View
17
Download
0
Category
Preview:
DESCRIPTION
The Evolution of IT Risk & Compliance. February 2012 Rosalyn Ellis, CRISC Susan Hoffman, CISA,CGEIT. Achieving SOX Compliance. Developed set of control requirements Application Change Management Application & Data Security Documented existing controls and processes - PowerPoint PPT Presentation
Citation preview
The Evolution of IT Risk & Compliance
February 2012
Rosalyn Ellis, CRISC
Susan Hoffman, CISA,CGEIT
1
Achieving SOX Compliance
Developed set of control requirements Application Change Management Application & Data Security
Documented existing controls and processes Established new controls and processes
2
Issue at hand...
Review, assess, consider materiality of issues, priority, determine level of audit issues/complexity to close gaps
Evaluated and documented IT controls Clarified “ownership” for the controls New applications / solutions introduced to
environment requiring proper controls
3
Established a team… Purpose
implement according to policy audit to the policy
Partners with...Internal & External Audit teams
Determine needed IT controls Define how to test the controls
IT staff: Build compliance into IT solutions Determine ways to align compliance efforts with IT initiatives
4
IT Risk & Compliance…
Assembled list of IT controls according to policy identifying specific frequency and owners
Established Self-Audit Program Conduct self-audit test on each IT control Identifies gaps with the existing IT controls Provides for auditor reliance on self-audit
results
5
6
Benefits of Self-Audit Program
The IT Organization Assumes responsibility for the IT controls Gains confidence that IT controls and
processes are effective and efficient Identifies control weaknesses in advance of
Internal or External Audit tests Identifies process improvements with current
controls and processes
7
Benefits of Self-Audit Program
8
Beyond Self-Audit Concepts
Database Activity Monitoring (DAM) Explore other uses for current tool
Business Processes comply with eDiscovery requirements
Self Audit of Business Application SOA Architecture Self Audit of Mobile Applications
9
Expanding Self-Audit Concepts
Coordinate Assessments Internal Risk Assessments 3rd Party Assessments
Current Topics & Technology Cloud Computing PII PCI
10
Questions?
11
Recommended