management企業(yè)管理類英文_第1頁
management企業(yè)管理類英文_第2頁
management企業(yè)管理類英文_第3頁
management企業(yè)管理類英文_第4頁
management企業(yè)管理類英文_第5頁
已閱讀5頁,還剩20頁未讀, 繼續(xù)免費閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進行舉報或認領

文檔簡介

Application-levelITRiskAssessment

ISACADenverChapterMeetingFebruary21,2008OutlineWhythistopic?SECinterpretiveguidanceABC’simplementationapproachDesignoftheITRAmodelModelwalk-through/Q&AWhyThisTopic?

GRCSpendingSkyrocketsGovernanceRiskComplianceBoardandEntityManagementEnterpriseRiskMgt

(COSO,COCO)PublicCompanies

(Sarbanes-Oxley,NYSE,Nasdaq,Turnbull,etc.)CorporatePolicyandProcedureManagementOperationalRiskMgtSOX-Like

(Japan,Canada,EU)ITGovernance

(CobiT,ISO17799&27001-ISM)ITRiskMgt

(CobiT,ITIL,etc.)SpecificAreas

(PCI-DSS,AML,etc.)InternalAuditDepartmentsFinancialInstitutionRiskMgt(BaselII,etc.)PersonalInformation

(FTC,HIPAA,GLBA,COPPA,EUD,etc.)WhyThisTopic?

USCongressRespondsPCAOBCreated

(07/30/02)PCAOBProposesAS2

(10/07/03)PCAOB&SECApproveAS2

(03/09/04&06/17/04)ICFROpinionsLargeAcceleratedFilers

(FYEs11/15/04+)RoundtableFeedback

(04/13/05)PCAOBPolicyStatement

(05/16/05)WhyThisTopic?

CorporateOutcryBegins “Thefirst-yearimplementationofnewrequirementsforpubliccompanies’internalcontroloverfinancialreporting(ICFR)provedmoreburdensomeandcostlythanexpected,resultinginanoutcryfromcorporateAmerica.”JournalofAccountancy,TwoYearsandCounting,June2007WhyThisTopic?

Fix:AuditFirmsPerthePCAOBPolicystatementissued5/16/05,theauditorsshould—IntegratetheirauditsTailorauditplanstotheirclient’srisksUseatop-downapproachUsetheworkofothersCommunicatedirectlyandtimelywithclientsWhyThisTopic?

SOXYearTwo-2005PCAOBSAGRe:InternalControl

(06/08/05)ICFROpinionsAcceleratedFilers

(FYEs07/15/05+)AS2ImplementationReport

(11/30/05)InternalControlAuditInspectionsReport

(05/01/06)RoundtableFeedback

(05/10/06)AndThen?WhyThisTopic?

CorporateOutcry(Cont)Theaveragecostofbeingapubliccompanywithrevenueunder$1billionrose$1.6million,or130%,sincetheSarbanes-Oxleyerabegan.

Source:“SecondAnniversary:TheImpactofSarbanes-Oxley,”InstitutionalShareholderServices,WhyThisTopic?

Fix:Issuer(&AuditFirms)PCAOBAnnouncesAS2Rewrite

(12/xx/06)PCAOBProposesGuidanceforIssuers

(12/20/06)SECApprovesInterpretiveGuidance

(05/23/07)PCAOBAdoptsAS5ReplacingAS2

(05/24/07)SECInterpretiveGuidanceEffective

(06/27/07)AS5Effective

(FYEs11/15/07+)Management’sReportRequired

(FYEs12/15/07+)SECAnnouncesSmallBizC&BStudy

(02/01/08)ICFROpinionsNon-AcceleratedFilers

(FYEs12/15/09+)SECInterpretiveGuidance

ForIssuerManagementGuidanceRegardingManagement’sReportonInternalControlOverFinancialReportingEffectiveDate:June27,2007ACTION:Interpretation.SECInterpretiveGuidance

UnderlyingPrinciplesManagementshould:Evaluatewhetherithasimplementedcontrolsthatadequatelyaddresstheriskthatamaterialmisstatementofthefinancialstatementswouldnotbepreventedordetectedinatimelymanner.Baseitsassessmentofriskontheevaluationofevidenceabouttheoperationofitscontrols.SECInterpretiveGuidance

BenefitsITRA

Overview-ApproachUseriskfactors(riskassessmentevaluationcriteria)toassessthelevelofinherentriskandcontrolriskforeachapplicationsystem.UsetheresultantriskratingstodeterminethelevelofoverallriskaccordingtotheCompany'smethodology.Usetheoverallriskassessmentratingtoguidetheappropriatelevelofinternalcontrolevaluationprocedurestobeapplied.ITRA

ModelWalk-ThroughITRA

RunSettingsAssignmentofpointvaluestoriskfactorsBreakpointswhichdefineLow,Medium,andHighriskapplicationsExcludingriskfactorcategoriesfromresultsExcludingmissing/unknowndataITRA

RiskFactorsInformationCategoriesAPPL(ApplicationSystems)ADOS(Application/DatabaseServerOperatingSystemsDBMS(DataBaseManagementSystems)PlusbasicAPPLinformationBiastowardsobjectivevssubjectiveevaluationcriteriaITRA

APPLBasicInformationNameSOX-Indicator-IC-DeptVendor-NameOriginal-Implementation-DateMajor-Release-Implementation-DateSoftware-VersionSupport-SourceInfrastructureManagement-SourceApp-Server-OS-Vendor,Product,Version,&SP-LevelDB-Server-OS-Vendor,Product,Version,&SP-LevelDB-DBMS-Vendor,Product,Version,&SP-LevelITRA

APPLRiskFactors(1of2)Vendor-ReputationMonths-Post-Original-Implementation-DateMonths-Post-Major-Release-DateVersion-SupportedUsers-CountCustomizationUser-ConfigurableSimple-or-Complex-LogicInterfaces-Total-CountInterfaces-Manual-CountChanges-Count-NormalChanges-Count-EmergencyFailures-CountRestores-CountITRA

APPLRiskFactors(2of2)Gaps-Security-CountGaps-Changes-CountGaps-QAAR-CountGaps-SOD-CountGaps-Other-CountOutages-Count-DaysOutages-HoursProcesses-Supported-CountBP-Risk-Average-InherentMateriality-I-CountMateriality-G-CountMateriality-S-CountITTierITRA

ADOSRiskFactorsOutsourcer-SAS70ReportOpinion,TestingExceptions-Moderate,&TestingExceptions-MajorAppServerOS-Vendor-ReputationDBServerOS-Vendor-ReputationAppServerOS-Version-SupportedDBServerOS-Version-SupportedChanges-CountFailures-CountGaps-Security-CountGaps-Changes-CountGaps-QOSR-CountGaps-Other-CountProduction-Server-CountITRA

DBMSRiskFactorsVendor-ReputationVersion-SupportedChanges-CountFailures-CountGaps-Security-CountGaps-Changes-CountGaps-QDBR-CountGaps-Other-CountITRA

ModelWalk-Through(cont)ITRA

MajorDataSourcesICDepartmentAPPLLi

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預覽,若沒有圖紙預覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負責。
  • 6. 下載文件中如有侵權(quán)或不適當內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論