SlideShare a Scribd company logo

ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widhanto 3 Lines of Defense based on COBIT 5

R
rahmatmoelyana

This document discusses the three lines of defense model for risk management and internal controls. The first line of defense comprises operational management who implement controls on a daily basis. The second line involves risk management and compliance functions that assess risks and monitor control implementation. The third line provides independent assurance through internal audit functions on the effectiveness of governance, risk management and controls, including the work of the first two lines. The document also notes challenges in aligning risk, control and assurance practices in Indonesia and how COBIT 5 can provide frameworks to address these challenges.

BusinessTechnology
1 of 5
Download to read offline
Discussion Material The Three Lines of Defence H.S. Widhanto, CIA, CISA, CRISC, CRMA
H.S. Widhanto, CIA, CISA, CRISC, CRMA IT Governance, Risk Management, Internal Control and Assurance Pratitioner • Independent Commissioner and Audit Committee Chairman PT. Bina Artha Ventura (Microfinance) • Risk Management Adviser PT. Perusahaan Gas Negara (Persero) Tbk, • Risk Management Committee Member PT. Petrokimia Gresik • Partner and Director PT. Centria Integrity Advisory 1
Three Lines of Defence: The Generic Model2 1st Line 2nd Line 3rd Line Executive: Senior Management Oversight Body Audit Committee Risk Management Committee Operational Management Function Risk Management - Compliance Function Internal Audit Function • Maintain and implement controls on a day-to-day basis • Assess, communicate, and mitigate risks • Facilitate and monitor the implementation of risk management practices by the operational management function • Report adequate risk- related information throughout the organization • Monitong compliance to regulations Provides assurance on the effectiveness of governance, risk management, and internal controls, including the effectiveness of the first and second lines of defence
Today’s Challenges in Indonesia Unaligned risk, control, assurance practices within and organisation Symptom: 1. No common language and framework 2. No common framework 3. Unaligned policies and procedures pertaining to risk management, control and assurance Capacity building paradox Symptom: The first line of defence experiences the least amount of risk management (and control) training Low (unacceptable) level of risk management maturity in place Symptom: The Internal Audit function could not rely on the risk management reports produced by the Risk Management function 3
The Three Lines of Defence (for IT) : Using COBIT 5 as Reference Framework 4 Lines of Defence Main Concerns What does COBIT 5 provide ? Remarks Adequate IT processes and controls design A set of common IT processes and controls as the basis for designing an integrated IT policies and procedures • Adequate and implementable IT risk management framework, policies and procedures • Enhance maturiy level COBIT 5 For Risk (currently under developmment) Risk IT: • End-to-end implementation framework • Maturity level enhancement programmes COBIT 5 builds on previous versions of COBIT, Val IT and Risk IT so organisations can also refer to Risk IT for this purpose Effective risk based IT audit process and audit programmes (audit procedures) Assurance guide that provides the basis for practical audit programmes ( IT control effectiveness testing procedures) 1st Line 2nd Line 3rd Line

Recommended

The Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringThe Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringCaseWare IDEA
 
Second line of defense - advantages and set up
Second line of defense - advantages and set up Second line of defense - advantages and set up
Second line of defense - advantages and set up Jim McClanahan
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Example of fisma compliance analysis.1
Example of fisma compliance analysis.1Example of fisma compliance analysis.1
Example of fisma compliance analysis.1Sal Velasco
 
Regulatory Risk
Regulatory RiskRegulatory Risk
Regulatory Risknikatmalik
 
Sppt chap003
Sppt chap003Sppt chap003
Sppt chap003Awais Ahmed
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksHernan Huwyler, MBA CPA
 
Valasquez - Line of defense whitepaper
Valasquez - Line of defense whitepaperValasquez - Line of defense whitepaper
Valasquez - Line of defense whitepaperJoe Valasquez
 

Recommended

The Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringThe Three Lines of Defense Model & Continuous Controls Monitoring
The Three Lines of Defense Model & Continuous Controls MonitoringCaseWare IDEA
 
Second line of defense - advantages and set up
Second line of defense - advantages and set up Second line of defense - advantages and set up
Second line of defense - advantages and set up Jim McClanahan
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Example of fisma compliance analysis.1
Example of fisma compliance analysis.1Example of fisma compliance analysis.1
Example of fisma compliance analysis.1Sal Velasco
 
Regulatory Risk
Regulatory RiskRegulatory Risk
Regulatory Risknikatmalik
 
Sppt chap003
Sppt chap003Sppt chap003
Sppt chap003Awais Ahmed
 
Information Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksInformation Risk Management - Cyber Risk Management - IT Risks
Information Risk Management - Cyber Risk Management - IT RisksHernan Huwyler, MBA CPA
 
Valasquez - Line of defense whitepaper
Valasquez - Line of defense whitepaperValasquez - Line of defense whitepaper
Valasquez - Line of defense whitepaperJoe Valasquez
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Risk Management Institution of Australasia
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk managementG3 intelligence Ltd
 
Rm 11-1
Rm 11-1Rm 11-1
Rm 11-1tomkacy
 
Risk review v diagnostic review
Risk review v diagnostic reviewRisk review v diagnostic review
Risk review v diagnostic reviewAdamRice38
 
Operation Risk Management 03
Operation Risk Management 03Operation Risk Management 03
Operation Risk Management 03Institute of Mgt. and Information Science
 
Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Sadia Razzaq
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking SectorSanjay Kumbhar
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.Unified11
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
Riskpro - Operational Risk Management
Riskpro - Operational Risk ManagementRiskpro - Operational Risk Management
Riskpro - Operational Risk ManagementManoj Jain
 
TPRM - POV Presentation Final v2
TPRM - POV Presentation Final v2 TPRM - POV Presentation Final v2
TPRM - POV Presentation Final v2 Jason Mussman
 
Hernan Huwyler MetricStream German Law idw ps 340
Hernan Huwyler MetricStream German Law idw ps 340Hernan Huwyler MetricStream German Law idw ps 340
Hernan Huwyler MetricStream German Law idw ps 340Hernan Huwyler, MBA CPA
 
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECVendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECControlCase
 
Directory: Regulatory & Risk Data
Directory: Regulatory & Risk DataDirectory: Regulatory & Risk Data
Directory: Regulatory & Risk DataConor Coughlan
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk pptNehaKamboj10
 
Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...Chiang Mai University School of Public Policy
 
corporate risk management
corporate risk management corporate risk management
corporate risk managementUniversiti Malaysia Pahang
 
Nfpa apsei evolution-ofsecurity_wl_14092010
Nfpa apsei evolution-ofsecurity_wl_14092010Nfpa apsei evolution-ofsecurity_wl_14092010
Nfpa apsei evolution-ofsecurity_wl_14092010Nuno Tasso de Figueiredo
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
 
Pp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlPp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlErwin Morales
 
ISACA Indonesia Special Technical Session feat Erik Guldentops - Indonesia Re...
ISACA Indonesia Special Technical Session feat Erik Guldentops - Indonesia Re...ISACA Indonesia Special Technical Session feat Erik Guldentops - Indonesia Re...
ISACA Indonesia Special Technical Session feat Erik Guldentops - Indonesia Re...rahmatmoelyana
 

More Related Content

What's hot

Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk managementG3 intelligence Ltd
 
Risk review v diagnostic review
Risk review v diagnostic reviewRisk review v diagnostic review
Risk review v diagnostic reviewAdamRice38
 
Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Sadia Razzaq
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking SectorSanjay Kumbhar
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.Unified11
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Eneni Oduwole
 
Riskpro - Operational Risk Management
Riskpro - Operational Risk ManagementRiskpro - Operational Risk Management
Riskpro - Operational Risk ManagementManoj Jain
 
TPRM - POV Presentation Final v2
TPRM - POV Presentation Final v2 TPRM - POV Presentation Final v2
TPRM - POV Presentation Final v2 Jason Mussman
 
Hernan Huwyler MetricStream German Law idw ps 340
Hernan Huwyler MetricStream German Law idw ps 340Hernan Huwyler MetricStream German Law idw ps 340
Hernan Huwyler MetricStream German Law idw ps 340Hernan Huwyler, MBA CPA
 
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECVendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECControlCase
 
Directory: Regulatory & Risk Data
Directory: Regulatory & Risk DataDirectory: Regulatory & Risk Data
Directory: Regulatory & Risk DataConor Coughlan
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk pptNehaKamboj10
 
Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 
Nfpa apsei evolution-ofsecurity_wl_14092010
Nfpa apsei evolution-ofsecurity_wl_14092010Nfpa apsei evolution-ofsecurity_wl_14092010
Nfpa apsei evolution-ofsecurity_wl_14092010Nuno Tasso de Figueiredo
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
 

What's hot (20)

Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk management
 
Rm 11-1
Rm 11-1Rm 11-1
Rm 11-1
 
Risk review v diagnostic review
Risk review v diagnostic reviewRisk review v diagnostic review
Risk review v diagnostic review
 
Operation Risk Management 03
Operation Risk Management 03Operation Risk Management 03
Operation Risk Management 03
 
Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking Sector
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
 
Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...Operational Risk Management - A Gateway to managing the risk profile of your...
Operational Risk Management - A Gateway to managing the risk profile of your...
 
Riskpro - Operational Risk Management
Riskpro - Operational Risk ManagementRiskpro - Operational Risk Management
Riskpro - Operational Risk Management
 
TPRM - POV Presentation Final v2
TPRM - POV Presentation Final v2 TPRM - POV Presentation Final v2
TPRM - POV Presentation Final v2
 
Hernan Huwyler MetricStream German Law idw ps 340
Hernan Huwyler MetricStream German Law idw ps 340Hernan Huwyler MetricStream German Law idw ps 340
Hernan Huwyler MetricStream German Law idw ps 340
 
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIECVendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
Vendor Management - PCI DSS, ISO 27001, E13PA,HIPPA & FFIEC
 
Directory: Regulatory & Risk Data
Directory: Regulatory & Risk DataDirectory: Regulatory & Risk Data
Directory: Regulatory & Risk Data
 
Operational risk ppt
Operational risk pptOperational risk ppt
Operational risk ppt
 
Risk identification
Risk identificationRisk identification
Risk identification
 
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
 
corporate risk management
corporate risk management corporate risk management
corporate risk management
 
Nfpa apsei evolution-ofsecurity_wl_14092010
Nfpa apsei evolution-ofsecurity_wl_14092010Nfpa apsei evolution-ofsecurity_wl_14092010
Nfpa apsei evolution-ofsecurity_wl_14092010
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
 

Viewers also liked

Pp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlPp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlErwin Morales
 
ISACA Indonesia Special Technical Session feat Erik Guldentops - Indonesia Re...
ISACA Indonesia Special Technical Session feat Erik Guldentops - Indonesia Re...ISACA Indonesia Special Technical Session feat Erik Guldentops - Indonesia Re...
ISACA Indonesia Special Technical Session feat Erik Guldentops - Indonesia Re...rahmatmoelyana
 
Rahmat mulyana isaca tech session - mapping cobit 5 & per-02-mbu-2013
Rahmat mulyana isaca tech session - mapping cobit 5 & per-02-mbu-2013Rahmat mulyana isaca tech session - mapping cobit 5 & per-02-mbu-2013
Rahmat mulyana isaca tech session - mapping cobit 5 & per-02-mbu-2013rahmatmoelyana
 
ISACA Indonesia Technical Session - feat Erik Guldentops - panelist Rahmat Mu...
ISACA Indonesia Technical Session - feat Erik Guldentops - panelist Rahmat Mu...ISACA Indonesia Technical Session - feat Erik Guldentops - panelist Rahmat Mu...
ISACA Indonesia Technical Session - feat Erik Guldentops - panelist Rahmat Mu...rahmatmoelyana
 
SNI ISO/IEC 38500 IT Governance - Chandra Yulistia
SNI ISO/IEC 38500 IT Governance - Chandra YulistiaSNI ISO/IEC 38500 IT Governance - Chandra Yulistia
SNI ISO/IEC 38500 IT Governance - Chandra Yulistiarahmatmoelyana
 
Project, Program & Portofolio Management Contribution, an Article from the PM...
Project, Program & Portofolio Management Contribution, an Article from the PM...Project, Program & Portofolio Management Contribution, an Article from the PM...
Project, Program & Portofolio Management Contribution, an Article from the PM...rahmatmoelyana
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditManoj Agarwal
 
KPMG - BCBS239_Bracing for Change
KPMG - BCBS239_Bracing for ChangeKPMG - BCBS239_Bracing for Change
KPMG - BCBS239_Bracing for ChangeNanda Thiruvengadam
 
Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Rebecca1243
 
ModelDrivers the BCBS239 agile data management framework
ModelDrivers the BCBS239 agile data management frameworkModelDrivers the BCBS239 agile data management framework
ModelDrivers the BCBS239 agile data management frameworkGreg Soulsby
 
Implementing bcbs 239 rdarr
Implementing bcbs 239 rdarrImplementing bcbs 239 rdarr
Implementing bcbs 239 rdarrmzahidgill
 
BCBS 239 - Risk Data Adequacy
BCBS 239 - Risk Data AdequacyBCBS 239 - Risk Data Adequacy
BCBS 239 - Risk Data Adequacynikatmalik
 
Alignment: Office of the Chief Data Officer & BCBS 239
Alignment: Office of the Chief Data Officer & BCBS 239Alignment: Office of the Chief Data Officer & BCBS 239
Alignment: Office of the Chief Data Officer & BCBS 239Craig Milroy
 
Best Practices in Model Risk Audit
Best Practices in Model Risk AuditBest Practices in Model Risk Audit
Best Practices in Model Risk AuditJacob Kosoff
 
EY FSO Internal Audit Services_final
EY FSO Internal Audit Services_finalEY FSO Internal Audit Services_final
EY FSO Internal Audit Services_finalVincent Jorna
 
Portifólio de patrocínio Global Risk Meeting 2011
Portifólio de patrocínio Global Risk Meeting 2011Portifólio de patrocínio Global Risk Meeting 2011
Portifólio de patrocínio Global Risk Meeting 2011Mariana Lima
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionDuncan O. Ogutu; CPA, CFE
 
IIA NL IAF.combining functions
IIA NL IAF.combining functionsIIA NL IAF.combining functions
IIA NL IAF.combining functionsMichel Kee
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 

Viewers also liked (20)

Pp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and controlPp the three lines of defense in effective risk management and control
Pp the three lines of defense in effective risk management and control
 
ISACA Indonesia Special Technical Session feat Erik Guldentops - Indonesia Re...
ISACA Indonesia Special Technical Session feat Erik Guldentops - Indonesia Re...ISACA Indonesia Special Technical Session feat Erik Guldentops - Indonesia Re...
ISACA Indonesia Special Technical Session feat Erik Guldentops - Indonesia Re...
 
Rahmat mulyana isaca tech session - mapping cobit 5 & per-02-mbu-2013
Rahmat mulyana isaca tech session - mapping cobit 5 & per-02-mbu-2013Rahmat mulyana isaca tech session - mapping cobit 5 & per-02-mbu-2013
Rahmat mulyana isaca tech session - mapping cobit 5 & per-02-mbu-2013
 
ISACA Indonesia Technical Session - feat Erik Guldentops - panelist Rahmat Mu...
ISACA Indonesia Technical Session - feat Erik Guldentops - panelist Rahmat Mu...ISACA Indonesia Technical Session - feat Erik Guldentops - panelist Rahmat Mu...
ISACA Indonesia Technical Session - feat Erik Guldentops - panelist Rahmat Mu...
 
SNI ISO/IEC 38500 IT Governance - Chandra Yulistia
SNI ISO/IEC 38500 IT Governance - Chandra YulistiaSNI ISO/IEC 38500 IT Governance - Chandra Yulistia
SNI ISO/IEC 38500 IT Governance - Chandra Yulistia
 
Project, Program & Portofolio Management Contribution, an Article from the PM...
Project, Program & Portofolio Management Contribution, an Article from the PM...Project, Program & Portofolio Management Contribution, an Article from the PM...
Project, Program & Portofolio Management Contribution, an Article from the PM...
 
Practical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal AuditPractical approach to Risk Based Internal Audit
Practical approach to Risk Based Internal Audit
 
Contegofirebarrier Intumescent Latex
Contegofirebarrier Intumescent LatexContegofirebarrier Intumescent Latex
Contegofirebarrier Intumescent Latex
 
KPMG - BCBS239_Bracing for Change
KPMG - BCBS239_Bracing for ChangeKPMG - BCBS239_Bracing for Change
KPMG - BCBS239_Bracing for Change
 
Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014Contego Fraud Solutions Ltd fin tech week 2014
Contego Fraud Solutions Ltd fin tech week 2014
 
ModelDrivers the BCBS239 agile data management framework
ModelDrivers the BCBS239 agile data management frameworkModelDrivers the BCBS239 agile data management framework
ModelDrivers the BCBS239 agile data management framework
 
Implementing bcbs 239 rdarr
Implementing bcbs 239 rdarrImplementing bcbs 239 rdarr
Implementing bcbs 239 rdarr
 
BCBS 239 - Risk Data Adequacy
BCBS 239 - Risk Data AdequacyBCBS 239 - Risk Data Adequacy
BCBS 239 - Risk Data Adequacy
 
Alignment: Office of the Chief Data Officer & BCBS 239
Alignment: Office of the Chief Data Officer & BCBS 239Alignment: Office of the Chief Data Officer & BCBS 239
Alignment: Office of the Chief Data Officer & BCBS 239
 
Best Practices in Model Risk Audit
Best Practices in Model Risk AuditBest Practices in Model Risk Audit
Best Practices in Model Risk Audit
 
EY FSO Internal Audit Services_final
EY FSO Internal Audit Services_finalEY FSO Internal Audit Services_final
EY FSO Internal Audit Services_final
 
Portifólio de patrocínio Global Risk Meeting 2011
Portifólio de patrocínio Global Risk Meeting 2011Portifólio de patrocínio Global Risk Meeting 2011
Portifólio de patrocínio Global Risk Meeting 2011
 
ISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final VersionISO Internal Auditors Workshop_Final Version
ISO Internal Auditors Workshop_Final Version
 
IIA NL IAF.combining functions
IIA NL IAF.combining functionsIIA NL IAF.combining functions
IIA NL IAF.combining functions
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 

Similar to ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widhanto 3 Lines of Defense based on COBIT 5

EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPScott Baron
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSShivamSharma909
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesManoj Agarwal
 
Weaver - Financial Institutions Consulting
Weaver - Financial Institutions ConsultingWeaver - Financial Institutions Consulting
Weaver - Financial Institutions ConsultingAndrew Topa
 
Cyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptxCyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptxkoushikDutta62
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsNimonik
 
Ch2-CIISA_IT Governance.pdf
Ch2-CIISA_IT Governance.pdfCh2-CIISA_IT Governance.pdf
Ch2-CIISA_IT Governance.pdfDanteHayashi
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
Ch 3a: Risk Management Concepts
Ch 3a: Risk Management ConceptsCh 3a: Risk Management Concepts
Ch 3a: Risk Management ConceptsSam Bowne
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planninggoreankush1
 

Similar to ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widhanto 3 Lines of Defense based on COBIT 5 (20)

EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
 
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMSCISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
CISA Domain 1 The Process On AUDITING INFORMATION SYSTEMS
 
Risk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling TechniquesRisk Based Internal Audit and Sampling Techniques
Risk Based Internal Audit and Sampling Techniques
 
Weaver - Financial Institutions Consulting
Weaver - Financial Institutions ConsultingWeaver - Financial Institutions Consulting
Weaver - Financial Institutions Consulting
 
Cyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptxCyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptx
 
RISE's Training Catalog
RISE's Training CatalogRISE's Training Catalog
RISE's Training Catalog
 
File000170
File000170File000170
File000170
 
Ch2 2009 cisa
Ch2 2009 cisaCh2 2009 cisa
Ch2 2009 cisa
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
 
Practical IT auditing
Practical IT auditingPractical IT auditing
Practical IT auditing
 
Ch2-CIISA_IT Governance.pdf
Ch2-CIISA_IT Governance.pdfCh2-CIISA_IT Governance.pdf
Ch2-CIISA_IT Governance.pdf
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
Ch 3a: Risk Management Concepts
Ch 3a: Risk Management ConceptsCh 3a: Risk Management Concepts
Ch 3a: Risk Management Concepts
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planning
 
module_1.pptx
module_1.pptxmodule_1.pptx
module_1.pptx
 

Recently uploaded

Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...lizamodels9
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfOrient Homes
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfmuskan1121w
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewasmakika9823
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 

Recently uploaded (20)

Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
Lowrate Call Girls In Laxmi Nagar Delhi ❤️8860477959 Escorts 100% Genuine Ser...
 
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdfCatalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdf
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
rishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdfrishikeshgirls.in- Rishikesh call girl.pdf
rishikeshgirls.in- Rishikesh call girl.pdf
 
Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.Eni 2024 1Q Results - 24.04.24 business.
Eni 2024 1Q Results - 24.04.24 business.
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service DewasVip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Best Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting PartnershipBest Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting Partnership
 

ISACA Indonesia Special Technical Session feat Erik Guldentops Panelist Widhanto 3 Lines of Defense based on COBIT 5

  • 1. Discussion Material The Three Lines of Defence H.S. Widhanto, CIA, CISA, CRISC, CRMA
  • 2. H.S. Widhanto, CIA, CISA, CRISC, CRMA IT Governance, Risk Management, Internal Control and Assurance Pratitioner • Independent Commissioner and Audit Committee Chairman PT. Bina Artha Ventura (Microfinance) • Risk Management Adviser PT. Perusahaan Gas Negara (Persero) Tbk, • Risk Management Committee Member PT. Petrokimia Gresik • Partner and Director PT. Centria Integrity Advisory 1
  • 3. Three Lines of Defence: The Generic Model2 1st Line 2nd Line 3rd Line Executive: Senior Management Oversight Body Audit Committee Risk Management Committee Operational Management Function Risk Management - Compliance Function Internal Audit Function • Maintain and implement controls on a day-to-day basis • Assess, communicate, and mitigate risks • Facilitate and monitor the implementation of risk management practices by the operational management function • Report adequate risk- related information throughout the organization • Monitong compliance to regulations Provides assurance on the effectiveness of governance, risk management, and internal controls, including the effectiveness of the first and second lines of defence
  • 4. Today’s Challenges in Indonesia Unaligned risk, control, assurance practices within and organisation Symptom: 1. No common language and framework 2. No common framework 3. Unaligned policies and procedures pertaining to risk management, control and assurance Capacity building paradox Symptom: The first line of defence experiences the least amount of risk management (and control) training Low (unacceptable) level of risk management maturity in place Symptom: The Internal Audit function could not rely on the risk management reports produced by the Risk Management function 3
  • 5. The Three Lines of Defence (for IT) : Using COBIT 5 as Reference Framework 4 Lines of Defence Main Concerns What does COBIT 5 provide ? Remarks Adequate IT processes and controls design A set of common IT processes and controls as the basis for designing an integrated IT policies and procedures • Adequate and implementable IT risk management framework, policies and procedures • Enhance maturiy level COBIT 5 For Risk (currently under developmment) Risk IT: • End-to-end implementation framework • Maturity level enhancement programmes COBIT 5 builds on previous versions of COBIT, Val IT and Risk IT so organisations can also refer to Risk IT for this purpose Effective risk based IT audit process and audit programmes (audit procedures) Assurance guide that provides the basis for practical audit programmes ( IT control effectiveness testing procedures) 1st Line 2nd Line 3rd Line