complexity. Note: Most organizations are thinking about big data. Large company CIOs place a greater priority on big data for 2014 Master Data Management and Data Governance are important components of the IT function s role in protecting business value. Data analytics are important to enhancing business decision making and strategic direction. Business Intelligence and reporting tools are a significant priority but require an effective and comprehensive information management strategy to be successful Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
13 Managing IT Assets Key Findings Monitoring and accounting for IT assets have grown more complex due to smart device proliferation, growing workforce mobility and reliance on external partners. Software and hardware deployment, along with managing software licensing and compliance, are the most significant IT asset management priorities. Retirement issues, including licensing recovery and sensitive data contained on retired assets are of concern. Improving the management and administration of backup and recovery, along with a need for better storage management and planning are emphasized. Looking for ways to strengthen database change management, IT infrastructure change management, job processing and network performance planning Focusing on the development, ongoing maintenance and testing of business continuity programs and IT disaster recovery plans. Ensuring IT aspects of BCM programs align with business objectives and needs, and have the support of executive management Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
14 Protiviti s IT Security and Privacy Survey
15 Key Findings Bridging the Data security Chasm 1 Board engagement is a key differentiator in the strength of IT security profiles. 2 There remains a surprising lack of key core information security policies. 3 Organizations lack high confidence in their ability to prevent a cyber attack or data breach. 4 Not all data is equal companies retaining data without structure has more than doubled. 5 Many are still unprepared for a crisis Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
16 The Top Performers How engaged is your board of directors with information security risks? High engagement and level of understanding by the board Medium engagement and level of understanding by the board Low engagement and level of understanding by the board All respondents Large companies ($1B) Small companies (<$1B) 30% 34% 26% 41% 45% 36% 20% 12% 30% Don t know 9% 9% 8% Which of the following policies does your organization have in place? Large companies ($1B) Small companies (<$1B) Acceptable use policy 76% 87% 86% 84% 69% Record retention/ destruction Policy Written information security policy (WISP) 76% 86% 81% 84% 71% 66% 78% 75% 79% 52% Data Encryption Policy 59% 68% 66% 67% 52% Social Media Policy* 59% NA NA 67% 51% * New category Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
17 Questions from the Board What are the macro level risks that face the company? Are organizations creating specific roles to deal with this area? How long would it take us to respond to an incident? Could that [insert name of breached company] event happen to us? Is what we have in place for data protection today enough? How are we measuring results against costs? What is the value of security? What are we doing about compliance with global privacy requirements? Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
18 Organizations Lack High Confidence in Their Ability to Prevent a Cyberattack or Data Breach Rate your level of confidence that your organization is able to prevent a targeted external attack by a well-funded attacker. Scale of 1-10 where 10 indicates high level of confidence and 1 indicates little or no confidence Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
19 Not All Data Is Equal Does your company have a clear data classification scheme and policy in place that categorize the organization s data and information sensitive, confidential, public, etc.? Scheme Policy Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
20 Not All Data Is Equal How would you rate your management s understanding of what comprises its sensitive data and information? Excellent understanding % 27% 26% Good understanding 51% 48% 50% Limited understanding Little or no understanding 22% 22% 22% 3% 2% 1% Don t know 1% 1% 1% Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
21 CIOs Are Taking Charge of Data Governance Who is responsible for creating and overseeing data governance in your organization? Three-year trend of growth in the CIO s role in creating, overseeing and executing data governance strategy and policy Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
22 ISACA / Protiviti IT Audit Benchmarking Survey
23 A Global Look at IT Audit Best Practices About the Survey ISACA and Protiviti partnered to conduct the fourth annual IT Audit Benchmarking Survey in the third quarter of 2014 This global survey, conducted online, consisted of a series of questions grouped into five categories: Today s Top Technology Challenges IT Audit in Relation to the Internal Audit Department Assessing IT Risks Audit Plan Skills and Capabilities More than 1,300 executives and professionals, including chief audit executives as well as IT audit vice presidents and directors, completed the online questionnaire Visit the Protiviti and ISACA websites to download a copy of this benchmarking report: Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
24 Top Challenges Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
25 Key Findings Cybersecurity and privacy are primary concerns. Companies face significant IT audit staffing and resource challenges. Audit committees, as well as organizations in general, are becoming more engaged in IT audit. IT audit risk assessments are not being conducted, or updated, frequently enough. Room for growth in IT audit reports and reporting structures Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
26 Frameworks Which of the following accepted industry frameworks is the IT audit risk assessment based? (Multiple responses permitted) Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
27 IT Audit Hours and Responsibilities Which of the following activities is your IT audit function responsible for? (Multiple responses permitted) Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
28 Significant Technology Projects What level of involvement does IT audit have in significant technology projects? Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
29 Significant Technology Projects (Cont.) When does IT audit become involved in significant technology projects? Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
30 Evaluating and Assessing IT Governance If you answered no to the previous question, indicate whether you intend to complete an evaluation and assessment of your organization s IT governance process Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
31 Confidentiality Statement and Restriction for Use This document contains confidential material proprietary to Protiviti Inc. ("Protiviti"), a wholly-owned subsidiary of Robert Half ("RHI"). RHI is a publicly-traded company and as such, the materials, information, ideas, and concepts contained herein are non-public, should be used solely and exclusively to evaluate the capabilities of Protiviti to provide assistance to your Company, and should not be used in any inappropriate manner or in violation of applicable securities laws. The contents are intended for the use of your Company and may not be distributed to third parties Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.
Today s Enterprise - Cyberthreats Lurk Amid Major Transformation. Assessing the Results of Protiviti s 2015 IT Priorities Survey
Today s Enterprise - Cyberthreats Lurk Amid Major Transformation Assessing the Results of Protiviti s 2015 IT Priorities Survey INTRODUCTION The very technologies that empower us to do great good can
More informationBaptist Health South Florida
Baptist Health South Florida IIA Miami Top Challenges Facing Internal Audit Departments 2016 Agenda 1. Cybersecurity 2. Culture 3. Timely Identification of Risk 4. Data Analysis Cybersecurity Cybersecurity
More informationThe IIA toolbox.
The IIA toolbox www.theiia.org Agenda 1. International Professional Practices Framework (IPPF) 2. The Professional Issues Committee (PIC) 3. IIA Guidance 4. The GTAG s! 5. Questions 2 Who am I? Background
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationTOR NAME Responsible Owner Effective date Technology Strategy Committee (TSC) Terms of Reference (TOR) College Board
TOR NAME Responsible Owner Effective date Technology Strategy Committee (TSC) Terms of Reference (TOR) Technology Strategy Committee March 30, 2017 TOR number Approval Body Replaces TSC 2017-18 TOR College
More informationExecutive Perspectives on Top Risks Key Issues Being Discussed in the Boardroom and C-Suite
Summary Manufacturing and Distribution Industry Group Results Executive Perspectives on Top Risks Key Issues Being Discussed in the Boardroom and C-Suite Research conducted by Protiviti and North Carolina
More informationIT Audit Process Prof. Liang Yao Week Three IT Risk Assessment
Week Three IT Risk Assessment Defining Risks Inherent Risk: The risk that an activity would pose if no controls or other mitigating factors were in place (the gross risk or risk before controls) Residual
More informationAbout the Pulse of Internal Audit
About the Pulse of Internal Audit Number of Responses The IIA s Audit Executive Center (AEC ) has gathered insight from leaders in the CAEs 460 profession through the annual Pulse of Internal Audit survey
More informationSTATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL
Governance Digi.Com Berhad Annual Report 2017 73 STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL IN ACCORDANCE WITH PARAGRAPH 15.26 (b) OF THE MAIN MARKET LISTING REQUIREMENTS OF BURSA MALAYSIA SECURITIES
More informationBest Practices: Vendor Risk Questionnaires PROCESSUNITY WEBINAR SERIES
Best Practices: Vendor Risk Questionnaires PROCESSUNITY WEBINAR SERIES Today s Presenters Tom Garrubba Senior Director Shared Assessments Bryan Burnhart Head of Strategic Alliances ProcessUnity Ed Thomas
More informationRisk Management For and By the BOT. Secured BOT Series
Secured BOT Series 2018 Contents Risk Management For and By the BOT Setting context for RPA Risk Management Deloitte's Risk Framework For RPA Risk Management For the BOT Risk Management By the BOT How
More informationEnsuring Organizational & Enterprise Resiliency with Third Parties
Ensuring Organizational & Enterprise Resiliency with Third Parties Geno Pandolfi Tuesday, May 17, 2016 Room 7&8 (1:30-2:15 PM) Session Review Objectives Approaches to Third Party Risk Management Core Concepts
More informationASSESSMENT AND EVALUATION OF THE CITY OF PHILADELPHIA S INFORMATION TECHNOLOGY GENERAL CONTROLS FISCAL 2016
ASSESSMENT AND EVALUATION OF THE CITY OF PHILADELPHIA S INFORMATION TECHNOLOGY GENERAL CONTROLS FISCAL 2016 Charles J. Brennan Chief Information Officer Office of Innovation and Technology 1234 Market
More informationBoards and internal audit: Working together to strengthen risk management
Boards and internal audit: Working together to strengthen risk management Growing demands on boards The role of the board has always been an important and demanding one, but today s board members face
More informationThird-Party Enterprise Software Support: Key Risks and Questions to Ask
-rr.z.-'71., iirritirit w 0 et Arkalyze the Future IDC PERSPECTIVE Third-Party Enterprise Software Support: Key Risks and Questions to Ask Rob Brothers Elaina Stergiades EXECUTIVE SNAPSHOT FIGURE 1 Executive
More informationEY Center for Board Matters Boards and internal audit
EY Center for Board Matters Boards and internal audit Working together to strengthen risk management Growing demands on boards The role of the board has always been an important and demanding one, but
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationRick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP Senior Manager, Wipfli Risk Advisory Services OBJECTIVES
Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP Senior Manager, Wipfli Risk Advisory Services 1 OBJECTIVES What should be done before you sign a contract with a vendor Your responsibilities throughout the
More informationBenchmarking SOX Costs, Hours and Controls
Benchmarking SOX Costs, Hours and Controls Leverage the results of Protiviti s 2018 Sarbanes-Oxley Compliance Survey to gear up and automate key processes Table of Contents Executive Summary...2 SOX Compliance
More informationHealth Solutions. Commercial Health Solutions Overview EXPANDING INSIGHT. ENSURING VALUE. IMPROVING OUTCOMES.
Health Solutions Commercial Health Solutions Overview EXPANDING INSIGHT. ENSURING VALUE. IMPROVING OUTCOMES. Expanding Insight. Ensuring Value. Improving Outcomes. Organizations look to experienced solutions
More informationBrink's Modern Internal Auditing
Brink's Modern Internal Auditing A Common Body of Knowledge Seventh Edition ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Preface About the Author xix XXV PART ONE CHAPTER 1 FOUNDATIONS OF MODERN INTERNAL
More informationBusiness Benefits by Aligning IT best practices
Business Benefits by Aligning IT best practices Executive Summary Since the Sarbanes-Oxley Act (Sarbanes-Oxley or SOX) was signed into law in 2002, many companies have adopted some IT practices to comply
More informationThe Red (Book) Rocks The Latest and Greatest Audit Standards
The Red (Book) Rocks The Latest and Greatest Audit Standards Presenter Toni Stephens Chief Audit Executive The University of Texas at Dallas Insert Logo Here Course Objectives Explain the development of
More informationThe past, present and future of service organization control reporting
The past, present and future of service organization control reporting Key takeaways from EY s Annual SOCR Client Conference March 2016 Study the past if you would define the future. Confucius b 1 Conference
More informationLiberty Healthcare Management, Inc.
CUSTOMER INNOVATION STUDY Liberty Healthcare Management, Inc. makes a smooth transition to the cloud on time and 15% under budget with Infor Consulting Services Liberty chose to move to the cloud because
More informationIT Strategic Plan Portland Community College 2017 Office of the CIO
IT Strategic Plan Portland Community College 2017 Office of the CIO 1 Our Vision Information Technology To be a nationally recognized standard for Higher Education Information Technology organizations
More informationConducting a SharePoint Assessment
Conducting a SharePoint Assessment Poll Questions What percentage of roundtable attendees utilize Microsoft SharePoint? How is SharePoint utilized within your organization? Do you believe your organization
More informationINSIDE. 2 Introduction 12 Conclusion 4 6. How Prepared Are Corporate Law Departments?
INSIDE 1 A Message From Morrison & Foerster s Global Risk & Crisis Management Chair 7 How Prepared Are Corporate Law Departments? 2 Introduction 12 Conclusion 4 6 Risk and Crisis Management: An Emerging
More informationSarbanes-Oxley Act of 2002 Can private businesses benefit from it?
Sarbanes-Oxley Act of 2002 Can private businesses benefit from it? As used in this document, Deloitte means Deloitte Tax LLP, which provides tax services; Deloitte & Touche LLP, which provides assurance
More informationSOX AND THE IT AUDITOR
SOX AND THE IT AUDITOR 15 Years Later, Has Life Changed or Does It Just Drone on and on and on and Ross E. Wescott MA CISA CIA CCP CUERME Wescott & Associates The Conference that Counts, Albany New York
More informationSHIFTING TO THE CLOUD: UNDERSTANDING IT INVESTMENT MANAGEMENT BEYOND YOUR DATA CENTER WALLS
1 SHIFTING TO THE CLOUD: UNDERSTANDING IT INVESTMENT MANAGEMENT BEYOND YOUR DATA CENTER WALLS KATHERINE FORE JENNIFER MCGILL CAROLINAS HEALTHCARE SYSTEM AHIA 35th Annual Conference September 11-14, 2016
More informationAnalytics in Auditing Is a Game Changer
Analytics in Auditing Is a Game Changer With digitalization, robotics and business transformation gaining more momentum in organizations every day, internal audit needs to embrace analytics and fast. Internal
More informationSarbanes-Oxley Compliance Kit
Kit February 2018 This product is NOT FOR RESALE or REDISTRIBUTION in any physical or electronic format. The purchaser of this template has acquired the rights to use it for a SINGLE Disaster Recovery
More informationGOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.
GOVERNANCE 8.A.1 - Objective: Information Technology strategies, plans, personnel and budgets are consistent with AES' business and strategic requirements and goals. Objective Risk Statement(s): - IT Projects,
More informationHow to Stand Up a Privacy Program: Privacy in a Box
How to Stand Up a Privacy Program: Privacy in a Box Part III of III: Maturing a Privacy Program Presented by the IT, Privacy, & ecommerce global committee of ACC Thanks to: Nick Holland, Fieldfisher (ITPEC
More informationEnhancing Audit Committee Excellences through Internal Audit. 21 November 2017
Enhancing Audit Committee Excellences through Internal Audit 21 November 2017 Sharpen and Strengthen Excellences of Audit Committee Recent Trends and Emerging Challenges Global and Emerging Trends Roles
More informationStatement on Risk Management and Internal Control
INTRODUCTION The Board affirms its overall responsibility for the Group s system of internal control and risk management and for reviewing the adequacy and effectiveness of the system. The Board is pleased
More informationDo You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi?
Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi? Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com HCCA 2017 Compliance Institute
More informationDo You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi?
Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi? Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com HCCA 2017 Compliance Institute
More informationStrengthening Vendor Risk Management Program
Strengthening Vendor Risk Management Program ACUIA Region 5 Fall Meeting Portsmouth, N.H. October 2017 PKF O Connor Davies Risk Advisory Services Governance & Regulations Cyber-Security Risk Management
More informationPULSE OF INTERNAL AUDIT. Navigating an Increasingly Volatile Risk Environment
PULSE OF INTERNAL AUDIT Navigating an Increasingly Volatile Risk Environment Survey Demographics Survey Conducted Oct. 2014 8th consecutive year 370 responses 63% Public/Private companies 84% CAEs and
More informationReady for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements
SAP Database and Data Management Portfolio/SAP GRC Solutions Ready for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements
More informationAHIMA Leading the Adoption of Information Governance Practices in HealthCare
INFORMATION GOVERNANCE IN HEALTHCARE AHIMA Leading the Adoption of Information Governance Practices in HealthCare Deborah Green, MBA, RHIA EVP, and Chief Operating Officer AHIMA AOE, July 2014 AHIMA 2014
More informationIT Strategic Plan Portland Community College 2017 Office of the CIO
IT Strategic Plan Portland Community College 2017 Office of the CIO 1 Our Vision Information Technology To be a nationally recognized standard for Higher Education Information Technology organizations
More informationFirm Profile TURNING RISKS INTO OPPORTUNITIES
Firm Profile TURNING RISKS INTO OPPORTUNITIES You can measure opportunity with the same yardstick that measures the risk involved. They go together. Earl Nightingale TRUSTED ADVISORS RiSK Opportunities
More informationFrom Cloud, Mobile, Social, IoT and Analytics to Digitization and Cybersecurity
From Cloud, Mobile, Social, IoT and Analytics to Digitization and Cybersecurity Benchmarking Priorities for Today s Technology Leaders Internal Audit, Risk, Business & Technology Consulting Table of Contents
More informationTECHNOLOGY AND AUDIT: A MUTUAL FUTURE THERESA GRAFENSTINE CHAIR, ISACA BOARD OF DIRECTORS 2/15/2018
TECHNOLOGY AND AUDIT: A MUTUAL FUTURE THERESA GRAFENSTINE CHAIR, ISACA BOARD OF DIRECTORS 2/15/2018 1 AGENDA THE AUDIT LANDSCAPE PROCESSES AND TRENDS CHANGES LOOKING FORWARD AUDIT OF THE FUTURE ENTERPRISE
More informationISACA San Francisco Chapter
ISACA San Francisco Chapter The 2007 Privacy Panel Rena Mears, CISSP, CIPP, CPA, CISA Partner, Deloitte & Touche LLP March 23, 2007 San Francisco 0 What is Privacy and Why Now? Definition of PII The definition
More informationRequest for Information (RFI) # Performance Management System. May 23, 2014
Request for Information (RFI) #14-21 Performance Management System May 23, 2014 5 / 2 2 / 2 0 1 4 1 : 2 7 P M R F I 1 4-2 1 P E R F O R M A N C E M A N A G E M E N T S Y S T E M P A G E 1 O F 8 Table of
More informationEmerging & disruptive technology risks
Emerging & disruptive technology risks Shawn W. Lafferty, KPMG Partner IT Internal Audit/Risk Assurance April 2018 Why IT internal audit? find ways to overcome resource and budgetary constraints. This
More informationREGULATORY HOT TOPIC Third Party IT Vendor Management
REGULATORY HOT TOPIC Third Party IT Vendor Management 1 Todays Outsourced Technology Services Core Processing Internet Banking Mobile Banking Managed Security Services Managed Data Center Services And
More informationDeveloping the IT Audit Plan
Developing the IT Audit Plan Global Technology Audit Guide (GTAG) Written in straightforward business language to address a timely issue related to IT management, control, and security, the GTAG series
More informationThe Accenture 2011 High Performance Finance Study. Redefining High Performance in the Insurance Finance Function
The Accenture 2011 High Performance Finance Study Redefining High Performance in the Insurance Finance Function Contents Introduction Introduction 03 Delivering greater value to the enterprise 09 Dealing
More informationRamifications of the New COSO Framework & Recent PCAOB Actions
Ramifications of the New COSO Framework & Recent PCAOB Actions Panelists Moderator Bob Meyer, Senior Vice President of Finance & Corporate Controller, American Tower Joann Cangelosi, Partner, Grant Thornton
More informationEffects of GDPR and NY DFS on your Third Party Risk Management Program
Effects of GDPR and NY DFS on your Third Party Risk Management Program Please disable popup blocking software before viewing this webcast June 27, 2017 Grant Thornton LLP. All rights reserved. 1 CPE Reminders
More informationTop Priorities for Internal Audit in Financial Services Organizations
Top Priorities for Internal Audit in Financial Services Organizations Discussing the Key Financial Services Industry Results from the 2016 Internal Audit Capabilities and Needs Survey Introduction Each
More informationThe CipherTrust Cloud Key Manager for Software-as-a-service
Enterprise Strategy Group Getting to the bigger truth. Solution Showcase The CipherTrust Cloud Key Manager for Software-as-a-service Date: December 2017 Author: Doug Cahill, Senior Analyst; and Leah Matuson,
More informationAdvanced Audit Techniques
Advanced Audit Techniques Who should attend? Senior Auditors Audit Managers and those about to be appointed to that role Auditors that need to audit technical or complex business areas Assurance professionals
More informationVentana Research Marketing Research in 2017
Ventana Research Marketing Research in 2017 Setting the annual expertise and topic agenda Mark Smith CEO & Chief Research Officer blog.ventanaresearch.com @ventanaresearch In/ventanaresearch 1 Confidentiality
More informationHoneywell Software Service Tools Help Manage Control System Performance, Security and Process Plant Outcomes
Honeywell Software Service Tools Help Manage Control System Performance, Security and Process Plant Outcomes Today s Honeywell LSS software service tools portfolio and the vision to optimize software tool
More informationFulfilling CDM Phase II with Identity Governance and Provisioning
SOLUTION BRIEF Fulfilling CDM Phase II with Identity Governance and Provisioning SailPoint has been selected as a trusted vendor by the Continuous Diagnostics and Mitigation (CDM) and Continuous Monitoring
More informationWhen Recognition Matters TRAINING AND CERTIFICATION CATALOGUE
When Recognition Matters TRAINING AND CERTIFICATION CATALOGUE 2017 www.pecb.com Table of Contents THE IMPORTANCE OF PECB TRAINING COURSES IN YOUR EVERYDAY LIFE... 5 CHOOSE WHICH COURSE IS RIGHT FOR YOU...
More informationEmerging Technology and Security Update
Emerging Technology and Security Update Presented by, Cal Slemp Managing Director, New York, NY October 25, 2012 Speaker Presenter Cal Slemp Managing Director, New York Topic Emerging Technology and Security
More informationTop 5 Must Do IT Audits
Top 5 Must Do IT Audits Mike Fabrizius, Sharp HealthCare, VP, Internal Audit DJ Wilkins, KPMG, Partner, IT Advisory 2011 AHIA Annual Conference www.ahia.org Background on Sharp HealthCare Sharp s Co-sourcing
More informationKey Risks and Risk Based Management Update
Key Risks and Risk Based Management Update Recommendation That the Standing Policy Committee on Finance recommend to City Council: 1. That the information be received; and 2. That the proposed Key Corporate
More informationMANAGEMENT of INFORMATION SECURITY Third Edition
LANNING FOR MANAGEMENT of INFORMATION SECURITY Third Edition CHAPTER ECURITY You got to be careful if you don t know where you re going, because you might not get there. Yogi Berra Upon completion of this
More informationMatt Loeb ISACA CEO. September 17, WCARS
Matt Loeb ISACA CEO September 17, 2016 37WCARS Agenda A Disruptive and Changing World Impact on Auditors Implications for the Future Workforce A Disrupted World Digital disruption is already here World
More informationOutline of the Discussion
IT Risk Supervision Outline of the Discussion Define IT Risk Identify Scope of an IT Examination Describe a Bank s Operating Environment Identify Risks Considered in IT Supervision Describe the IT Ratings
More informationYOUR SUCCESS IS OUR GOAL. Company Profile. Riyadh Jeddah Saudi Arabia IRSAA BUSINESS SOLUTIONS
YOUR SUCCESS IS OUR GOAL Company Profile Riyadh Jeddah Saudi Arabia IRSAA BUSINESS WWW.IRSAA.COM SOLUTIONS Company Summary . ABOUT IRSAA OUTSOURCING, BUSINESS SOLUTIONS & SERVICE PROVIDER IRSAA is the
More informationInformation governance for the real world
Information governance for the real world 1 2 Information governance is the activities and technologies that organizations employ to maximize the value of their information while minimizing associated
More informationIT EXAMS TOP 5 CITATIONS. Top 5 citations LOUISIANA BANKERS ASSOCIATION TECHNOLOGY CONFERENCE Policy and Risk Assessment 2.
IT EXAMS LOUISIANA BANKERS ASSOCIATION TECHNOLOGY CONFERENCE 2015 @TrainaCPA TOP 5 CITATIONS Top 5 citations 1. Policy and Risk Assessment 2. ACH/CATO 3. Disaster planning 4. Audit 5. Oversight 1. POLICY
More informationPreparing for an OCR Audit: What is Expected of You
Preparing for an OCR Audit: What is Expected of You Speakers Chuck Burbank CISO and Director of Managed Privacy Services FairWarning Robert Mireles, CIPM Sr. Healthcare Privacy Specialist for Managed Privacy
More information9.03 USING A CONTROL FRAMEWORK FOR IT AUDITS. Patrick Sickels, CISA, CRISC CU*Answers x335 October 30, 2012
9.03 USING A CONTROL FRAMEWORK FOR IT AUDITS Patrick Sickels, CISA, CRISC CU*Answers 800.327.3478 x335 psickels@cuanswers.com October 30, 2012 WHAT IS A CONTROL FRAMEWORK? Examiners use control frameworks
More informationExecutive Perspectives on Top Risks Key Issues Being Discussed in the Boardroom and C-Suite
Summary Technology, Media and Telecommunications Industry Group Results Executive Perspectives on Top Risks Key Issues Being Discussed in the Boardroom and C-Suite Research conducted by Protiviti and North
More informationExecutive Perspectives on Top Risks Key Issues Being Discussed in the Boardroom and C-Suite
Summary Energy and Utilities Industry Group Results Executive Perspectives on Top Risks Key Issues Being Discussed in the Boardroom and C-Suite Research conducted by Protiviti and North Carolina State
More informationAdapting Risk Management to Evolving Technologies
Adapting Risk Management to Evolving Technologies May 9, 2017 Ray Cheung 2017 Crowe 2017 Horwath Crowe International Horwath LLP Agenda Digital Disruption and Shifting IT Spend High Tech Risk Environment
More informationModernizing Cyber Defense: Embracing CDM. Okta Inc. 301 Brannan Street, Suite 300 San Francisco, CA
Modernizing Cyber Defense: Embracing CDM Okta Inc. 301 Brannan Street, Suite 300 San Francisco, CA 94107 info@okta.com 1-888-722-7871 The Department of Homeland Security s (DHS) Continuous Diagnostic and
More informationMind the Gap: GDPR Ahead. Rakesh Sancheti. Author. July Vice President and Business Head - Analytics, Europe and Nordic
Author Rakesh Sancheti Vice President and Business Head - Analytics, Europe and Nordic July 2017 The regulatory environment has become increasingly complex, with new regulations being introduced across
More informationNavigating Changing Dynamics of First Line Risk and Control Functions
POINT OF VIEW Navigating Changing Dynamics of First Line Risk and Control Functions Including results of Protiviti s large financial institution survey on business control functions An organization s overall
More informationAssessments for Certified and Non-Certified Vendors
Assessments for Certified and Non-Certified Vendors 3rd party Vendors Security Risk Profile 63% of all 2016 data breaches resulted from third party vendor s risk Small companies are high risk - security
More informationSOLUTION BRIEF RSA ARCHER REGULATORY & CORPORATE COMPLIANCE MANAGEMENT
RSA ARCHER REGULATORY & CORPORATE COMPLIANCE MANAGEMENT INTRODUCTION Your organization s regulatory compliance landscape changes every day. In today s complex regulatory environment, governmental and industry
More informationClimb Every Mountain: Structuring a Governance Model for Not-For-Profits 5TH ANNUAL DALLAS IIA SUPER CONFRENCE OCTOBER 2016
1 Climb Every Mountain: Structuring a Governance Model for Not-For-Profits 5TH ANNUAL DALLAS IIA SUPER CONFRENCE OCTOBER 2016 Board Structure & Responsibility: One size does not fit all With oversight
More informationSELF ASSESSMENT OF BUSINESS OBJECTIVES. Kelly Dorin CPA, CA, CIA, CFE, CCSA, CRMA
SELF ASSESSMENT OF BUSINESS OBJECTIVES Kelly Dorin CPA, CA, CIA, CFE, CCSA, CRMA Overview What is Control Self-Assessment (CSA) Benefits obtained from using CSA How would you use CSA Enterprise-wide CSA
More informationOversight by Board, Risk Management & Audit Committee (RMAC) and other committees. Second line of defense
47 In the business environment that we live in, doing nothing might be the biggest risk of all. At Cim, the Board plays a crucial role in risk oversight; it is bringing more diverse viewpoints into the
More informationMind the Gap Assuring Stakeholders of Internal Audit s Value. Anton van Wyk, CIA, QIAL, CRMA IIA Global Chairman 2014/2015
1 Mind the Gap Assuring Stakeholders of Internal Audit s Value Anton van Wyk, CIA, QIAL, CRMA IIA Global Chairman 2014/2015 2 About the Speaker Anton van Wyk CIA, QIAL, CRMA, CD (SA) Global Chairman
More informationAWS MSP Partner Program Validation Checklist v3.2 Mapping
DATASHEET AWS MSP Partner Program Validation Checklist v3.2 Mapping OVERVIEW The AWS MSP Validation Checklist Mapping is designed to provide CloudCheckr partners with a practical means to validate the
More informationTypes of Systems Audit & Relevance. Presented By: Prasad Pendse, CISA
Types of Systems Audit & Relevance Presented By: Prasad Pendse, CISA Agenda Systems Audit Categories & Types of Systems Audit, Relevance IT & Application Audits Security Audits Process Audits Advantages
More informationVENDOR RISK MANAGEMENT FCC SERVICES
VENDOR RISK MANAGEMENT FCC SERVICES Introductions Chris Tait, CISA, CFSA, CCSK, CCSFP Principal, Financial Services Baker Tilly Russ Sommers, CPA, CISA Senior Manager, Financial Services Baker Tilly Agenda
More informationCertificate in Internal Audit IV
Certificate in Internal Audit IV The Senior Audit Role auditing key business activities Who should attend? Senior Auditors Audit Managers and those about to be appointed to that role Auditors that need
More informationUNIVERSITY STANDARD. Title UNIVERSITY OF NORTH CAROLINA AT CHAPEL HILL STANDARD ON ENTERPRISE DATA GOVERNANCE. Introduction
UNIVERSITY STANDARD Issuing Office Responsible University Title UNIVERSITY OF NORTH CAROLINA AT CHAPEL HILL STANDARD ON ENTERPRISE DATA GOVERNANCE PURPOSE Introduction This Standard to the Policy on Enterprise
More informationFinding your Privacy Pulse: How to Use KRIs to Measure Your Privacy Risk
Finding your Privacy Pulse: How to Use KRIs to Measure Your Privacy Risk Franchesca Sanabria, Principal National Privacy Practice Eric Dieterich, GM of Advisors & National Privacy Practice Lead IIA Miami
More information1 P a g e. IT Tailored to Your Needs
1 P a g e IT Tailored to Your Needs Bluescope Technologies is a leading provider of IT services to businesses of all sizes in a wide range of industries. Bluescope s headquarters are situated in Limerick,
More informationINFORMATION TECHNOLOGY SERVICES. KEY PRIORITIES for CSU Information Technology In support of Graduation Initiative 2025
INFORMATION TECHNOLOGY SERVICES KEY PRIORITIES for CSU Information Technology In support of Graduation Initiative 2025 September 2017 INTRODUCTION The California State University recently embarked on the
More informationMEMORANDUM. DATE: September 9, Enterprise Risk Management. 1 P a g e
MEMORANDUM TO: FROM: Chancellor Robert L. Duncan Dr. Rick Lange, TTUHSC EP President Dr. Brian May, ASU President Dr. Tedd Mitchell, TTUHSC President Dr. Lawrence Schovanec, TTU President Enterprise Risk
More informationPhoto FPO. Integration Prioritization Model for Identity Access Management
POINT OF VIEW Photo FPO Integration Prioritization Model for Identity Access Management Most identity access management (IAM) products and services don t provide real value until they are integrated with
More informationPhoto FPO. Integration Prioritization Model for Identity and Access Management
POINT OF VIEW Photo FPO Integration Prioritization Model for Identity and Access Management Most identity and access management (IAM) products and services don t provide real value until they are integrated
More information1. Understanding Big Data. Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview
Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. Understanding
More informationHow to Maximize Your Internal Controls Program. June 15, 2017 Atlanta, GA
How to Maximize Your Internal Controls Program June 15, 2017 Atlanta, GA Sarbanes-Oxley Update June 15, 2017 Rick Warren Principal patrick.warren@pwc.com Andres Leal Director andres.m.leal@pwc.com 3 Agenda
More informationBest Practices in Adopting Cloud in Your IT Sourcing Environment Gartner IT Expo
October 2014 Cloud bound Best Practices in Adopting Cloud in Your IT Sourcing Environment Gartner IT Expo David Simpson, VP IBM Strategic Outsourcing Cloud Services Steve Hodges, Global Director, IBM Cloud
More informationIBM Service Management for a Dynamic Infrastructure IBM Corporation
IBM Service Management for a Dynamic Infrastructure 1 2009 IBM Corporation Agenda Why move to a Dynamic Infrastructure? Why is IBM Service Management at the center of the Dynamic Infrastructure? How does
More information