The Evolution of IT Risk - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

The Evolution of IT Risk

Description:

Benefits of Self-Audit Program. The IT Organization. Assumes responsibility for the IT controls. Gains confidence that IT controls and processes are effective and ... – PowerPoint PPT presentation

Number of Views:47
Avg rating:3.0/5.0
Slides: 12
Provided by: isacaOrgch
Learn more at: https://engage.isaca.org
Category:

less

Transcript and Presenter's Notes

Title: The Evolution of IT Risk


1
The Evolution of IT Risk Compliance
  • February 2012
  • Rosalyn Ellis, CRISC
  • Susan Hoffman, CISA,CGEIT

2
Achieving SOX Compliance
  • Developed set of control requirements
  • Application Change Management
  • Application Data Security
  • Documented existing controls and processes
  • Established new controls and processes

3
Issue at hand...
  • Review, assess, consider materiality of issues,
    priority, determine level of audit
    issues/complexity to close gaps
  • Evaluated and documented IT controls
  • Clarified ownership for the controls
  • New applications / solutions introduced to
    environment requiring proper controls

4
Established a team
  • Purpose
  • implement according to policy
  • audit to the policy
  • Partners with...
  • Internal External Audit teams
  • Determine needed IT controls
  • Define how to test the controls
  • IT staff
  • Build compliance into IT solutions
  • Determine ways to align compliance efforts with
    IT initiatives

5
IT Risk Compliance
  • Assembled list of IT controls according to policy
    identifying specific frequency and owners
  • Established Self-Audit Program
  • Conduct self-audit test on each IT control
  • Identifies gaps with the existing IT controls
  • Provides for auditor reliance on self-audit
    results

6

7
Benefits of Self-Audit Program
  • The IT Organization
  • Assumes responsibility for the IT controls
  • Gains confidence that IT controls and processes
    are effective and efficient
  • Identifies control weaknesses in advance of
    Internal or External Audit tests
  • Identifies process improvements with current
    controls and processes

8
Benefits of Self-Audit Program
9
Beyond Self-Audit Concepts
  • Database Activity Monitoring (DAM)
  • Explore other uses for current tool
  • Business Processes comply with eDiscovery
    requirements
  • Self Audit of Business Application
  • SOA Architecture
  • Self Audit of Mobile Applications

10
Expanding Self-Audit Concepts
  • Coordinate Assessments
  • Internal Risk Assessments
  • 3rd Party Assessments
  • Current Topics Technology
  • Cloud Computing
  • PII
  • PCI

11
Questions?
Write a Comment
User Comments (0)
About PowerShow.com