management企業(yè)管理類英文_第1頁(yè)
management企業(yè)管理類英文_第2頁(yè)
management企業(yè)管理類英文_第3頁(yè)
management企業(yè)管理類英文_第4頁(yè)
management企業(yè)管理類英文_第5頁(yè)
已閱讀5頁(yè),還剩20頁(yè)未讀 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

Application-levelITRiskAssessment

ISACADenverChapterMeetingFebruary21,2008OutlineWhythistopic?SECinterpretiveguidanceABC’simplementationapproachDesignoftheITRAmodelModelwalk-through/Q&AWhyThisTopic?

GRCSpendingSkyrocketsGovernanceRiskComplianceBoardandEntityManagementEnterpriseRiskMgt

(COSO,COCO)PublicCompanies

(Sarbanes-Oxley,NYSE,Nasdaq,Turnbull,etc.)CorporatePolicyandProcedureManagementOperationalRiskMgtSOX-Like

(Japan,Canada,EU)ITGovernance

(CobiT,ISO17799&27001-ISM)ITRiskMgt

(CobiT,ITIL,etc.)SpecificAreas

(PCI-DSS,AML,etc.)InternalAuditDepartmentsFinancialInstitutionRiskMgt(BaselII,etc.)PersonalInformation

(FTC,HIPAA,GLBA,COPPA,EUD,etc.)WhyThisTopic?

USCongressRespondsPCAOBCreated

(07/30/02)PCAOBProposesAS2

(10/07/03)PCAOB&SECApproveAS2

(03/09/04&06/17/04)ICFROpinionsLargeAcceleratedFilers

(FYEs11/15/04+)RoundtableFeedback

(04/13/05)PCAOBPolicyStatement

(05/16/05)WhyThisTopic?

CorporateOutcryBegins “Thefirst-yearimplementationofnewrequirementsforpubliccompanies’internalcontroloverfinancialreporting(ICFR)provedmoreburdensomeandcostlythanexpected,resultinginanoutcryfromcorporateAmerica.”JournalofAccountancy,TwoYearsandCounting,June2007WhyThisTopic?

Fix:AuditFirmsPerthePCAOBPolicystatementissued5/16/05,theauditorsshould—IntegratetheirauditsTailorauditplanstotheirclient’srisksUseatop-downapproachUsetheworkofothersCommunicatedirectlyandtimelywithclientsWhyThisTopic?

SOXYearTwo-2005PCAOBSAGRe:InternalControl

(06/08/05)ICFROpinionsAcceleratedFilers

(FYEs07/15/05+)AS2ImplementationReport

(11/30/05)InternalControlAuditInspectionsReport

(05/01/06)RoundtableFeedback

(05/10/06)AndThen?WhyThisTopic?

CorporateOutcry(Cont)Theaveragecostofbeingapubliccompanywithrevenueunder$1billionrose$1.6million,or130%,sincetheSarbanes-Oxleyerabegan.

Source:“SecondAnniversary:TheImpactofSarbanes-Oxley,”InstitutionalShareholderServices,WhyThisTopic?

Fix:Issuer(&AuditFirms)PCAOBAnnouncesAS2Rewrite

(12/xx/06)PCAOBProposesGuidanceforIssuers

(12/20/06)SECApprovesInterpretiveGuidance

(05/23/07)PCAOBAdoptsAS5ReplacingAS2

(05/24/07)SECInterpretiveGuidanceEffective

(06/27/07)AS5Effective

(FYEs11/15/07+)Management’sReportRequired

(FYEs12/15/07+)SECAnnouncesSmallBizC&BStudy

(02/01/08)ICFROpinionsNon-AcceleratedFilers

(FYEs12/15/09+)SECInterpretiveGuidance

ForIssuerManagementGuidanceRegardingManagement’sReportonInternalControlOverFinancialReportingEffectiveDate:June27,2007ACTION:Interpretation.SECInterpretiveGuidance

UnderlyingPrinciplesManagementshould:Evaluatewhetherithasimplementedcontrolsthatadequatelyaddresstheriskthatamaterialmisstatementofthefinancialstatementswouldnotbepreventedordetectedinatimelymanner.Baseitsassessmentofriskontheevaluationofevidenceabouttheoperationofitscontrols.SECInterpretiveGuidance

BenefitsITRA

Overview-ApproachUseriskfactors(riskassessmentevaluationcriteria)toassessthelevelofinherentriskandcontrolriskforeachapplicationsystem.UsetheresultantriskratingstodeterminethelevelofoverallriskaccordingtotheCompany'smethodology.Usetheoverallriskassessmentratingtoguidetheappropriatelevelofinternalcontrolevaluationprocedurestobeapplied.ITRA

ModelWalk-ThroughITRA

RunSettingsAssignmentofpointvaluestoriskfactorsBreakpointswhichdefineLow,Medium,andHighriskapplicationsExcludingriskfactorcategoriesfromresultsExcludingmissing/unknowndataITRA

RiskFactorsInformationCategoriesAPPL(ApplicationSystems)ADOS(Application/DatabaseServerOperatingSystemsDBMS(DataBaseManagementSystems)PlusbasicAPPLinformationBiastowardsobjectivevssubjectiveevaluationcriteriaITRA

APPLBasicInformationNameSOX-Indicator-IC-DeptVendor-NameOriginal-Implementation-DateMajor-Release-Implementation-DateSoftware-VersionSupport-SourceInfrastructureManagement-SourceApp-Server-OS-Vendor,Product,Version,&SP-LevelDB-Server-OS-Vendor,Product,Version,&SP-LevelDB-DBMS-Vendor,Product,Version,&SP-LevelITRA

APPLRiskFactors(1of2)Vendor-ReputationMonths-Post-Original-Implementation-DateMonths-Post-Major-Release-DateVersion-SupportedUsers-CountCustomizationUser-ConfigurableSimple-or-Complex-LogicInterfaces-Total-CountInterfaces-Manual-CountChanges-Count-NormalChanges-Count-EmergencyFailures-CountRestores-CountITRA

APPLRiskFactors(2of2)Gaps-Security-CountGaps-Changes-CountGaps-QAAR-CountGaps-SOD-CountGaps-Other-CountOutages-Count-DaysOutages-HoursProcesses-Supported-CountBP-Risk-Average-InherentMateriality-I-CountMateriality-G-CountMateriality-S-CountITTierITRA

ADOSRiskFactorsOutsourcer-SAS70ReportOpinion,TestingExceptions-Moderate,&TestingExceptions-MajorAppServerOS-Vendor-ReputationDBServerOS-Vendor-ReputationAppServerOS-Version-SupportedDBServerOS-Version-SupportedChanges-CountFailures-CountGaps-Security-CountGaps-Changes-CountGaps-QOSR-CountGaps-Other-CountProduction-Server-CountITRA

DBMSRiskFactorsVendor-ReputationVersion-SupportedChanges-CountFailures-CountGaps-Security-CountGaps-Changes-CountGaps-QDBR-CountGaps-Other-CountITRA

ModelWalk-Through(cont)ITRA

MajorDataSourcesICDepartmentAPPLLi

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

最新文檔

評(píng)論

0/150

提交評(píng)論