A Global Look at IT Audit Best Practices

Similar documents
Table of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING

SAP Security Remediation: Three Steps for Success Using SAP GRC

SAP Security Remediation: Three Steps for Success Using SAP GRC

Audit and Compliance Committee - Agenda

Security and Privacy Governance Program Guidelines

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Spring Education Conference. Securing the Organization (Ensuring Trustworthy Systems)

Cyber Security. It s not just about technology. May 2017

Risk Based IT Auditing Master Class. Unlocking your World to a Sea of Opportunities

2014 IT Risk/Reward Barometer United States Results. November Number of respondents (n) = 452

Cyber Risks in the Boardroom Conference

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Assurance over Cybersecurity using COBIT 5

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium

NERC Staff Organization Chart Budget 2019

Opportunities to Integrate Technology Into the Classroom. Presented by:

Cybersecurity Session IIA Conference 2018

NERC Staff Organization Chart Budget 2019

Uncovering the Risk of SAP Cyber Breaches

Jerry Luftman. Executive Director & Distinguished Professor SIM VP Chapter Relations & Academic Affairs, Emeritus

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Management Update: Information Security Risk Best Practices

COURSE BROCHURE CISA TRAINING

The Role of Public Sector Audit and Risk Committees in Cybersecurity & Digital Transformation. ISACA All Rights Reserved.

Business and Digital Transformation s Effects on IT Audit Groups

State of Cloud Survey GERMANY FINDINGS

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

ISACA International Perspective

2017 RIMS CYBER SURVEY

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

SOC for cybersecurity

Exploring Emerging Cyber Attest Requirements

NERC Staff Organization Chart Budget 2018

SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions

REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

BENEFITS of MEMBERSHIP FOR YOUR INSTITUTION

WELCOME TO ISACA Claudio CILLI, CISA, CISM, CRISC, CGEIT

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

Data Security and Privacy Principles IBM Cloud Services

Cybersecurity and the Board of Directors

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Oracle Buys Automated Applications Controls Leader LogicalApps

Background of the North America Top Technology Initiatives Survey

Rethinking Information Security Risk Management CRM002

Build confidence in the cloud Best practice frameworks for cloud security

International Auditing and Assurance Standards Board (IAASB) International Federation of Accountants 545 Fifth Avenue, 14 th Floor New York, NY 10017

Workday s Robust Privacy Program

Assessment and Compliance with Sarbanes-Oxley (SOX) Requirements DataGuardZ Whitepaper

Securing Your Digital Transformation

NYDFS Cybersecurity Regulations

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE

Application for Certification

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

BECOME TOMORROW S LEADER, TODAY. SEE WHAT S NEXT, NOW

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Five Reasons It s Time For Secure Single Sign-On

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

26 February Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, NW Washington, DC

Healthcare Information and Management Systems Society HIMSS. U.S. Healthcare Industry Quarterly HIPAA Compliance Survey Results: Summer 2002

IT Audit Essentials. Date: 10 th 12 th March 2015 Time: 9 am to 5.30 pm Venue: Iverson Associates, Center Point Bandar Utama, Kuala Lumpur

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

ROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success.

How Secure is Blockchain? June 6 th, 2017

Mid-Market Data Center Purchasing Drivers, Priorities and Barriers

CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS

Cybersecurity Auditing in an Unsecure World

Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley

Combating Cyber Risk in the Supply Chain

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

Les joies et les peines de la transformation numérique

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

ISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )

ISACA Survey Results. 27 April Ms. Nancy M. Morris, Secretary Securities and Exchange Commission 100 F Street NE Washington, DC

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

COPYRIGHTED MATERIAL. Index

building for my Future 2013 Certification

Multi-Region Registered Entity Coordinated Oversight Program

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

CYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World

2015 VORMETRIC INSIDER THREAT REPORT

Closing the Hybrid Cloud Security Gap with Cavirin

ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Canada Life Cyber Security Statement 2018

The Cost of Denial-of-Services Attacks

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

NERC Staff Organization Chart Budget 2017

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

GLOBAL PKI TRENDS STUDY

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Operationalize Security To Secure Your Data Perimeter

Achieving effective risk management and continuous compliance with Deloitte and SAP

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Transcription:

A Global Look at IT Audit Best Practices 2015 IT Audit Benchmarking Survey March 2015

Speakers Kevin McCreary is a Senior Manager in Protiviti s IT Risk practice. He has extensive IT audit and regulatory compliance experience. Kevin and Protiviti have worked to support the IT Audit needs of his clients from organizations that are Fortune 5 companies to those that are less than $100 million in revenue. Protiviti was recently named to Fortune s 100 best companies to work for. 2 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Speakers Jay Gohil is a Senior Manager in the ERP Solutions practice for the East Coast, in our Atlanta office. He has over eight years of experience focusing on SAP audits, SAP security, segregation of duties remediation, and SAP GRC implementations. His experience also includes IT internal audit and post implementation system reviews. Jay holds a Master of Science from the University of Florida and is a Certified Information Systems Auditor (CISA). 3 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

A Global Look at IT Audit Best Practices ISACA and Protiviti partnered to conduct the fourth annual IT Audit Benchmarking Survey in the third quarter of 2014 This global survey, conducted online, consisted of a series of questions grouped into five categories: Today s Top Technology Challenges IT Audit in Relation to the Internal Audit Department Assessing IT Risks Audit Plan Skills and Capabilities More than 1,300 executives and professionals, including chief audit executives as well as IT audit vice presidents and directors, completed the online questionnaire 4 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Today s Top Technology Challenges

Top Technology Challenges: Year-Over-Year Trends 6 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

IT Audit s Perspective An underlying theme emerging from these challenges is that technology is always changing and thus it is difficult to maintain a handle on it High-profile data breaches in many well-known organizations are keeping IT security top-of-mind and heightening expectations from the board, executives and other stakeholders for sound security measures that involve the IT audit function The development of a comprehensive cybersecurity framework should be driving compliance activities Bottom line, it is imperative for IT auditors to keep their skills current in areas including, but not limited to, IT security, cloud computing and storage, outsourcing and vendor assurance, data analytics, computer-assisted auditing tools, and more Clearly, there is a trend toward a greater need for enhanced skills and resources around these technologies and areas, much more so than in the past 7 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Key Facts from Other Leading IT Surveys Protiviti Two out of three organizations today are undergoing a major IT transformation (Source: Protiviti 2014 IT Priorities Survey) One in three companies do not have a written information security policy, and more than 40 percent lack a data encryption policy (Source: Protiviti 2014 IT Security and Privacy Survey) ISACA According to the results from ISACA s 2013 IT Risk/Reward Barometer Survey: 38 percent of respondents saw increased security threats and 28 percent saw data privacy as the biggest governance issues regarding IT 45 percent of respondents saw the risks outweighing the benefits of using bring-your-own-device (BYOD) in their organization, 27 percent saw the benefits outweighing the risks, and 28 percent saw the risks and benefits as being equal For those that do not allow BYOD, the concern about employees handling highly sensitive data was held by 39 percent, followed by 33 percent concerned about the fear of losing control of data 35 percent of respondents viewed big data as having the potential to add significant value to their enterprise, while 20 percent believed it too early to determine the value 8 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

IT Audit in Relation to the Internal Audit Department

IT Audit Director Reporting Lines To whom within the organization does your IT audit director report?* 10 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

IT Audit Director and the Audit Committee Does the IT audit director (or equivalent position) regularly attending audit committee meetings? 11 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Outside Resources Do you use outside resources to augment/provide your IT audit skill set? (Multiple responses permitted) 12 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Outside Resources Please indicate the primary reason your company uses outside resources to augment IT audit skills. 13 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Assessing IT Risks

Conducting an IT Audit Risk Assessment Does your organization conduct an IT audit risk assessment? 15 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Conducting an IT Audit Risk Assessment Does your organization conduct an IT audit risk assessment? 16 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Updating the IT Audit Risk Assessment Indicate the frequency with which the IT audit risk assessment is updated. 17 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Frameworks On which of the following accepted industry frameworks is the IT audit risk assessment based? (Multiple responses permitted) 18 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Audit Plan

IT Audit Hours and Responsibilities Which of the following activities is your IT audit function responsible for? (Multiple responses permitted) 20 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Assurance, Compliance and Consulting What percentage of time does the IT audit function spend on assurance, compliance and consulting activities? 21 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Evaluating and Assessing IT Governance Has your IT audit activity completed an evaluation and assessment of your organization s IT governance process, in accordance with ISACA s COBIT framework and IIA Standard 2110.A2? ( Yes responses shown below) 22 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Evaluating and Assessing IT Governance If you answered no to the previous question, indicate whether you intend to complete an evaluation and assessment of your organization s IT governance process. 23 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Skills and Capabilities

Importance of Skills Please indicate the level of importance that you place on the following IT audit technical skills for your IT audit staff. Please indicate the level of importance that you place on the following business and interpersonal skills for your IT audit staff. 25 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

CISA Certification Does your organization require an IT auditor to acquire the Certified Information Systems Auditor (CISA) certification? What percentage of IT auditors with your organization have acquired, or are in the process of acquiring, their CISA certification? 26 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Five Key Findings Cybersecurity and privacy are primary concerns Room for growth in IT audit reports and reporting structures Key Findings Companies face significant IT audit staffing and resource challenges IT audit risk assessments are not being conducted, or updated, frequently enough Audit committees are becoming more engaged in IT audit 27 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Questions 28 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

Confidentiality Statement and Restriction for Use This document contains confidential material proprietary to Protiviti Inc. ("Protiviti"), a wholly-owned subsidiary of Robert Half ("RHI"). RHI is a publicly-traded company and as such, the materials, information, ideas, and concepts contained herein are non-public, should be used solely and exclusively to evaluate the capabilities of Protiviti to provide assistance to your Company, and should not be used in any inappropriate manner or in violation of applicable securities laws. The contents are intended for the use of your Company and may not be distributed to third parties. 29 2015 Protiviti Inc. An Equal Opportunity Employer M/F/Disability/Vet.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback