GRC SURVEY RESULT Please indicate your profession

Similar documents
Cyber Risks in the Boardroom Conference

A Framework for Managing Crime and Fraud

COSO Enterprise Risk Management

Table of Contents. Preface xiii PART I: IT GOVERNANCE CONCEPTS. Chapter 1: Importance of IT Governance for All Enterprises 3

OF ACCOUNTANTS IAASB CAG MEETING MARCH 7, 2011

354 & Index Board of Directors Responsibilities Audit Committee and Risk Committee Coordination, 244 Audit Committee Functions and Responsibilities, 2

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

Managing Cybersecurity Risk

Security and Privacy Governance Program Guidelines

Compliance is, in general, the compliance of requirements with appropriate resources.

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

General Data Protection Regulation (GDPR) The impact of doing business in Asia

COBIT 5 With COSO 2013

DeMystifying Data Breaches and Information Security Compliance

Why you MUST protect your customer data

Cybersecurity in Higher Ed

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

How to Prepare a Response to Cyber Attack for a Multinational Company.

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

3/13/2015. COSO Revised: Implications for Compliance and Ethics Programs. Session Agenda. The COSO Framework

CISM Certified Information Security Manager

What It Takes to be a CISO in 2017

Table of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING

Demystifying GRC. Abstract

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

NERC Staff Organization Chart Budget 2019

COSO Enterprise Risk Management

Cybersecurity. Securely enabling transformation and change

Oracle Buys Automated Applications Controls Leader LogicalApps

locuz.com SOC Services

INFORMATION TECHNOLOGY SECURITY POLICY

Risk Advisory Academy Training Brochure

FulcrumWay Leading Provider of Enterprise Risk Assessment Mitigation and Remediation Solutions

NERC Staff Organization Chart Budget 2019

Risk Management in Electronic Banking: Concepts and Best Practices

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

La certificazione ISO27001

2017 Ethics & Compliance Hotline & Incident Management Benchmark Report Webinar

Information Security Risk Strategies. By

Data Loss Prevention:

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

The Business Value of including Cybersecurity and Vendor Risk in ERM

2017 RIMS CYBER SURVEY

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

SOC for cybersecurity

CopenhagenCompliance Global Actionable Regulatory Program

Advising the C-Suite and Boards of Directors on Cybersecurity. February 11, 2015

A Global Look at IT Audit Best Practices

HIPAA Privacy, Security and Breach Notification

Canada Life Cyber Security Statement 2018

Cyber Security: Threat and Prevention

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Information for entity management. April 2018

Apex Information Security Policy

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009

POSITION DESCRIPTION

- OQSF - Occupational Qualifications Sub-framework

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

FRAUD-RELATED INTERNAL CONTROLS

GOVERNANCE, RISK & COMPLIANCE CPD FOR MEMBERS IN COMMERCE & INDUSTRY AUGUST 2018

HCL GRC IT AUDIT & ASSURANCE SERVICES

General Data Protection Regulation (GDPR)

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Rethinking Information Security Risk Management CRM002

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155

Implementation of a SAP GRC solution at a Swiss Mobile Network Operator. Andreas Eberhardt, Senior Consultant Barcelona,

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

BHConsulting. Your trusted cybersecurity partner

GDPR: A QUICK OVERVIEW

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Data Privacy Corporate Responsibility in Multi Polar World

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Internet of Things Toolkit for Small and Medium Businesses

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

From the Lab to the Boardroom; Forensics goes mainstream

PCI Compliance. What is it? Who uses it? Why is it important?

AT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant

10/4/2018. Prepare For When. About George Usi

Assessment and Compliance with Sarbanes-Oxley (SOX) Requirements DataGuardZ Whitepaper

Building a Complete Program around Data Loss Prevention

Recommendations for Implementing an Information Security Framework for Life Science Organizations

DETAILED POLICY STATEMENT

Copyright 2016 EMC Corporation. All rights reserved.

Update from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013

Avanade s Approach to Client Data Protection

Turning Risk into Advantage

DAVID J BEHINFAR, JD., LLM., CHC, CHRC, CCEP, HCISPP, CIPP/US P23: AN EFFECTIVE PRIVACY PROGRAM BUILT THROUGH STRATEGIC VISION AND LEADERSHIP SUPPORT

INTELLIGENCE DRIVEN GRC FOR SECURITY

NERC Staff Organization Chart Budget 2018

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium

Red Flags/Identity Theft Prevention Policy: Purpose

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

CCISO Blueprint v1. EC-Council

Transcription:

COPENHAGEN?=! CO?=! MPLIANCE T o p i c a l a n d T i m e l y Riskability GRC Controllers Governance, Risk & Compliance COPENHAGEN?=! CHARTER Bribery, Fraud & Corruption GRC SURVEY RESULT. Please indicate your profession 5 6 7 8 9 Financial Services Manufacturing Health care Consultancy, Training and Education Communications/Media Audit and Legal Government IT Other 0.5 5. 7.69 7.95 0.00 0.5 7.69 7.69.8 Please indicate your profession Financial Services Health care Communications/Media Government Other 0 5 6 7 8 9

. Please indicate your position Board of Directors Senior Management GRC Officer Manager.50 7.50 0.00 0.00 Please indicate your position Board of Directors Senior Management GRC Officer Manager 0 6 8 0

. What is your top GRC business priority in 0? Attaining a consolidated view of risks and staying on top of new 6.59 regulations and track costs associated with risk and compliance. Controlling that the rd party, outsourced and vendors risks are in.0 compliance with mandates and policies. Determine the GAP(s) between the significant risk and compliance.0 challenges. Furnish the organization with a consolidated view of all compliance and 9.5 risk factors and provide effective GRC services. 5 Get a grip on risk and compliance with a IT platform that delivers 7. integrated risk and regulatory reports. 6 Inadequate current GRC solution/process to provide the ability to. generate automatic assessments. 7 An evaluation of the risk and compliance department s overall 9.76 effectiveness. What is your top GRC business priority in 0? Attaining a consolidated view of risks and staying on top of new regulations and Controlling that the rd party, outsourced and vendors risks are in compliance with Determine the GAP(s) between the significant risk and compliance challenges. Furnish the organization with a consolidated view of all compliance and Get a grip on risk and compliance with a IT platform that delivers integrated risk and Inadequate current GRC solution/process to provide the ability to generate An evaluation of the risk and compliance department s overall effectiveness. 0 6 8 0 6

. How will you best describe your company's approach and effort to put into practice the GRC issues? Leader. We have an reasonable GRC strategy in place, and.08 we are proactively executing the GRC plan each year. Strategist. We are getting better to determining the 0.6 appropriate GRC strategy, and the drive to executing our GRC plan seems to be in order. Methodological. We are working on improving the 8. information required to establish and determine the GRC strategy, but we are getting the GRC things done. Unstructured. We do not have an strong GRC strategy in 8.6 place, and we are typically in a reactive mode when it comes to monitoring the GRC processes How will you best describe your company's approach and effort to put into practice the GRC issues? Leader. We have an reasonable GRC strategy in place, and we are proactively Strategist. We are getting better to determining the appropriate GRC Methodological. We are working on improving the information required to Unstructured. We do not have an strong GRC strategy in place, and we are 0 6 8 0 6

5. What does GRC mean to you and your organisation? GRC is: The need for governance, risk management, and compliance functions to 5.00 work together. It is not about optimizing performance, managing risks, and remaining in.50 compliance, but more to fulfill stakeholder requirements. We use it as a solution for managing access to our ERP system(s) We use it as a risk and compliance management plus policy and audit.50 7.50 management system. 5 It is just another hype like BPR, for consultants and vendors to sell services 5.00 or products. 6 The use of GRC as a term in our company is so vast that we use it to include 0.00 a variety of areas, processes, policies and controls, tests, reports, disclosures and technology. 7 To us GRC refers to a combination of solutions, specifically risk 7.50 management, compliance management, audit management, and policy management. What does GRC mean to you and your organisation? GRC is: The need for governance, risk management, and compliance functions It is not about optimizing performance, managing risks, and We use it as a solution for managing access to our ERP system(s) We use it as a risk and compliance management plus policy and audit It is just another hype like BPR, for consultants and vendors to sell services The use of GRC as a term in our company is so vast that we use it to include a variety To us GRC refers to a combination of solutions, specifically risk 0 6 8 0 6

6. The most important in order to deal with the pressures of regulatory compliance More GRC staff..6 A new compliance organization/officer. 8. More information and guidance from external sources on 5.79 how to understand and implement the requirements of new regulation. Wall-to-wall technology/it for automated Compliance.05 controls. (Information solutions, documentation and workflow software, disclosure). 5 Inconsistencies and Inefficiencies in the current policies,.58 processes and procedures need to be updated. The most important in order to deal with the pressures of regulatory compliance More GRC staff. A new compliance organization/officer. More information and guidance from Wall-to-wall technology/it for Inconsistencies and Inefficiencies in the 0 6 8 0

7. Do you measure the effectiveness of your compliance (or GRC) program? We do not attempt to measure the compliance programs, we. just comply We do not attempt to measure the company s return on. investment in compliance (GRC) costs. We have defined our (GRC and) compliance plan and. established specific compliance (GRC) objectives We need to specify the key performance indicators for Risk 7.78 Management 5 6 We need to specify the key performance indicators for Good Governance We have defined the key performance indicators for Compliance (GRC) and how to measures the performance effectively.78.78 Do you measure the effectiveness of your compliance (or GRC) program? We do not attempt to measure the We do not attempt to measure the We have defined our (GRC and) We need to specify the key performance We need to specify the key performance We have defined the key performance 0 6 8 0

8. The most important function of Compliance 5 6 7 8 Anti-corruption laws and enforcement Bribery and Fraud efforts Compliance and Ethics training Gifts and Entertainment Oversight of privacy and confidentiality Regulatory oversight on effective compliance Security risks Whistleblower incentives.89.78 5.00.78 5.56. 5.56 0.00 The most important function of Compliance Anti-corruption laws and enforcement Compliance and Ethics training Oversight of privacy and confidentiality Security risks 0 6 8 0 6 8

9. We use the following tools to measure the GRC programs 5 Audit the compliance program Employee training data Employee evaluations and feedback data Hotline activity Stakeholder evaluations of compliance and ethics program 9.7.05 0.5.6 6. We use the following tools to measure the GRC programs Audit the compliance program Employee training data Employee evaluations and feedback data Hotline activity Stakeholder evaluations of compliance 0 6 8 0 6

0. When incidents do occur, the most likely impact to the business is: 5 6 7 Brand/reputation compromised Extortion Fraud Financial losses Intellectual property theft Loss of shareholder value Legal exposure / lawsuit.59 5..56.08 0.00.56.08 When incidents do occur, the most likely impact to the business is: Brand/reputation compromised Extortion Fraud Financial losses Intellectual property theft Loss of shareholder value Legal exposure / lawsuit 0 6 8 0 6 8

. Which ERM framework do you use? Choice Description % 5 COSO ITIL Own design None Other..7 0.00. 9.7 Which ERM framework do you use? COSO ITIL Own design None Other 0 5 6 7 8 9. What is the frequency of security-related breaches in your organisation? Choice Description % <0 incidents >0 incidents >50 incidents 78.95 0.5 0.5 <0 incidents >50 incidents What is the frequency of securityrelated breaches in your organisation? 0 6 8 0 6

. What is the impact that cloud computing has on IT security risks? Proximity of your information to someone else's Inadequate training and IT auditing Uncertain ability to execute provider site security policies Questionable restricted access control at source site 7.50. 8. 0.8 What is the impact that cloud computing has on IT security risks? Proximity of your information to someone else's Inadequate training and IT auditing Uncertain ability to execute provider site security policies Questionable restricted access control at source site 0 6 8 0

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback