Presentation is loading. Please wait.

Presentation is loading. Please wait.

Richard Rose, CPA Chris Pembrook, MBA, CPA, CGAP, CFA 1.

Published byRoxanne Barnett Modified over 8 years ago

Similar presentations

Presentation on theme: "Richard Rose, CPA Chris Pembrook, MBA, CPA, CGAP, CFA 1."— Presentation transcript:

1 Richard Rose, CPA Chris Pembrook, MBA, CPA, CGAP, CFA 1

2  Were they Internal Auditors or External Auditors?  Was it just fraud related?  Was it just for a simple report? 2

3 WHY & How 3

4 4

5  What is COSO? ◦ COSO (Committee of Sponsoring Organizations) of the Treadway Commission  American Accounting Association (AAA)  American Institute of Certified Public Accountants(AICPA)  Financial Executives International (FEI)  Institute of Management Accountants (IMA)  The Institute of Internal Auditors (IIA) 5

6 6

7 7

8 8

9  Polices in place to safe guard information  Documentation and review of customization to software  Security features in place to prevent segregation of duties issues  Detail reports with time stamps to review data in date order  Random information that they will tie to other information to see what the results are 9

10  Disaster recovery plan ◦ Has it been tested ◦ Who does what step incase communication is down  Password & Email policy  Termination policy  Mobile device policy ◦ What does it cover? PDAs ◦ Thumb drives ◦ Tablets ◦ Cell phones  Do you use Microsoft ActiveSync(EAS)? 10

11  What changes have been made to the base software?  Who reviewed the changes before they were implemented?  Is there someone on your staff cross trained to understand the changes made?  Does anyone watch or review what consultants or software support changes?  Basically who is getting the rounding digit from Office Space? 11

12  Who is to blame for improper access to software?  Do you have a transfer policy?  Do you have an annual review of software and folder access that a department supervisor checks?  Who knew THAT did that? 12

13  Who runs custom reports for your system?  Approval report  Detail report that shows all access to an account and the detail of that account.  Access reports  Login reports 13

14  Sick leave reports  How many cell phones are connected to exchange?  Who has not logged on in 6 weeks report?  Reports that will ask for a very specific item ◦ Can you run it? ◦ If not do you have something close ◦ May never know why they need it? 14

15  EAS protocol concepts ◦ The protocol specification explains how devices and Exchange servers are supposed to talk to one another: which commands each can emit, which kinds of responses are legal for each command, and so on. ◦ Exchange implements EAS on the server side. Besides the code that actually sends and receives data using EAS, there's code that allows administrators to view and set EAS policies through the Exchange Management Console (EMC) and Exchange Management Shell (EMS), code for logging, and code for controlling which devices can connect and what they can do after connecting. 15

16  Simple things ◦ Email, Calendar, Contact syncs ◦ Remote wipe ◦ Folder syncs  Useful things ◦ Require password ◦ Password Complexity ◦ Encryption ◦ Allow attachment downloads 16

17 Full Disclosure I am not saying you should use these. Just that they are there.  Disable Camera  Allow browser  Disable Bluetooth or Wi-Fi (windows and blackberry only)  Disable POP3/IMAP4 email (windows and blackberry only)  Include past email items(Days) 17

18 richard@crawfordcpas.com chris@crawfordcpas.com 18

Download ppt "Richard Rose, CPA Chris Pembrook, MBA, CPA, CGAP, CFA 1."

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
What you will get? Or what you like to know?

What you will get? Or what you like to know?
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
HIPAA Security.

HIPAA Security.
November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.

November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.
29 Oded Moshe, VP Products & IT Official Release May 24, 2011 SysAid 8.0.

29 Oded Moshe, VP Products & IT Official Release May 24, 2011 SysAid 8.0.
Passwords suck Nico Smit November 2014. “The million passwords dilemma:”  Just like having a million keys suck, so also having a million usernames and.

Passwords suck Nico Smit November “The million passwords dilemma:”  Just like having a million keys suck, so also having a million usernames and.
U N C L A S S I F I E D LA-UR-09-03103 LANL Exchange / Blackberry Deployment June 2, 2009 Anil Karmel Solutions Architect Network and Infrastructure Engineering.

U N C L A S S I F I E D LA-UR LANL Exchange / Blackberry Deployment June 2, 2009 Anil Karmel Solutions Architect Network and Infrastructure Engineering.
1 Sarbanes-Oxley Section 404 June 29, 2005. 2  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.

1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
1 Pertemuan 6 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

1 Pertemuan 6 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
Getting Started in Blackboard. You will need… A web browser, preferably Internet Explorer, version 4.0 or higher An email account and the knowledge of.

Getting Started in Blackboard. You will need… A web browser, preferably Internet Explorer, version 4.0 or higher An account and the knowledge of.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Sessions about to start – Get your rig on!. Ash de Zylva.

Sessions about to start – Get your rig on!. Ash de Zylva.
 Our solution  Our methodology  Zeta advantage  Case study – ›Oil & Gas digitization project.

 Our solution  Our methodology  Zeta advantage  Case study – ›Oil & Gas digitization project.
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
SHARESYNCPage 1 of 2 ShareSync is a business-grade file sync and share service Sync files across devices Share files and folders easily and securely Business-grade.

SHARESYNCPage 1 of 2 ShareSync is a business-grade file sync and share service Sync files across devices Share files and folders easily and securely Business-grade.
Your storage on the ground; Your files in the cloud.

Your storage on the ground; Your files in the cloud.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Auditors: Why do they ask all those questions? LGC Resource April 2015 Penny Austin, Assistant Director – IS Local Government Audit.

Auditors: Why do they ask all those questions? LGC Resource April 2015 Penny Austin, Assistant Director – IS Local Government Audit.

Similar presentations

Ads by Google