Strategies for Deriving Maximum Benefit From Audit. Allan Boardman CyberAdvisor.London

Similar documents
ISACA International Perspective

Cybersecurity: Strategies for Successful Business Engagement

2017 PORT SECURITY SEMINAR & EXPO. ISACA/CISM Information Security Management Training for Security Directors/Managers

building for my Future 2013 Certification

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

COURSE BROCHURE CISA TRAINING

DUNS CAGE 5T5C3

MY CERTIFICATION HELPED ME GET HERE. MY MEMBERSHIP HELPS KEEP ME HERE.

Les joies et les peines de la transformation numérique

Invest in. ISACA-certified professionals, see the. rewards.

CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS

BECOME TOMORROW S LEADER, TODAY. SEE WHAT S NEXT, NOW

ROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success.

Report of the Nominating Committee

Top Business/Technology Issues Survey 2011

CYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015

Spring Education Conference. Securing the Organization (Ensuring Trustworthy Systems)

The Role of Public Sector Audit and Risk Committees in Cybersecurity & Digital Transformation. ISACA All Rights Reserved.

Position Description IT Auditor

IS Audit and Assurance Guideline 2002 Organisational Independence

Critical Infrastructure Protection Version 5

A Global Look at IT Audit Best Practices

BRING EXPERT TRAINING TO YOUR WORKPLACE.

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

26 February Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, NW Washington, DC

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

2018 CALENDAR OF ACTIVITIES

WELCOME TO ISACA Claudio CILLI, CISA, CISM, CRISC, CGEIT

Newsletter October Now 253 Members Strong

Your IT Audit and Information Security Partner. CISA Exam Preparation June 2015 Session 1 : 10 March 2015

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Drive Your Career Forward IIA Certifications and Qualifications

Birmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018

Heads of Internal Audit Webinar. Integrated Assurance. 24 July In partnership with

Predstavenie štandardu ISO/IEC 27005

Introduction to ISO/IEC 27001:2005

Certified in the Governance of Enterprise IT Training - Brochure

NERC Staff Organization Chart Budget 2019

International Auditing and Assurance Standards Board (IAASB) International Federation of Accountants 545 Fifth Avenue, 14 th Floor New York, NY 10017

New Global ITGI Report: Value Creation a Top Priority

ISACA Enterprise. Solutions and Resources

Handling Complex and Difficult Privacy and Information Security Issues

Mr. Brian D Souza. . Thought Leadership Article: Blockchain Fundamentals. . Upcoming Events. Kenya Chapter Newsletter Vol 2/2018 Apr-June 2018

Northeast Ohio Chapter Annual General Meeting

Implementation PREVIEW VERSION

ISACA Survey Results. 27 April Ms. Nancy M. Morris, Secretary Securities and Exchange Commission 100 F Street NE Washington, DC

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Training + Information Sharing: Pillars of enhancing cybersecurity posture

CISA Training.

Drive Your Career Forward IIA Certifications and Qualifications

Choosing a Secure Cloud Service Provider

CISA EXAM PREPARATION - Weekend Program

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

A Controls Factory Approach To Building a Cyber Security Program Based on the NIST Cybersecurity Framework (NCSF)

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

UNCONTROLLED IF PRINTED

COBIT 5 With COSO 2013

ISACA Certification Your Blueprint for Success

ISACA Webcram CISA & CISM. Sean Hanna

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Learn How to Increase the Awareness of Risk Management at Your Enterprise

Business Context: Key for Successful Risk Management

ISO9001:2015 LEAD IMPLEMENTER & LEAD AUDITOR

ISACA MANILA CHAPTER CALENDAR OF ACTIVITIES

ISACA MANILA CHAPTER CALENDAR OF ACTIVITIES

Reviewed by ADM(RS) in accordance with the Access to Information Act. Information UNCLASSIFIED.

A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework

Cybersecurity & Privacy Enhancements

A Framework for Managing Crime and Fraud

NERC Staff Organization Chart Budget 2019

Technical Information Assurance Team Structure. and Role Description

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

IT Strategic Planning: Making Your IT Organization Efficient and Effective

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification

Audit and Compliance Committee - Agenda

Cybersecurity and the Board of Directors

Next Generation Policy & Compliance

REPORT 2015/010 INTERNAL AUDIT DIVISION

CRISC Grandfathering Program Now Open

CISM QAE ITEM DEVELOPMENT GUIDE

Working Together to Create Sustainable Success. APICS Board of Directors Meeting Update April 2012

Your IT Audit and Information Security Partner. CISA Exam Preparation June 2015 Session 6 : 14 April 2015 Starting around 4:45pm..

2016 NCCA Standards Revisions Recap and Takeaways: What You Need to Know

Audit of Information Technology Security: Roadmap Implementation

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

Must Have Items for Your Cybersecurity or IT Budget in 2018

NERC Staff Organization Chart Budget 2018

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.

5 Ways to Limit Data Leakage and Exposure

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

COBIT Maturity Assessment and Continual e-health Governance Improvement at NHS Fife By Elena Beratarbide, CISA, Pablo Borges and Donald Wilson

IS Audit and Assurance Guideline 2001 Audit Charter

COBIT 5 Foundation. Certification-led Audit, Security, Governance & Risk

Management Update: Information Security Risk Best Practices

Information Technology Branch Organization of Cyber Security Technical Standard

Opportunities to Integrate Technology Into the Classroom. Presented by:

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager. 22 Mar

Effective COBIT Learning Solutions Information package Corporate customers

Transcription:

Strategies for Deriving Maximum Benefit From Audit Allan Boardman CyberAdvisor.London

Agenda Setting the scene Why Audit often struggle working with Security and Risk Spotlight on Audit Spotlight on Security Spotlight on Risk Highlight specific conflict areas Strategies for successful partnership

About the presenter Allan Boardman CISA, CISM, CGEIT, CRISC, CA(SA), ACA, CISSP Independent Business Advisor CyberAdvisor.London Most recently Business Information Security Officer at GSK Background in Audit, Risk, Security and Governance roles Chair ISACA International Audit and Risk Committee, 2014/15 currently a member Chair ISACA International Credentialing Board & Career Management Board, 2011/14 Member ISACA International Board of Directors, 2011/14 Member ISACA International Strategy Advisory Council, 2011/14 ISACA International Vice President, 2012/14 Member ITGI Board of Trustees, 2012/14 Chair CISM Certification Committee 2009/11, member since 2006 Member ISACA CGEIT Certification Committee 2016/current Member ISACA Leadership Development Committee 2010/11 London Chapter President 2004/06. Chapter Board member 1999/08 Paralympics and Olympics Volunteer London 2012, Sochi 2014, Rio 2016

Are you ready for this?

Spotlight on Audit Some common characteristics: Enquiring Searching Probing Analytical Attention to detail Determined Persistent Thorough Question: What s the difference between a Rottweiler and an auditor? Answer: The Auditor eventually lets go!

Business perception? How do others view Audit?

How does the business react when Audit arrive?

Actual business reaction??

Run for the hills, the auditors are coming!!

It s all about perception

Spotlight on Security Security s dilemma: Significantly increased threat landscape Working with limited resources Lack of skilled people resources Pressure on costs Increased level of incidents Devote significant efforts on audit issues Impact on BAU activities?

Is Security guilty of overusing FUD?

Does Security have an image problem?

Are Security People a Bunch of Geeks?

Spotlight on Risk Alignment with Operational Risk Owns the control framework and risk assessment methodology Perception that Risk is looking ahead and Audit looking back Potential overlaps with security 1 st Line or 2 nd Line? Where does Compliance come into the picture?

Three Lines of Defence Model Framework helps understanding the role of internal audit in the overall risk management and internal control process. 1 st Line - - > Operational management controls 2 nd Line - - > Monitoring controls 3 rd Line - - > Independent assurance

Specific areas that highlight potential conflicts Tone at the top can drive undesirable behavior Open communications? Audit requirements, i.e. things done because Audit say so Checkbox, i.e. things done just for Audit Strict adherence to auditing against policies Pre-audits or clean up exercises before audits Continuous auditing. Being close to the deal flow Feeling of being over-audited Adverse audit points linked directly to staff pay awards

So how do we move forward? From this To this From this To this

Communication is key

Strategies for successful partnership Respect business priorities Establish credibility Develop relationships at all levels Get a seat at the table Be well prepared and learn the business Be empathetic and reasonable Be prepared to be flexible Audit findings must be practical and risk based Look for opportunities to provide advice Be a trusted but critical partner and advisor Solicit feedback Communicate, communicate, communicate! Remember: All supporting the same business objectives Security and Risk also have a role to play Overall Align with management in such a way that organizational goals are jointly achieved Leave every place a little better than you found it

Word of caution: Don t be a pushover

How much do management know about Audit Ten ways to get the most from Internal Audit

IT Audit Best Practices 2016

Final Reminder If Internal Audit was an option, i.e. not mandated, would your business choose to have it?

Just a Reminder of the origins of audit (over 800 years old!) Magna Carta signed at Runnemede, England 15 June 1215

Final, final thought

Thank you info@cyberadvisor.london @allanboardman www.linkedin.com/in/allanboardman

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback