1 / 23

Data Analytics

Data Analytics. ISACA Omaha Chapter February 15, 2011. Data Analytics. Why use data analytics? Efficiency Expand Scope of Records Tested Reduce Sampling Risk Achieve Continuous Monitoring / Auditing. First National of Nebraska Inc. 6 independently chartered banks.

meg
Download Presentation

Data Analytics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Data Analytics ISACA Omaha Chapter February 15, 2011

  2. Data Analytics Why use data analytics? • Efficiency • Expand Scope of Records Tested • Reduce Sampling Risk • Achieve Continuous Monitoring / Auditing

  3. First National of Nebraska Inc. 6 independently chartered banks. 244 individual locations across 7 states.

  4. First National of Nebraska Inc. • Credit Card • Deposits • Loans • ACH / Wires / Transaction Processing • Branch Network • Information Technology / Security • Compliance (Regulatory, PCI, etc.)

  5. Data Analytic Services • 3 professionals • Formed in 2007 • Part of the Internal Audit Department • Made up of 8 individual teams • 38 audit professionals • Also, serve as a resource to multiple risk groups and business units outside of Internal Audit.

  6. What We Do • Internal Requests • External Requests • Continuous Auditing / Monitoring • Recurring Reports • Monthly and Quarterly • System Administration

  7. Tools Used to Analyze Data • ACL • SAS • Access • Crystal Reports • Business Objects • Excel • Monarch

  8. Challenges • Understanding the Request and End Result • Location of the Data • Best Way to Access the Data • Mapping the Data to meet the Objectives of the Request • Understanding what the Data is telling you. • Avoiding Garbage In, Garbage Out • Sometimes we get audited!

  9. How Data is Obtained • Tapes • Mainframe Jobs / Scripts • System Reports • Data Warehouse (ODBC)

  10. Reporting • Logical Access • Regulation O – Insider Account Monitoring • Door Access comparison with HR Master File • Training Validation • Validation of System Feeds • Fraud Monitoring • Committee Reporting • Business Issues Summaries • Audit Plan Status Reporting

  11. Business Issues – All

  12. Business Issues - Open

  13. Business Issues – Days O/S

  14. Business Issues – Missed TD

  15. Audit Plan by Entity

  16. Audit Plan Status by Quarter

  17. System Administration • Lotus Notes • Used by Internal Audit as their primary documentation system • Archer Enterprise Risk and Compliance System • Used by various risk groups through organization

  18. Archer eGRC System • Business Issues Tracking and Reporting • Vendor Management / Due Diligence • Risk Assessments • Incident Reporting • Policy Management • AT501 Compliance / SOX 404 • Case Management

  19. Incident Management Overview • Streamline incident submission through a customizable and easy-to-use web-based interface. • Report incidents anonymously or confidentially. • Open, prioritize and track security incidents with built-in workflow. • Attach graphics, files and documents as evidence. • Benefits • Reduce incident response times. • Ensure that a defined process is followed to address and report incidents. • Consolidate incident reporting and impact analysis. Report incidents, manage their escalation, track investigations and analyze resolutions. 19

  20. Vendor Management Overview • Provide an enterprise view of corporate vendor documentation, services and utilization. • Assess vendor risk based on services, facilities and internal practices as well as involvement in corporate projects, processes and initiatives. • Evaluate vendors through multiple assessment types such as auto self-assessments and onsite visits. Benefits • Improve productivity through ease of data collection and retrieval. • Make data accessible to appropriate staff members through the use of access controls. Centralize vendor data, manage relationships, assess vendor risk, and ensure compliance with your policies and controls. 20

  21. Policy Management Overview • Design, communicate and manage security policies and compliance processes. • Access corporate security policies through an enterprise portal. • Map to industry references including GLBA, SOX, HIPAA, Basel II, ISO17799, PCI, etc. • Link technical configuration procedures (e.g., Windows 2000 Server) to the policies they support. Benefits • Promote compliance with corporate security policies and industry standards. • Demonstrate compliance with regulatory requirements. Create policies, distribute them online, educate and train employees and report compliance. 21

  22. Contact Information Michael Olson, Data Analytic Services (402) 602-6613 Molson@fnni.com

  23. Questions

More Related