SlideShare a Scribd company logo

WICASA BARODA: Risk Assessment and Internal Controls

Download as DOCX, PDF
ishan parikh production
ishan parikh production

The document provides details about a presentation on risk assessment and internal controls in IT enabled environments. It discusses: 1. How risk assessment involves identifying threats, vulnerabilities, assets, impact, and likelihood to understand risks. Internal controls can then reduce probability of threats or vulnerabilities. 2. Two case studies - how eBay India assessed risks to critical business processes and IT systems, finding sales systems high risk. And for a law firm, case proceeding and client databases were high risk due to data stored. 3. How risk management involves assessing risks, selecting controls, and accepting residual risks, with the goal of supporting business objectives.

Economy & FinanceBusiness
1 of 17
WICASA BARODA Presentation on: Case Studies on Risk assessment and internal controls in IT enable Environment Presentation at: National Convention ICAI BHWAN Baroda Presentation @: 12 July 2013 Presentation By: Ishan Parikh(WRO0349134) Contact number: 9067408930 1
Risk assessment and internal controls in IT enabled Environment 1 2 Risk assessment: Well memorized definitions The auditor should obtain an understanding of the accounting and internal control systems sufficient to plan the audit and develop an effective audit approach. The auditor should use professional judgment to assess audit risk and to design audit procedures to ensure that it is reduced to an acceptably low level. Internal Control System: ICS means all the policies and procedures (internal controls) adopted by the management of an entity to assist in achieving management's objective of ensuring, as far as practicable, the orderly and efficient conduct of its business, including adherence to management policies, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information. 3 IT enabled Environment: IT enabled environment is a Area that is constitution of different Computers and its peripheral devices and work together to fulfill organization’s objectives. 2
Requirement of involving of IT in Accounting & Audit:  Technological Revolution.  Increase in Volumes & Complexities of transactions.  Time & Information became most sought after.  Fall in Prices of Computer Hardware.  Availability of user friendly software. Though no change in audit objectives  To establish reliability & integrity of information  To assess compliance with policies, laws & regulations  To see that assets are being safeguarded  To appraise economical & efficient use of resources  Accomplishment of established objectives & goals 3
IT Security Risk Assessment  Risk Assessment can be understood as the generation of a snapshot of current risks. More technically, it consists of the following phases: 1. Threats identification: identify all relevant threats 2. Threat characterization: determine the impact and likelihood of the relevant threats 3. Exposure assessment: identify the vulnerability of the assets 4. Risk characterization: determine the risks and evaluate their impacts on the business Figure 1 below illustrates how IT security risk can be seen as a function of threat, vulnerability and assets value. It also shows that there are different ways to reduce the risks: countermeasures can either reduce the probability for a threat to become true. They can reduce vulnerability or they might help to reduce the impact caused when a threat comes true. figure 1 Risks that remain after applying countermeasures are called “residual risks”. Residual risks have to be considered by the management and be accepted or rejected (in the latter case the risks have to be treated again). 4
Let us consider the example of a commercial engineer who possesses a company laptop. This hardware stores a copy of the price list of products as well as a database with client data. The commercial engineer is a frequent traveller and he uses his laptop in public places like restaurants or the customers’ offices. In this example: 1. Threats are the loss or theft of the laptop with the impact of disclosure of company confidential information. 2. Vulnerabilities result from storing confidential plaintext data on the laptop or leaving the laptop unattended without a screen lock or appropriate password protection. 3. Assets are the hardware itself (replacement costs in case of theft or loss) and the confidential data for the company. To calculate the value of these assets, several questions have to be answered: a. What is the cost (money and time) for reconstructing the data in case of loss? b. What is the degree of confidentiality of the data stored in the laptop? c. What is the potential impact of data disclosure to competing companies? 5
Figure 2 shows the phases of the risk assessment process: In the example, as a result of the risk assessment the risk that company information could be disclosed to non-trusted parties has been identified. This risk has major business impacts for the company. 6
Figure 3 below shows the steps required to deal with the risks connected to the threats and Vulnerabilities of an asset. 7
IT Security Risk Management In order to mitigate the identified IT security risks a risk management process should be implemented. For each assessed risk, the risk manager should propose security internal controls. In general, security standards propose security controls categorized in the following areas: Logical controls: E.g. protection of data, protection of network assets, protection of access to applications etc. Physical controls E.g. alarm systems, fire sensors, physical access control, surveillance etc.) Organizational controls E.g. usage rules, administration procedures, process descriptions, definition of roles etc. Personnel controls E.g. sanctions, confidentiality clauses in contracts, training and awareness etc. 8
In our example these security controls could be: 1. Awareness training for commercial engineers (i.e. control of personnel type) 2. Encryption of confidential data stored on the notebook (i.e. control of logical type) 3. Only the data actually needed for the trip should be stored on the notebook (i.e. control of organizational type). 4. Insurance for the case of theft or loss of the hardware (i.e. control of organizational type) The security controls should be selected, planned, implemented, communicated and monitored. IT Security Risk Management is a global approach to risk: on the basis of the assessed risks the process continues with the selection and implementation of security controls (“risk treatment”), the acceptance of risk that cannot or should not be treated further, the communication of risks and their monitoring. 9
More technically speaking, the process of Risk Management includes: Risk assessment: Find out which risks apply to your business and evaluate them. Management has to decide which risks will be treated or not. Risk treatment: Select and implement security controls to reduce risks. Controls can have different effects, like:  mitigation  transfer  avoidance and  retention of risks In the example given above, a disk encryption (that would strongly reduce the risk that competing companies get access to confidential data in case the laptop is stolen) is a measure of risk mitigation, an insurance covering the hardware replacement cost is a measure of risk transfer. An example for risk avoidance is to take on the laptop no more than the necessary data. You can and should use multiple security controls to treat risks. It is advisable to use different types of controls. Risk acceptance: Even when the risks have been treated, residual risks will generally remain, even after risk treatment has been performed or if controls are not feasible. The management has to accept the way risks have been treated. Thus, risk acceptance should always be a management decision. 10
IT security risk management is a part of business management In order to establish risk management, you will need a supporting method. Risk management methods vary from simple step-by-step approaches up to complex methods requiring the support of automated tools::::::::: The first step towards dealing with IT security risk management is to assess the importance of your organization’s information assets. This assessment is done in two steps: 1 Determine the importance of the business processes for the organization and the environment respectively. This importance may vary from ‘high’ to ‘low’:  Processes with high importance are the most valuable assets for the organization (e.g. the production processes) or the environment (e.g. if your organization does air traffic control). Disruption or congestion of such processes results in unacceptable damage1.  Processes with medium importance represent a moderate value for the organization. Disruption or congestion of such processes results in significant damage.  Processes with low importance are of minor value for the organisation. Disruption or congestion of such processes results in minor damage only. 2 Determine the dependency of the business processes on information systems:  High dependency: Disruption of information systems results in severe hindering or even congestion of the dependent processes.  Medium dependency: Disruption of information system results in significant but not severe hindering of the dependent process. 11
 Low dependency: Disruption of information system results in only minor hindering of the dependent process. Figure below illustrates the criticality as the combination of IT systems dependency and the importance of a business process. 12
Case Studies on Risk assessment and internal controls in IT enabled Environment 1. EBay India 2. Any Advanced law firm 13
EBay Inc. is an American multinational internet consumer-toconsumer corporation, headquartered in San Jose, California. It was founded in 1995, and became a notable success story of the dot-com bubble; it is now a multi-billion dollar business with operations localized in over thirty countries now in India too. Business processes and their importance for the business: Business process Production Finance Human Resources Marketing Importance for the business high importance High Importance Low importance High importance 14
Risk assessment process in EBay A online Store: Business Process IT System Production: high importance Finance: high importance Production Web Services: high dependency Production Database: high dependency Production File and Print: medium dependency Production / Specific Applications: high dependency Finance and Controlling applications: low dependency Marketing File and Print: low dependency E-Mail: medium dependency high criticality Company sells its products mainly through an online store high criticality It stores sales data (including personal data) medium criticality Function needed to process orders, receipts,correspondence with customers high criticality A set of programs used to access, manage and maintain the production environment medium criticality medium criticality IT Infrastructure: high dependency high criticality high criticality Human Resources: low importance Marketing: high importance low criticality Comments It stores data to proceed the internal cost performance ratio no criticality It is used by the marketing unit to produce their information material no criticality low criticality low criticality medium criticality The company has a centralized Emailsystem. This is an indispensable internal and external communication channel Consist of hardware, local network, operating systems, system software which is needed to operate the information systems 15
Amarchand & Mangaldas & Suresh A Shroff & Co or AMSS in short, is the largest law firm in India with headquarters in Delhi and Mumbai. It has offices in 7 cities Viz New Delhi, Ahmedabad, Hyderabad, Kolkata, Mumbai, Bengaluru, Chennai and Pune. The firm now has nearly 575 lawyers with about 70 partners. Business processes and their importance for the business: Business process Consultancy Case Proceeding Finance Human Resources Importance for the business high importance High Importance Low importance Medium importance 16
Risk assessment process in AMSS a Biggest Law Firm of India: Business Process IT System Case Proceeding Database: high dependency Consulting Database: high dependency Finance and Controlling application: low dependency E-Mail: high dependency IT Infrastructure: high dependency Consultancy: high importance Case Proceeding: high importance Finance: Low importance Human resources: medium importance high criticality Comments It stores information related to the cases (including personal data) high criticality It stores information related to the clients (including personal data) no criticality It stores data to proceed the internal cost-performance ratio high criticality high criticality low criticality medium criticality high criticality high criticality low criticality medium criticality The company has a Centralized mail system. This is an Indispensable internal and external communication channel Consists of hardware, local network, operating systems, system software which are needed to operate the information systems 17

Recommended

Information Technology Risk Management
Information Technology Risk ManagementInformation Technology Risk Management
Information Technology Risk ManagementGlen Alleman
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)Bushra Angbeen
 
Operational Risk Management - Understanding Your Risk Landscape
Operational Risk Management - Understanding Your Risk LandscapeOperational Risk Management - Understanding Your Risk Landscape
Operational Risk Management - Understanding Your Risk LandscapeEneni Oduwole
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk AppetiteTowers Perrin
 
Operational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel IIIOperational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel IIIEneni Oduwole
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementPYA, P.C.
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk pptNehaKamboj10
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementKarim Farag
 

Recommended

Information Technology Risk Management
Information Technology Risk ManagementInformation Technology Risk Management
Information Technology Risk ManagementGlen Alleman
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)Bushra Angbeen
 
Operational Risk Management - Understanding Your Risk Landscape
Operational Risk Management - Understanding Your Risk LandscapeOperational Risk Management - Understanding Your Risk Landscape
Operational Risk Management - Understanding Your Risk LandscapeEneni Oduwole
 
Risk Appetite
Risk AppetiteRisk Appetite
Risk AppetiteTowers Perrin
 
Operational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel IIIOperational Risk Management Under Basel II & Basel III
Operational Risk Management Under Basel II & Basel IIIEneni Oduwole
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementPYA, P.C.
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk pptNehaKamboj10
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementKarim Farag
 
Risk appetite
Risk appetite Risk appetite
Risk appetite Michel Rochette
 
Operational risk management and measurement
Operational risk management and measurementOperational risk management and measurement
Operational risk management and measurementRahmat Mulyana
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslideZakaria Salah, Ph.D,MBA
 
Risk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation SlidesRisk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation SlidesSlideTeam
 
The OCTAVE Method
The OCTAVE MethodThe OCTAVE Method
The OCTAVE MethodRaul Calzada
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesSlideTeam
 
Business Risk Management Overview PowerPoint Presentation Slides
Business Risk Management Overview PowerPoint Presentation SlidesBusiness Risk Management Overview PowerPoint Presentation Slides
Business Risk Management Overview PowerPoint Presentation SlidesSlideTeam
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITMax Neira Schliemann
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking SectorSanjay Kumbhar
 
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...Zanders Treasury, Risk and Finance
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Case presentation on eastman kodak organizational life cycle
Case presentation on eastman kodak organizational life cycleCase presentation on eastman kodak organizational life cycle
Case presentation on eastman kodak organizational life cycleShekhar kumar
 
Race for supply chain 2020
Race for supply chain 2020 Race for supply chain 2020
Race for supply chain 2020 Lora Cecere
 
practical-approach-to-strategic-risk-management.ppt
practical-approach-to-strategic-risk-management.pptpractical-approach-to-strategic-risk-management.ppt
practical-approach-to-strategic-risk-management.pptaminrahman34
 
Risk & Risk Management
Risk & Risk ManagementRisk & Risk Management
Risk & Risk Managementansula
 
Pp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlPp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlErwin Morales
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Chapter1 introduction to risk management
Chapter1 introduction to risk managementChapter1 introduction to risk management
Chapter1 introduction to risk managementDr Riyaz Muhmmad
 
Operational Risk for Bank
Operational Risk for BankOperational Risk for Bank
Operational Risk for BankRahmat Mulyana
 
Social Media final presentation risks
Social Media final presentation risksSocial Media final presentation risks
Social Media final presentation risksJAIRO SUAREZ
 
Sustainable development case study in HK
Sustainable development case study in HKSustainable development case study in HK
Sustainable development case study in HKfionayfwong
 

More Related Content

What's hot

Operational risk management and measurement
Operational risk management and measurementOperational risk management and measurement
Operational risk management and measurementRahmat Mulyana
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Risk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation SlidesRisk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation SlidesSlideTeam
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesSlideTeam
 
Business Risk Management Overview PowerPoint Presentation Slides
Business Risk Management Overview PowerPoint Presentation SlidesBusiness Risk Management Overview PowerPoint Presentation Slides
Business Risk Management Overview PowerPoint Presentation SlidesSlideTeam
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking SectorSanjay Kumbhar
 
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...Zanders Treasury, Risk and Finance
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
Case presentation on eastman kodak organizational life cycle
Case presentation on eastman kodak organizational life cycleCase presentation on eastman kodak organizational life cycle
Case presentation on eastman kodak organizational life cycleShekhar kumar
 
Race for supply chain 2020
Race for supply chain 2020 Race for supply chain 2020
Race for supply chain 2020 Lora Cecere
 
practical-approach-to-strategic-risk-management.ppt
practical-approach-to-strategic-risk-management.pptpractical-approach-to-strategic-risk-management.ppt
practical-approach-to-strategic-risk-management.pptaminrahman34
 
Risk & Risk Management
Risk & Risk ManagementRisk & Risk Management
Risk & Risk Managementansula
 
Pp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlPp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlErwin Morales
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Chapter1 introduction to risk management
Chapter1 introduction to risk managementChapter1 introduction to risk management
Chapter1 introduction to risk managementDr Riyaz Muhmmad
 
Operational Risk for Bank
Operational Risk for BankOperational Risk for Bank
Operational Risk for BankRahmat Mulyana
 

What's hot (20)

Risk appetite
Risk appetite Risk appetite
Risk appetite
 
Operational risk management and measurement
Operational risk management and measurementOperational risk management and measurement
Operational risk management and measurement
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslide
 
Risk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation SlidesRisk Mitigation Strategies PowerPoint Presentation Slides
Risk Mitigation Strategies PowerPoint Presentation Slides
 
The OCTAVE Method
The OCTAVE MethodThe OCTAVE Method
The OCTAVE Method
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation Slides
 
Business Risk Management Overview PowerPoint Presentation Slides
Business Risk Management Overview PowerPoint Presentation SlidesBusiness Risk Management Overview PowerPoint Presentation Slides
Business Risk Management Overview PowerPoint Presentation Slides
 
KRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & ITKRI (Key Risk Indicators) & IT
KRI (Key Risk Indicators) & IT
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking Sector
 
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
Risk Appetite: A new Menu under Basel 3? Pieter Klaassen (UBS) voor het Zande...
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Case presentation on eastman kodak organizational life cycle
Case presentation on eastman kodak organizational life cycleCase presentation on eastman kodak organizational life cycle
Case presentation on eastman kodak organizational life cycle
 
Race for supply chain 2020
Race for supply chain 2020 Race for supply chain 2020
Race for supply chain 2020
 
practical-approach-to-strategic-risk-management.ppt
practical-approach-to-strategic-risk-management.pptpractical-approach-to-strategic-risk-management.ppt
practical-approach-to-strategic-risk-management.ppt
 
Risk & Risk Management
Risk & Risk ManagementRisk & Risk Management
Risk & Risk Management
 
Pp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlPp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and control
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
 
Chapter1 introduction to risk management
Chapter1 introduction to risk managementChapter1 introduction to risk management
Chapter1 introduction to risk management
 
Operational Risk for Bank
Operational Risk for BankOperational Risk for Bank
Operational Risk for Bank
 

Viewers also liked

Social Media final presentation risks
Social Media final presentation risksSocial Media final presentation risks
Social Media final presentation risksJAIRO SUAREZ
 
Sustainable development case study in HK
Sustainable development case study in HKSustainable development case study in HK
Sustainable development case study in HKfionayfwong
 
Human resource(google vs yahoo)
Human resource(google vs yahoo)Human resource(google vs yahoo)
Human resource(google vs yahoo)SripRiya Iduri
 
Social media Risk Management Presentation Sample (Animations don't work in sl...
Social media Risk Management Presentation Sample (Animations don't work in sl...Social media Risk Management Presentation Sample (Animations don't work in sl...
Social media Risk Management Presentation Sample (Animations don't work in sl...Alexander Larsen
 
2011 Tōhoku Earthquake and Tsunami in Japan
2011 Tōhoku Earthquake and Tsunami in Japan2011 Tōhoku Earthquake and Tsunami in Japan
2011 Tōhoku Earthquake and Tsunami in Japanfionayfwong
 
Yahoo Human Resource Management Case
Yahoo Human Resource Management CaseYahoo Human Resource Management Case
Yahoo Human Resource Management CaseRahul Goyal
 
Management des risque etude de cas 1 - MOSAR/MADS
Management des risque etude de cas 1 - MOSAR/MADSManagement des risque etude de cas 1 - MOSAR/MADS
Management des risque etude de cas 1 - MOSAR/MADSibtissam el hassani
 
Management des risques ibtissam el hassani-chapitre3 : MADS/MOSAR
Management des risques ibtissam el hassani-chapitre3 : MADS/MOSARManagement des risques ibtissam el hassani-chapitre3 : MADS/MOSAR
Management des risques ibtissam el hassani-chapitre3 : MADS/MOSARibtissam el hassani
 
Nike and CSR
Nike and CSRNike and CSR
Nike and CSRtchau42
 
Crisis management - Types and Examples
Crisis management - Types and ExamplesCrisis management - Types and Examples
Crisis management - Types and ExamplesNupur Bhardwaj
 
Risk Management
Risk ManagementRisk Management
Risk Managementcgeorgeo
 
Social Media Crisis Management: Three Case Studies
Social Media Crisis Management: Three Case StudiesSocial Media Crisis Management: Three Case Studies
Social Media Crisis Management: Three Case StudiesElisha Tan
 

Viewers also liked (14)

Social Media final presentation risks
Social Media final presentation risksSocial Media final presentation risks
Social Media final presentation risks
 
Sustainable development case study in HK
Sustainable development case study in HKSustainable development case study in HK
Sustainable development case study in HK
 
Human resource(google vs yahoo)
Human resource(google vs yahoo)Human resource(google vs yahoo)
Human resource(google vs yahoo)
 
Social media Risk Management Presentation Sample (Animations don't work in sl...
Social media Risk Management Presentation Sample (Animations don't work in sl...Social media Risk Management Presentation Sample (Animations don't work in sl...
Social media Risk Management Presentation Sample (Animations don't work in sl...
 
2011 Tōhoku Earthquake and Tsunami in Japan
2011 Tōhoku Earthquake and Tsunami in Japan2011 Tōhoku Earthquake and Tsunami in Japan
2011 Tōhoku Earthquake and Tsunami in Japan
 
Yahoo Human Resource Management Case
Yahoo Human Resource Management CaseYahoo Human Resource Management Case
Yahoo Human Resource Management Case
 
Management des risque etude de cas 1 - MOSAR/MADS
Management des risque etude de cas 1 - MOSAR/MADSManagement des risque etude de cas 1 - MOSAR/MADS
Management des risque etude de cas 1 - MOSAR/MADS
 
Management des risques ibtissam el hassani-chapitre3 : MADS/MOSAR
Management des risques ibtissam el hassani-chapitre3 : MADS/MOSARManagement des risques ibtissam el hassani-chapitre3 : MADS/MOSAR
Management des risques ibtissam el hassani-chapitre3 : MADS/MOSAR
 
Nike and CSR
Nike and CSRNike and CSR
Nike and CSR
 
CSR Case Study
CSR Case StudyCSR Case Study
CSR Case Study
 
Crisis management - Types and Examples
Crisis management - Types and ExamplesCrisis management - Types and Examples
Crisis management - Types and Examples
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Social Media Crisis Management: Three Case Studies
Social Media Crisis Management: Three Case StudiesSocial Media Crisis Management: Three Case Studies
Social Media Crisis Management: Three Case Studies
 
Risk Management Framework
Risk Management FrameworkRisk Management Framework
Risk Management Framework
 

Similar to WICASA BARODA: Risk Assessment and Internal Controls

u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachThe 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachProtected Harbor
 
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016Ben Browning
 
It risk assessment in uae
It risk assessment in uaeIt risk assessment in uae
It risk assessment in uaeRishalHalid1
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniyaseraljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniYaser Alrefai
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTNi
 
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore UniversityChapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore UniversitySwaminath Sam
 
Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Monica Rivera
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 

Similar to WICASA BARODA: Risk Assessment and Internal Controls (20)

u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
 
S36169184
S36169184S36169184
S36169184
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
 
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachThe 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
 
It risk assessment
It risk assessmentIt risk assessment
It risk assessment
 
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
 
It risk assessment in uae
It risk assessment in uaeIt risk assessment in uae
It risk assessment in uae
 
Cyber Risks - Maligec and Eskins
Cyber Risks - Maligec and EskinsCyber Risks - Maligec and Eskins
Cyber Risks - Maligec and Eskins
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENT
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
 
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore UniversityChapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
Icab lectures chapter 5 & 6, Business and Finance, ICAB
Icab lectures chapter 5 & 6, Business and Finance, ICABIcab lectures chapter 5 & 6, Business and Finance, ICAB
Icab lectures chapter 5 & 6, Business and Finance, ICAB
 
Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing Processes
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 

More from ishan parikh production

Goal setting, positive attitude & belife system
Goal setting, positive attitude & belife systemGoal setting, positive attitude & belife system
Goal setting, positive attitude & belife systemishan parikh production
 
Tax planning for salaried emp. 8.8.2012(final)
Tax planning for salaried emp. 8.8.2012(final)Tax planning for salaried emp. 8.8.2012(final)
Tax planning for salaried emp. 8.8.2012(final)ishan parikh production
 
Capital mkt. & tax planning 23-6-2012(final)
Capital mkt. & tax planning 23-6-2012(final)Capital mkt. & tax planning 23-6-2012(final)
Capital mkt. & tax planning 23-6-2012(final)ishan parikh production
 

More from ishan parikh production (7)

Goal setting, positive attitude & belife system
Goal setting, positive attitude & belife systemGoal setting, positive attitude & belife system
Goal setting, positive attitude & belife system
 
Derivatives trading
Derivatives tradingDerivatives trading
Derivatives trading
 
Tax planning for salaried emp. 8.8.2012(final)
Tax planning for salaried emp. 8.8.2012(final)Tax planning for salaried emp. 8.8.2012(final)
Tax planning for salaried emp. 8.8.2012(final)
 
Tax dispute resolution
Tax dispute resolutionTax dispute resolution
Tax dispute resolution
 
Capital gain
Capital gainCapital gain
Capital gain
 
Capital mkt. & tax planning 23-6-2012(final)
Capital mkt. & tax planning 23-6-2012(final)Capital mkt. & tax planning 23-6-2012(final)
Capital mkt. & tax planning 23-6-2012(final)
 
Budget analysis 2013 14
Budget analysis 2013 14Budget analysis 2013 14
Budget analysis 2013 14
 

Recently uploaded

The Economic History of the U.S. Lecture 26.pdf
The Economic History of the U.S. Lecture 26.pdfThe Economic History of the U.S. Lecture 26.pdf
The Economic History of the U.S. Lecture 26.pdfGale Pooley
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptxFinTech Belgium
 
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...ssifa0344
 
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...Call Girls in Nagpur High Profile
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Call Girls in Nagpur High Profile
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Pooja Nehwal
 
The Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdfThe Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdfGale Pooley
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual serviceanilsa9823
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Pooja Nehwal
 
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779Delhi Call girls
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptxFinTech Belgium
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptxFinTech Belgium
 

Recently uploaded (20)

The Economic History of the U.S. Lecture 26.pdf
The Economic History of the U.S. Lecture 26.pdfThe Economic History of the U.S. Lecture 26.pdf
The Economic History of the U.S. Lecture 26.pdf
 
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
VIP Independent Call Girls in Andheri 🌹 9920725232 ( Call Me ) Mumbai Escorts...
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx
 
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
 
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
 
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
Top Rated Pune Call Girls Viman Nagar ⟟ 6297143586 ⟟ Call Me For Genuine Sex...
 
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
 
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
 
The Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdfThe Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdf
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best sexual service
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
 
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
Best VIP Call Girls Noida Sector 18 Call Me: 8448380779
 
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(DIYA) Bhumkar Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Veritas Interim Report 1 January–31 March 2024
Veritas Interim Report 1 January–31 March 2024Veritas Interim Report 1 January–31 March 2024
Veritas Interim Report 1 January–31 March 2024
 
(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7
(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7
(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
 
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
 

WICASA BARODA: Risk Assessment and Internal Controls

  • 1. WICASA BARODA Presentation on: Case Studies on Risk assessment and internal controls in IT enable Environment Presentation at: National Convention ICAI BHWAN Baroda Presentation @: 12 July 2013 Presentation By: Ishan Parikh(WRO0349134) Contact number: 9067408930 1
  • 2. Risk assessment and internal controls in IT enabled Environment 1 2 Risk assessment: Well memorized definitions The auditor should obtain an understanding of the accounting and internal control systems sufficient to plan the audit and develop an effective audit approach. The auditor should use professional judgment to assess audit risk and to design audit procedures to ensure that it is reduced to an acceptably low level. Internal Control System: ICS means all the policies and procedures (internal controls) adopted by the management of an entity to assist in achieving management's objective of ensuring, as far as practicable, the orderly and efficient conduct of its business, including adherence to management policies, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy and completeness of the accounting records, and the timely preparation of reliable financial information. 3 IT enabled Environment: IT enabled environment is a Area that is constitution of different Computers and its peripheral devices and work together to fulfill organization’s objectives. 2
  • 3. Requirement of involving of IT in Accounting & Audit:  Technological Revolution.  Increase in Volumes & Complexities of transactions.  Time & Information became most sought after.  Fall in Prices of Computer Hardware.  Availability of user friendly software. Though no change in audit objectives  To establish reliability & integrity of information  To assess compliance with policies, laws & regulations  To see that assets are being safeguarded  To appraise economical & efficient use of resources  Accomplishment of established objectives & goals 3
  • 4. IT Security Risk Assessment  Risk Assessment can be understood as the generation of a snapshot of current risks. More technically, it consists of the following phases: 1. Threats identification: identify all relevant threats 2. Threat characterization: determine the impact and likelihood of the relevant threats 3. Exposure assessment: identify the vulnerability of the assets 4. Risk characterization: determine the risks and evaluate their impacts on the business Figure 1 below illustrates how IT security risk can be seen as a function of threat, vulnerability and assets value. It also shows that there are different ways to reduce the risks: countermeasures can either reduce the probability for a threat to become true. They can reduce vulnerability or they might help to reduce the impact caused when a threat comes true. figure 1 Risks that remain after applying countermeasures are called “residual risks”. Residual risks have to be considered by the management and be accepted or rejected (in the latter case the risks have to be treated again). 4
  • 5. Let us consider the example of a commercial engineer who possesses a company laptop. This hardware stores a copy of the price list of products as well as a database with client data. The commercial engineer is a frequent traveller and he uses his laptop in public places like restaurants or the customers’ offices. In this example: 1. Threats are the loss or theft of the laptop with the impact of disclosure of company confidential information. 2. Vulnerabilities result from storing confidential plaintext data on the laptop or leaving the laptop unattended without a screen lock or appropriate password protection. 3. Assets are the hardware itself (replacement costs in case of theft or loss) and the confidential data for the company. To calculate the value of these assets, several questions have to be answered: a. What is the cost (money and time) for reconstructing the data in case of loss? b. What is the degree of confidentiality of the data stored in the laptop? c. What is the potential impact of data disclosure to competing companies? 5
  • 6. Figure 2 shows the phases of the risk assessment process: In the example, as a result of the risk assessment the risk that company information could be disclosed to non-trusted parties has been identified. This risk has major business impacts for the company. 6
  • 7. Figure 3 below shows the steps required to deal with the risks connected to the threats and Vulnerabilities of an asset. 7
  • 8. IT Security Risk Management In order to mitigate the identified IT security risks a risk management process should be implemented. For each assessed risk, the risk manager should propose security internal controls. In general, security standards propose security controls categorized in the following areas: Logical controls: E.g. protection of data, protection of network assets, protection of access to applications etc. Physical controls E.g. alarm systems, fire sensors, physical access control, surveillance etc.) Organizational controls E.g. usage rules, administration procedures, process descriptions, definition of roles etc. Personnel controls E.g. sanctions, confidentiality clauses in contracts, training and awareness etc. 8
  • 9. In our example these security controls could be: 1. Awareness training for commercial engineers (i.e. control of personnel type) 2. Encryption of confidential data stored on the notebook (i.e. control of logical type) 3. Only the data actually needed for the trip should be stored on the notebook (i.e. control of organizational type). 4. Insurance for the case of theft or loss of the hardware (i.e. control of organizational type) The security controls should be selected, planned, implemented, communicated and monitored. IT Security Risk Management is a global approach to risk: on the basis of the assessed risks the process continues with the selection and implementation of security controls (“risk treatment”), the acceptance of risk that cannot or should not be treated further, the communication of risks and their monitoring. 9
  • 10. More technically speaking, the process of Risk Management includes: Risk assessment: Find out which risks apply to your business and evaluate them. Management has to decide which risks will be treated or not. Risk treatment: Select and implement security controls to reduce risks. Controls can have different effects, like:  mitigation  transfer  avoidance and  retention of risks In the example given above, a disk encryption (that would strongly reduce the risk that competing companies get access to confidential data in case the laptop is stolen) is a measure of risk mitigation, an insurance covering the hardware replacement cost is a measure of risk transfer. An example for risk avoidance is to take on the laptop no more than the necessary data. You can and should use multiple security controls to treat risks. It is advisable to use different types of controls. Risk acceptance: Even when the risks have been treated, residual risks will generally remain, even after risk treatment has been performed or if controls are not feasible. The management has to accept the way risks have been treated. Thus, risk acceptance should always be a management decision. 10
  • 11. IT security risk management is a part of business management In order to establish risk management, you will need a supporting method. Risk management methods vary from simple step-by-step approaches up to complex methods requiring the support of automated tools::::::::: The first step towards dealing with IT security risk management is to assess the importance of your organization’s information assets. This assessment is done in two steps: 1 Determine the importance of the business processes for the organization and the environment respectively. This importance may vary from ‘high’ to ‘low’:  Processes with high importance are the most valuable assets for the organization (e.g. the production processes) or the environment (e.g. if your organization does air traffic control). Disruption or congestion of such processes results in unacceptable damage1.  Processes with medium importance represent a moderate value for the organization. Disruption or congestion of such processes results in significant damage.  Processes with low importance are of minor value for the organisation. Disruption or congestion of such processes results in minor damage only. 2 Determine the dependency of the business processes on information systems:  High dependency: Disruption of information systems results in severe hindering or even congestion of the dependent processes.  Medium dependency: Disruption of information system results in significant but not severe hindering of the dependent process. 11
  • 12.  Low dependency: Disruption of information system results in only minor hindering of the dependent process. Figure below illustrates the criticality as the combination of IT systems dependency and the importance of a business process. 12
  • 13. Case Studies on Risk assessment and internal controls in IT enabled Environment 1. EBay India 2. Any Advanced law firm 13
  • 14. EBay Inc. is an American multinational internet consumer-toconsumer corporation, headquartered in San Jose, California. It was founded in 1995, and became a notable success story of the dot-com bubble; it is now a multi-billion dollar business with operations localized in over thirty countries now in India too. Business processes and their importance for the business: Business process Production Finance Human Resources Marketing Importance for the business high importance High Importance Low importance High importance 14
  • 15. Risk assessment process in EBay A online Store: Business Process IT System Production: high importance Finance: high importance Production Web Services: high dependency Production Database: high dependency Production File and Print: medium dependency Production / Specific Applications: high dependency Finance and Controlling applications: low dependency Marketing File and Print: low dependency E-Mail: medium dependency high criticality Company sells its products mainly through an online store high criticality It stores sales data (including personal data) medium criticality Function needed to process orders, receipts,correspondence with customers high criticality A set of programs used to access, manage and maintain the production environment medium criticality medium criticality IT Infrastructure: high dependency high criticality high criticality Human Resources: low importance Marketing: high importance low criticality Comments It stores data to proceed the internal cost performance ratio no criticality It is used by the marketing unit to produce their information material no criticality low criticality low criticality medium criticality The company has a centralized Emailsystem. This is an indispensable internal and external communication channel Consist of hardware, local network, operating systems, system software which is needed to operate the information systems 15
  • 16. Amarchand & Mangaldas & Suresh A Shroff & Co or AMSS in short, is the largest law firm in India with headquarters in Delhi and Mumbai. It has offices in 7 cities Viz New Delhi, Ahmedabad, Hyderabad, Kolkata, Mumbai, Bengaluru, Chennai and Pune. The firm now has nearly 575 lawyers with about 70 partners. Business processes and their importance for the business: Business process Consultancy Case Proceeding Finance Human Resources Importance for the business high importance High Importance Low importance Medium importance 16
  • 17. Risk assessment process in AMSS a Biggest Law Firm of India: Business Process IT System Case Proceeding Database: high dependency Consulting Database: high dependency Finance and Controlling application: low dependency E-Mail: high dependency IT Infrastructure: high dependency Consultancy: high importance Case Proceeding: high importance Finance: Low importance Human resources: medium importance high criticality Comments It stores information related to the cases (including personal data) high criticality It stores information related to the clients (including personal data) no criticality It stores data to proceed the internal cost-performance ratio high criticality high criticality low criticality medium criticality high criticality high criticality low criticality medium criticality The company has a Centralized mail system. This is an Indispensable internal and external communication channel Consists of hardware, local network, operating systems, system software which are needed to operate the information systems 17