SlideShare a Scribd company logo

Clifton Gunderson IT Oversight

A
almaraz

In a recent survey of executives by the IT Governance Institute, half of those surveyed indicated that IT is very important to their organization, but yet noted that IT issues were only discussed on an ad hoc basis at the senior management level.

1 of 48
IT Oversight: Six Management Strategies for Construction Companies A CFMA KnowledgeNOW Webinar September 29, 2010 1
Copyright notice This presentation and all associated materials are copyrighted by CFMA & Clifton Gunderson LLP, and may not be altered, adapted, reproduced, or redistributed in any manner without express written permission from CFMA’s Director of Educational Services & Clifton Gunderson LLP. Unauthorized use of any CFMA copyrighted materials is expressly forbidden by law. 2 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
This KnowledgeNOW Webinar was produced for CFMA by… And is sponsored by… 3 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
Where IT fits in the organizational chart The role of IT in strategic planning and decision-making Developing an integrated IT group Security challenges and solutions The role of IT in internal controls Internal versus outsourced IT resources Discussion Topics 4 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
Today's Presenters: Rodney Almaraz, Senior Manager Clifton Gunderson, Austin, Texas Jeff Lemmermann, Practice Manager Clifton Gunderson, Milwaukee, Wisconsin 5 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight ,[object Object]
Harnessing the power of the IT group
Outlining the role of IT in the business
IT governance concepts 6 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight ,[object Object]
Budget Overruns
Delivered Late
Death March Projects7 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight ,[object Object]
Position IT as a strategic & competitive necessity
Make sure that IT plans, actions, and capabilities are clearly linked8 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight ,[object Object]
Definition
What are we governing?9 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
10 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight ,[object Object]
Alignment of the goals of the business with the goals of IT
Involvement of the IT Group in the Strategic Vision11 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight ,[object Object]
Six ObjectivesAlignment of organizational and IT strategies Realization of IT project and operations value Realization of IT-related opportunities 12 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight ,[object Object]
Six Objectives4. Effective management and responsible use of IT resources 5. Effective management of IT-related business risks 6. Compliance with applicable laws, regulations and corporate standards 13 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight ,[object Object]
CIO’s want greater role
Classification of project types
Minimize maintenance budget14 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight Department leader communication with the IT Group ,[object Object]
Involvement of users in the goal setting process15 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight ,[object Object]
Working with the Business
Southwest Example
Campbell Soup Example16 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight 17 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight 18 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight Involvement of users in the goal setting process ,[object Object]
Assess stakeholder importance and influence
Determine stakeholder interest and motivation19 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight Conflicting Mutual Allies - use as a power base Blockers - isolate & negotiate Resources IT’s Action Source’s of IT’s Needs Degree of interdependence with IT process Political Support Network members - build strong political network Slowers - negotiate Conflicting Mutual Degree of common interest with IT 20 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight ,[object Object]
Understanding the security implications of proper oversight
Safeguarding the “keys to the kingdom”
Controls over administrator accounts21 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
IT Oversight ,[object Object]

Recommended

Cyber Security breakfast briefing - Exeter
Cyber Security breakfast briefing - ExeterCyber Security breakfast briefing - Exeter
Cyber Security breakfast briefing - ExeterPKF Francis Clark
 
Cyber Security breakfast briefing - Bournemouth
Cyber Security breakfast briefing - BournemouthCyber Security breakfast briefing - Bournemouth
Cyber Security breakfast briefing - BournemouthPKF Francis Clark
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec
 
art - MM Transformer - CIO Council (09-16) v1
art - MM Transformer - CIO Council (09-16) v1art - MM Transformer - CIO Council (09-16) v1
art - MM Transformer - CIO Council (09-16) v1Marlon Moodley
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-IT Strategy Group
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 

Recommended

Cyber Security breakfast briefing - Exeter
Cyber Security breakfast briefing - ExeterCyber Security breakfast briefing - Exeter
Cyber Security breakfast briefing - ExeterPKF Francis Clark
 
Cyber Security breakfast briefing - Bournemouth
Cyber Security breakfast briefing - BournemouthCyber Security breakfast briefing - Bournemouth
Cyber Security breakfast briefing - BournemouthPKF Francis Clark
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec
 
art - MM Transformer - CIO Council (09-16) v1
art - MM Transformer - CIO Council (09-16) v1art - MM Transformer - CIO Council (09-16) v1
art - MM Transformer - CIO Council (09-16) v1Marlon Moodley
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-IT Strategy Group
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430Jean-François LOMBARDO
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
 
Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020TheCEOViews
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC
 
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLRajni Baliyan
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Dr. Ahmed Al Zaidy
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover StoryPatrick Spencer
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec
 
Pisa-Relli ITAR Civil Enforcement (November 2011)
Pisa-Relli ITAR Civil Enforcement (November 2011)Pisa-Relli ITAR Civil Enforcement (November 2011)
Pisa-Relli ITAR Civil Enforcement (November 2011)John Pisa-Relli
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 
Funsec3e ppt ch11
Funsec3e ppt ch11Funsec3e ppt ch11
Funsec3e ppt ch11Skillspire LLC
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Dr. Ahmed Al Zaidy
 
Best Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information SecurityBest Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information Securitysatyakam_biswas
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor PrivacyRaymond Cunningham
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Dr. Ahmed Al Zaidy
 
Independent Contractor Compliance: What You Need To Know
Independent Contractor Compliance: What You Need To KnowIndependent Contractor Compliance: What You Need To Know
Independent Contractor Compliance: What You Need To KnowMBO Partners
 
Mwlug Compliance And E Discovery Policies
Mwlug Compliance And E Discovery PoliciesMwlug Compliance And E Discovery Policies
Mwlug Compliance And E Discovery PoliciesLotusDR
 
Petronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsPetronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsDarren Surin, BSc, MBA, PMP, ITIL
 
Aldo
Aldo Aldo
Aldo Ishita Agrawal
 

More Related Content

What's hot

Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430Jean-François LOMBARDO
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
 
Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020TheCEOViews
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC
 
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLRajni Baliyan
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Dr. Ahmed Al Zaidy
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec
 
Pisa-Relli ITAR Civil Enforcement (November 2011)
Pisa-Relli ITAR Civil Enforcement (November 2011)Pisa-Relli ITAR Civil Enforcement (November 2011)
Pisa-Relli ITAR Civil Enforcement (November 2011)John Pisa-Relli
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Dr. Ahmed Al Zaidy
 
Best Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information SecurityBest Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information Securitysatyakam_biswas
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Dr. Ahmed Al Zaidy
 
Independent Contractor Compliance: What You Need To Know
Independent Contractor Compliance: What You Need To KnowIndependent Contractor Compliance: What You Need To Know
Independent Contractor Compliance: What You Need To KnowMBO Partners
 
Mwlug Compliance And E Discovery Policies
Mwlug Compliance And E Discovery PoliciesMwlug Compliance And E Discovery Policies
Mwlug Compliance And E Discovery PoliciesLotusDR
 

What's hot (20)

Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
 
Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
 
The growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQLThe growing mandatory requirements to protect data- secure PostgreSQL
The growing mandatory requirements to protect data- secure PostgreSQL
 
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover Story
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
 
Pisa-Relli ITAR Civil Enforcement (November 2011)
Pisa-Relli ITAR Civil Enforcement (November 2011)Pisa-Relli ITAR Civil Enforcement (November 2011)
Pisa-Relli ITAR Civil Enforcement (November 2011)
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
 
Funsec3e ppt ch11
Funsec3e ppt ch11Funsec3e ppt ch11
Funsec3e ppt ch11
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
 
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
 
Best Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information SecurityBest Practices In Corporate Privacy & Information Security
Best Practices In Corporate Privacy & Information Security
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
 
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
 
Independent Contractor Compliance: What You Need To Know
Independent Contractor Compliance: What You Need To KnowIndependent Contractor Compliance: What You Need To Know
Independent Contractor Compliance: What You Need To Know
 
Mwlug Compliance And E Discovery Policies
Mwlug Compliance And E Discovery PoliciesMwlug Compliance And E Discovery Policies
Mwlug Compliance And E Discovery Policies
 

Viewers also liked

Petronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsPetronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsDarren Surin, BSc, MBA, PMP, ITIL
 
Case Study - Topshop & Google at LFW
Case Study - Topshop & Google at LFWCase Study - Topshop & Google at LFW
Case Study - Topshop & Google at LFWWilli5 T
 
Nine West vs Steve Madden
Nine West vs Steve Madden Nine West vs Steve Madden
Nine West vs Steve Madden Gurpreet Kaur
 
Third-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightThird-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightNICSA
 
Chap016-Oversight
Chap016-OversightChap016-Oversight
Chap016-Oversightmaisuradi
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Zara Online product & operational Analysis
Zara Online product & operational AnalysisZara Online product & operational Analysis
Zara Online product & operational AnalysisJing Huang
 
Mastering the Retail Omni Channel Experience with Aldo, Salesforce & Traction...
Mastering the Retail Omni Channel Experience with Aldo, Salesforce & Traction...Mastering the Retail Omni Channel Experience with Aldo, Salesforce & Traction...
Mastering the Retail Omni Channel Experience with Aldo, Salesforce & Traction...Traction on Demand
 
Case Study: Topshop [NYU]
Case Study: Topshop [NYU]Case Study: Topshop [NYU]
Case Study: Topshop [NYU]Julien Perez
 
Topshop (A Marketing Management Project for MBA)
Topshop (A Marketing Management Project for MBA)Topshop (A Marketing Management Project for MBA)
Topshop (A Marketing Management Project for MBA)mahakhalid1
 
[Case study] zara fast fashion
[Case study] zara fast fashion[Case study] zara fast fashion
[Case study] zara fast fashionRegine Labog
 
Zara marketing plan
Zara marketing planZara marketing plan
Zara marketing planshiva5717
 
Zara Global Strategy
Zara Global StrategyZara Global Strategy
Zara Global StrategySamarth Gupta
 
Complete topshop presentation
Complete topshop presentation Complete topshop presentation
Complete topshop presentation Jessica Moore
 
TRATADOS INTERNACIONALES DEL MEDIO AMBIENTE
TRATADOS INTERNACIONALES DEL MEDIO AMBIENTETRATADOS INTERNACIONALES DEL MEDIO AMBIENTE
TRATADOS INTERNACIONALES DEL MEDIO AMBIENTESTONY13
 
ZARA 's Business Strategy
ZARA 's Business StrategyZARA 's Business Strategy
ZARA 's Business StrategyMaria Giokarini
 

Viewers also liked (20)

Petronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System RequirementsPetronas Project Oversight and Corporate Governance System Requirements
Petronas Project Oversight and Corporate Governance System Requirements
 
Aldo
Aldo Aldo
Aldo
 
Case Study - Topshop & Google at LFW
Case Study - Topshop & Google at LFWCase Study - Topshop & Google at LFW
Case Study - Topshop & Google at LFW
 
Nine West vs Steve Madden
Nine West vs Steve Madden Nine West vs Steve Madden
Nine West vs Steve Madden
 
Third-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in OversightThird-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in Oversight
 
Chap007
Chap007Chap007
Chap007
 
Chap016-Oversight
Chap016-OversightChap016-Oversight
Chap016-Oversight
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
 
Zara Online product & operational Analysis
Zara Online product & operational AnalysisZara Online product & operational Analysis
Zara Online product & operational Analysis
 
Mastering the Retail Omni Channel Experience with Aldo, Salesforce & Traction...
Mastering the Retail Omni Channel Experience with Aldo, Salesforce & Traction...Mastering the Retail Omni Channel Experience with Aldo, Salesforce & Traction...
Mastering the Retail Omni Channel Experience with Aldo, Salesforce & Traction...
 
Case Study: Topshop [NYU]
Case Study: Topshop [NYU]Case Study: Topshop [NYU]
Case Study: Topshop [NYU]
 
Topshop (A Marketing Management Project for MBA)
Topshop (A Marketing Management Project for MBA)Topshop (A Marketing Management Project for MBA)
Topshop (A Marketing Management Project for MBA)
 
[Case study] zara fast fashion
[Case study] zara fast fashion[Case study] zara fast fashion
[Case study] zara fast fashion
 
Zara segmentation by
Zara segmentation byZara segmentation by
Zara segmentation by
 
Zara marketing plan
Zara marketing planZara marketing plan
Zara marketing plan
 
Zara Global Strategy
Zara Global StrategyZara Global Strategy
Zara Global Strategy
 
Complete topshop presentation
Complete topshop presentation Complete topshop presentation
Complete topshop presentation
 
TRATADOS INTERNACIONALES DEL MEDIO AMBIENTE
TRATADOS INTERNACIONALES DEL MEDIO AMBIENTETRATADOS INTERNACIONALES DEL MEDIO AMBIENTE
TRATADOS INTERNACIONALES DEL MEDIO AMBIENTE
 
ZARA 's Business Strategy
ZARA 's Business StrategyZARA 's Business Strategy
ZARA 's Business Strategy
 
Zara - A case study
Zara - A case studyZara - A case study
Zara - A case study
 

Similar to Clifton Gunderson IT Oversight

SirionLabs Webinar Featuring Forrester - Plugging Value Leakage in IT Outsour...
SirionLabs Webinar Featuring Forrester - Plugging Value Leakage in IT Outsour...SirionLabs Webinar Featuring Forrester - Plugging Value Leakage in IT Outsour...
SirionLabs Webinar Featuring Forrester - Plugging Value Leakage in IT Outsour...SirionLabs
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityPriyanka Aash
 
Clarkston Consulting CIO - 2022 Survey Summary Report.pdf
Clarkston Consulting CIO - 2022 Survey Summary Report.pdfClarkston Consulting CIO - 2022 Survey Summary Report.pdf
Clarkston Consulting CIO - 2022 Survey Summary Report.pdfMichelleTartalio
 
Enterprise policy-management
Enterprise policy-managementEnterprise policy-management
Enterprise policy-managementAmit Bhargava
 
value and implications of master data management.pptx
value and implications of master data management.pptxvalue and implications of master data management.pptx
value and implications of master data management.pptxMuhammad Khalid
 
Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...DATUM LLC
 
Executive analytics: Nine strategies to deliver digital solutions
Executive analytics: Nine strategies to deliver digital solutionsExecutive analytics: Nine strategies to deliver digital solutions
Executive analytics: Nine strategies to deliver digital solutionsGrant Thornton LLP
 
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...confluent
 
Impact of Digital Transformation on TPRM Operations
Impact of Digital Transformation on TPRM OperationsImpact of Digital Transformation on TPRM Operations
Impact of Digital Transformation on TPRM OperationsJim Hussey
 
Bridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and RetentionBridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and RetentionInfoGoTo
 
Security Policies and Implementation IssuesChapter 3U.S. Com.docx
Security Policies and Implementation IssuesChapter 3U.S. Com.docxSecurity Policies and Implementation IssuesChapter 3U.S. Com.docx
Security Policies and Implementation IssuesChapter 3U.S. Com.docxjeffreye3
 
What is Information Governance
What is Information GovernanceWhat is Information Governance
What is Information GovernanceAtle Skjekkeland
 
TechniClick - GWEA & EA Governance
TechniClick - GWEA & EA GovernanceTechniClick - GWEA & EA Governance
TechniClick - GWEA & EA Governanceguestea68b0
 
ITS 833 – INFORMATION GOVERNANCEChapter 1 – The Onslaught of.docx
ITS 833 – INFORMATION GOVERNANCEChapter 1 – The Onslaught of.docxITS 833 – INFORMATION GOVERNANCEChapter 1 – The Onslaught of.docx
ITS 833 – INFORMATION GOVERNANCEChapter 1 – The Onslaught of.docxvrickens
 
[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic Planning[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic PlanningAriantoMuditomo
 
Engaging Your CFO in Business Analytics | Palestrante: Celso Chapinotte
Engaging Your CFO in Business Analytics | Palestrante: Celso ChapinotteEngaging Your CFO in Business Analytics | Palestrante: Celso Chapinotte
Engaging Your CFO in Business Analytics | Palestrante: Celso Chapinottesucesuminas
 

Similar to Clifton Gunderson IT Oversight (20)

SirionLabs Webinar Featuring Forrester - Plugging Value Leakage in IT Outsour...
SirionLabs Webinar Featuring Forrester - Plugging Value Leakage in IT Outsour...SirionLabs Webinar Featuring Forrester - Plugging Value Leakage in IT Outsour...
SirionLabs Webinar Featuring Forrester - Plugging Value Leakage in IT Outsour...
 
Impacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT SpendingImpacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT Spending
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
Clarkston Consulting CIO - 2022 Survey Summary Report.pdf
Clarkston Consulting CIO - 2022 Survey Summary Report.pdfClarkston Consulting CIO - 2022 Survey Summary Report.pdf
Clarkston Consulting CIO - 2022 Survey Summary Report.pdf
 
Enterprise policy-management
Enterprise policy-managementEnterprise policy-management
Enterprise policy-management
 
value and implications of master data management.pptx
value and implications of master data management.pptxvalue and implications of master data management.pptx
value and implications of master data management.pptx
 
Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
 
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
GDPR Audit Resilience: How to Align Diverse Internal Stakeholder Needs and De...
 
Executive analytics: Nine strategies to deliver digital solutions
Executive analytics: Nine strategies to deliver digital solutionsExecutive analytics: Nine strategies to deliver digital solutions
Executive analytics: Nine strategies to deliver digital solutions
 
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
 
Impact of Digital Transformation on TPRM Operations
Impact of Digital Transformation on TPRM OperationsImpact of Digital Transformation on TPRM Operations
Impact of Digital Transformation on TPRM Operations
 
Bridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and RetentionBridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and Retention
 
Security Policies and Implementation IssuesChapter 3U.S. Com.docx
Security Policies and Implementation IssuesChapter 3U.S. Com.docxSecurity Policies and Implementation IssuesChapter 3U.S. Com.docx
Security Policies and Implementation IssuesChapter 3U.S. Com.docx
 
What is Information Governance
What is Information GovernanceWhat is Information Governance
What is Information Governance
 
TechniClick - GWEA & EA Governance
TechniClick - GWEA & EA GovernanceTechniClick - GWEA & EA Governance
TechniClick - GWEA & EA Governance
 
ITS 833 – INFORMATION GOVERNANCEChapter 1 – The Onslaught of.docx
ITS 833 – INFORMATION GOVERNANCEChapter 1 – The Onslaught of.docxITS 833 – INFORMATION GOVERNANCEChapter 1 – The Onslaught of.docx
ITS 833 – INFORMATION GOVERNANCEChapter 1 – The Onslaught of.docx
 
[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic Planning[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic Planning
 
Engaging Your CFO in Business Analytics | Palestrante: Celso Chapinotte
Engaging Your CFO in Business Analytics | Palestrante: Celso ChapinotteEngaging Your CFO in Business Analytics | Palestrante: Celso Chapinotte
Engaging Your CFO in Business Analytics | Palestrante: Celso Chapinotte
 
Bcs consumerisation
Bcs consumerisationBcs consumerisation
Bcs consumerisation
 

Clifton Gunderson IT Oversight

  • 1. IT Oversight: Six Management Strategies for Construction Companies A CFMA KnowledgeNOW Webinar September 29, 2010 1
  • 2. Copyright notice This presentation and all associated materials are copyrighted by CFMA & Clifton Gunderson LLP, and may not be altered, adapted, reproduced, or redistributed in any manner without express written permission from CFMA’s Director of Educational Services & Clifton Gunderson LLP. Unauthorized use of any CFMA copyrighted materials is expressly forbidden by law. 2 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 3. This KnowledgeNOW Webinar was produced for CFMA by… And is sponsored by… 3 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 4. Where IT fits in the organizational chart The role of IT in strategic planning and decision-making Developing an integrated IT group Security challenges and solutions The role of IT in internal controls Internal versus outsourced IT resources Discussion Topics 4 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 5. Today's Presenters: Rodney Almaraz, Senior Manager Clifton Gunderson, Austin, Texas Jeff Lemmermann, Practice Manager Clifton Gunderson, Milwaukee, Wisconsin 5 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 6.
  • 7. Harnessing the power of the IT group
  • 8. Outlining the role of IT in the business
  • 9. IT governance concepts 6 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 10.
  • 11. Budget Overruns
  • 13. Death March Projects7 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 14.
  • 15. Position IT as a strategic & competitive necessity
  • 16. Make sure that IT plans, actions, and capabilities are clearly linked8 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 17.
  • 19. What are we governing?9 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 20. 10 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 21.
  • 22. Alignment of the goals of the business with the goals of IT
  • 23. Involvement of the IT Group in the Strategic Vision11 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 24.
  • 25. Six ObjectivesAlignment of organizational and IT strategies Realization of IT project and operations value Realization of IT-related opportunities 12 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 26.
  • 27. Six Objectives4. Effective management and responsible use of IT resources 5. Effective management of IT-related business risks 6. Compliance with applicable laws, regulations and corporate standards 13 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 28.
  • 30. Classification of project types
  • 31. Minimize maintenance budget14 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 32.
  • 33. Involvement of users in the goal setting process15 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 34.
  • 35. Working with the Business
  • 36. Southwest Example
  • 37. Campbell Soup Example16 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 38. IT Oversight 17 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 39. IT Oversight 18 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 40.
  • 42. Determine stakeholder interest and motivation19 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 43. IT Oversight Conflicting Mutual Allies - use as a power base Blockers - isolate & negotiate Resources IT’s Action Source’s of IT’s Needs Degree of interdependence with IT process Political Support Network members - build strong political network Slowers - negotiate Conflicting Mutual Degree of common interest with IT 20 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 44.
  • 45. Understanding the security implications of proper oversight
  • 46. Safeguarding the “keys to the kingdom”
  • 47. Controls over administrator accounts21 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 48.
  • 51. Case Study - Terry Childs22 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 52. IT Oversight Terry Childs San Francisco - super administrator 23 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 53.
  • 54. Properly approving Administrator access24 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 55.
  • 57. Reporting outside of IT25 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 58. IT Oversight 26 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 59. Survey Poll There are six objectives that aim to align the goals of the business with the goals of IT, these goals do not include: 27 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 60. Speaker Transition Financial auditors will refer to this at least five times every year during fieldwork. What is “Segregation of Duties”? 28 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 61.
  • 62. Rights to network resources29 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 63.
  • 64. Data owners need to be involved
  • 65. New hire events & terminations
  • 66.
  • 70. Raw data file access30 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 71. Requires internal enforcement and auditing procedures: Internal enforcement Separation of network and application management Annual user audit procedures Participation of department heads (data owners) IT department overdependence Rights Management 31 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 72.
  • 74. Tracking & ReportingCompensating Controls 32 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 75. Survey Poll The management and auditing of rights to the network and applications should: 33 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 76.
  • 77.
  • 78. Proper approval & assignment process.
  • 79. Testing methodology and documentation.
  • 80. Separation of development and production systems.
  • 81. Project approval and close process.
  • 82. REPORTING & REVIEW OF CONTROLS35 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 83. Survey Poll Which statement is most accurate about companies that should implement change controls? 36 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 84. Internal IT Personnel vs. Outsourced IT Resources Key differences in managing security. 37 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 85.
  • 86. Who has skill set to monitor?38 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 87.
  • 90. Special Procedures for Outsourced Resources
  • 92. Reputation checks for specific consultants39 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 93. The Review Process Internal IT Outsourced IT Periodic employment review Parallels the company’s normal review process The Technical Review Technical performance reflected in project success Are projects getting done? Overall Review Is communication occurring? Is member contributing to success of the organization? Periodic performance review Departments with most interaction – can change Communication Component Are channels open? Project Completion Score Are projects being completed? Are they paying off as expected? 40 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 94. Reporting on Activities Key Sources of Information System Logs Resource Access Reports Report Consolidation Utilities Security Monitoring Applications 41 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 95.
  • 96.
  • 97. Deadlines are essential in the process
  • 98. Standardized form often most useful:
  • 100. Upcoming deadlines, points of concern, resources needed
  • 101. Priority listing of upcoming projects
  • 102. Key points of contacts for projects 43 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 103. Reporting on Activities Communication will always be the key to successful IT oversight. 44 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 104. Contact Information: Rodney Almaraz, Senior Manager Clifton Gunderson, Austin, Texas Jeff Lemmermann, Practice Manager Clifton Gunderson, Milwaukee, Wisconsin 45 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 105. CPEs In order to receive your CPE credit for this session, you must complete the electronic evaluation survey on prolibraries.com. To complete this evaluation, stay logged into prolibraries and click on "My Webinars" under "Your Account" on the left hand side of the page. You will see the session title and this link: "Take CPE Evaluation.“ Click on the CPE Evaluation link to complete the evaluation and print your certificate. You may print your certificate from CFMA's Online Library at any time after you complete the evaluation survey. 46 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 106. CFMAwould like to thank our Producer… and our Sponsor… 47 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.
  • 107. Thank you for joining us today!Don’t forget to Save the Date for October 13, 2010 as the CFMA’s webinar series continues with a critical update on the FASB Revenue Recognition Proposal for the Construction Industry with FASB representative Ken Bement 48 © 2010 Clifton Gunderson LLP & CFMA. All rights reserved.

Editor's Notes

  1. There are six objectives that aim to align the goals of the business with the goals of IT, these goals do not include:Alignment of organizational and IT strategiesEffective management and responsible use of IT resourcesRealization of non-IT related opportunities
  2. Those of you that have been through a financial audit know the topic well.The IT function has its own segregation needs, but can also help with duty segregation in other non-IT areas.
  3. Rights management is what enforces segregation of duties within information systems.Accounting system  what good are user credentials unless different users have different rights?
  4. Often turned over to the IT group  between HR & ITData owners need to take responsibility  IT doesn’t know what department heads doNetwork: Can circumvent application rights  interface export locations!Applications: Control and reporting of those who can create users. - change parameters should mirror those of the network.
  5. Problem with having the same person handle both: they could circumvent other segregation of duty controls.Controls should also include documentation between HR, IT & App management groups: forms, email, other tracking mechanismsAnnual audit cannot be an IT Only exercise.
  6. Compensating controls: Requires appropriate use of the mentioned items. If approvals can be overridden through loose rights assignments, then there is no value.Reporting: Only useful if reports are reviewed: system logs, 3rd party applications.Approval & override reporting.
  7. The management and auditing of rights to the network and applications shouldBe handled solely by the IT groupInvolve the data owners and those responsible for implementing the systemsMainly focus on application security which overrides network security
  8. Software applications: same basic intentions of controlling O/S updates. Additional concerns over interfaces with other applications or modifications to basic application.Reporting Systems: Controls and approvals over changes to customized reports – as essential as application changes. Could hide transactions, account groups, etc.
  9. Also referred to within a system development lifecycle.Formalization is key!Reporting – requestor is same as developer – changes outside of production system.Changes at same time of period by same developer.
  10. Which statement is most accurate about companies that should implement change controls?Only companies that have internally developed applications need change controlsChanges to reporting tools are not normally part of the change control processChange controls should cover system update procedures
  11. Internal: Monitoring and understanding of system plans and changes (same for both). Supervisory roles!Physical access to servers, backup media, laptops  data or equipment theftCan be influenced by other departments  knowingly or unknowingly part of fraudOutsourced: Remote access control (OFF UNLESS REQUESTED!) Access logging reports.Communication is harder – not part of culture, planning meetings, etc. Details on activities not always expressed or understood by organization. Little dialog with data owners to help meet system needs.Consultant storage of credentials, sharing with other consultants, changes in consultant organization (fired employees) could lead to security problems.
  12. These will potentially be people with access to all of the organization’s IT assets – treated like those in finance or HR. Criminal background checks are a necessity.Credit checks not enough.State court system check not always enough – work in other states.Google searches – message board postings, news stories, etc.Social media content – twitter posts, blogs, facebook wall items, etc. 3rd Party Hiring Procedures part of vendor selection - What are the procedures for consultantsDue diligence on consultants assigned to the account.
  13. At the backend of the hiring process is the review process.Equally important for Internal and Outsourced IT Resources.For the internal IT group – who handles the Technical review? The review doesn’t need to be highly technical – are projects getting done? Are the department heads satisfied with the project?
  14. You don’t have to understand the systems to understand the log information.The key is information that is easy to access and easy to understand.
  15. Remote access sessions – could indicate an attempt to hide activities. Look for patterns – always before and after reporting events.Failed login attempts – trying to break other user credentialsChanges to system level rights – temporarily granting access to items
  16. Standardized form to help track from period to period. Helps to divide up the review process – open communication channels with managers.
  17. Communication at all levels – distributed to managers.One group/person in control, but input and help from department heads is key to getting true integration.