SlideShare a Scribd company logo

HEI risks & challenges.pdf

M
mirmouzamali1

This presentation highlights key risks & challenges in Higher Education Institutions (HEI's) in the UK.

Education
1 of 10
University of Bristol HIGHER EDUCATION INSTITUTIONS (HEI ) KEY RISKS & CHALLENGES P R E S E N T E D B Y , M I R M O U Z A M A L I , C P A , C I A , M B A 's 1
2 INFLATION INFLATION COMPETITION
WHAT IS A KEY RISK ? 3
EXTERNAL RISKS 1. Cyber Security & Privacy - HEIs hold a substantial amount of personally identifiable information (PII), payment information, sensitive R&D data etc. Source: Cyber Security Breaches Survey July 2022 (Gov.uk) Examine the oversight processes and controls Access to data, "Business purpose" according to roles Event logging, Log History Access termination (Workday/SAP/Cloud system) ITGC - COBIT (Control Objectives for Information and Related Technology) framework Examine the personal smart devices policy Audit: Access management & Data protection 1. 2. 3. 4. 5. 6. 4
EXTERNAL RISKS Review the Authorisation & approval processes Appropriate segregation of duties (Authorisation/Reconciliation/Custody) Management review of Service Level Agreements (SLAs) Service auditor report including Service Organisation Control (SOC) reports (eg. ADP payroll services) - Assurance & Reliance 2. Third-party vendors - These vendors support some of the critical operations & delivery of service (eg., Good procurement, service provider). Audit: 1. 2. 3. 4. 5 Reduce risk of fraud Data integrity & Controls environment Suppliers Service provider
INTERNAL RISKS 6 Gain understanding of management's strategy Inspect steps taken by management Examine how actively management is pursuing improvements Analyse and obtain evidence of periodic review by management 1. Relevant - Learning and Educational outcomes to meet students needs & expectations and wider needs of society. Audit:
INTERNAL RISKS OfS (The office for Students) Organisational policies Data protection regulations etc. Review financial, operational & governance processes Review effectiveness of Risk Management controls Non-compliance reported at appropriate level Upto date with new regulations 2. Compliance - Applicable regulations like; Audit: 7
6 INTERNAL RISKS Review changes to standing policies that were made during the pandemic to ensure those changes don’t themselves pose a risk. Eg., Due diligence regarding employment verification may also have been neglected. 3. Review Pandemic Policy Changes: 8
6 INTERNAL RISKS Risks that might not have raised major concerns pre-pandemic may now warrant more attention Adjust risk level What would have been low or medium is may now be rated high. 4. Recalibrate Risk Assessments: 9
THANK YOU

Recommended

Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesContinuity Control
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
Data Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and MonitoringData Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and MonitoringJim Kaplan CIA CFE
 
BANKING INTELLIGENCE THROUGH ARTIFICIAL INTELLIGENCE
BANKING INTELLIGENCE THROUGH ARTIFICIAL INTELLIGENCEBANKING INTELLIGENCE THROUGH ARTIFICIAL INTELLIGENCE
BANKING INTELLIGENCE THROUGH ARTIFICIAL INTELLIGENCEPARAMASIVANCHELLIAH
 
Identity Matters
Identity MattersIdentity Matters
Identity Mattersguest0dc425
 

Recommended

Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesContinuity Control
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
Data Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and MonitoringData Analytics for Auditors Analysis and Monitoring
Data Analytics for Auditors Analysis and MonitoringJim Kaplan CIA CFE
 
BANKING INTELLIGENCE THROUGH ARTIFICIAL INTELLIGENCE
BANKING INTELLIGENCE THROUGH ARTIFICIAL INTELLIGENCEBANKING INTELLIGENCE THROUGH ARTIFICIAL INTELLIGENCE
BANKING INTELLIGENCE THROUGH ARTIFICIAL INTELLIGENCEPARAMASIVANCHELLIAH
 
Identity Matters
Identity MattersIdentity Matters
Identity Mattersguest0dc425
 
It Audit Expectations High Detail
It Audit Expectations High DetailIt Audit Expectations High Detail
It Audit Expectations High Detailecarrow
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...gueste4e93e3
 
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docxRunning Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docxjeffsrosalyn
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Security Experts
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overviewelvinchan
 
Navigating the SOC 2 Certification Maze: What You Need to Know
Navigating the SOC 2 Certification Maze: What You Need to KnowNavigating the SOC 2 Certification Maze: What You Need to Know
Navigating the SOC 2 Certification Maze: What You Need to KnowShyamMishra72
 
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...Nagios
 
Ict governance
Ict governanceIct governance
Ict governanceZablon Peter
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityEryk Budi Pratama
 
Presentation_IA Focus
Presentation_IA FocusPresentation_IA Focus
Presentation_IA Focussaurav Chandgothia
 
2 Day MOSTI Workshop
2 Day MOSTI Workshop2 Day MOSTI Workshop
2 Day MOSTI WorkshopCondition Zebra (CONZebra)
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxMargenePurnell14
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxbagotjesusa
 
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfSyllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfYoyo Sudaryo
 
Educause+V4
Educause+V4Educause+V4
Educause+V4ecarrow
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security BaselineBarry Caplin
 
Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation
Risk and Regulatory Change Management - 360factors EUEC 2015 PresentationRisk and Regulatory Change Management - 360factors EUEC 2015 Presentation
Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation360factors
 
Auditing Organizational Information Assurance (IA) Governance Practices
Auditing Organizational Information Assurance (IA) Governance PracticesAuditing Organizational Information Assurance (IA) Governance Practices
Auditing Organizational Information Assurance (IA) Governance PracticesMansoor Faridi, CISA
 
Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Celine George
 
OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...Dr. Mazin Mohamed alkathiri
 

More Related Content

Similar to HEI risks & challenges.pdf

It Audit Expectations High Detail
It Audit Expectations High DetailIt Audit Expectations High Detail
It Audit Expectations High Detailecarrow
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...gueste4e93e3
 
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docxRunning Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docxjeffsrosalyn
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Security Experts
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overviewelvinchan
 
Navigating the SOC 2 Certification Maze: What You Need to Know
Navigating the SOC 2 Certification Maze: What You Need to KnowNavigating the SOC 2 Certification Maze: What You Need to Know
Navigating the SOC 2 Certification Maze: What You Need to KnowShyamMishra72
 
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...Nagios
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityEryk Budi Pratama
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxMargenePurnell14
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxbagotjesusa
 
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfSyllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfYoyo Sudaryo
 
Educause+V4
Educause+V4Educause+V4
Educause+V4ecarrow
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security BaselineBarry Caplin
 
Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation
Risk and Regulatory Change Management - 360factors EUEC 2015 PresentationRisk and Regulatory Change Management - 360factors EUEC 2015 Presentation
Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation360factors
 
Auditing Organizational Information Assurance (IA) Governance Practices
Auditing Organizational Information Assurance (IA) Governance PracticesAuditing Organizational Information Assurance (IA) Governance Practices
Auditing Organizational Information Assurance (IA) Governance PracticesMansoor Faridi, CISA
 

Similar to HEI risks & challenges.pdf (20)

It Audit Expectations High Detail
It Audit Expectations High DetailIt Audit Expectations High Detail
It Audit Expectations High Detail
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...Using Modelling and Simulation for Policy Decision Support in Identity Manage...
Using Modelling and Simulation for Policy Decision Support in Identity Manage...
 
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docxRunning Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
Running Head ZIFFCORP AUDIT PROPOSAL 1 ZiffCo.docx
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
 
Navigating the SOC 2 Certification Maze: What You Need to Know
Navigating the SOC 2 Certification Maze: What You Need to KnowNavigating the SOC 2 Certification Maze: What You Need to Know
Navigating the SOC 2 Certification Maze: What You Need to Know
 
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
 
Ict governance
Ict governanceIct governance
Ict governance
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber Security
 
Presentation_IA Focus
Presentation_IA FocusPresentation_IA Focus
Presentation_IA Focus
 
2 Day MOSTI Workshop
2 Day MOSTI Workshop2 Day MOSTI Workshop
2 Day MOSTI Workshop
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
 
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxINTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docx
 
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfSyllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
 
Educause+V4
Educause+V4Educause+V4
Educause+V4
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Use of the COBIT Security Baseline
Use of the COBIT Security BaselineUse of the COBIT Security Baseline
Use of the COBIT Security Baseline
 
Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation
Risk and Regulatory Change Management - 360factors EUEC 2015 PresentationRisk and Regulatory Change Management - 360factors EUEC 2015 Presentation
Risk and Regulatory Change Management - 360factors EUEC 2015 Presentation
 
Auditing Organizational Information Assurance (IA) Governance Practices
Auditing Organizational Information Assurance (IA) Governance PracticesAuditing Organizational Information Assurance (IA) Governance Practices
Auditing Organizational Information Assurance (IA) Governance Practices
 

Recently uploaded

Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Celine George
 
AIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptAIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptNishitharanjan Rout
 
PANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptxPANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptxakanksha16arora
 
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfUGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfNirmal Dwivedi
 
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptxJoelynRubio1
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningMarc Dusseiller Dusjagr
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsSandeep D Chaudhary
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSAnaAcapella
 
Simple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfSimple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfstareducators107
 
Introduction to TechSoup’s Digital Marketing Services and Use Cases
Introduction to TechSoup’s Digital Marketing Services and Use CasesIntroduction to TechSoup’s Digital Marketing Services and Use Cases
Introduction to TechSoup’s Digital Marketing Services and Use CasesTechSoup
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxannathomasp01
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 

Recently uploaded (20)

Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17
 
OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...
 
AIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptAIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.ppt
 
PANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptxPANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptx
 
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdfUGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
UGC NET Paper 1 Unit 7 DATA INTERPRETATION.pdf
 
21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx21st_Century_Skills_Framework_Final_Presentation_2.pptx
21st_Century_Skills_Framework_Final_Presentation_2.pptx
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
dusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learningdusjagr & nano talk on open tools for agriculture research and learning
dusjagr & nano talk on open tools for agriculture research and learning
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
 
Simple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdfSimple, Complex, and Compound Sentences Exercises.pdf
Simple, Complex, and Compound Sentences Exercises.pdf
 
Introduction to TechSoup’s Digital Marketing Services and Use Cases
Introduction to TechSoup’s Digital Marketing Services and Use CasesIntroduction to TechSoup’s Digital Marketing Services and Use Cases
Introduction to TechSoup’s Digital Marketing Services and Use Cases
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 

HEI risks & challenges.pdf

  • 1. University of Bristol HIGHER EDUCATION INSTITUTIONS (HEI ) KEY RISKS & CHALLENGES P R E S E N T E D B Y , M I R M O U Z A M A L I , C P A , C I A , M B A 's 1
  • 3. WHAT IS A KEY RISK ? 3
  • 4. EXTERNAL RISKS 1. Cyber Security & Privacy - HEIs hold a substantial amount of personally identifiable information (PII), payment information, sensitive R&D data etc. Source: Cyber Security Breaches Survey July 2022 (Gov.uk) Examine the oversight processes and controls Access to data, "Business purpose" according to roles Event logging, Log History Access termination (Workday/SAP/Cloud system) ITGC - COBIT (Control Objectives for Information and Related Technology) framework Examine the personal smart devices policy Audit: Access management & Data protection 1. 2. 3. 4. 5. 6. 4
  • 5. EXTERNAL RISKS Review the Authorisation & approval processes Appropriate segregation of duties (Authorisation/Reconciliation/Custody) Management review of Service Level Agreements (SLAs) Service auditor report including Service Organisation Control (SOC) reports (eg. ADP payroll services) - Assurance & Reliance 2. Third-party vendors - These vendors support some of the critical operations & delivery of service (eg., Good procurement, service provider). Audit: 1. 2. 3. 4. 5 Reduce risk of fraud Data integrity & Controls environment Suppliers Service provider
  • 6. INTERNAL RISKS 6 Gain understanding of management's strategy Inspect steps taken by management Examine how actively management is pursuing improvements Analyse and obtain evidence of periodic review by management 1. Relevant - Learning and Educational outcomes to meet students needs & expectations and wider needs of society. Audit:
  • 7. INTERNAL RISKS OfS (The office for Students) Organisational policies Data protection regulations etc. Review financial, operational & governance processes Review effectiveness of Risk Management controls Non-compliance reported at appropriate level Upto date with new regulations 2. Compliance - Applicable regulations like; Audit: 7
  • 8. 6 INTERNAL RISKS Review changes to standing policies that were made during the pandemic to ensure those changes don’t themselves pose a risk. Eg., Due diligence regarding employment verification may also have been neglected. 3. Review Pandemic Policy Changes: 8
  • 9. 6 INTERNAL RISKS Risks that might not have raised major concerns pre-pandemic may now warrant more attention Adjust risk level What would have been low or medium is may now be rated high. 4. Recalibrate Risk Assessments: 9