Implementation of a SAP GRC solution at a Swiss Mobile Network Operator. Andreas Eberhardt, Senior Consultant Barcelona,
|
|
- Clement Beasley
- 6 years ago
- Views:
Transcription
1 Implementation of a SAP GRC solution at a Swiss Mobile Network Operator Andreas Eberhardt, Senior Consultant Barcelona,
2 Agenda Success factors for the implementation of a SAP GRC solution GRC tool selection process and implementation strategy Key benefits and lessons learned 2
3 My person and b.telligent
4 Andreas Eberhardt Education Masters in Business Administration Certified Project Manager (IPMA) Certified Risk Manager (IRM) SAP GRC training Working Experience 6 years of project management experience. 2 years of SAP experience in the areas of Risk Management. 3 years in telecommunications and 3 years in automobile. Project Experience Program Manager (Interims Management) of the prepaid billing program at a Swiss mobile network operator. Project Manager for the implementation of a software solution for the administration, management and controlling of service contracts in Russia at one the five global leading automobile manufacturers (Aftersales). Project Manager for the implementation of a GRC tool solution in SAP supporting SOX compliance and the existing risk framework at a Swiss mobile network operator. Strategic Business Consultant for the conceptual design and reorganization of the corporate business intelligence department at a Swiss mobile network operator. Project Manager for the implementation of a complete product lifecycle considering new / defect materials, materials in transit, second hand materials and loan phones at a Swiss mobile network operator (Aftersales). Project Manager for Implementation of a SOX compliant risk framework and role concept in SAP at a Swiss mobile network operator. 4
5 b.telligent business activities Real-time DWH/ EAI DWH Architecture SAP Process Optimization Improvement in efficiency DWH BI CRM NBC BSC / BPM Reporting Analyse Data Mining Analytical CRM Campaign Management Customer Lifecyle Geo-Analysis Core Competences Strategic orientation 5
6 Success factors for the implementation of a SAP GRC solution
7 Implementation of a SAP GRC solution Project Overview Project profile Swiss Network Provider reporting to one of the global top 5 Telecommunications companies Project Sponsor: Director Business Excellence Project Duration: 5 months Project allocated budget: 360k CHF Project objectives Implementation of an efficient company wide user authorization management process for the user assignment and role maintenance. Compliance to Group directives. Definition and implementation of an appropriated monitoring methodology in SAP. Expected benefits Security aspects: Optimize security level in business for fraud / error prevention Turn risk management from reactive mode in proactive mode Cost aspects: Reduce maintenance costs for risk monitoring Facilitate business risk monitoring 7
8 Disciplines / Standards in domain of GRC and Risk Management Governance SOX, SEC, NYSE, NASDAQ BRT, NACD, Conference Board TIAA-CREF, CalPERS, AFL-CIO, CII OECD American Law Institute Compliance / Legal Management Federal Sentencing Guidelines / Thompson Australian Standards OCEG Standards Various agency guidelines (e.g., HHS OIG) Internal Audit / Anti-Fraud COSO Internal Control (1992), COCO SAS 99 IT Control / Security COBIT SysTrust, WebTrust Performance Management Balanced Scorecard EVA McKinsey; BAH; Accenture Ethics / Corporate Social Responsibility AA1000, SA8000, ISO CSR Global Reporting Initiative ILO Conventions, UN Global Compact, Sullivan Principles Sigma Guidelines (UK) Q-RES (Italian) European Corporate Sustainability Risk Management GARP, PRMIA standards Australian Standards Basel II Guidelines COSO ERM (2004) Human Capital / Training ASTD Bloom s Taxonomy Kirkpatrick Communication / Change Management Quality Management ISO 9000 series Six Sigma Project Management Project Management Institute PMBOK
9 Complexity of Enterprise Risk Management Risks are individual and complex, there is no out-of-the-box solution to cover YOUR risks! Individual risk quantification Significance and probability Risk criticality and financial impact Local specific regulations SOX, German data protection,... Subsidiary specific risk organization Division / department Product / communication channel,... Group specific risk organization Region or area manager, product manager, Context and assessment Ownership Risk Organizational particularities Mitigation processes Individual accountabilities: Risk-, Process- and Control Owner, Individual responsibilities: Control Executer, System Role Wwner, Individual risk mitigation strategies Preventive vs. detective Manual vs. automated Individual policies Altering & mitigation process Evidence management Document management Identity management 9
10 4 Key Success Factors for the GRC project Senior Management Buy in (!) Ability to implement new roles and responsibilities in company organisation (e.g. Risk, Control Owner) Ability to prioritize GRC projects against Significant costs not sure about benefits attitude Ownership models Ability to proactively maintain a dynamic staffing model Understanding company processes Key Success Factors Risk Framework Ability to support evolving procedures and identify significant changes to processes and policies Ability to adapt proactively to new corporate events, e.g. outsourcing or acquisitions Tool Usability Flexibility is key in order to respond to legal, corporate or organizational changes! Usability is key in order to get tool acceptance! Define a OCH risk management strategy with clear responsibilities in organisation. 10
11 GRC tool selection process and implementation strategy
12 GRC tool evaluation process Supplier alternatives Market Leader - SAP GRC (Virsa) Best competitor - Approva Tool presentation Functional questionnaire Offers Commercial questionnaire Winner External Auditor Internal Workshop Best challenger Further Considerations - Conteliga Results Primary investigation Recommendation from SAP SOX Security project (Virsa) Approva as main competitor in US market Conteliga: Prototypical development Workshop result Criteria: Technical part Customizing effort Integration effort Functional fulfilment Workshop impression Further consideration Technical compliance matrix Offer result Criteria: Price - Implementation - Customizing - Licences Supplier risk analysis Contractual aspects Criteria: Presentation of evaluation results: - Technical compliance matrix - Commercial - Legal, contractual 12
13 Overview about evaluation criteria for GRC tool selection Define for each relevant component criteria and weights for the final decision making 13
14 Example of functional Questionnaire 14
15 Implementation strategy Phase -Control Implementation- Phase -Control Automation- Phase -Continuous Control- Tool evaluation Tool recommendation TRB Finalize RFP T1 Role Level Analysis (Naming convention, SoD simulation, remediation actions) User Level Analysis (SoD conflict, sens. Transactions access, remediation actions) Gap analysis Immediate risk reduction (GC-IT controls, critical Z/Y T-Codes) Impl. Conflict free Role Concept Impl. User provisioning Impl. Extended user access Impl. Review Processes Activate individual alerting, reporting Audit Tool Impl. of Compensating controls Enforce Change Mgmt. Controls Process controls validation Impl. Process controls Audit process 15
16 Key benefits and lessons learned
17 Implementation of a SAP GRC solution Top 4 key benefits! Individual Process Controls Example 1: Automatic alerting to risk owner in case of incompliance in PO change (change of currency, total amount above certain limit, etc ) Example 2: SoD conflict analysis takes 18 months into consideration (outsourcing of departments, movers in the company with changing rights) Tasklist Control Owners / Risk Owner have complete overview about their domain Enables communication between stakeholders (IT authorization expert and Business Owner) Preventive Control strategy Automatic block of incompliant transports Naming convention allows SoD conflict management on role level Block of critical transaction execution Role on Demand Process Minimizing user access without impact business performance for one time executed transactions (monthly end closure) Automatic tracing of user 17
18 Implementation of a SAP GRC solution Lessons Learned focus GRC tool An efficient ICS tool provides controls on all relevant levels, processes and applications. Establish Risk Framework Identify the risks Analyse the risks Evaluate the risks Treat the risks Monitoring and review Communication & consultation Enterprise Risk Management process Change Management User & roles Management Reports and Dashboards Application Level Privilege Management Identity Management Process automations Identified & assessed risks Basic functionality Workflows & alerting Change histories ICS tool Determination Engine Workflow Engine Generic instruments Process repository Rule set repository Best Practices Document Management Evidence Management Content Management Cross functional controls Cross application controls 18
19 b.telligent GmbH & Co. KG Lichtenbergstraße Garching / München Phone + 49 (89) Fax + 49 (89) info@btelligent.de Thank you very much for your interest!
"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationCOURSE BROCHURE. COBIT5 FOUNDATION Training & Certification
COURSE BROCHURE COBIT5 FOUNDATION Training & Certification What is COBIT5? COBIT 5 (Control Objectives for Information and Related Technology) is an international open standard that defines requirements
More informationOracle Buys Automated Applications Controls Leader LogicalApps
Oracle Buys Automated Applications Controls Leader LogicalApps To strengthen Oracle s Governance, Risk and Compliance Suite with Real-time Policy Enforcement October 26, 2007 Disclaimer The following is
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationSAP Security Remediation: Three Steps for Success Using SAP GRC
SAP Security Remediation: Three Steps for Success Using SAP GRC All companies need strong application security environments as part of a successful overall risk management strategy. Strong risk-oriented
More informationGovernance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture.
Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture. Natasak Rodjanapiches, Managing Director, Oracle Corporation (Thailand) 1 Governance, Risk, and Compliance (GRC) Natasak
More information3/13/2015. COSO Revised: Implications for Compliance and Ethics Programs. Session Agenda. The COSO Framework
COSO Revised: Implications for Compliance and Ethics Programs Urton Anderson, CCEP Director of the Von Allmen School of Accountancy and EY Professor The University of Kentucky Session Agenda The COSO Framework
More informationGRC SURVEY RESULT Please indicate your profession
COPENHAGEN?=! CO?=! MPLIANCE T o p i c a l a n d T i m e l y Riskability GRC Controllers Governance, Risk & Compliance COPENHAGEN?=! CHARTER Bribery, Fraud & Corruption GRC SURVEY RESULT. Please indicate
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More information354 & Index Board of Directors Responsibilities Audit Committee and Risk Committee Coordination, 244 Audit Committee Functions and Responsibilities, 2
Index Accounts Payable Process Review Procedures Assessments, 191 Actions to Resolve Risks COSO ERM Control Activities, 97 Activity Management COSO ERM Control Activities, 81 AICPA SAS No. 1 Internal Controls
More informationTable of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING
Table of Contents Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Chapter 1: Significance of Internal Auditing in Enterprises Today: An Update 3 1.1 Internal Auditing History and Background
More informationSAP Security Remediation: Three Steps for Success Using SAP GRC
SAP Security Remediation: Three Steps for Success Using SAP GRC All companies need strong application security environments as part of a successful overall risk management strategy. Strong risk-oriented
More informationAT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant
Our Contact Details IT-SCAN GMBH c/o: DOCK3 Hafenstrasse 25-27 68159 Mannheim E: info@it-scan.de W: www.it-scan.de Nationalität Berufserfahrung C U R R I C U L U M V I T A E Diplom-Betriebswirt (FH) Peter
More informationDemystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow
Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases Gen Fields Senior Solution Consultant, Federal Government ServiceNow 1 Agenda The Current State of Governance, Risk, and Compliance
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationThe ProcessGene GRC Suite. Solution Presentation
B u s i n e s s P r o c e s s R e a l i z a t i o n The ProcessGene GRC Suite Solution Presentation Design Processes Supervise Realization Control Changes Enforce Compliance Copyright 2007 About ProcessGene
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationAchieving effective risk management and continuous compliance with Deloitte and SAP
Achieving effective risk management and continuous compliance with Deloitte and SAP 2 Deloitte and SAP: collaborating to make GRC work for you Meeting Governance, Risk and Compliance (GRC) requirements
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationVal-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.
Val-EdTM Valiant Technologies Education & Training Services Workshop for CISM aspirants All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies. We are a specialty consulting
More informationTable of Contents. Preface xiii PART I: IT GOVERNANCE CONCEPTS. Chapter 1: Importance of IT Governance for All Enterprises 3
Table of Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS Chapter 1: Importance of IT Governance for All Enterprises 3 Chapter 2: Fundamental Governance Concepts and Sarbanes Oxley Rules 9 Sarbanes
More informationPlanning and Implementing ITIL in ICT Organisations
CCPM Solutions Experts in ICT Performance Supporting Your Business Planning and Implementing ITIL in ICT Organisations June 2012, Addis Ababa Content 1. Quick ITIL (Overview) 2. Case study (How not to
More informationBPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.
BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...
More informationHeading Text. Manage your Organization s Governance, Risks, and Compliance Requirements and Transform your Business Potential with SAP GRC
Heading Text Manage your Organization s Governance, Risks, and Compliance Requirements and Transform your Business Potential with SAP GRC Why Governance, Risk Management, and Compliance? Unidentified risks
More informationGOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI
GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI CONTENTS Overview Conceptual Definition Implementation of Strategic Risk Governance Success Factors Changing Internal Audit Roles
More informationNASDAQ BWISE ACADEMY COURSE CATALOG
NASDAQ BWISE ACADEMY COURSE CATALOG 1 MANUAL TITLE HERE Copyright 2014, The NASDAQ OMX Group, Inc. All Rights Reserved. Q14-NUMBER. DATE TABLE OF CONTENTS 1 NASDAQ BWISE ACADEMY COURSE CATALOG 4 1.1 Introduction
More informationRisk Advisory Academy Training Brochure
Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty
More informationPave the way: Build a value driven SAP GRC roadmap March 2015
www.pwc.be/erp Pave the way: Build a value driven SAP GRC roadmap March 2015 Agenda Introduction Measuring GRC Progression & Benchmarking GRC Program Roadmap Building a Business Case 2 Introduction Pave
More informationEPICK your GRC platform MAIN REFERENCES. EPICK REFERENCES EN Pag. 1/6
MAIN REFERENCES EPICK REFERENCES EN Pag. 1/6 FOREWORD This document illustrates some of the most significant past performances regarding the use of the EPICK platform and the associated expert consulting
More informationDATA STEWARDSHIP BODY OF KNOWLEDGE (DSBOK)
DATA STEWARDSHIP BODY OF KNOWLEDGE (DSBOK) Release 2.2 August 2013. This document was created in collaboration of the leading experts and educators in the field and members of the Certified Data Steward
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationRisk Management in Electronic Banking: Concepts and Best Practices
Risk Management in Electronic Banking: Concepts and Best Practices Jayaram Kondabagil BICENTENNIAL B1CBNTENNIAL John Wiley & Sons (Asia) Pte Ltd. Contents List of Figures xiii List of Tables xv Preface
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Logistics Start Time Breaks End Time Fire escapes Instructor Introductions Introduction to Information Security Management
More informationCOPYRIGHTED MATERIAL. Index
Index 2014 revised COSO framework. See COSO internal control framework Association of Certified Fraud Examiners (ACFE), 666 Administrative files workpaper document organization, 402 AICPA fraud standards
More informationCOBIT 5 With COSO 2013
Integrating COBIT 5 With COSO 2013 Stephen Head Senior Manager, IT Risk Advisory Services 1 Our Time This Evening Importance of Governance COBIT 5 Overview COSO Overview Mapping These Frameworks Stakeholder
More informationDigital government toolkit
Digital Government Strategies: Good Practices Colombia: Government Enterprise Architecture Framework The OECD Council adopted on 15 July 2014 the Recommendation on Digital Government Strategies. The Recommendation
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationTrillium Consulting. Data Governance. Optimizing Business Outcomes through Data and Information Assets
Trillium Consulting Data Governance Optimizing Business Outcomes through Data and Information Assets DAMA Indiana Winter Meeting Indianapolis, Indiana January 20, 2011 Jim Orr, Global Director Enterprise
More informationEffective COBIT Learning Solutions Information package Corporate customers
Effective COBIT Learning Solutions Information package Corporate customers Thank you f o r y o u r interest Thank you for showing interest in COBIT learning solutions from ITpreneurs. This document provides
More informationDemystifying GRC. Abstract
White Paper Demystifying GRC Abstract Executives globally are highly focused on initiatives around Governance, Risk and Compliance (GRC), to improve upon risk management and regulatory compliances. Over
More informationRethinking Information Security Risk Management CRM002
Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design
More informationNASDAQ BWISE ACADEMY COURSE CATALOG
NASDAQ BWISE ACADEMY COURSE CATALOG 1 MANUAL TITLE HERE Copyright 2014, The NASDAQ OMX Group, Inc. All Rights Reserved. Q14-NUMBER. DATE TABLE OF CONTENTS 1 NASDAQ BWISE ACADEMY COURSE CATALOG 4 1.1 Introduction
More informationAligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert
Aligning IT, Security and Risk Management Programs Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert Challenges to Risk Management & Governance Balancing extensive requirements
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationITIL Service Lifecycle Strategy
ITIL Service Lifecycle Strategy Course Details Course Code: Duration: Notes: ITILSL-Str 5 days This course syllabus should be used to determine whether the course is appropriate for the students, based
More informationDATA GOVERNANCE LEADS TO DATA QUALITY
DATA GOVERNANCE LEADS TO DATA QUALITY Trending. Kash Mehdi Senior Product Specialist and Instructor May 3, 2017 1 Collibra 2017 2017 Collibra Inc How Many of Your Reports Have Good Data Quality? What would
More informationUSING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES
WHITE PAPER USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES Table of Contents I. Overview II. COSO to CobIT III. CobIT / COSO Objectives met by using QualysGuard 2 3 4 Using QualysGuard
More informationDIPLOMA COURSE IN INTERNAL AUDIT
DIPLOMA COURSE IN INTERNAL AUDIT Course Objective: Internal Audit is an assurance and consulting service that reviews the efficiency and effectiveness of the internal control.. It assists management at
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationArticle II - Standards Section V - Continuing Education Requirements
Article II - Standards Section V - Continuing Education Requirements 2.5.1 CONTINUING PROFESSIONAL EDUCATION Internal auditors are responsible for maintaining their knowledge and skills. They should update
More informationThe ITIL Process Map for Microsoft Visio. Examples and Overview of Contents
The ITIL Process Map for Microsoft Visio Examples and Overview of Contents Contents Structure of the ITIL Process Map Page 3 ITIL Process Diagrams Examples Page 4 Index of Process Diagrams contained in
More informationIT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)
DESIGNATION Reporting to Division Office Location IT MANAGER PERMANENT SALARY SCALE: P07 (R806 593.00) Ref:AgriS042/2019 Information Technology Manager CEO Information Technology (IT) Head office JOB PURPOSE
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationCOBIT 5 Assessor Certification Course
COBIT 5 Assessor Certification Course About COBIT 5.0 Information is created, used, retained, disclosed and destroyed. Technology plays a key role in these actions and technology is becoming pervasive
More informationSingapore Quick Guide to the COSO. Enterprise Risk Management and Internal Control Frameworks Edition
Singapore Quick Guide to the COSO Enterprise Risk Management and Internal Control Frameworks 2016 Edition The Protiviti-SAC COSO Academy The Protiviti-SAC COSO Academy in Singapore was formed by global
More informationEnterprise GRC Implementation
Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1 Introduction to National Grid One of the world s largest
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationAssociation for International PMOs. Expert. Practitioner. Foundation PMO. Learning.
AIPMO Association for International PMOs Expert Practitioner Foundation www.pmolearning.co.uk PMO Learning The Leading Standard and Certification for People Working in PMO Today Understand the Value of
More informationTable of Contents. Foreword 7
Table of Contents Foreword 7 1 The basic principles of GRC automation 13 1.1 GRC as a content-driven application 13 1.2 A brief overview of SAP GRC solutions 15 1.3 The three lines of defense model 24
More informationVirginia State University Policies Manual. Title: Information Security Program Policy: 6110
Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationThe Business Value of including Cybersecurity and Vendor Risk in ERM
The Business Value of including Cybersecurity and Vendor Risk in ERM Yo Delmar, Vice President, Customer Engagement, MetricStream RMA GCOR XI April 4 5, 2017 Hyatt Regency, Cambridge, MA Tuesday 2:30 pm
More informationBest Practices & Lesson Learned from 100+ ITGRC Implementations
Best Practices & Lesson Learned from 100+ ITGRC Implementations Presenter: Vivek Shivananda CEO of Rsam Dec 3, 2010 ISACA -NY Chapter Copyright 2002 2010 Relational Security Corp. (dba Rsam) Agenda Overview
More informationThe Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory
The Future of IT Internal Controls Automation: A Game Changer January 2018 Risk Advisory Contents Introduction 01 Future Operating Models for Managing Internal Controls 02 Summary 07 Introduction Internal
More informationEUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE
EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE Overview all ICT Profile changes in title, summary, mission and from version 1 to version 2 Versions Version 1 Version 2 Role Profile
More informationReference Framework for the FERMA Certification Programme
Brussels, 23/07/2015 Dear Sir/Madam, Subject: Invitation to Tender Reference Framework for the FERMA Certification Programme Background The Federation of European Risk Management Associations (FERMA) brings
More informationInformation Security Risk Strategies. By
Information Security Risk Strategies By Larry.Boettger@Berbee.com Meeting Agenda Challenges Faced By IT Importance of ISO-17799 & NIST The Security Pyramid Benefits of Identifying Risks Dealing or Not
More informationWhat is IT Governance and Why is it Important?
What is IT Governance and Why is it Important? 5th Performance Seminar of the INTOSAI IT Standing Committee Richard Brisebois & Greg Boyd Oman, 3 March 2007 Agenda IT Governance What Is It? Why IT Governance
More informationSAP security solutions Is your business protected?
www.pwc.com SAP security solutions Is your business protected? SAP security overview Background SAP Security is becoming more difficult to control due to a constantly evolving compliance landscape and
More informationManaging IT Risk: The ISACA Risk IT Framework. 1 st ISACA Day, Sofia 15 October Charalampos (Haris)Brilakis, CISA
Managing IT Risk: The ISACA Risk IT Framework Charalampos (Haris)Brilakis, CISA ISACA Athens Chapter BoD / Education Committee Chair Sr. Manager, Internal Audit, Eurobank (Greece) 1 st ISACA Day, Sofia
More informationTraining Catalog. Decker Consulting GmbH Birkenstrasse 49 CH 6343 Rotkreuz. Revision public. Authorized Training Partner
Management and Information Technology Solutions Decker Consulting GmbH Training Catalog Decker Consulting GmbH Birkenstrasse 49 CH 6343 Rotkreuz Revision 9.1 05.12.2018 public Authorized Training Partner
More informationBetter together. KPMG LLP s GRC Advisory Services for IBM OpenPages implementations. kpmg.com
Better together KPMG LLP s GRC Advisory Services for IBM OpenPages implementations kpmg.com KPMG A leader in GRC services KPMG LLP (KPMG) is the U.S. member firm of the KPMG global network of professional
More informationImplementing IT Governance
Implementing IT Governance Using COBI C OBIT, ITIL & Six Sigma Peter T. Davis, CISA, CISSP, CDP, CMA, CSP, I.S.P., CNA, CMC, CCNA, CWNA, CISM, COBIT Foundation Certificate, ITIL Foundation Certificate,
More informationIntegrating ITIL and COBIT 5 to optimize IT Process and service delivery. Johan Muliadi Kerta
Integrating ITIL and COBIT 5 to optimize IT Process and service delivery Johan Muliadi Kerta Measurement is the first step that leads to control and eventually to improvement. If you can t measure something,
More informationROLE DESCRIPTION IT SPECIALIST
ROLE DESCRIPTION IT SPECIALIST JOB IDENTIFICATION Job Title: Job Grade: Department: Location Reporting Line (This structure reports to?) Full-time/Part-time/Contract: IT Specialist D1 Finance INSETA Head
More informationStudio Guggino and Newtonpartner S.r.l. a team of professionals at the service of your Company
Studio Guggino and Newtonpartner S.r.l. a team of professionals at the service of your Company To get where the others fail, we have to achieve even higher goals www.sas70.it MISSION Our Mission consists
More informationSirius Security Overview
Sirius Security Overview Rob Hoisington IT Security Consultant www.siriuscom.com 8/18/2017 1 Rob Hoisington IT Security Consultant - CISSP, GLEG, GCIH Robert.Hoisington@siriuscom.com - 757.675.0101 Rob
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationOF ACCOUNTANTS IAASB CAG MEETING MARCH 7, 2011
INTERNATIONAL FEDERATION OF ACCOUNTANTS IAASB CAG MEETING MARCH 7, 2011 HISTORY OF THE IIA 1941 Founded in New York City 1944 First chapter outside the US chartered in Toronto 1948 First chapters outside
More informationConvergence of BCM and Information Security at Direct Energy
Convergence of BCM and Information Security at Direct Energy Karen Kemp Direct Energy Session ID: GRC-403 Session Classification: Advanced About Direct Energy Direct Energy was acquired by Centrica Plc
More informationISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )
ISACA Pasitikėjimas informacinėmis sistemomis ir jų nauda Certification Details for Certified in the Governance of Enterprise IT (CGEIT ) Dainius Jakimavičius, CGEIT ISACA Lietuva tyrimų ir metodikos koordinatorius
More informationProfessional Profile. Bodo Piening Die Alten Gärten Burgdorf
Professional Profile Bodo Piening Die Alten Gärten 9 31303 Burgdorf IT-Beratung@bodopiening.de 0172 32 69 146 Day of birth: 17.08.1959 Family status: married SUCCESS PROFILE Formulation of a comprehensive
More informationREVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009
APPENDIX 1 REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationOVERVIEW BROCHURE GRC. When you have to be right
OVERVIEW BROCHURE GRC When you have to be right WoltersKluwerFS.com In response to today s demanding economic and regulatory climate, many financial services firms are transforming operations to enhance
More informationAvoid a DCIM Procurement Disaster
Avoid a DCIM Procurement Disaster Matt Stansberry Senior Director, Uptime Institute 7 December 2016 2016 Uptime Institute, LLC Many organizations struggle with DCIM decisions Process takes too long, software
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO/IEC 38500 Lead IT Corporate Governance Manager The objective of the PECB Certified ISO/IEC 38500 Lead IT Corporate Governance Manager examination is to ensure
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationDigital Service Management (DSM)
Digital Service Management (DSM) A Proactive, Collaborative and Balanced Approach for Securing, Managing and Improving the Online Services that Drive the Digital Enterprise itsm003 v.3.0 Agenda and Objectives
More informationTurning Risk into Advantage
Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview
More informationGeneral Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Michael Eva, London Grid for Learning What is GDPR? General Data Protection Regulation (GDPR) protects the personal data of EU citizens regardless of where the
More informationWELCOME TO ITIL FOUNDATIONS PREP CLASS AUBREY KAIGLER
WELCOME TO ITIL FOUNDATIONS PREP CLASS AUBREY KAIGLER Audio Configuration Configure your audio settings. The Audio Setup Wizard allows you to configure your volume level, default microphone and recording
More informationSurvey - Governance, Risk and Compliance
Survey - Governance, Risk and Compliance 2018 emerging trends around GRC : SAP HANA, Continuous Control Monitoring & Data Analytics kpmg.fr KPMG SURVEY RESULTS PARTICIPANTS of CAC40 companies CFO Audit
More informationImproving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN
Improving Data Governance in Your Organization Faire Co Regional Manger, Information Management Software, ASEAN Topics The Innovation Imperative and Innovating with Information What Is Data Governance?
More informationVendor: The Open Group. Exam Code: OG Exam Name: TOGAF 9 Part 1. Version: Demo
Vendor: The Open Group Exam Code: OG0-091 Exam Name: TOGAF 9 Part 1 Version: Demo QUESTION 1 According to TOGAF, Which of the following are the architecture domains that are commonly accepted subsets of
More informationAssessment and Compliance with Sarbanes-Oxley (SOX) Requirements DataGuardZ Whitepaper
Assessment and Compliance with Sarbanes-Oxley (SOX) Requirements DataGuardZ Whitepaper What is the history behind Sarbanes-Oxley Act (SOX)? In 2002, the U.S. Senate added the Sarbanes-Oxley Act (SOX) to
More informationC32: GRC (Pro)(Con)Fusion Tools, Processes, and Pitfalls Jason Kobus, SVB Financial Group
C32: GRC (Pro)(Con)Fusion Tools, Processes, and Pitfalls Jason Kobus, SVB Financial Group GRC (Pro)(Con)Fusion Tools, Processes, and Pitfalls G R C Jason Kobus, Security Project / Privacy Program Manager
More informationImportance of the Data Management process in setting up the GDPR within a company CREOBIS
Importance of the Data Management process in setting up the GDPR within a company CREOBIS 1 Alain Cieslik Personal Data is the oil of the digital world 2 Alain Cieslik Personal information comes in different
More informationSOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY
RSA ARCHER BUSINESS RESILIENCY INTRODUCTION Organizations are becoming a complex tapestry of products and services, processes, technologies, third parties, employees and more. Each element adds another
More information