Baptist Health South Florida

Similar documents
PULSE OF INTERNAL AUDIT. Navigating an Increasingly Volatile Risk Environment

Emerging Technology and Security Update

2016 NORTH AMERICAN PULSE OF INTERNAL AUDIT. Time to Move Out of the Comfort Zone

PULSE OF INTERNAL AUDIT Navigating an Increasingly Volatile Risk Environment.

TRENDS

2017 Healthcare Compliance Benchmark Study

Finding your Privacy Pulse: How to Use KRIs to Measure Your Privacy Risk

Audit Never Sleeps. Angela Witzany, CIA, QIAL, CRMA Chairman of the Global Board The Institute of Internal Auditors

About the Pulse of Internal Audit

2017 North American Pulse of Internal Audit. Public Sector Focus. Courageous Leadership: Instilling Confidence from Within

Audit Never Sleeps. Angela Witzany, CIA, QIAL, CRMA Chairman of the Global Board The Institute of Internal Auditors

Banking in the Balance: Security vs. Convenience. IBM Trusteer s Valerie Bradford on How to Assess Digital Identities

IIA WEST CAE ROUNDTABLE September 18, 2016

Managing reputation risk. Laura Toni, Deloitte Romania November 28, 2014

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11

Does Internal Audit Need a Makeover?

Internal Audit 2017: Global Trends and Outlook. Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA President & CEO, The Institute of Internal Auditors

Board Audit Committee Training Automation of Audit Function. Anthony Wanyoike TeamMate Consulting East, Central & West Africa

3 Questions. to Ask When Developing an Adaptive Security Awareness Program

2018 North American Pulse of Internal Audit. Public Sector Focus. The Internal Audit Transformation Imperative

IBM Security Investor Briefing 2018

Table of Contents. 2 Introduction: Planning an Audit? Start Here. 4 Starting From Scratch. 6 COSO s 2013 Internal Control Integrated Framework

Policy Incident Communication Plan. Table of Contents

IIA ACFE Conference April 17, 2015

Fear, Uncertainty, Doubt

IIA 2015 Worldwide survey of 15,000 internal auditors

The IIA toolbox.

Implementation Guide 2060

2014 Global Council. Dubai, UAE 6-9 March 2014 DAY 2. globaliia.org

The future CFO role. Preliminary research results from an ACCA

Managing your risk, creating value: The role of Internal Audit and emerging technologies

External Quality Assessment Review of University of Florida s Office of Internal Audit

REGULATORY HOT TOPIC Third Party IT Vendor Management

3/21/2017. How and when should you leverage internal audit? March 28, Agenda. What are your initial thoughts on internal audit?

IT Audit Process Prof. Liang Yao Week Three IT Risk Assessment

Developing an Integrated Anti-Fraud, Compliance, and Ethics Program

Embracing the Challenge of Compliance: Driving an effective compliance program. September 18, 2014

Executive Perspectives on Top Risks Key Issues Being Discussed in the Boardroom and C-Suite

2017 Internal Controls Survey

IIA ERM Summit. Jim DeLoach and Steve Jameson August 22, 2010

CONSULTING & CYBERSECURITY SOLUTIONS

Whitepaper September Middle East Perspective State of the Internal Audit Profession 2016

Session 4B Auditing Organisational Culture

ENTERPRISE RISK MANAGEMENT USING DATA ANALYTICS. Dan Julevich and Chris Dawes April 17, 2015

Sarbanes-Oxley and the New Internal Auditing Rules

The Social Marketer vs. the Social Enterprise Social media in financial institutions is in transition.

10 Imperatives for Internal Audit

Governance and reporting. How can boards navigate their way through a changing regulatory landscape?

Securing the supply chain

PMI Southern Ontario Chapter PDD Ralph Dunham May 26, 2012

Advanced Audit Techniques

Quality Assurance in Internal Audit. Standard on Internal Audit (SIA) 7

Benchmarking Report Share, Compare, Validate SAMPLE. Year: 2017 Your Organization Date

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11

Members by Region The Global IIA in 2017 International Affiliates: 39 Members: 47,410 YOY Change: +1% 190,000+ MEMBERS COUNTRIES & TERRITORIE

Implementation Guide 2130

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015

Caribbean Association of Audit Committee Members Inc. Independent Quality Assurance Assessment of the Internal Audit function

Financial Services Internal Audit insights. Effective Internal Audit RAISING THE BAR. May 2014

INTEGRATING FORENSIC INVESTIGATION TECHNIQUES INTO INTERNAL AUDITING

ID: J60. Operations & Security Manager. Grade: Assistant Director Service Management. Security and Incident & Service Improvement Teams

Sample Corporate Risk Management Policy

Internal Audit - Expect More Rising to the challenges of a dynamic risk landscape

Analytics in Auditing Is a Game Changer

Implementation Guide 2000

Cyber and Technology Resilience: Themes from cross-sector survey November 2018

Certificate in Internal Audit IV

June 2016 Issue 05/2016

Boards and internal audit: Working together to strengthen risk management

Canadian Insurance Accountants Association

HCCA Compliance Institute : Intersection of Internal Audit & Compliance. April 17, Agenda. Where are we today?

Strathclyde Partnership for Transport

The Three Cs of Customer Engagement

My name is Sam Mulholland and I am the Managing Director of Standby Consulting.

Simple Strategies, Big Results: Driving Internal Audit Value. October 28 th, 2016

Managing Insider Risk through Training & Culture. Sponsored by Experian Data Breach Resolution

Protecting your critical digital assets: Not all systems and data are created equal

CFO Pulse Survey 2018

Practice Guide. Developing the Internal Audit Strategic Plan

Making intelligent decisions about identities and their access

John D. Halamka, MD, MS

Cyber Risk Management: Bringing Order to Chaos Peter Gouldmann. U.S. Department of State Bureau of Information Resource Management

WE HELP PEOPLE BE THEIR BEST IN THE MOMENTS THAT MATTER BROCHURE INTEGRATED MANAGEMENT SYSTEM

Efficiency First Program

SURVEY REPORT Pre-Holiday Retail Cyber Risk Report. Published November An Osterman Research Survey Report

COSO What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions

Sarbanes-Oxley Compliance Kit

From Scandals to Serious Setbacks: How a Poor Company Culture Can Impact the Bottom Line JUNE 26, 2018

THIRD-PARTY REMOTE ACCESS: CHALLENGES FOR ENTERPRISES AND TECHNOLOGY VENDORS

Mind the Gap Assuring Stakeholders of Internal Audit s Value. Anton van Wyk, CIA, QIAL, CRMA IIA Global Chairman 2014/2015

Assessing quality control: Evaluating the quality audit 1

External Quality Assessment Are You Ready? Institute of Internal Auditors

Compliance 2017: The Year of Regulatory Automation

Teva Pharmaceutical Industries Limited. Statement of Corporate Governance Principles

Implementation Guides

Rate the importance of effectively using technology A. Extremely Important B. Very Important C. Somewhat Important Rate your department s level of per

Pharmaceutical Congress Spring Preconference Symposia Compliance 101 for Pharmaceutical Manufacturers

Leading from the front

What Every Leader Should Know about Compliance Officers and Compliance Programs

Risk Based Process Safety Making a Step Change Improvement in Operational Excellence

Transcription:

Baptist Health South Florida IIA Miami Top Challenges Facing Internal Audit Departments 2016

Agenda 1. Cybersecurity 2. Culture 3. Timely Identification of Risk 4. Data Analysis

Cybersecurity

Cybersecurity 90% of all organizations (worldwide) have been breached in some way (whether they know it or not)* Healthcare information highly coveted by cyber criminals #1 for cyber attacks in 2015 5 of the 8 largest breaches in healthcare since 2010 happened in 1 st half of 2015 more than 111 million health records compromised (35% of U.S. population) * Study published by Cryptozone

Ransomware Ransomware Ransomware is a form of malware that targets both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and systems

Ransomware From March to April 2016 >159% jump* Hollywood Presbyterian Medical Center paid $17,000 ransom in the best interest of restoring normal operations 50% of hospitals have been targeted by ransomware in the past year** Ransomware attacks expected to increase in 2016*** * Report by Engima Software ** HIMSS Analytics 2015 Survey *** 2015 Report by Intel

Education Have a plan 46% of breaches come from negligent insiders* Fake phishing campaign What to do if you get phished Backup your data Limit system access Filter your email Ransomware Whitelist of websites and apps Test recovery and remediation plan * HIMSS Analytics 2015 Survey

Ransomware Audit Response Technical Vulnerability Assessment Available through public internet Accessible within our environment Cyber Security Incident Response Simulation of significant incident

Culture

Culture

Culture Root Cause of Non-Compliance* *Convercent Areas of Compliance Focus

Culture Toxic culture common theme in corporate scandals Culture is a key element in the control environment and governance 58% of audit departments do not audit culture* More than 50% of auditors see organizational culture as high risk* But internal audit s focus is usually here Problems with the culture start here and affect the whole organization Source: The Pulse of Internal Audit survey: 2016 The IIA Audit Executive Center.

Culture What is culture? Behavior modeled by executive management 55% 20% Direct communication from other employees 21% 33% Establishment of a code of conduct 17% 17% Behavior modeled by other employees 13% 3% Formal training on a code of conduct 9% 1% Enforcement of a code of conduct through disciplinary measures 5% 1% Ranked first Ranked second Source: The Pulse of Internal Audit survey: 2016 The IIA Audit Executive Center.

World s Most Ethical Companies Who are they? 131 Honorees Publicly Traded (74%) Fewer than 25,000 Employees (56%) Manufacturing (10%) Insurance (8%) Over $5B Revenue (80%) 21 Countries

World s Most Ethical Culture of Ethics 20% Compliance & Ethics Program 35% Citizenship, Sustainability & Corporate Responsibility 20% Governance 15% Leadership, Innovation & Reputation 10%

A Measurable Difference 6X Honoree

Culture Identifying Healthy Organizational Culture Strong governance with clear policy and procedures Communication of policy and procedures throughout the organization Clear and consistent tone at the top communication from senior management regarding their expectations around control and appropriate behavior Consistent application of policy and procedures to all levels of management without exception Alignment of rewards to the right behaviors Source: The Pulse of Internal Audit survey: 2016 The IIA Audit Executive Center.

Culture Sample audit techniques: Checklist (policies, code of conduct, leadership communication) Surveys Consider incentive programs (perverse incentives) Interviews Start small department level Review of social media

Culture Barriers to Addressing Culture 24% 35% 23% Do not believe internal audit has freedom to assess the entire organization and staff. Do not believe internal audit has full support of executive management to assess the entire organization and staff. Do not believe internal audit has full support of the board or audit committee to assess the entire organization and staff. Among those who DO NOT audit organizational culture that they agree strongly agree that 45%Reported internal audit is able to identify and assess measure of organizational culture.

Timely Risk Identification

Assessing Emerging and Evolving Risks 93% of CAEs use risk-based methodologies when planning But, emerging risks present a challenge Risks often materialize with little or no warning Decades of accumulated value can evaporate We must be able to audit at the speed of risk Source: The Pulse of Internal Audit survey: 2015 The IIA Audit Executive Center.

Identifying Emerging Risks is Critical: But Confidence is Lacking Organization s ability Identify Respond Extremely confident 3% 4% Very confident 32% 31% Moderately confident 45% 42% Slightly confident 15% 17% No confidence 5% 6% 52 percent of CAEs consider identifying emerging risks to be their biggest challenge. Source: The North American Pulse of the Profession Survey: 2013 The IIA Audit Executive Center Source: The Pulse of Internal Audit survey: 2015 The IIA Audit Executive Center. Total may not equal 100% due to rounding.

Continuous Risk Assessment is Still Aspirational for Many 41% of audit departments do periodic updates to their risk assessment Interviews Surveys Headline checks 13% do Continuous Risk Assessment Monitoring of KRIs (manually or automated) Analytical Review Source: The Pulse of Internal Audit Survey Conducted in collaboration with the 2015 Common Body of Knowledge Study, 2015 The IIA and The IIA Research Foundation. All rights reserved. No part of this data may be copied, reproduced or otherwise disseminated without explicit permission from The IIA.

Typical Internal Audit Plans Are Not Very Dynamic How would you describe the development of the audit plan at your organization? Developed once each year and not changed during the year Developed once each year and updated 1 or 2 times per year Frequency 12% 40% Developed once each year and updated 3 or more times per year as risks change 27% Highly flexible plan matched to the organization s changing risk profile 19% Source: The Pulse of Internal Audit Survey Conducted in collaboration with the 2015 Common Body of Knowledge Study, 2015 The IIA and The IIA Research Foundation. All rights reserved. No part of this data may be copied, reproduced or otherwise disseminated without explicit permission from The IIA. Note: 1.3% indicated other as a response to this question.

70 percent of CAEs viewed cyberattacks as a high or critical priority AEC Pulse of Internal Auditing But, Only 53 percent say auditing cybersecurity risk is part of this year s plan Protiviti 2015 IA Capabilities and Needs Survey Report Taking Action When Risks Emerge is Vital! Source: The Pulse of Internal Audit survey: 2015 The IIA Audit Executive Center.

Data Analysis

Data Analysis 90% of all data in the world was created in the past two years* Every day, 3 times per second, we produce the equivalent of the amount of data in the Library of Congress** Unstructured data will account for nearly 80% of all enterprise data by 2017*** *IBM **Nate Silver, American Statistician ***FDC

Data Analysis Really, Really. BIG Data

Data Analysis Definition Big Data: data sets with sizes beyond the ability of commonly-used software tools

Data Analysis 37% Indicated that data mining and analytics skills are very or extremely essential to their internal audit function s ability to perform its responsibilities. Source: The Pulse of Internal Audit survey: 2016 The IIA Audit Executive Center.

Data Reliance Problems can arise from data collection, data analysis and decisions made based on data Is collection and use of the data legal and ethical? Has the organization confirmed the data s appropriateness, accuracy, and completeness? Data often contains gaps and inaccuracies. Was the right expertise involved in evaluating the data to ensure the evaluation is not biased or flawed? The difference between correlation and causation is not always well understood.

Data Reliance USE OF DATA IS GROWING. IS INTERNAL AUDIT SUFFICIENTLY INVOLVED? 17% 36% 47% Reported that internal audit is very or extremely involved in evaluating the quality of data used in their organization. Reported that internal audit is moderately involved in evaluating the quality of data used in their organization. Reported that internal audit is slightly or not at all involved in evaluating the quality of data used in their organization. Source: The Pulse of Internal Audit survey: 2015 The IIA Audit Executive Center.

Summary We must move out of our comfort zone We must stay current on risks Status quo doesn t work any more

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback