IT Risk Compliance

advertisement
The Evolution of IT Risk &
Compliance
February 2012
Rosalyn Ellis, CRISC
Susan Hoffman, CISA,CGEIT
1
Achieving SOX Compliance

Developed set of control requirements




Application Change Management
Application & Data Security
Documented existing controls and processes
Established new controls and processes
2
Issue at hand...




Review, assess, consider materiality of
issues, priority, determine level of audit
issues/complexity to close gaps
Evaluated and documented IT controls
Clarified “ownership” for the controls
New applications / solutions introduced to
environment requiring proper controls
3
Established a team…

Purpose



implement according to policy
audit to the policy
Partners with...
Internal & External Audit teams


Determine needed IT controls
Define how to test the controls
IT staff:


Build compliance into IT solutions
Determine ways to align compliance efforts with IT initiatives
4
IT Risk & Compliance…
Assembled list of IT controls according to policy
identifying specific frequency and owners
Established Self-Audit Program
 Conduct self-audit test on each IT control
 Identifies gaps with the existing IT controls
 Provides for auditor reliance on self-audit
results
5
6
Benefits of Self-Audit Program
The IT Organization




Assumes responsibility for the IT controls
Gains confidence that IT controls and
processes are effective and efficient
Identifies control weaknesses in advance of
Internal or External Audit tests
Identifies process improvements with current
controls and processes
7
Benefits of Self-Audit Program
8
Beyond Self-Audit Concepts

Database Activity Monitoring (DAM)



Explore other uses for current tool
Business Processes comply with eDiscovery
requirements
Self Audit of Business Application


SOA Architecture
Self Audit of Mobile Applications
9
Expanding Self-Audit Concepts

Coordinate Assessments



Internal Risk Assessments
3rd Party Assessments
Current Topics & Technology



Cloud Computing
PII
PCI
10
Questions?
11
Download
Study collections