SlideShare a Scribd company logo

IT Governance, Risk & Compliance (GRC) by Berk Algan

Berk Algan
Berk Algan

In October 2017, I talked at the CSX 2017 North America Conference in Washington, DC and shared practical examples about how I built an exceptional First Line of Defense function and technology governance, risk and compliance processes in my bank's IT organization. This presentation summarizes the key points from my presentation. Thanks for your interest! Berk Algan

Business
1 of 28
Download to read offline
Berk Algan, CGEIT, CRISC, CISA, CIPP Director of IT Governance, Risk & Compliance Silicon Valley Bank (SVB) Best Practices for Proactive IT Governance
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Setting the Stage… Your Presenter • Ex-Big 4 Auditor & Consultant • Currently leading IT GRC Group at SVB • MBA, CGEIT, CRISC, CISA, CIPP • Passionate about setting up & improving IT GRC functions and processes Silicon Valley Bank (SVB) • Publicly traded US bank • International presence • Growing rapidly and on the verge of becoming a SIFI • $48B in assets; $21B in loans; $94B in deposits & investments* * As reported on a consolidated basis for the period end June 30, 2017
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Agenda • Key Concepts • Best Practices – Initial Stages – The Middle • Final Thoughts • Questions & Answers
Key Concepts
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Governance in a Nutshell Create Structure Set Direction Measure& ActonOutcomes Define&Assign Responsibilities
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Proactive vs. Reactive Proactive • Enabler • Self-driven • Take initiative • Continuous behavior Reactive • Burden • Driven by others • Fight fires • Responsive only when needed
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Building Blocks
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Three Lines of Defense
Best Practices: Initial Steps
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Understand your Stakeholders
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Define what your “Good” looks like – Define the skill set and resources you need – Describe roles and responsibilities – Leverage best practices and frameworks – Create a roadmap of activities and timelines – Clearly articulate your scope of coverage – Add key details applicable to your organization – Identify when and how you will leverage technology
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Sample High-Level IT Governance Roadmap
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Bring everyone along • Executives • Employees • Contactors • Third parties
Best Practices: The Middle
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. 6 Steps for Proactive IT Governance
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. 1. Choose & Define your Framework
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. • Establish a structured program and framework – Define roles and responsibilities – Create and publish a Key Documents policy – Establish a Key Document repository • Review and update existing Key Documents • Identify gaps in Key Documents • Address gaps in Key Documents 2. Formalize your Key Documents* * Key Documents typically refer to a combination of policies, procedures, standards, guidelines and frameworks.
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. • Create a control inventory that goes beyond regulatory requirements • Use a best-practice framework (i.e. COBIT) as a measuring stick • Identify, remediate or justify your control gaps • Develop an oversight process for your controls 3. Document all your Controls
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. • Establish a strong 1st / 2nd line of defense function • Self-test your controls in a prioritized manner – Start where you have mature controls (e.g. SOX) – Move to testing less mature (or newer) controls – Identify issues and control deficiencies and fix them • Assess the risk of key processes and functions • Perform process maturity assessments 4. Perform Self-testing & Self-Assessments
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. • Understand what is important to your stakeholders (Cybersecurity, Reliability, Cost Avoidance, Digitalization, Productivity etc.) • Create a Performance Management function • Define metrics, KPIs and KRIs that tell your story • Establish, monitor and report on the targets • Evolve the program as needs change 5. Measure and take action
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. • Rationalize controls, processes and Key Documents • Automate where feasible • Leverage continuous monitoring • Introduce advanced KPIs & analysis 6. Improve, improve, improve…
Final Thoughts
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Let’s do a recap…
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. • You have full executive support • You have the resources you need • You no longer have to justify the value of proactive governance • Your governance processes are streamlined • Auditors are no longer finding major gaps You’re there (or closer) if…
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Choose & Define your Framework • ISACA COBIT 5.0 Framework • ISACA IT Governance Institute (ITGI) Framework • COSO Internal Control- Integrated Framework Some Useful References (1/3)
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Formalize Key Documents & Define Controls • ISACA COBIT 5.0 Framework • Information Technology Infrastructure Library (ITIL) for IT Service Management • National Institute of Standards and Technology (NIST) and the ISO/IEC 27000 family for Information Security • PMBOK Guide from the Project Management Institute for Project Management • Regulatory guidance/standards in your industry • The Open Group Architecture Framework (TOGAF) for Enterprise Architecture Some Useful References (2/3)
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Perform Self-Testing & Self-Assessments • ISACA COBIT 5.0 Framework • ISACA Risk IT Framework • Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework from Carnegie Mellon Measure & Act • Balanced Scorecard Framework (BSC) from the Balanced Scorecard Institute (BSI) Some Useful References (3/3)
Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Berk Algan Director, IT GRC at SVB Follow me on my blog: www.berkalgan.com Connect with me on LinkedIn: www.linkedin.com/in/berk-algan-governance-guru/ Questions & Answers

Recommended

AUS Conference 2018_All change - aligning sam with your data centre change pr...
AUS Conference 2018_All change - aligning sam with your data centre change pr...AUS Conference 2018_All change - aligning sam with your data centre change pr...
AUS Conference 2018_All change - aligning sam with your data centre change pr...
Martin Thompson
 
Biehl (2012) implementing a healthcare data warehouse
Biehl (2012) implementing a healthcare data warehouseBiehl (2012) implementing a healthcare data warehouse
Biehl (2012) implementing a healthcare data warehouse
rbiehl
 
Australia Conference 2018_Boost up your oracle audit defence
Australia Conference 2018_Boost up your oracle audit defenceAustralia Conference 2018_Boost up your oracle audit defence
Australia Conference 2018_Boost up your oracle audit defence
Martin Thompson
 
Australia Conference 2018_Making ITAM Stick – a blue print for organizational...
Australia Conference 2018_Making ITAM Stick – a blue print for organizational...Australia Conference 2018_Making ITAM Stick – a blue print for organizational...
Australia Conference 2018_Making ITAM Stick – a blue print for organizational...
Martin Thompson
 
[AIIM16] Implementing Automated Retention at the European Central Bank
[AIIM16] Implementing Automated Retention at the European Central Bank[AIIM16] Implementing Automated Retention at the European Central Bank
[AIIM16] Implementing Automated Retention at the European Central Bank
AIIM International
 
Noc and soc deck
Noc and soc deckNoc and soc deck
Noc and soc deck
kevin_donovan
 
Australia Conference 2018_Building trust, reputation & budget within itam acc...
Australia Conference 2018_Building trust, reputation & budget within itam acc...Australia Conference 2018_Building trust, reputation & budget within itam acc...
Australia Conference 2018_Building trust, reputation & budget within itam acc...
Martin Thompson
 
Australia Conference 2018_How to be a SaaS manager – tools, people and proces...
Australia Conference 2018_How to be a SaaS manager – tools, people and proces...Australia Conference 2018_How to be a SaaS manager – tools, people and proces...
Australia Conference 2018_How to be a SaaS manager – tools, people and proces...
Martin Thompson
 

Recommended

AUS Conference 2018_All change - aligning sam with your data centre change pr...
AUS Conference 2018_All change - aligning sam with your data centre change pr...AUS Conference 2018_All change - aligning sam with your data centre change pr...
AUS Conference 2018_All change - aligning sam with your data centre change pr...
Martin Thompson
 
Biehl (2012) implementing a healthcare data warehouse
Biehl (2012) implementing a healthcare data warehouseBiehl (2012) implementing a healthcare data warehouse
Biehl (2012) implementing a healthcare data warehouse
rbiehl
 
Australia Conference 2018_Boost up your oracle audit defence
Australia Conference 2018_Boost up your oracle audit defenceAustralia Conference 2018_Boost up your oracle audit defence
Australia Conference 2018_Boost up your oracle audit defence
Martin Thompson
 
Australia Conference 2018_Making ITAM Stick – a blue print for organizational...
Australia Conference 2018_Making ITAM Stick – a blue print for organizational...Australia Conference 2018_Making ITAM Stick – a blue print for organizational...
Australia Conference 2018_Making ITAM Stick – a blue print for organizational...
Martin Thompson
 
[AIIM16] Implementing Automated Retention at the European Central Bank
[AIIM16] Implementing Automated Retention at the European Central Bank[AIIM16] Implementing Automated Retention at the European Central Bank
[AIIM16] Implementing Automated Retention at the European Central Bank
AIIM International
 
Noc and soc deck
Noc and soc deckNoc and soc deck
Noc and soc deck
kevin_donovan
 
Australia Conference 2018_Building trust, reputation & budget within itam acc...
Australia Conference 2018_Building trust, reputation & budget within itam acc...Australia Conference 2018_Building trust, reputation & budget within itam acc...
Australia Conference 2018_Building trust, reputation & budget within itam acc...
Martin Thompson
 
Australia Conference 2018_How to be a SaaS manager – tools, people and proces...
Australia Conference 2018_How to be a SaaS manager – tools, people and proces...Australia Conference 2018_How to be a SaaS manager – tools, people and proces...
Australia Conference 2018_How to be a SaaS manager – tools, people and proces...
Martin Thompson
 
Baird Miller, DOL: IT Portfolio Management in State Government
Baird Miller, DOL: IT Portfolio Management in State GovernmentBaird Miller, DOL: IT Portfolio Management in State Government
Baird Miller, DOL: IT Portfolio Management in State Government
UMT
 
Australia Conference 2018_The $250BN annual software support and maintenance ...
Australia Conference 2018_The $250BN annual software support and maintenance ...Australia Conference 2018_The $250BN annual software support and maintenance ...
Australia Conference 2018_The $250BN annual software support and maintenance ...
Martin Thompson
 
Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...
Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...
Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...
Martin Thompson
 
Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...
Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...
Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...
Martin Thompson
 
TSA Day 2018 - Ron Gallihugh
TSA Day 2018 - Ron GallihughTSA Day 2018 - Ron Gallihugh
TSA Day 2018 - Ron Gallihugh
Government Technology & Services Coalition
 
Australia Conference 2018_How to engage your it security team and fund your s...
Australia Conference 2018_How to engage your it security team and fund your s...Australia Conference 2018_How to engage your it security team and fund your s...
Australia Conference 2018_How to engage your it security team and fund your s...
Martin Thompson
 
Doe run
Doe runDoe run
Doe run
David Xing
 
Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...
Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...
Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...
Martin Thompson
 
DHS HQ Day - Eric Cho
DHS HQ Day - Eric ChoDHS HQ Day - Eric Cho
DHS HQ Day - Eric Cho
Government Technology & Services Coalition
 
Csiro 20180313 tdr_ands_webinar-data access portal
Csiro 20180313 tdr_ands_webinar-data access portalCsiro 20180313 tdr_ands_webinar-data access portal
Csiro 20180313 tdr_ands_webinar-data access portal
ARDC
 
[AIIM16] A Look behind the Curtain: The State of the Industry Report
[AIIM16] A Look behind the Curtain: The State of the Industry Report[AIIM16] A Look behind the Curtain: The State of the Industry Report
[AIIM16] A Look behind the Curtain: The State of the Industry Report
AIIM International
 
HITECH-Meaningful Use and the Benefits of the PMI and ITIL Relationship
HITECH-Meaningful Use and the Benefits of the PMI and ITIL RelationshipHITECH-Meaningful Use and the Benefits of the PMI and ITIL Relationship
HITECH-Meaningful Use and the Benefits of the PMI and ITIL Relationship
William Buddy Gillespie ITIL Certified
 
Boost privacy protections with attribute-based access control
Boost privacy protections with attribute-based access control Boost privacy protections with attribute-based access control
Boost privacy protections with attribute-based access control
Raoul Miller
 
ADA - CoretrustSeal webinar presentation
ADA - CoretrustSeal webinar presentation ADA - CoretrustSeal webinar presentation
ADA - CoretrustSeal webinar presentation
ARDC
 
Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799
Meghna Verma
 
GRC in Australia slides
GRC in Australia slidesGRC in Australia slides
GRC in Australia slides
InSync Conference
 
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
aqel aqel
 
Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAAT
Jim Kaplan CIA CFE
 
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
AIIM International
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security Framework
Karthikeyan Dhayalan
 
IntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptxIntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptx
ssuserbdcb221
 

More Related Content

What's hot

Baird Miller, DOL: IT Portfolio Management in State Government
Baird Miller, DOL: IT Portfolio Management in State GovernmentBaird Miller, DOL: IT Portfolio Management in State Government
Baird Miller, DOL: IT Portfolio Management in State Government
UMT
 
Australia Conference 2018_The $250BN annual software support and maintenance ...
Australia Conference 2018_The $250BN annual software support and maintenance ...Australia Conference 2018_The $250BN annual software support and maintenance ...
Australia Conference 2018_The $250BN annual software support and maintenance ...
Martin Thompson
 
Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...
Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...
Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...
Martin Thompson
 
Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...
Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...
Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...
Martin Thompson
 
TSA Day 2018 - Ron Gallihugh
TSA Day 2018 - Ron GallihughTSA Day 2018 - Ron Gallihugh
TSA Day 2018 - Ron Gallihugh
Government Technology & Services Coalition
 
Australia Conference 2018_How to engage your it security team and fund your s...
Australia Conference 2018_How to engage your it security team and fund your s...Australia Conference 2018_How to engage your it security team and fund your s...
Australia Conference 2018_How to engage your it security team and fund your s...
Martin Thompson
 
Doe run
Doe runDoe run
Doe run
David Xing
 
Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...
Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...
Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...
Martin Thompson
 
DHS HQ Day - Eric Cho
DHS HQ Day - Eric ChoDHS HQ Day - Eric Cho
DHS HQ Day - Eric Cho
Government Technology & Services Coalition
 
Csiro 20180313 tdr_ands_webinar-data access portal
Csiro 20180313 tdr_ands_webinar-data access portalCsiro 20180313 tdr_ands_webinar-data access portal
Csiro 20180313 tdr_ands_webinar-data access portal
ARDC
 
[AIIM16] A Look behind the Curtain: The State of the Industry Report
[AIIM16] A Look behind the Curtain: The State of the Industry Report[AIIM16] A Look behind the Curtain: The State of the Industry Report
[AIIM16] A Look behind the Curtain: The State of the Industry Report
AIIM International
 
HITECH-Meaningful Use and the Benefits of the PMI and ITIL Relationship
HITECH-Meaningful Use and the Benefits of the PMI and ITIL RelationshipHITECH-Meaningful Use and the Benefits of the PMI and ITIL Relationship
HITECH-Meaningful Use and the Benefits of the PMI and ITIL Relationship
William Buddy Gillespie ITIL Certified
 
Boost privacy protections with attribute-based access control
Boost privacy protections with attribute-based access control Boost privacy protections with attribute-based access control
Boost privacy protections with attribute-based access control
Raoul Miller
 
ADA - CoretrustSeal webinar presentation
ADA - CoretrustSeal webinar presentation ADA - CoretrustSeal webinar presentation
ADA - CoretrustSeal webinar presentation
ARDC
 

What's hot (14)

Baird Miller, DOL: IT Portfolio Management in State Government
Baird Miller, DOL: IT Portfolio Management in State GovernmentBaird Miller, DOL: IT Portfolio Management in State Government
Baird Miller, DOL: IT Portfolio Management in State Government
 
Australia Conference 2018_The $250BN annual software support and maintenance ...
Australia Conference 2018_The $250BN annual software support and maintenance ...Australia Conference 2018_The $250BN annual software support and maintenance ...
Australia Conference 2018_The $250BN annual software support and maintenance ...
 
Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...
Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...
Australia Conference 2018_SAM Soufflé: 1 part Tool & 2 parts People = A recip...
 
Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...
Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...
Australia Conference 2018_ISO 19770 – How it’s changed and how it can benefit...
 
TSA Day 2018 - Ron Gallihugh
TSA Day 2018 - Ron GallihughTSA Day 2018 - Ron Gallihugh
TSA Day 2018 - Ron Gallihugh
 
Australia Conference 2018_How to engage your it security team and fund your s...
Australia Conference 2018_How to engage your it security team and fund your s...Australia Conference 2018_How to engage your it security team and fund your s...
Australia Conference 2018_How to engage your it security team and fund your s...
 
Doe run
Doe runDoe run
Doe run
 
Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...
Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...
Australia Conference 2018_Getting the best from ibm license metric tool (ilmt...
 
DHS HQ Day - Eric Cho
DHS HQ Day - Eric ChoDHS HQ Day - Eric Cho
DHS HQ Day - Eric Cho
 
Csiro 20180313 tdr_ands_webinar-data access portal
Csiro 20180313 tdr_ands_webinar-data access portalCsiro 20180313 tdr_ands_webinar-data access portal
Csiro 20180313 tdr_ands_webinar-data access portal
 
[AIIM16] A Look behind the Curtain: The State of the Industry Report
[AIIM16] A Look behind the Curtain: The State of the Industry Report[AIIM16] A Look behind the Curtain: The State of the Industry Report
[AIIM16] A Look behind the Curtain: The State of the Industry Report
 
HITECH-Meaningful Use and the Benefits of the PMI and ITIL Relationship
HITECH-Meaningful Use and the Benefits of the PMI and ITIL RelationshipHITECH-Meaningful Use and the Benefits of the PMI and ITIL Relationship
HITECH-Meaningful Use and the Benefits of the PMI and ITIL Relationship
 
Boost privacy protections with attribute-based access control
Boost privacy protections with attribute-based access control Boost privacy protections with attribute-based access control
Boost privacy protections with attribute-based access control
 
ADA - CoretrustSeal webinar presentation
ADA - CoretrustSeal webinar presentation ADA - CoretrustSeal webinar presentation
ADA - CoretrustSeal webinar presentation
 

Similar to IT Governance, Risk & Compliance (GRC) by Berk Algan

Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799
Meghna Verma
 
GRC in Australia slides
GRC in Australia slidesGRC in Australia slides
GRC in Australia slides
InSync Conference
 
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
aqel aqel
 
Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAAT
Jim Kaplan CIA CFE
 
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
AIIM International
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security Framework
Karthikeyan Dhayalan
 
IntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptxIntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptx
ssuserbdcb221
 
Agile in a highly regulated organization
Agile in a highly regulated organizationAgile in a highly regulated organization
Agile in a highly regulated organization
Tami Flowers
 
Best practice for_agile_ds_projects
Best practice for_agile_ds_projectsBest practice for_agile_ds_projects
Best practice for_agile_ds_projects
Khalid Kahloot
 
Business analytics why now_what next
Business analytics why now_what nextBusiness analytics why now_what next
Business analytics why now_what next
Bohitesh Misra, PMP
 
We Bought Some Tools
We Bought Some ToolsWe Bought Some Tools
We Bought Some Tools
Jim Bowker, CISSP
 
Maximo User Group Presentation extract - BIRT Reporting options
Maximo User Group Presentation extract - BIRT Reporting optionsMaximo User Group Presentation extract - BIRT Reporting options
Maximo User Group Presentation extract - BIRT Reporting options
Sai Paravastu
 
CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016
Hafiz Sheikh Adnan Ahmed
 
ITAM AUS 2017 BMC SAM Journey
ITAM AUS 2017 BMC SAM JourneyITAM AUS 2017 BMC SAM Journey
ITAM AUS 2017 BMC SAM Journey
Martin Thompson
 
How Western Alliance Bank is Innovating with Oracle Analytics Cloud
How Western Alliance Bank is Innovating with Oracle Analytics CloudHow Western Alliance Bank is Innovating with Oracle Analytics Cloud
How Western Alliance Bank is Innovating with Oracle Analytics Cloud
Perficient, Inc.
 
Governance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I StartGovernance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I Start
Stacy Deere
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurance
a3virani
 
MEGA Solution Footprint V5.pptx
MEGA Solution Footprint V5.pptxMEGA Solution Footprint V5.pptx
MEGA Solution Footprint V5.pptx
WissamShehab1
 
Fixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixnix GRC Suite A Glance
Fixnix GRC Suite A Glance
FixNix Inc.,
 

Similar to IT Governance, Risk & Compliance (GRC) by Berk Algan (20)

Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799Comparison of it governance framework-COBIT, ITIL, BS7799
Comparison of it governance framework-COBIT, ITIL, BS7799
 
GRC in Australia slides
GRC in Australia slidesGRC in Australia slides
GRC in Australia slides
 
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
 
Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAAT
 
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
[AIIM] Getting Stuff Done with Content - Tony Peleska and Jordan Jones
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security Framework
 
IntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptxIntroToActiveAuditHandbookEN.pptx
IntroToActiveAuditHandbookEN.pptx
 
Agile in a highly regulated organization
Agile in a highly regulated organizationAgile in a highly regulated organization
Agile in a highly regulated organization
 
Best practice for_agile_ds_projects
Best practice for_agile_ds_projectsBest practice for_agile_ds_projects
Best practice for_agile_ds_projects
 
Business analytics why now_what next
Business analytics why now_what nextBusiness analytics why now_what next
Business analytics why now_what next
 
We Bought Some Tools
We Bought Some ToolsWe Bought Some Tools
We Bought Some Tools
 
Maximo User Group Presentation extract - BIRT Reporting options
Maximo User Group Presentation extract - BIRT Reporting optionsMaximo User Group Presentation extract - BIRT Reporting options
Maximo User Group Presentation extract - BIRT Reporting options
 
CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016
 
ITAM AUS 2017 BMC SAM Journey
ITAM AUS 2017 BMC SAM JourneyITAM AUS 2017 BMC SAM Journey
ITAM AUS 2017 BMC SAM Journey
 
How Western Alliance Bank is Innovating with Oracle Analytics Cloud
How Western Alliance Bank is Innovating with Oracle Analytics CloudHow Western Alliance Bank is Innovating with Oracle Analytics Cloud
How Western Alliance Bank is Innovating with Oracle Analytics Cloud
 
Governance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I StartGovernance - O365 How It's Affected & Where Do I Start
Governance - O365 How It's Affected & Where Do I Start
 
Professional Designations IT Assurance
Professional Designations IT AssuranceProfessional Designations IT Assurance
Professional Designations IT Assurance
 
MEGA Solution Footprint V5.pptx
MEGA Solution Footprint V5.pptxMEGA Solution Footprint V5.pptx
MEGA Solution Footprint V5.pptx
 
Fixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixnix GRC Suite A Glance
Fixnix GRC Suite A Glance
 

Recently uploaded

How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
Lacey Max
 
TIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup IndustryTIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup Industry
timesbpobusiness
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
jeffkluth1
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Holger Mueller
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
taqyea
 
Pitch Deck Teardown: Kinnect's $250k Angel deck
Pitch Deck Teardown: Kinnect's $250k Angel deckPitch Deck Teardown: Kinnect's $250k Angel deck
Pitch Deck Teardown: Kinnect's $250k Angel deck
HajeJanKamps
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
hartfordclub1
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Kalyan Satta Matka Guessing Matka Result Main Bazar chart
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)
Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)
Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)
Lviv Startup Club
 
Best Competitive Marble Pricing in Dubai - ☎ 9928909666
Best Competitive Marble Pricing in Dubai - ☎ 9928909666Best Competitive Marble Pricing in Dubai - ☎ 9928909666
Best Competitive Marble Pricing in Dubai - ☎ 9928909666
Stone Art Hub
 
Digital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on SustainabilityDigital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on Sustainability
sssourabhsharma
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
JeremyPeirce1
 
Call8328958814 satta matka Kalyan result satta guessing
Call8328958814 satta matka Kalyan result satta guessingCall8328958814 satta matka Kalyan result satta guessing
Call8328958814 satta matka Kalyan result satta guessing
➑➌➋➑➒➎➑➑➊➍
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
CA Dr. Prithvi Ranjan Parhi
 
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
Aleksey Savkin
 
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
my Pandit
 

Recently uploaded (20)

How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....
 
TIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup IndustryTIMES BPO: Business Plan For Startup Industry
TIMES BPO: Business Plan For Startup Industry
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
 
Pitch Deck Teardown: Kinnect's $250k Angel deck
Pitch Deck Teardown: Kinnect's $250k Angel deckPitch Deck Teardown: Kinnect's $250k Angel deck
Pitch Deck Teardown: Kinnect's $250k Angel deck
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
 
Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)
Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)
Maksym Vyshnivetskyi: PMO KPIs (UA) (#12)
 
Best Competitive Marble Pricing in Dubai - ☎ 9928909666
Best Competitive Marble Pricing in Dubai - ☎ 9928909666Best Competitive Marble Pricing in Dubai - ☎ 9928909666
Best Competitive Marble Pricing in Dubai - ☎ 9928909666
 
Digital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on SustainabilityDigital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on Sustainability
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
 
Call8328958814 satta matka Kalyan result satta guessing
Call8328958814 satta matka Kalyan result satta guessingCall8328958814 satta matka Kalyan result satta guessing
Call8328958814 satta matka Kalyan result satta guessing
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
 
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...
 
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
 

IT Governance, Risk & Compliance (GRC) by Berk Algan

  • 1. Berk Algan, CGEIT, CRISC, CISA, CIPP Director of IT Governance, Risk & Compliance Silicon Valley Bank (SVB) Best Practices for Proactive IT Governance
  • 2. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Setting the Stage… Your Presenter • Ex-Big 4 Auditor & Consultant • Currently leading IT GRC Group at SVB • MBA, CGEIT, CRISC, CISA, CIPP • Passionate about setting up & improving IT GRC functions and processes Silicon Valley Bank (SVB) • Publicly traded US bank • International presence • Growing rapidly and on the verge of becoming a SIFI • $48B in assets; $21B in loans; $94B in deposits & investments* * As reported on a consolidated basis for the period end June 30, 2017
  • 3. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Agenda • Key Concepts • Best Practices – Initial Stages – The Middle • Final Thoughts • Questions & Answers
  • 5. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Governance in a Nutshell Create Structure Set Direction Measure& ActonOutcomes Define&Assign Responsibilities
  • 6. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Proactive vs. Reactive Proactive • Enabler • Self-driven • Take initiative • Continuous behavior Reactive • Burden • Driven by others • Fight fires • Responsive only when needed
  • 7. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Building Blocks
  • 8. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Three Lines of Defense
  • 10. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Understand your Stakeholders
  • 11. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Define what your “Good” looks like – Define the skill set and resources you need – Describe roles and responsibilities – Leverage best practices and frameworks – Create a roadmap of activities and timelines – Clearly articulate your scope of coverage – Add key details applicable to your organization – Identify when and how you will leverage technology
  • 12. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Sample High-Level IT Governance Roadmap
  • 13. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Bring everyone along • Executives • Employees • Contactors • Third parties
  • 15. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. 6 Steps for Proactive IT Governance
  • 16. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. 1. Choose & Define your Framework
  • 17. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. • Establish a structured program and framework – Define roles and responsibilities – Create and publish a Key Documents policy – Establish a Key Document repository • Review and update existing Key Documents • Identify gaps in Key Documents • Address gaps in Key Documents 2. Formalize your Key Documents* * Key Documents typically refer to a combination of policies, procedures, standards, guidelines and frameworks.
  • 18. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. • Create a control inventory that goes beyond regulatory requirements • Use a best-practice framework (i.e. COBIT) as a measuring stick • Identify, remediate or justify your control gaps • Develop an oversight process for your controls 3. Document all your Controls
  • 19. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. • Establish a strong 1st / 2nd line of defense function • Self-test your controls in a prioritized manner – Start where you have mature controls (e.g. SOX) – Move to testing less mature (or newer) controls – Identify issues and control deficiencies and fix them • Assess the risk of key processes and functions • Perform process maturity assessments 4. Perform Self-testing & Self-Assessments
  • 20. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. • Understand what is important to your stakeholders (Cybersecurity, Reliability, Cost Avoidance, Digitalization, Productivity etc.) • Create a Performance Management function • Define metrics, KPIs and KRIs that tell your story • Establish, monitor and report on the targets • Evolve the program as needs change 5. Measure and take action
  • 21. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. • Rationalize controls, processes and Key Documents • Automate where feasible • Leverage continuous monitoring • Introduce advanced KPIs & analysis 6. Improve, improve, improve…
  • 23. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Let’s do a recap…
  • 24. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. • You have full executive support • You have the resources you need • You no longer have to justify the value of proactive governance • Your governance processes are streamlined • Auditors are no longer finding major gaps You’re there (or closer) if…
  • 25. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Choose & Define your Framework • ISACA COBIT 5.0 Framework • ISACA IT Governance Institute (ITGI) Framework • COSO Internal Control- Integrated Framework Some Useful References (1/3)
  • 26. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Formalize Key Documents & Define Controls • ISACA COBIT 5.0 Framework • Information Technology Infrastructure Library (ITIL) for IT Service Management • National Institute of Standards and Technology (NIST) and the ISO/IEC 27000 family for Information Security • PMBOK Guide from the Project Management Institute for Project Management • Regulatory guidance/standards in your industry • The Open Group Architecture Framework (TOGAF) for Enterprise Architecture Some Useful References (2/3)
  • 27. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Perform Self-Testing & Self-Assessments • ISACA COBIT 5.0 Framework • ISACA Risk IT Framework • Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework from Carnegie Mellon Measure & Act • Balanced Scorecard Framework (BSC) from the Balanced Scorecard Institute (BSI) Some Useful References (3/3)
  • 28. Copyright © 2017 Information Systems Audit and Control Association, Inc. All rights reserved. Berk Algan Director, IT GRC at SVB Follow me on my blog: www.berkalgan.com Connect with me on LinkedIn: www.linkedin.com/in/berk-algan-governance-guru/ Questions & Answers