1 / 7

Compliance Strategy

Compliance Strategy. Why is it Tougher?. Compliance Audit Landscape. Audits are tougher by KPMG, Deloitte & Touche, and PWC (etc) because they distribute standard policies globally, which means these policies must be based on a single source. Exceptions are handled on a case by case basis.

parker
Télécharger la présentation

Compliance Strategy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Compliance Strategy

  2. Why is it Tougher?

  3. Compliance Audit Landscape Audits are tougher by KPMG, Deloitte & Touche, and PWC (etc) because they distribute standard policies globally, which means these policies must be based on a single source. Exceptions are handled on a case by case basis.

  4. COSO – Why? • Monitoring – assessment of control system over time • Information & Communication – access and approval flow of information • Control Activities – policies/procedures that ensure directives are carried out • Risk Assessment – identification and analysis of risks to achieving objectives • Control Environment – sets the tone, influencing control consciousness – business rules of engagement COSO stands for the Committee of Sponsoring Organizations of the Treadway Commission.

  5. COBIT – What? Business Objectives IT Governance COBIT IT Control Procedures & Processes Defined Within The 4 Domains P01 Define a strategic IT Plan P02 Define the information architecture P03 Determine the technological direction P04 Define the IT organization and relationships P05 Manage the IT investment P06 Communicate management aims and directions P07 Manage human resources P08 Ensure compliance with external resources P09 Assess risk P010 Manage projects P011 Manage quality COBIT M1 Monitor the Process M2 Assess Internal Control Adequacy M3 Obtain Independent assurance M4 Provide for Independent Audit Information Effectiveness Efficiency Confidentiality Integrity Availability Reliability Compliance Monitoring Planning & Organization IT Resources DS1 Define and manage service levels DS2 Manage 3rd party services DS3 Manage performance and capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify and allocate costs DS7 Educate and train users DS8 Assist and Advise Customers DS9 Manage the configuration DS10 Manage problems and incidents DS11 Manage data DS12 Manage facilities DS13 Manage operations People Application systems Technology Facilities Data Delivery & Support Acquisition & Implementation AI1 Assess automated solutions AI2 Acquire and maintain application software AI3 Acquire and maintain technology infrastructure AI4 Develop and maintain procedures AI5 Install and accredit systems AI6 Manage changes

  6. Location Organization Business Process Business Objectives Business Strategies Data Application Outbound Inbound Interfaces Technology PRM – How? ITMP ISS Information Ownership Identification & Authentication Authorization & Access Control Confidentiality & Integrity Incident Detection & Response Administration Training & Awareness Vulnerability Assessments Architecture Change Management Continuity of Business Contracting & Outsourcing Information Security Internet Management Problem Management Project Management Resource Management Software Management PRM Methodology

  7. Location Organization Business Process Business Objectives Business Strategies Data Application Outbound Inbound Interfaces Technology Compliance as a Way of Life

More Related