Wednesday, September 7, 2011
Monday, September 5, 2011
Monday, August 1, 2011
E-Governance
E-Governance refers to the use of data from IT to improve the accountability, efficiency, effectiveness, and transparency within an organization. Comprised of IT, people and processes, it is an application of electronic means to improve exchange of information and increase the operational effectiveness and efficiency. E-Governance involves determination and application of relevant regulations such as domain name to govern presence on the internet. Its focus is on the appropriateness of internal/external web user experience.
Why IT Governance
1. Implementation and integration of new IT strategies while overcoming institutionalized “silo” programs and funded processes.
2. Rewards based on singular program accomplishments, without the broader strategic focus.
3. Lack of delivery strategies across program boundaries
4. Increased user pressure from cloud/internet functionality and ease of use expectations
5. Drive for a cost-efficient single, common service and delivery interface in meeting user needs
2. Rewards based on singular program accomplishments, without the broader strategic focus.
3. Lack of delivery strategies across program boundaries
4. Increased user pressure from cloud/internet functionality and ease of use expectations
5. Drive for a cost-efficient single, common service and delivery interface in meeting user needs
Information Technology Governance
Information technology governance focuses mainly on leadership in effectively and efficiently using IT resources to meet business needs, encompassing structures and processes to implement strategies, develop standards and principles, and evaluate IT investment priorities, leveraging technology to add business value.
It combines accountability with the assignment of decision-making responsibilities. Governance includes cross-level communications about processes and key IT investments. When fully employed, IT governance is aligned with business governance. Its key components include collaboration, modular and incremental development and implementation of strategic and tactical initiatives.
It combines accountability with the assignment of decision-making responsibilities. Governance includes cross-level communications about processes and key IT investments. When fully employed, IT governance is aligned with business governance. Its key components include collaboration, modular and incremental development and implementation of strategic and tactical initiatives.
Wednesday, April 13, 2011
Dodd-Frank Act for Banks
• Volcker Rule
• Abolishes the Office of Thrift Supervision:
• Stronger lending limits
• Improves supervision of holding company subsidiaries
• Intermediate Holding Companies
• Interest on business checking
• Charter Conversions
• New Offices of Minority and Women Inclusion at the fed financial agencies
• Abolishes the Office of Thrift Supervision:
• Stronger lending limits
• Improves supervision of holding company subsidiaries
• Intermediate Holding Companies
• Interest on business checking
• Charter Conversions
• New Offices of Minority and Women Inclusion at the fed financial agencies
Dodd-Frank Act for Extraction Industry
TRANSPARENCY FOR EXTRACTION INDUSTRY
Tuesday, April 12, 2011
Dodd-Frank Act
- Consumer Protections with Authority and Independence
- Ends Too Big to Fail Bailouts
- Advance Warning Systems
- Transparency & Accountability for Exotic Instruments
- Executive Compensation and Corporate Governance
- Protects Investors
- Enforces Regulations on the Books
- Ends Too Big to Fail Bailouts
- Advance Warning Systems
- Transparency & Accountability for Exotic Instruments
- Executive Compensation and Corporate Governance
- Protects Investors
- Enforces Regulations on the Books
Saturday, February 26, 2011
Six Sigma Internal Audit
Six Sigma
Define
Measure
Analyze
Improve
Control
Internal Audit
Planning
Performance
Analysis
Recommendations
Follow Up
Friday, February 25, 2011
Key Sox Compliance Items
Develop action plans for ongoing maintenance and monitoring of internal controls in accordance policies and regulatory requirements, including the Sarbanes-Oxley Act.
Identify and implement internal controls process improvements
Recommend and implement process improvement solutions, including tools which enable these solutions.
Implement the Sarbanes-Oxley testing and evaluation plan and develop the ongoing procedures for maintenance and testing of company controls.
Provide metrics that measure effectiveness these of initiatives.
Ensure that all compliance and process improvement activities follow the appropriate change management, governance, and documentation requirements.
Conduct walk through(s) of processes and develop control guidance documentation and training materials.
Friday, January 28, 2011
Understand Information Systems Relevant to the Audit
• The manner in which transactions are initiated
• The nature and type of records and source documents
• The processing involved from the initiation of transactions to their final processing, including the nature of computer files and the manner in which they are accessed, updated, and deleted
• For financial audits, the process used to prepare the entity's financial statements and budget information, including significant accounting estimates, disclosures, and computerized processing.
• The nature and type of records and source documents
• The processing involved from the initiation of transactions to their final processing, including the nature of computer files and the manner in which they are accessed, updated, and deleted
• For financial audits, the process used to prepare the entity's financial statements and budget information, including significant accounting estimates, disclosures, and computerized processing.
FISCAM Federal Information System Controls Audit Manual Approach
Top-down, risk based approach that considers materiality and significance in determining effective and efficient audit procedures and is tailored to achieve the audit objectives.
Evaluation of entity-wide controls and their effect on audit risk.
Evaluation of general controls and their pervasive impact on business process application controls.
Evaluation of security management at all levels (entitywide, system, and business process application levels).
A control hierarchy (control categories, critical elements, and control activities) to assist in evaluating the significance of identified IS control weaknesses
Groupings of control categories consistent with the nature of the risk.
Experience gained in GAO’s performance and review of IS control audits, including field testing the concepts in this revised FISCAM.
Evaluation of entity-wide controls and their effect on audit risk.
Evaluation of general controls and their pervasive impact on business process application controls.
Evaluation of security management at all levels (entitywide, system, and business process application levels).
A control hierarchy (control categories, critical elements, and control activities) to assist in evaluating the significance of identified IS control weaknesses
Groupings of control categories consistent with the nature of the risk.
Experience gained in GAO’s performance and review of IS control audits, including field testing the concepts in this revised FISCAM.
Document Network Architecture
● internet presence
● firewalls, routers, and switches
● intrusion detection or prevention systems
● critical systems, such as Web and mail systems, file transfer systems, etc.
● network management systems
● connections to inter- and intra-agency sites
● connections to other external organizations
● remote access—virtual private network and dial-in
● wireless connections.
● firewalls, routers, and switches
● intrusion detection or prevention systems
● critical systems, such as Web and mail systems, file transfer systems, etc.
● network management systems
● connections to inter- and intra-agency sites
● connections to other external organizations
● remote access—virtual private network and dial-in
● wireless connections.
Plan the Information System Controls Audit
● Understand the overall audit objectives and related scope of the IS controls audit
● Obtain an understanding of an entity and its operations and key business processes
● Obtain a general understanding of the structure of the entity’s networks
● Identify key areas of audit interest (files, applications, systems, locations)
● Assess IS risk on a preliminary basis
● Identify critical control points (for example, external access points to networks)
● Obtain a preliminary understanding of IS controls
● Perform other audit planning procedures
● Obtain an understanding of an entity and its operations and key business processes
● Obtain a general understanding of the structure of the entity’s networks
● Identify key areas of audit interest (files, applications, systems, locations)
● Assess IS risk on a preliminary basis
● Identify critical control points (for example, external access points to networks)
● Obtain a preliminary understanding of IS controls
● Perform other audit planning procedures
Subscribe to:
Posts (Atom)