Downloaded 13 times
More Related Content
GRC - IT Audit.pptx
- 1.
- 2. What is GRC Governance,Risk, and Compliance (GRC) is a structured way to align IT with business goals while managing risks and meeting all industry and government regulations. It includes tools and processes to unify an organization's governance and risk management with its technological innovation and adoption Corporate Governance Policies Enterprise Risk Management programs Regulatory and Company compliance
- 3. GRC History GRC emergedas a discipline in the early 21st century when companies recognized that coordinating the people, processes and technologies. Three Components of GRC : • Governance refers to the ethical management of an organization by its leaders in accordance with approved business plans and strategies. • Risk management refers to an organization's process for identifying, categorizing, assessing and enacting strategies to minimize risks that would hinder its operations and to control risks that enhance operations. • Compliance refers to the level of adherence an organization has to the standards, regulations and best practices mandated by the business and by relevant governing bodies and laws.
- 4. Skills Required in GRC • Strongunderstanding of fundamental information security concepts and technology. • Experience with IT governance, risk, and compliance management in a large global environment. Excellent written and oral communication skills.
- 5.
- 6.
- 7. Internal Auditing • An internalaudit, which preserves its objectivity is carried out by company personnel reporting to : • The Audit committee of the Board of Directors • Top Management • Concerns compliance to company policies & Procedures • Involves an evaluation of internal controls and fraud • Tests for efficiency , effectiveness, and economy
- 8. External Auditing • The externalaudit, is carried out independent accountants • Has a secondary purpose to test that internal controls are strong and can be relied on to catch errors and fraud