1 / 11

Colorado University October 3, 2007

Colorado University October 3, 2007. Topics. Introduction A bit about me PwC Overview ERP Enterprise Risk Management Overview Risk & Controls Team Approach. PwC Overview. PwC Overview.

khyman
Télécharger la présentation

Colorado University October 3, 2007

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Colorado University October 3, 2007

  2. Topics Introduction • A bit about me PwC Overview ERP Enterprise Risk Management Overview • Risk & Controls Team Approach

  3. PwC Overview

  4. PwC Overview The PwC network of firms is composed of more than 140,000 partners and staff in 149 countries and territories around the world In the US, PwC LLP employs 30,000 partners and staff We provide industry-focused Assurance, Tax and Advisory services for 424 of the companies in the Fortune Global 500. We also serve smaller companies, private entities, not-for-profit organizations and the public sector. Priority sectors include: financial services, technology, consumer products, pharmaceuticals, entertainment and media Globally, PwC holds the leading position as auditor to the Fortune 500, auditing 31% of the Fortune 500

  5. Corporate Strategy PwC Operations Large Scale Technology Implementations Our Service Lines • Performance Improvement:Identify, measure & close gaps that affect the ability to create and sustain value • Risk Management: companies develop, align, assess and implement security solutions and controls that seek to mitigate risk and vulnerabilities • Transactions: Evaluate & assist in the implementation of acquisitions, divestitures and strategic alliances as well as gain access to global capital markets Assurance Traditional Audit & Attest Services Advisory Tax

  6. ERP Enterprise Risk Management Overview • Risk & Controls Team Approach

  7. What are the key areas of risk for an Enterprise Project? • Broadly, the risks that must be addressed can be grouped into four areas. Project controls help manage risk during the solution development and delivery process. Controls to mitigate the other areas of risk must be implemented within the delivered solution. Business Process Risk The risk that the business experiences real losses attributable to the implemented system • Application (Configurable) Controls • Information Security - Access Controls (Application Level) • Manual/Reporting Controls Project Risk The risk of project failure (e.g. project cancelled or delayed) or the project delivers an unusable system. • Financial/ Budgetary controls • Stage gating controls • Governance controls (PMO, project leadership, steering committees etc.) • Quality – Project deliverables • Quality – Process Design & Def Project Technology Infrastructure Business Process Technology Infrastructure Risk The risk that the supporting infrastructure does not meet established confidentiality, integrity, and availability requirements • Information Security – Threat & Vulnerability management • Configuration management • Systems Remediation & change control Data Integrity Risk The risk that converted, interfaced, and/or input data does not support processing requirements/business needs. • Data Conversion / Transformation • Cleansing & Remediation • Data Integrity Controls • Information Security – Access Controls (System Level) Data Compliance Risk

  8. How Are Enterprise Project Risks Typically Addressed? Steering Committee Primary Objective: Make key decisions, provide leadership, and provide resources needed to resolve significant issues. Project Leadership & PMO Primary Objective: Deliver complete system solution on time, on budget, on scope, on quality with fully realized benefits. Optimize Process Functionality, Technology, & Organization Typical Project Constituencies Functional Teams Primary Objective: Deliver complete and functioning business process solutions. Change & Education Teams Primary Objective: Ensure acceptance and adoption of system solution and that benefits are sustained. Technology Teams Primary Objective: Deliver a robust and reliable supporting technology infrastructure Data Transformation Teams Primary Objective: Ensure the accuracy and integrity of converted, interfaced, input and processed data. Optimize Risk & Controls Team Primary Objective: Ensure business process, technology, and data related risks are managed, controls are designed and documented, and business process, system, and data integrity are preserved Controls, Security, & Compliance Enterprise High Risk Projects

  9. Tight Controls Tight Controls Finance Team GTM Team Supply Chain Team Technology Teams Finance Team GTM Team Supply Chain Team Technology Teams Inefficient & Expensive Inefficient & Expensive Balanced & Cost Effective Controls Balanced & Cost Effective Controls Ineffective & Misleading Ineffective & Misleading Weak Controls Weak Controls Why use a Risk & Controls Team? Without a Risk & Controls Team With a Risk & Controls Team • Inconsistent approach/knowledge of risk and internal controls lead to the design and implementation of inefficient and ineffective control measures • Dedicated and centralized risk and controls approach leads to balanced and cost effective control solutions across teams.

  10. Solution Delivery Phases (SDLC) Project Feasibility Project Preparation Business Blueprint Realization Final Preparation Go Live and Support Project Closure What Does a Risk & Controls Team Do?Tasks & Responsibilities Integrate with SDLC Risk & Controls Team (High-level summary) • Develop controls strategy and approach • Develop risk and controls team structure and roles & responsibilities • Collaborate on controls and security standards • Select audit and controls tools • Define control objectives, requirements and related risks • Design balanced control solutions (inherent, configurable, manual, access, reporting, interface) across business process areas • Design/implement application and infrastructure access controls in alignment with control objectives (role-based/policy-based/user-based access control measures • Complete Sarbanes Oxley documentation • Collaborate on Backup and Recovery Plan and Business Continuity Plan • Define and design infrastructure security and controls configuration • Define and design data integrity and control measures • Develop control and security test cases, strategies and plans and execute • Finalize Sarbanes Oxley documentation • Develop controls and security cutover plan & execution • Finalize controls and security acceptance testing • Facilitate Sarbanes Oxley testing • Validate production implementation of controls • Collaborate on project closure and lessons learned analysis

  11. Example Risk and Controls – General Ledger

More Related