Successfully reported this slideshow.
IT ADVISORY
As the IT auditors arrives ….
InfoSecurity 2010
4 November 2010
ADVISORY
4 November 2010
As the IT Auditor arrives …
Understand the Purpose of the IT Audit
© 2010 KPMG Advisory N.V., the Dutch member firm of KPM...
Se As the IT Auditor arrives …
Be aware of your own Attitude
Effectiveness and Efficiency of AuditEffectiveness and Effici...
As the IT Auditor arrives …
Consider the Auditor’s perspective
First line of
Defense
Second line
of Defense
Third line of
...
As the IT Auditor arrives …
Be specific regarding your expected maturity of IT
Cobit maturity levels
© 2010 KPMG Advisory ...
As the IT Auditor arrives …
Understand each Phase of the Audit
• Scope of Objects to be assessed
Risk-based
• Scope of Obj...
As the IT Auditor arrives …
Risk-based scoping – Financial Reporting
AAccounts and disclosures Focus of financial audit Ac...
As the IT Auditor arrives …
Risk-based scoping – Assess an IT service
© 2010 KPMG Advisory N.V., the Dutch member firm of ...
As the IT Auditor arrives …
Compliance-based fact-finding
Be aware that the auditor evaluates also your own (Continuous) M...
As the IT Auditor arrives …
Risk-based evaluation Business
critical list of
Risk based
critical list of
Applications
Sensi...
As the IT Auditor arrives …
You can help to make it effective and efficient !
Consider how the IT Auditor can help you, to...
Questions
© 2010 KPMG Advisory N.V., the Dutch member firm of KPMG International, a Swiss cooperative. All rights reserved...
Contact details
Name  Ir Peter Kornelisse RE CISAName  Ir. Peter Kornelisse RE CISA
Position  Director, experienced wit...
Upcoming SlideShare
Loading in …5
×

Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht

1,027 views

Published on

As the IT auditors arrives….

  • Be the first to comment

  • Be the first to like this

Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht

  1. 1. IT ADVISORY As the IT auditors arrives …. InfoSecurity 2010 4 November 2010 ADVISORY 4 November 2010
  2. 2. As the IT Auditor arrives … Understand the Purpose of the IT Audit © 2010 KPMG Advisory N.V., the Dutch member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 1
  3. 3. Se As the IT Auditor arrives … Be aware of your own Attitude Effectiveness and Efficiency of AuditEffectiveness and Efficiency of Audit depend on behaviour Client Soft Controls Auditor Soft Controls Audit Sponsor is leading by example Involving stakeholders Soft Controls Seeking for Facts Clearly in providing Judgment Transparence, providing adequate Information Be involved with Audit C ea y p o d g Judg e t © 2010 KPMG Advisory N.V., the Dutch member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 2
  4. 4. As the IT Auditor arrives … Consider the Auditor’s perspective First line of Defense Second line of Defense Third line of Defense • Self- assessment by operational • Management Assessment • Audit operational staff © 2010 KPMG Advisory N.V., the Dutch member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 3
  5. 5. As the IT Auditor arrives … Be specific regarding your expected maturity of IT Cobit maturity levels © 2010 KPMG Advisory N.V., the Dutch member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 4
  6. 6. As the IT Auditor arrives … Understand each Phase of the Audit • Scope of Objects to be assessed Risk-based • Scope of Objects to be assessed • Requirements to be applied Compliance- based • Fact finding based • Evaluation of noted Deficiencies Risk-based • Evaluation of noted Deficiencies © 2010 KPMG Advisory N.V., the Dutch member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 5
  7. 7. As the IT Auditor arrives … Risk-based scoping – Financial Reporting AAccounts and disclosures Focus of financial audit Accou s a d d sc osu es Entities Business processes Manual controls Key controls IT-dependent Manual controls Automated controls Generic ICT infrastructure Application-specific ICT Key application controls IT management processes Focus of IT audit B © 2010 KPMG Advisory N.V., the Dutch member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 6 Generic ICT infrastructure Focus of IT audit
  8. 8. As the IT Auditor arrives … Risk-based scoping – Assess an IT service © 2010 KPMG Advisory N.V., the Dutch member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 7
  9. 9. As the IT Auditor arrives … Compliance-based fact-finding Be aware that the auditor evaluates also your own (Continuous) Monitoring Event event Deduction of Event Deduction of events © 2010 KPMG Advisory N.V., the Dutch member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 8
  10. 10. As the IT Auditor arrives … Risk-based evaluation Business critical list of Risk based critical list of Applications Sensitivity (CIA) People Soft controls Risk-based Selection of controls (CIA) Selection of Controls - Soft controls Processes -Three levels of defenseMonitoring Compliance-based monitoring IT Environment Technology - Compliance monitoring - Vulnerabilities monitoring Incident detection o to g Analysis of Issues IssueTracking - Incident detection Risk-based evaluation and follow-up Follow-up (improve or accept) © 2010 KPMG Advisory N.V., the Dutch member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 9 9
  11. 11. As the IT Auditor arrives … You can help to make it effective and efficient ! Consider how the IT Auditor can help you, to improve your IT environment RegardingRegarding People ProcesesProceses Technology © 2010 KPMG Advisory N.V., the Dutch member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 10
  12. 12. Questions © 2010 KPMG Advisory N.V., the Dutch member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 111 1
  13. 13. Contact details Name  Ir Peter Kornelisse RE CISAName  Ir. Peter Kornelisse RE CISA Position  Director, experienced with regard to Information Security and Technology, having performed and coordinated many advisory services, as well as compliance audits and security tests, since 1990. Peter is globally responsible for security testing services at KPMG andPeter is globally responsible for security testing services at KPMG, and mainly delivers IT audit support for Financial Audits, and Information Protection and Business Continuity services in the Netherlands. E-mail  kornelisse.peter@kpmg.nl Telephone  +31 (0)6 – 53 165 596 © 2010 KPMG Advisory N.V., the Dutch member firm of KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. 121 2

×