In the current business environment, IT Suppliers have become integral part of the Customer organization and the IT environment and processes of IT Suppliers have a direct impact on the Customer Organization. Even though Operational responsibility might have got transferred to Supplier, but legal and regulatory responsibility will still be with Customer. Hence it is Customer’s responsibility to verify that appropriate controls are in effect to ensure that the organization fulfills its contractual obligations. This topic focuses on some of the key components and the best practices in auditing IT Suppliers for Compliance. It is aligned with one of the ISACA Research paper (Outsourced IT Environments Audit/Assurance Program) with additional information.
Building Continuous Auditing Capabilities utilizing CAATs and Data Analytics technologies. Overview , CA, DA, ACL, Audit Guidelines, Technology, Audit Innovation,
Building Continuous Auditing Capabilities utilizing CAATs and Data Analytics technologies. Overview , CA, DA, ACL, Audit Guidelines, Technology, Audit Innovation,
Scalable & Integrated Program Audit is an effective Auditing framework for handling large complex programs/ practices in organization, which works on Value Generation, Compliance, capability and Risk evaluation principles.
Governance - Project Management Office Professional ServicesMark S. Mahre
Project Management Governance & Framework
document icon
Mark Mahre implemented the new PMO governance program for 60+ engineers and PM's creating operational efficiencies helping increase IT Professional Services revenue from $35M to $212M over a 3-year period.
My client Brad Schweizer, COO asked me to create a SOC Framework Diagram (36"x48" poster now hanging in the War Room) to include Terminology, Tasks, Milestones & Personnel to help monitor the implementation progress and more importantly communicate the status to the C-level stakeholders.
How online leads in insurance could be converted to customers by combining online distribution channels and physical sales force through lead management? Presentation and analysis of AXA Group‘s recommendations
Integrating Data Analytics into a Risk-Based Audit PlanCaseWare IDEA
Presented at a IIA Chapter Meeting.
Although most would agree that internal audit provides an assurance function, it can also be a value-added service. One such value is identifying areas of improvement. This presentation looks at how data analytics can be used within the audit process including risk and controls assessment.
SLIDESHARE: www.slideshare.net/CaseWare_Analytics
WEBSITE: www.casewareanalytics.com
BLOG: www.casewareanalytics.com/blog
TWITTER: www.twitter.com/CW_Analytic
We believe digitization and automation are the means for institutions to drastically improve their compliance return on investment. Technology solutions like Risk Assessments, customer on boarding, cross-channel risk analysis, monitoring and screening, etc… should be looked at as part of the overall business plan and growth in order to achieve Strategic Compliance Planning.
Scalable & Integrated Program Audit is an effective Auditing framework for handling large complex programs/ practices in organization, which works on Value Generation, Compliance, capability and Risk evaluation principles.
Governance - Project Management Office Professional ServicesMark S. Mahre
Project Management Governance & Framework
document icon
Mark Mahre implemented the new PMO governance program for 60+ engineers and PM's creating operational efficiencies helping increase IT Professional Services revenue from $35M to $212M over a 3-year period.
My client Brad Schweizer, COO asked me to create a SOC Framework Diagram (36"x48" poster now hanging in the War Room) to include Terminology, Tasks, Milestones & Personnel to help monitor the implementation progress and more importantly communicate the status to the C-level stakeholders.
How online leads in insurance could be converted to customers by combining online distribution channels and physical sales force through lead management? Presentation and analysis of AXA Group‘s recommendations
Integrating Data Analytics into a Risk-Based Audit PlanCaseWare IDEA
Presented at a IIA Chapter Meeting.
Although most would agree that internal audit provides an assurance function, it can also be a value-added service. One such value is identifying areas of improvement. This presentation looks at how data analytics can be used within the audit process including risk and controls assessment.
SLIDESHARE: www.slideshare.net/CaseWare_Analytics
WEBSITE: www.casewareanalytics.com
BLOG: www.casewareanalytics.com/blog
TWITTER: www.twitter.com/CW_Analytic
We believe digitization and automation are the means for institutions to drastically improve their compliance return on investment. Technology solutions like Risk Assessments, customer on boarding, cross-channel risk analysis, monitoring and screening, etc… should be looked at as part of the overall business plan and growth in order to achieve Strategic Compliance Planning.
Regulatory Affairs Outsourcing Considerations and ModelsPaul Kuiken
I present a number of issues which are being considered by all organisations in the healthcare, pharmaceutical, biotechnology, and clinical sectors. I presented this to an audience at an outsourcing summit and have tailored this to a more general audience.
I am happy to receive your comments and provide your insights to whether you agree or not with my points or to hear from you regarding your experiences of outsourcing in whatever sector you are interested in.
F & I Administration Processing Controls- An SSAE 16 Professionals PerspectiveGary Pennington
Review the highlights from Tim Roncevich and Kelvin Walker's presentation at the P & A Leadership Summit where they discussed Internal Controls Employed in F&I Practices.
Sucessful BPO Through Technology EnablementACTIVE Network
This presentation explores the common concerns surrounding the implementation of a BPO program, and how technology enablement has begun to minimize and even alleviate such concerns. Also included are the key project components to consider when evaluating BPO providers and preparing to outsource elements of your business.
When implemented successfully, business process outsourcing can transform areas of an organization from being a financial burden to being a highly-valued profit center.
Transparency on the governance of services and delivering a collaborative environment to the Enterprise and Service Provider together driving better services, better customer outcomes, and outsourcing that delivers on its promise.
Customers talk about controlling access for multiple erp systems with oracle ...Oracle
Customer discuss using Oracle GRC Advanced Controls to help manager access to Multiple ERP's.
Eugene Hugh from InterContinental Exchange and Stephen D’Arcy from PWC explain how ICE and NYSE managed operational controls and met compliance requirements in a challenging ERP environment by using Oracle Advanced Controls. You can learn more about this by downloading the presentations from here.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Best Practices & Considerations in “IT Suppliers Audit”
1. Best Practices and Key Considerations in Auditing “
IT Suppliers”
Shankar Subramaniyan
ISACA Greater Houston Chapter
August 15,2013
2. Agenda
• Provide an overview on the “Suppliers”” environment
• ISACA Guideline for Auditing Outsourced Environment
• Discuss Key considerations/best practices
4. 21st Century is ushering in a new kind of company…
The complex product markets of the 21st Century will demand the ability to quickly and
globally deliver a high variety of customized products. The products will be differentiated
not only by form and function but also by the services provided with the product including
the ability of the customer to be involved in the design of the product…A company will not
be an isolated facility of production, but rather a node in a complex network of suppliers,
customers, engineering and other service functions.
-William Davidow & Michael Malone
The Virtual Corporation
Increasing
dependency on
Suppliers due to
Change in Business
Model
5. Technology Changes
•
•
•
Gartner predicts that more than 60% of enterprises will have some form of
Cloud by 2013
Gartner estimates that by the year 2015 more than 50% of the enterprises
will be used SaaS applications for their business strategy
We should be cognizant of these implications of these new technologies for
effective IT auditing since Mission critical Apps with sensitive data (Finance
and HR) are now moving into SAAS
Increasing
dependency on
Suppliers due to
Technology Changes
6. IT SUPPLIERS
IT Suppliers
Outsourced Processes
IT processes
Application development
Application maintenance
Application hosting
Data center operations
Database administration
Desktop support
Disaster recovery services
Help desk services
IT security
Network operations
Web/e-commerce systems
Infrastructure Outsourcing
IT Security Outsourcing
Help Desk Outsourcing
Application Outsourcing - ERP or Custom
B2B Project Outsourcing
Business Transformation Outsourcing
Finance processes
AP, AR, Billing and Invoicing
Reconciliations
Treasury and Cash Management
Budgeting and Forecasting
Financial Planning and Reporting
Procurement processes
Spend Analysis
Sourcing Support
Supplier Performance Management
Contract Administration and Management
Custom Analytics
HR processes
Recruitment process
Employee orientation programs
Employee and manager training
Benefits administration
10. Scope
•
•
•
•
•
•
Operating infrastructure (and related processes) at the data center of the
customer or the supplier
Processing of a proprietary application by the servicer (application services
provider)
Development or maintenance of applications
Managing the network
Managing the information security infrastructure and supporting processes
A combination of any of these and other business and technology
processes
11. KEY COMPONENTS
Fulfillment of
assurance
charter and
compliance
requirements
Planning and
Scoping the
Audit
Achievement
of business
requirements
Governance
Functionality
and controls
of provided
services
Compliance
with contract
Relationship
management
13. Audit Planning
• Having decided an audit is required, the following questions must be
answered:
–
–
–
–
–
What type of audit to be undertaken?
What particular information is required and by when?
To what depth and scope audit needs to be done?
On what dates should the audit be done?
Who should perform the audit?
Audit Charter with clear
scope and
methodology is very
critical
Audit process
should also involve
tracking the
previous audit non
conformities
• Sometimes Control Description and scope is not shared with Auditee.
• The audit scope does carry the risk of being too limited or too aggressive
14. Key Considerations in Audit Planning
• Type of Assurance depends on
Compliance requirement of the customer
What is the audit right mentioned in the contract
Who can decide the scope and methodology / who has the bargaining power
Type of service provided by the supplier
Criticality of the business/IT area outsourced and associated Risk assessment
Existing ISMS process/certifications of suppliers and it’s gap with Customer’s
requirements
To what depth audit needs to be done
Synchronizing audit
schedule and audit
Cost of Assessment
time period between
ISO27001
suppliers and
Customer
Supplier
SSAE16/
ISAE3402
AUP
Customer
Mapping between
Supplier and
Customer ‘s Controls
15. Overcoming Resistance to Audit
• Auditors
– Use audit as an improvement tool
– Explain the process to auditees
– Touch base with auditee
– Recognize their accomplishments
– Concerns and questions of auditees
– Do not do manipulative and trickery audit
Agree with
Department
Representatives
on the findings
and corrective
action
Auditee’s
Performance
appraisal has a
goal of “ZERO
DEFECT” in
Audit
17. ACHIEVEMENT OF BUSINESS REQUIREMENTS
• Review Business expectations
• Review Risk Assessment
Review the exceptions/
Step outs /
Retained IT
Components and their
control assessment
Sample List to consider in new project setup
The functional and technical requirements are identified and complete enough
Risk to the existing support levels identified (In case the applications planned to
be transitioned to XXX)
Solicited input from end user representatives
Existing support costs and desired targets identified (if sustaining opportunity)
Other sites and application systems considered to maximize cost savings
Technical issues discussed and resolved
Software and hardware purchasing/licensing requirements identified
Performance expectations regarding service levels and deliverables identified
Proposal reviewed by affected parties to ensure it addresses expectations
Proper template has been used to prepare the SOW
Acceptance criteria is clearly mentioned
18. Supplier Risk Management
Sample Risks are as follows :
•
Intellectual property ownership
•
Service levels not being met.
•
Deliverables not adhering to Quality norms.
•
Under/over utilization of resources.
•
Sustaining engagement scope creep
•
In-adequate transition of knowledge to new staff
•
Deliverables are not tracked and approved timely.
•
Inaccurate billing and Cost and Effort overruns.
•
In-adequate transition of knowledge and not able to transfer the ownership.
•
Right resources not available on time
•
Risk of Locking into Proprietary Supplier platforms/process
•
Key resources roll-offs in the middle of the project
Supplier
Relationship
Management
Supplier
Performance
Management
Proper process in case of Project termination
Contract
Supplier
Engagement
Guide
Recovery of all assets (Hardware/Software)
Termination of access
Knowledge Transfer
Deliverables and Process Documents
Notification of all affected parties
Contract and Accounting/Invoice activities
20. Compliance with contract
Whether the Contract includes
• Evaluation of supplier performance
• Rights to audit, information security requirements
• Payment schedule
• Issue monitoring
• Intellectual property ownership
• SLA, Penalty and non performance
• Clear scope and responsibilities
• Termination and transfer of services
• Legal Liabilities and Regulatory Compliance
22. RELATIONSHIP MANAGEMENT
•
•
•
•
•
•
•
Role of Relationship Managers
Adequacy of Delivery Metrics
Delivery Performance Review
New Project Initiation and management
Issue management and escalation
Billing and payment process
Relationship review
23. Critical Success Factors
S No
1
Description
Cultural awareness
2
Communication
3
Common Understanding
and sign-off on
Requirements (In-scope
and Out-of-scope)
Mutual Trust
4
5
6
7
Process Adherence and
following the procedures
Resolution of Issues in
time
8
Early Planning for
resources
Right Governance
9
Right usage of tools
Remarks
With cross-cultural awareness, the teams
can understand well on the expectations.
Communication is the key for any
successful engagement. Clarity and
Understanding play the key role. Ensure
that the other side understood what is
being communicated. Consider the styles
of communication as well as the accent
issues.
SOW sign-off at the beginning of the
respective project to eliminate any
uncertainties.
In the Estimates, Resources,
Management Styles and Cultural Aspects
Follow Engagement guide for all the
engagements under scope.
Efforts to resolve the issues and
understanding of any practical difficulties
in closure both the sides
Planning for People, tools, licenses,
logistics & timeframes
Reviews & feedbacks as per the laid
down procedures & practices at each of
the check points and any necessary
corrective actions.
Metrics tool, etc. for the proper tracking
of the progress and the deviations.
25. Functionality and controls of provided services
•
•
•
•
Services operating as Promised
Responsibility for Controls and Processes
Review of Supplier suggested controls
Gap Assessment where full reliance is placed on the supplier
Difference between Process
narrative, SLA and Control.
Do not combine multiple controls that differ in control objective, type, characteristic or
frequency into one. Consider the cost of Implementation and Audit point of view while
documenting controls.
26. Fulfillment of assurance charter and
compliance requirements
Operational responsibility might
have got transferred to Supplier,
but legal and regulatory
responsibility will still be with
Customer
27. Fulfillment of assurance charter and compliance requirements
•
•
•
•
•
Audit rights per contract
Third Party Reviews
IT General Controls review
– Operating System
– Network
– Database
– Application support and maintenance
– Access Control and Physical Security
– Information Security
Regulatory Compliance
Assurance to Customer’s compliance Requirements
Assurance
Requirement at
Control Objective
level vs Control
level
Mapping between
different assurance
types
(SOC 1/ AUP/
ISO27001)
28. Audit points in Third Party reviews
•
Scope mismatch:
–
–
–
•
•
•
•
•
•
•
Application or Infrastructure in use by the Customer
Time Period
Location, people, process or service utilized by Customer
Process gap like Production application hosted in Dev server will not be
under Supplier’s audit scope since Supplier will audit only Production
server
Review subservice providers report if any
Review any significant changes in the supplier organization after the
supplier audit and before the customer’s year end review
Control owner and operator shared between Customer and supplier
Mapping of Controls between Customer and Supplier
Not clear understanding of responsibility of customer and supplier- Not clear
understanding of responsibility like encryption of archive or disposal of
backup tape containing personal sensitive data
Conflicting clauses to different customers
30. Governance
• Policies and Procedures
• Steering Committee oversight
Engagement
Guide
Compliance
requirements
should be included
from pre bid stage
itself and it should
be part of regular
status reviews