go ve rna nc e
play

Go ve rna nc e Oc to b e r 28, 2016 Auditing Spe a ke r Pro file s - PDF document

Dec 17, 2022 •306 likes •785 views

Go ve rna nc e Oc to b e r 28, 2016 Auditing Spe a ke r Pro file s Da n Gra ve s, CPA Austin Se nio r Ma na g e r, Risk Adviso ry Se rvic e s 10 ye ars o f e xpe rie nc e in public ac c o unting with e mphasis risk manage me nt and inte

  1. Go ve rna nc e Oc to b e r 28, 2016 Auditing

  2. Spe a ke r Pro file s Da n Gra ve s, CPA Austin Se nio r Ma na g e r, Risk Adviso ry Se rvic e s 10 ye ars o f e xpe rie nc e in public ac c o unting with e mphasis risk manage me nt and inte rnal audit Bria n T ho ma s, CI SA, CI SSP, QSA Pa rtne r-in-Cha rg e , I T Adviso ry Se rvic e s 18 ye ars o f e xpe rie nc e in manage me nt c o nsulting and risk adviso ry se rvic e s 2

  3. T o pic s • Cha lle ng e s o f Auditing Go ve rna nc e • De fining Go ve rna nc e • E le me nts o f Go ve rna nc e a nd I T Go ve rna nc e • Audit Crite ria a nd Appro a c h • Pra c tic a l T ips a nd Co nside ra tio ns 3

  4. ? WHAT I S GOVE RNANCE Go ve rnanc e is a c o mbinatio n o r pro c e sse s and struc ture s imple me nte d by Bo ard o r E xe c utive Manage me nt to infor m , dir e ct , manage , and monitor ac tivitie s o f the o rganizatio n to wards the ac hie ving the ir ate gic goals . str 4

  5. ? WHAT I S I T GOVE RNANCE I T Go ve rnanc e is a subse t o f o rganizatio n’ s go ve rnanc e and c o nsists o f le ade r ship , e , and o the r pro c e sse s or ganizational str uctur to e nsure infor mation te chnology suppor ts the o rganizatio n’ s str ate gic obje ctive s . 5

  6. Pe rspe c tive s Gove rna nc e is foc use d on providing dire c tion a nd ove rsig ht to the org a niza tions a nd the ir prog ra ms. • Guide s the a c hie ve me nt o f b usine ss’ g o a ls a nd o b je c tive s • Struc ture d g o ve rna nc e pro vide s: – F ore sig ht : Stra te g y drive n, pro c e sse s a nd c o ntro l o ptimiza tio n, o pe ra tio na l a uditing , industry e xpe rtise , da ta mo de ling – Insig ht : Busine ss insig ht, le ve ra g e K PI s, b e nc hma rks, c o ntro l a nd pro c e ss e ffe c tive ne ss – Hindsig ht : Mo nito r c o ntro l a nd c o mplia nc e , risk drive n 6

  7. Gove rna nc e Ove rsig ht Go ve rna nc e is ra pidly c ha ng ing a nd re q uire s I nte rna l Audit to mo nito r c ha ng e s a nd re -e va lua te ho w the y impa c t the o rg a niza tio n. 7

  8. Role of Inte rna l Audit Asse sso r Adviso r Advo c a te Ca ta lyst • Pe rform a sse ssme nts to pro vide a ssura nc e o ve r g o ve rna nc e struc ture s • Provide a dvic e o n impro ve me nts to g o ve rna nc e struc ture s a nd o pe ra tio na l pro c e sse s 8

  9. Gove rna nc e Asse ssme nt • Asse ss a nd ma ke re c o mme nda tio ns to impro ve g o ve rna nc e pro c e ss – Pro mo te a ppro pria te e thic s a nd va lue s – E nsure e ffe c tive pe rfo rma nc e ma na g e me nt – E ffe c tive c o mmunic a tio n o f risk a nd c o ntro l info rma tio n – E ffe c tive c o o rdina ting a c tivitie s – E ffe c tive c o mmunic a tio n b e twe e n e xte rna l a udit, b o a rd, inte rna l a udit, a nd ma na g e me nt S tandard 2130 the iia.o rg 9

  10. Go ve rna nc e a nd Go ve rna nc e le me nts o f T E I

  11. E le me nts of Gove rna nc e Boa rd Role s E thic s & Ove rsig ht Asse ssme nt & Stra te g y, GOVE RNANCE Risk Polic ie s a nd Ma na g e me nt Proc e dure s Struc ture & Communic a tion Ac c ounta bility & Re porting 11

  12. Boa rd Role s & Ove rsig ht • Bo a rd Cha rte r • Byla ws • Bo a rd Po lic ie s • Bo a rd Struc ture • Sub c o mmitte e s 12

  13. Stra te g y, Polic ie s & Proc e dure s • Po lic ie s a nd Pro c e dure s • Missio n Sta te me nt a nd Va lue s • Stra te g ic Pla n a nd Dire c tio n • Go a ls • Pe rfo rma nc e Me tric s 13

  14. Struc ture & Ac c ounta bility • Huma n Re so urc e s Po lic ie s a nd Pro c e dure s • Jo b De sc riptio ns • Pe rfo rma nc e E va lua tio ns • Co mpe nsa tio n & I nc e ntive s • T ra ining Pla ns • Suc c e ssio n Pla n 14

  15. Communic a tion & Re porting • Bo a rd Co mmunic a tio ns • Bo a rd Re po rting • I nte rna l Re po rting • E mplo ye e Co mmunic a tio ns/ Me e ting s • Re a l-time / Da shb o a rd Re po rting • Pub lic I nfo rma tio n 15

  16. Asse ssme nt & Risk Mg mt • Risk I de ntific a tio n • Risk Asse ssme nt • Risk Ma na g e me nt • Mo nito ring • Co mplia nc e 16

  17. E thic s • E thic s Po lic y • E thic s Co mmunic a tio n Stra te g y • T ra ining • Ac kno wle dg e me nts 17

  18. E le me nts of IT Gove rna nc e Org a niza tiona l Gove rna nc e Struc ture s IT Org a niza tion & Risk Ma na g e me nt IT E xe c utive L e a de rship GOVE RNANCE Support Se rvic e De live ry & Me a sure me nt Stra te g ic & Ope ra tiona l Pla nning 18

  19. Org a niza tion & Gove rna nc e Struc ture s • E sta b lishe d De c isio n Bo die s • Ro le & Re spo nsib ilitie s o f I T Ma na g e me nt • Bo a rd Co mmunic a tio n 19

  20. E xe c utive L e a de rship & Support • Ro le o f I T / CI O in Org a niza tio na l Stra te g y • I T Stra te g ic Pla n • K e y I T I nitia tive s • I T Budg e ting Pro c e ss 20

  21. Stra te g ic & Ope ra tiona l Pla nning • T a c tic a l Ope ra ting Pla ns • K PI s a nd Re po rting Me tric s • Co st Be ne fit Asse ssme nt fo r I T I nve stme nts • I T Org a niza tio n Struc ture s, Size , a nd Co mpo sitio n 21

  22. Se rvic e De live ry & Me a sure me nt • I T Co st Ma na g e me nt • I T Va lue Me a sure me nt • CI O Pe rfo rma nc e Me a sure me nt • So urc ing Arra ng e me nts 22

  23. IT Org a niza tion & Risk Ma na g e me nt • Da ta Sta nda rdiza tio n • De g re e o f Auto ma tio n • T e c hno lo g y Asse t I nve nto ry • I T Po lic ie s a nd Pro c e dure s • I T Risk Asse ssme nt Pro c e ss 23

  24. Audit Appro a c h a nd Crite ria

  25. Gove rna nc e Crite ria • COSO 2013 – I nte rna l Co ntro l F ra me wo rk fo r the Go ve rna nc e Struc ture • Org a niza tio n Po lic ie s a nd Pro c e dure s • NACD – I ndustry b e st pra c tic e s • Re g ula to ry g uida nc e o r le g isla tio n 25

  26. IT Gove rna nc e Crite ria • COSO 2013 – I nte rna l Co ntro l F ra me wo rk fo r the Go ve rna nc e Struc ture • COBI T 5 – F ra me wo rk fo r Go ve rna nc e a nd Ma na g e me nt if E nte rprise I T • GT AG 17 – Auditing I T Go ve rna nc e • Org a niza tio n Po lic ie s a nd Pro c e dure s • Re g ula to ry g uida nc e o r le g isla tio n 26

  27. COBIT 5 Go ve rna nc e o f E nte rprise I T Sta ke holde r Ne e ds E nd- to- E nd Se pa ra te E nte rprise Gove rna nc e & Cove ra g e Ma na g e me nt COBI T 5 Sing le Holistic Inte g ra te d Approa c h F ra me work www.isac a.o rg/ c o bit 27

  28. Alig ning IT a nd Busine ss GT AG 17 c o ve rs a spe c ts o f g o ve rna nc e tha t sho uld b e in pla c e to e nsure I T suppo rts the stra te g ie s a nd o b je c tive s o f the o rg a niza tio n. IT GOVE RNANCE I t a lso de sc rib e s e le me nts o f e ffe c tive g o ve rna nc e INF ORMAT ION a nd pe rfo rma nc e SE CURIT Y fra me wo rks suc h a s b a la nc e d sc o re c a rds, ma turity mo de ls, a nd q ua lity syste ms. IT IT OPE RAT IONS PROJE CT S 28

  29. A Diffe re nt Approa c h Go ve rna nc e is dyna mic a nd is diffe re nt fo r va rio us o rg a niza tio ns a nd/ o r pro g ra ms. • Ma turity Mo de l E va lua tio n – Re fe re nc e to c a te g o rize a nd hig hlig ht c ha ra c te ristic s o f the ma turity sta g e o f a n o rg a niza tio n fo r e a c h o f the ke y e le me nts o f g o ve rna nc e – Allo ws a udito rs the fle xib ility to a sse ss g o ve rna nc e ma turity a c ro ss the c o ntinuum – Ma na g e me nt is a ffo rde d the o ppo rtunity to unde rsta nd the e ffo rts re q uire d o f a ll sta g e s o f ma turity 29

  30. De te rmining Ma turity Goa ls T o e va lua te the g o ve rna nc e o f a n o rg a niza tio n, a g o a l fo r the sta g e o f ma turity fo r the o rg a niza tio n must b e e sta b lishe d a s a “b a se line ” fo r the a udit. • Ma na g e me nt c o nse nsus a nd suppo rt sho uld b e g a ine d prio r to pe rfo rming a udit pro c e dure s • Go a l Ma turity Sta g e sho uld c o nside r: – Ag e o f the o rg a niza tio n/ pro g ra m – E xte rna l sta ke ho lde r e xpe c ta tio ns – Vo lume o f sta ke ho lde rs a ffe c te d • T a ilo r a udit pro c e dure s to de te rmine a c tua l sta g e o f ma turity o f the o rg a niza tio n 30

Recommend

More recommend