1 / 11

The Evolution of IT Risk & Compliance

The Evolution of IT Risk & Compliance. February 2012 Rosalyn Ellis, CRISC Susan Hoffman, CISA,CGEIT. Achieving SOX Compliance. Developed set of control requirements Application Change Management Application & Data Security Documented existing controls and processes

yoko
Download Presentation

The Evolution of IT Risk & Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Evolution of IT Risk & Compliance February 2012 Rosalyn Ellis, CRISC Susan Hoffman, CISA,CGEIT

  2. Achieving SOX Compliance • Developed set of control requirements • Application Change Management • Application & Data Security • Documented existing controls and processes • Established new controls and processes

  3. Issue at hand... • Review, assess, consider materiality of issues, priority, determine level of audit issues/complexity to close gaps • Evaluated and documented IT controls • Clarified “ownership” for the controls • New applications / solutions introduced to environment requiring proper controls

  4. Established a team… • Purpose • implement according to policy • audit to the policy • Partners with... Internal & External Audit teams • Determine needed IT controls • Define how to test the controls IT staff: • Build compliance into IT solutions • Determine ways to align compliance efforts with IT initiatives

  5. IT Risk & Compliance… Assembled list of IT controls according to policy identifying specific frequency and owners Established Self-Audit Program • Conduct self-audit test on each IT control • Identifies gaps with the existing IT controls • Provides for auditor reliance on self-audit results

  6. Benefits of Self-Audit Program The IT Organization • Assumes responsibility for the IT controls • Gains confidence that IT controls and processes are effective and efficient • Identifies control weaknesses in advance of Internal or External Audit tests • Identifies process improvements with current controls and processes

  7. Benefits of Self-Audit Program

  8. Beyond Self-Audit Concepts • Database Activity Monitoring (DAM) • Explore other uses for current tool • Business Processes comply with eDiscovery requirements • Self Audit of Business Application • SOA Architecture • Self Audit of Mobile Applications

  9. Expanding Self-Audit Concepts • Coordinate Assessments • Internal Risk Assessments • 3rd Party Assessments • Current Topics & Technology • Cloud Computing • PII • PCI

  10. Questions?

More Related