RSA Archer Compliance Management 5.2 Webcast

Similar documents
RSA Solution for egrc. A holistic strategy for managing risk and compliance across functional domains and lines of business.

RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

SOLUTION BRIEF RSA ARCHER PUBLIC SECTOR SOLUTIONS

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

A Guide to IT Risk Assessment for Financial Institutions. March 2, 2011

RSA ARCHER INSPIRE EVERYONE TO OWN RISK

Oracle Fusion Financial Reporting Compliance Cloud. What s New in Release 10

RSA. Sustaining Trust in the Digital World. Gintaras Pelenis

Enterprise Compliance Management for Credit Unions

SOLUTION BRIEF RSA ARCHER AUDIT MANAGEMENT

RSA ARCHER MATURITY MODEL: AUDIT MANAGEMENT

The power of the Converge platform lies in the ability to share data across all aspects of risk management over a secure workspace.

Jodi Copeland Region Manager, Fiserv Risk & Compliance

Enterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015

Audit Management - Software. Internal Audit Refresher Course Technical Session 6 27 August, 2016

Vendor Cloud Platinum Package: Included Capabilities

ORACLE ADVANCED ACCESS CONTROLS CLOUD SERVICE

COMPLIANCE TRUMPS RISK

Achieve Continuous Compliance via Business Service Management (BSM)

SOLUTION BRIEF RSA ARCHER REGULATORY & CORPORATE COMPLIANCE MANAGEMENT

Comparison of the PCAOB s Auditing Standards No. 5 and No. 2 (Certain key differences are highlighted by underlining)

DUBAL s ISO based ERM Program

Using data analytics and continuous auditing for effective risk management

An Oracle White Paper December Reducing the Pain of Account Reconciliations

Using Archer to Monitor Security Compliance at AT&T

GAIT FOR BUSINESS AND IT RISK

SYNTHETIC ACTIVE MONITORING. Copyright 2015 TestPoint All Rights Reserved

Solutions for Enterprise Risk Management SAS. Overview. A holistic view of risk of risk and exposures for better risk management SOLUTION OVERVIEW

Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

Standard for Validation, Verification and Audit

Crowe Activity Review System

International Standard on Auditing (Ireland) 315

SOLUTION BRIEF HELPING PREPARE FOR RISK ASSESSMENT & COMPLIANCE CHALLENGES FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

CRISC EXAM PREP COURSE: SESSION 4

ANNUAL PERFORMANCE REPORT DATA ASSURANCE PLAN 2015/2016

KPMG Smart Controls. Putting you in control of your controls. kpmg.co.uk

Sarbanes-Oxley Compliance Kit

Business Risk Intelligence

A Practical Approach to Enterprise Risk Management

MEGA S SOLUTIONS FOR GOVERNANCE, RISK, AND COMPLIANCE

SRI LANKA AUDITING STANDARD 315 (REVISED)

The Blue Sage Group. Sarbanes-Oxley. 404 Compliance Program. The Blue Sage Group

CENTRE (Common Enterprise Resource)

Continuous Diagnostic and Mitigation and Continuous Monitoring as a Service. CMaaS TASK AREAS

Crowe Caliber. Using Technology to Enhance AML Model Risk Management Programs and Automate Model Calibration. Audit Tax Advisory Risk Performance

PRIVY COUNCIL OFFICE. Audit of PCO s Accounts Payable Function. Final Report

ISACA Systems Implementation Assurance February 2009

A Simplified and Sustainable Approach to NERC CIP Compliance with Cyberwiz-Pro. NERC CIP Compliance Solutions from WizNucleus

International Standard on Auditing (UK) 315 (Revised June 2016)

Agenda. Manage the Risk of Inefficiency and Occupational Fraud in Day-to-Day Business Processes

10/16/2018. Kingston Governance, Risk, and Compliance

Audit Trends & Framework for Improved Financial Reporting. Data Quality, Integrity, and Reliability

Improved Risk Management via Data Quality Improvement

(Effective for audits of financial statements for periods ending on or after December 15, 2013) CONTENTS

Simplify and Secure: Managing User Identities Throughout their Lifecycles

Case Study Webinar: Vendor Risk Management at Global Lending Services

Payment Card Industry Compliance. May 12, 2011

falanx Cyber PCI-DSS: How can your organisation achieve and maintain compliance?

Internal Controls. Presented by Donna Maskil-Thompson SPP RE Workshop 03/15/2016. Property of KC Board of Public Utilities - PUBLIC

Appendix A. Simplified Sample Entity-Level Control Matrices

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Presentation for INCC LUMS 2008 May 2, 2008 Presented by Shahed Latif, KPMG LLP, Silicon Valley

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

CERT Resilience Management Model, Version 1.2

STREAM Integrated Risk Manager. ISO Application. How STREAM supports compliance with ISO 27001

Road to Self Governance

Audit Planning & Quality Use Case Guide

King III Chapter 7 & 9 Guidance on the Assessment of the System of Internal Control. June 2010

Quality Assurance / Quality Control Plan

IAASB Main Agenda (December 2008) Page Agenda Item

Financial Institutions Consulting. Quality service. Personal attention.

G11: Convergence of Security and Compliance - An Integrated Approach to Information Risk Management Larry A. Jewik and Ramy Houssaini, Kaiser

Sarbanes-Oxley: Company Case Study - Viacom Inc. IT General Controls - Sustaining Compliance Efforts. Anthony Noble VP, IT Internal Audit

LEVERAGING ERM BEYOND COMPLIANCE. July 25, 2017

STRAGETIC RISK MANUAL

and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

BCBS 239 Alignment with DCAM (Data Management Implications related to the Principles of Risk Data Aggregation) July 2015

Practices in Enterprise Risk Management

Audit Quality Assurance workshop Audit Planning by: CPA Steve Obock Associate Director- KPMG Kenya March 2017

RISK MANAGEMENT REPORT

INTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND) 315 (Revised)

... Preface Acknowledgments SAP Governance, Risk, and Compliance Overview Planning SAP GRC Implementations...

Minimizing fraud exposure with effective ERP segregation of duties controls

Regulation Systems Compliance and Integrity Considerations for the AWS Cloud

Capgemini Risk Management & Compliance

Internal Audit Solutions:

ORACLE FUSION FINANCIALS

Risk Advisory SERVICES. A holistic approach to implementing effective governance, managing risk and maintaining compliance

Internal controls over Financial Reporting Key concepts. Presentation by Jayesh Gandhi at WIRC

Clarity PPM On Demand. Zane Schafer, SVP Software Engineering

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

Fraud Risk Management

Understanding Model Representations and Levels: What Do They Mean?

CENTRAL FLORIDA EXPRESSWAY AUTHORITY

How to Measure the Value of Your Internal Audit Group

Internal Oversight Division. Audit Report. Audit of Enterprise Risk Management

RELEASE MANAGEMENT CHECKLIST

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

BlackLine Compliance

Transcription:

RSA Archer Compliance Management 5.2 Webcast Marshall Toburen egrc Risk Solutions Manager RSA Archer 1

Agenda Introductory Comments 5.2 Enhancements Overview RSA Archer approach to Compliance Management Positive Outcomes Demonstration Q&A 2

Introductory Comments Newest version of Compliance Management solution became available on February 2 along with enhanced versions of Audit, Risk and Enterprise Management solutions Existing, licensed customers can obtain the packages and install guides directly from the Archer Exchange Upgrades will also be reflected in the 5.2 solution master Updated Compliance Management Practitioner s Guide on the Exchange To fully benefit from Compliance Management solution, we recommend that you also utilize the Enterprise, Risk, and Policy Management solutions Consider requesting demonstration(s) around specific use cases 3

5.2 Enhancements Overview Enhanced configuration of the Control Procedures application to enable enhanced categorization and testing of internal controls Introduced cost to control Financial Close Management Checklist Developed Quarterly Financial Certification Questionnaires targeting the Business Hierarchy in the Enterprise Management solution Enabled Key Control Indicator Monitoring via Risk Management Solution Established a mechanism to capture relevant, point in time, compliance information to build and report on historical compliance data Various cosmetic changes 4

Controls & Compliance Internal Control it s about managing risk to achieve objectives Fines & sanctions from regulatory non-compliance Litigation from product liability, human resources, and business operations Losses from errors & fraud associated with people, process, technology Brand reputation Losses from extending credit or losing assets managed by 3 rd parties Insufficient liquidity to meet obligations Charges from adverse change in markets and interest rates Risk of not executing on strategy By compliance we mean control assurance, and compliance with policy, procedure, and authoritative sources Common Use Cases: Demonstrating Compliance with Specific Regulations, Financial Reporting Obligations, ERM / Performance Management 5

Compliance Challenges Knowing where all the controls are & should be Failure to focus on controls commensurate with their risk Significant cost to demonstrate compliance Redundant focus on controls that mitigate multiple regulations/risks Manual testing is laborious, expensive, and incomplete Connecting the dots is time consuming and expensive Managing compliance with multiple regulations Coordination with other assurance functions Resource limitations Testing processes are inconsistent Exception reporting, remediation, and tracking Satisfying high profile stakeholders Copyright 2011 EMC Corporation. All rights reserved. 6

RSA Archer Approach to Compliance Management Identify Controls & Associate them with egrc Framework Assess Control s Importance & Cost Test Control Design & Effectiveness Remediate, Report, & Monitor Establish Key Control Indicators Conduct Control Self-Assessments / Certifications 7

Document Controls & Associate them with GRC/ERM Framework Information Management Process Auth Sources / Policy / Ctl Stds People / Business Hierarchy Asset Infrastructure Information Security Risk Electronic Security Risk Device Password Control Threat Management Control Patch Management Control Firewall Administration Control Physical Security Risk EE Security Education Control Restricting Local Printing Control 8

Assess Importance & Cost of the Control Risk-based Scoping of Controls is established in context of Inherent Amount of Risk being Mitigated Financial Significance of the Business Unit, Process Quantitative & Qualitative Significance of associated G/L Accounts Subjective opinion of assessor Estimate the cost of control(s) to compare with inherent risk Cull out controls that are not significant or cost more than the inherent risk they mitigate Scope tests based on significance Inherent Risk of Associated Risk Register Item % of Net Income / Assets of BU Quant / Qual Significance of G/L Accounts Opinion of SME Cost of Control Control Importance 9

Establish Key Control Indicators Metrics documented in the Risk Management Solution can target control procedures Continuous control monitoring Automated feeds around IT technical assets 10

Conduct Assessments / Assertions Control Self-Assessments Financial Close Checklist - Assess the activities performed in the financial close process to ensure all required steps have been completed Quarterly Certifications Technical Control Manual Assessments Integration with scanning tools such as Qualys, McAfee, isight, etc. 36 Questionnaires; > 15,000 Questions 11

Execute Design and Operating Tests Assess whether design tests will mitigate the risk as intended Inform testers of their work queues via rulesdriven workflow and My Tasks lists Execute operating tests to identify if the control is working as designed RSA Archer Compliance Control Tester Dashboard Copyright 2011 EMC Corporation. All rights reserved. 12

Test Design & Operating Effectiveness 13

Maintain Continuous Controls Monitoring Auto-generate deficiencies based on failures noted within questionnaires and test results Understand how findings relate to controls, operating entities, policies, regulations and risk Relate multiple findings in a context of a remediation plan to identify larger issues and support informed decision making Copyright 2011 EMC Corporation. All rights reserved. 14

Design / Effectiveness Compliance Management Reporting Corporate Objectives Business Processes Risks Policies Control Standards Control Procedures People Process Technology Desired: e.g. Best Practice Mandated: e.g. PCI, Basel II Questionnaires Control Self Assessments Independent Reviews Compliance Tool Integration Tech Control Verification Answers Risks w/o Controls Regulations w/o controls Standards w/o controls Most important controls Controls not well designed or operating Who is responsible When problems are going to be resolved Issue Management Findings Remediation Exceptions Copyright 2011 EMC Corporation. All rights reserved. 15

Respond to Deficiencies Employ automated workflow and task management capabilities to resolve compliance deficiencies Route findings and tasks to appropriate personnel Complete remediation tasks or log exception requests that identify effective compensating controls Review and approve the resolution of deficiencies using the pre-built, fully configurable workflow processes Copyright 2011 EMC Corporation. All rights reserved. 16

Report on Overall Compliance Use real-time reporting capabilities and dashboards to form a consolidated picture of compliance efforts and remediation Ad hoc reporting allows you to deliver status and alert-type reports to users through dashboards, email or exports in a number of different formats Copyright 2011 EMC Corporation. All rights reserved. 17

Positive Outcomes of RSA Archer Compliance Management After Scenarios Multiple risks & regulations are satisfied while eliminating redundant controls Ability to easily incorporate new or updated regulations within existing compliance processes Consistent management and approach for control testing Continuous monitoring of open compliance findings and remediation plans Ability to report compliance posture against key regulations across the entire organization Positive Business Outcomes Fewer redundant and unimportant controls = less control assessments and testing activities (fewer resource hours) Transparency, accountability, and improved control culture Institutionalized knowledge of business operations Easier ability to satisfy multiple stakeholder interests 18

Compliance Management Demonstration Copyright 2011 EMC Corporation. All rights reserved. 19

Q & A 20

Thank you! Copyright 2011 EMC Corporation. All rights reserved. 21

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback