GRC - Governance, Risk MANAGEMENT, and Compliance

Slides:

Advertisements

Similar presentations

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Advertisements

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Appendix F: Common risk categories for the public sector Insert client-specific photo here.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

Chapter 10 Accounting Information Systems and Internal Controls

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Control and Accounting Information Systems

Agenda COBIT 5 Product Family Information Security COBIT 5 content

Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Enterprise Risk Management Its Meaning and Import Jerry A. Miccolis, FCAS, MAAA Tillinghast - Towers Perrin.

Security Controls – What Works

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Internal Control Pertemuan 05 s.d 06 Matakuliah: F0712 / Lab Sistem Informasi Akuntansi Tahun: 2007.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

First Practice - Information Security Management System Implementation and ISO Certification.

Doğancan USTACAN Hasan KÜTÜKÜT Abdullah Cihan Küçük Sevil KUGU.

Chapter 4 IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESSES.

© Copyright 2012 Pearson Education. All Rights Reserved. Chapter 10 Fraud & Internal Control ACCOUNTING INFORMATION SYSTEMS The Crossroads of Accounting.

Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,

Information Security Framework & Standards

Evolving IT Framework Standards (Compliance and IT)

OECD Guidelines on Insurer Governance

Copyright © 2008 McGraw-Hill Ryerson Ltd.1 Chapter Twelve Corporate Governance Canadian Business and Society: Ethics & Responsibilities.

ISMS for Mobile Devices Page 1 ISO/IEC Information Security Management System (ISMS) for Mobile Devices Why apply ISMS to Mobile Devices? Overview.

COBIT Information Security An Introduction Tanvir Orakzai,PhD

Introduction to Internal Control Systems

Chapter 5 Internal Control over Financial Reporting

Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.

Roles and Responsibilities

1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.

1 © 2012 John Wiley & Sons, Ltd, Accounting for Managers, 4th edition, Chapter 2 Accounting and its Relationship to Shareholder Value and.

Corporate Governance and Risk Management. Introduction Corporate Governance What does it mean? and Why does it matter? Risk Management Challenges of growth.

DFA Capital Management Inc. DFA vs. ERM Is There A Difference? CAS Special Interest Seminar Understanding the Enterprise Risk Management Process San Francisco,

ACCOUNTING AND FINANCIAL RESPONSIBILITY IN STRATEGIC PLANNING By Charles D. Little, Ph.D.

Everyone’s Been Hacked Now What?. OakRidge What happened?

RISK MANAGEMENT : JOURNEY OR DESTINATION ?. What is Risk? “ Any uncertain event that could significantly enhance or impede a Company’s ability to achieve.

M I N I S T R Y O F I N D U S T R Y, E M P L O Y M E N T A N D C O M M U N I C A T I O N S OECD Guidelines on Corporate Governance of State Owned Enterprises.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

TMS - Cooperation partner of TÜV SÜD EFFECTIVE SERVICE MANAGEMENT based on ISO/IEC & ISO/IEC

Sustainability Assessment: The Way Ahead for Corporate Reporting.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

Chapter 1: Security Governance Through Principles and Policies

1 Bishkek, October 2003 The Responsibility of the Board according to the OECD Principles and Patterns of Change in the aftermath of Recent Corporate Events.

Managing Uncertainty, Creating Opportunity Enterprise Risk Management J. Brown, CEO.

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.

Presented by. Information! Information is a key resource for all enterprises. Information is created, used, retained, disclosed and destroyed. Technology.

COBIT 5 Executive Summary © 2012 ISACA. All rights reserved.1.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

Governance, Risk and Ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.

What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.

RISK MANAGEMENT SYSTEM

COBIT 5 Executive Summary

Learn Your Information Security Management System

Chapter 9 Control, security and audit

COBIT 5 and GRC Date.

Kuveyt Turk Participation Bank

Making Information Security Actionable with GRC

Alignment of COBIT to Botswana IT Audit Methodology

Sustainability Corporations, Capital Markets and Global Economy.

Corporate Governance It is a system by which companies are managed and directed in the best interests of the owners and shareholders. It refers to the.

COBIT 5 Executive Summary

December 5, 2018.

COBIT 5 and GRC Date.

COBIT 5 and GRC Date.

An overview of Internal Controls Structure & Mechanism

COBIT 5 and GRC Date.

Awareness and Auditor training kit

Presentation transcript:

GRC - Governance, Risk MANAGEMENT, and Compliance

"Governance, Risk Management, and Compliance Governance : Combination of processes established and executed by the BOD and how it is managed and led towards achieving goals. Risk management : Identify, analyse and manage risks that could hinder the organization from achieving its objectives. Compliance : Conforming to company's policies, procedures, laws and regulations .

GOVERNANCE The system of rules, practices and processes by which a company is directed and controlled. Involves balancing the interests of the many stakeholders in a company. Also provides the framework for attaining a company's objectives. Action plans and internal controls to performance measurement and corporate disclosure.

Governance Principles Rights and equitable treatment of shareholders Interests of other stakeholders Roles and responsibilities of the board Integrity and ethical behaviour Disclosure and transparency

RISK MANAGEMENT Identify , assess , prioritize , control, exploit , finance and monitor risks. Coordinated and economical application of resources . To minimize, monitor and control the probability and/or impact of unfortunate events . Eliminates uncertainties. RISK MANAGEMENT vs GOVERNANCE Are they same ?

RISK TYPES Hazard risk Liability torts, Property damage, Natural catastrophe Financial risk Asset risk, Currency risk, Liquidity risk Operational risk Customer satisfaction, Product failure, Integrity, Reputational risk, Knowledge drain. Strategic risks Competition, Social trend, Capital availability.

RISK MANAGEMENT PROCESS Establishing Context. Identifying Risks. Analysing/Quantifying Risks. Integrating Risks. Assessing/Prioritizing Risks. Treating/Exploiting Risks. Monitoring and Reviewing.

COMPLIANCE Conforming to a rule, such as a specification, policy, standard or law. Compliance audit : Review of an organization's adherence to regulatory guidelines. Organization must be able to demonstrate compliance by producing an audit trail. Auditors review security polices, user access controls and risk management procedures CIOs, CTOs and IT administrators answers a series of pointed questions over the course of an audit. Event log managers and robust change management software allows tracking and documentation of authentication and controls in IT systems.

Some prominent regulations, standards : Sarbanes-Oxley Act (SOX) of 2002: To protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. Can Spam Act of 2003: Requires businesses to label commercial emails as advertising, use legitimate return email addresses, provide recipients with opt-out. Payment Card Industry Data Security Standard (PCI DSS): Created in 2004 by Visa, MasterCard, Discover and American Express to ensure the security of credit, debit and cash card transactions. Information Security Management System (ISMS : ISO 27001): Design, implement and maintain a coherent set of policies, processes and systems to manage risks to the information assets.

COBIT (Control Objectives for Information and Related Technology) Created by ISACA (Information Systems Audit and Control Association) Bridge the gap between control requirements, technical issues and business risks. More comprehensive definition of roles and responsibilities

Principles

ENABLERS

Governance x Management EDM (Evaluate , Direct and Monitor) Management PBRM (Plan, Build, Run, Monitor )

Other standards Risk Management Standards : ISO/IEC 27005 : Information security risk management ISO 31000 NIST 800-30 Risk IT by ISACA

NIST SP 800 - 30

THANK YOU