IT审计的价值转变.pdf

《IT审计的价值转变.pdf》由会员分享，可在线阅读，更多相关《IT审计的价值转变.pdf（19页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、1 ACL Services L E-mail: Transforming Audit and RiskTransforming Audit and Risk 改变审计与风险改变审计与风险 2 E-mail: TEAM CYA AUDIT,RISK,&COMPLIANCE Audits Value TransformationAudits Value Transformation 审计的价值转变审计的价值转变 AUDIT RISK MANAGEMENT COMPLIANCE CFO AUDIT COMMITTEE ACCOUNTING&FINANCE 3 E-mail: The IIA“Thr

2、ee Lines of Defense”ModelThe IIA“Three Lines of Defense”Model 国际内审协会的国际内审协会的“三道防线三道防线”模型模型 “GRC”“INTEGRATED GRC”“GRC REPORTING”“AUDIT”4 E-mail: Transforming Audit Transforming Audit 变革中的审计变革中的审计 ACLs Vision for Integrated,HighACLs Vision for Integrated,High-Impact AuditImpact Audit Risk Assessment K

3、nowledge Content Audit Management Audit Analytics 5 E-mail: Corporate Risks Audits Objectives“What Could Go Wrongs”Controls Tests Exceptions Findings Effective Audit ProcessEffective Audit Process 高效的审计流程高效的审计流程 6 E-mail: Corporate Risks Audits Objectives“What Could Go Wrongs”Controls Tests Exceptio

4、ns Findings Corporate Risks Audits Objectives“What Could Go Wrongs”Controls Tests Exceptions Findings Effective Audit ProcessEffective Audit Process Specialized,Problem-Specific Knowledge Risk Assessment Audit Content Audit Management Audit Analytics Strategic Risks Projects Risks Integrated Risk As

5、sessment Project&Controls Management Risk&Control Analytics Integrated Content Effective Integrated GRC ProcessEffective Integrated GRC Process Issues 高效的高效的GRC流程流程 7 E-mail: Strategic Value(Analysts)Strategic Value(Executives)Strategic Risks Projects Objectives Risks Controls Tests Exceptions Issue

6、s Strategic risks become visible in ACTUAL transactional data Issues and transactional exceptions link DIRECTLY AND VISUALLY to strategic risks Transforming GRC Through DataTransforming GRC Through Data 通过数据改变通过数据改变GRCGRC HighHigh-Impact,DataImpact,Data-Focused Integrated GRCFocused Integrated GRC 影

7、响大，以数据为核心的整合影响大，以数据为核心的整合GRCGRC Strategic Value(Organization)Issues and transactional exceptions identified continuously drive overall risk assessments and resulting actions 8 E-mail: Integrated Content Transforming Integrated GRCTransforming Integrated GRC 改变整合的改变整合的GRCGRC Integrated Risk Assessmen

8、t Project&Controls Management Risk&Control Analytics 9 E-mail: DATA ANALYSIS Ad-hoc analysis of data populations designed to detect transactions that manifest the occurrence of business risk ENTERPRISE CONTINUOUS MONITORING Recurring analysis of transactional data designed to prevent occurrence of b

9、usiness risk through identification of operational deficiencies or control gaps GRC Management and measurement of risks and controls against business objectives in accordance with regulations,standards,policies and business decisions.Core Value of Audit Analysis Core Value of Audit Analysis 审计分析的审计分

10、析的核心价值核心价值 10 E-mail: DATA ANALYSIS “I am investigating to find fraud.”ENTERPRISE CONTINUOUS MONITORING “I want to monitor my environment to prevent fraud from happening.”GRC “I want to know how vulnerable I am to fraud by under-standing how likely it is to occur,what the potential impact is,and how

11、 we can avoid it.”In Practice In Practice 在实际应用中在实际应用中 11 E-mail: DATA ANALYSIS Version 10 Launches This Summer Fully Localized in Chinese Summer,2013 Version 4 Launches This Spring Fully Localized in Chinese Summer,2013 ENTERPRISE CONTINUOUS MONITORING Version 4 Launches This Spring Fully Localized

12、 in Chinese Summer,2013 GRC ACL|GRC-May Cloud Solution Launches This Spring expanding capabilties of existing audit and compliance management solution Only Available in English Language Localization Timing TBC ACLs Product Portfolio ACLs Product Portfolio 产品概览产品概览 Content-Specialized,Problem-Specifi

13、c Knowledge Next Winter 12 E-mail: IT Audit can independently validate and assess controls and security,perform risk assessments and business impact analyses,and improve operational and system performance Segregation of Duties Extract security rules and independently verify SOD Determine whether rig

14、hts were exploited Identify where users with the same role have different access rights Application Security Compare employee termination date to last login date for user IDs Analyze IDs with last login date over a specified threshold Extract IDs where the date of last password change exceeds securi

15、ty standards Identify concurrent logins of the same ID DATA ANALYSIS IT Audit Applications ITIT Audit Applications IT审计应用审计应用 Active Directory Identify active directory entries not assigned to current employees Analyze active directory group membership changes Identify inactive active directory acco

16、unts Monitor additions to sensitive active directory groups such as Domain Admin System Security Automatically identify inappropriate security settings,or changes to key security parameters Correlate distributed security logs and look for suspicious activity(e.g,unusual time,duration,frequency)Strat

17、ify incoming and outgoing activity by IP address to identify suspicious activity 13 E-mail: Accident Fund Insurance of AmericaAccident Fund Insurance of America 美国事故基金保险公司美国事故基金保险公司 Industry:Insurance Needs:Recover and manage costs,and identify potential duplicate payments.Challenges:Data integrity

18、issues.Inability to access data from multiple sources.Unable to effectively monitor risk.Benefits Analyzed data for both formal audits and special projects for business units,including Claims,Finance,Information Technology,Third-Party Administration,Actuarial,Legal,and Finance Repeatable audit testi

19、ng capabilities Early identification of errors including duplicate payments Saved hundreds of thousands of dollars Strengthened internal controls and developed innovative quality assurance programs Saved money lost through control gaps and errors,including duplicate payments,overpayments and cost av

20、oidances “ACL has greatly enhanced the efficiency,quality,and consistency of our audit process.By acquiring deeper levels of technical and business process knowledge,the internal auditor has also become a more valuable commodity to our organization.”Thomas Mackie Principal Audit Consultant View the

21、Full Case Study 14 E-mail: GE Capital GE Capital Australia&New ZealandAustralia&New Zealand 通用财务通用财务 澳洲澳洲&新西兰新西兰 Industry:Finance Needs:A more efficient way to analyze the log files through data analytics.Challenges:Data leakage protection.Accurately capture,analyze and monitor data flows across var

22、ied systems,devices and geographical IT installations.Limited review of the data with manual analysis techniques and spreadsheet software.Benefits:Significantly reduced the time and effort required to analyze the large security logs Identify potential unauthorized and unusual data copying activity f

23、or deeper investigation.Improve detection capabilities Automated analytics provide data leakage and prevention assurance“The IT and Senior Management team was impressed with the additional level of control and analysis that the ACL solution provided;as well as the ability to directly and efficiently

24、 access the data.”Arnold Mendoza IT Internal Audit Manager View the Full Case Study 15 E-mail: American Automobile AssociationAmerican Automobile Association 美国汽车联合会美国汽车联合会 ACL training and consulting promotes full-coverage data analysis“ACL technology offers nearly unlimited opportunities to access

25、,analyze and normalize data to deliver higher quality audit work.Its a powerful solution that audit staff members can apply to an ever-growing list of audit activities.”Bob Walker Internal Audit Manager View the Full Case Study Industry:Insurance Needs:Recover and manage costs,and identify potential

26、 duplicate payments.Increase auditors knowledge and use of ACL in everyday audit activities and data testing.Challenges:Deliver higher-quality audit work based on full data coverage to promote a tighter control environment across the enterprise.Benefits:Deeper data analysis for higher quality audits

27、 Analyze T&E purchases,P-cards,payroll records,and a variety of other audit analyses Better business and operations monitoring 16 E-mail: Visualize,widely share and act on information uncovered in analysis testing across the business Powerful VisualizationPowerful Visualization 强大的图像展示强大的图像展示 Graph

28、and visualize results to identify trends and patterns for line of business stakeholders and executives Real-time alerts let management know when critical thresholds are hit so they can take action when required Provides context to results through Drill-Downs,Time-Sliders,Tooltips and Series Selectio

29、n taking analytic results and findings to a whole new level 17 E-mail: Siemens Financial Services IncSiemens Financial Services Inc.西门子财务服务公司西门子财务服务公司 Industry:Financial Services Needs:Web-based application to manage,distribute,assign,review and escalate exceptions.Challenges:Increase security over

30、access to the controlled analytic environment.Benefits:Increased security and team efficiency Strengthen financial and operating controls Identify and remediate errors and anomaliesmore controls testing of complete populations Streamlined SOX testing and other regulatory compliance efforts Data inpu

31、t validations,system processing&calculations,edit checks,data trending,change management Streamlined SOX testing and other regulatory compliance efforts Our ACL solution helps us work much more efficiently.Weve reduced our dependency on manual controls and streamlined our SOX testing approach.”Jason

32、 A.Gross,CPA,CIA,CFE,CISA,ACDA Vice President,Controls Management View the Full Case Study 18 E-mail: Argentina Australia Austria Bahrain Benelux Bulgaria Canada Greece Hong Kong India Ireland Israel Italy Japan Jordan Kuwait Lebanon Nordics Oman Paraguay Poland China Cyprus Ecuador Egypt Finland Fr

33、ance Germany Portugal Qatar Russia Saudi Arabia Singapore South Africa South Korea Spain Taiwan Turkey UAE United Kingdom United States Uruguay CANADA UNITED STATES Over 15,000 Customers in 150 Countries ACL25 Years of Global Leadership 25年全球领导地位年全球领导地位 1996 German,French 1997 Portuguese 2003 Chines

34、e 2005 Japanese 2005 Polish 2010 Bulgarian 1987 ACL FOUNDED 1996 Spanish 2012 Korean 19 E-mail: Commercial Public Sector Influencers Wells Fargo Foothill Youre in Good Company Youre in Good Company 现有客户现有客户 Global 500 70%Fortune 500 89%Fortune 100 98%Big 4,100s of Educational institutions 33K users in 40 Linked in groups 200+departments in 37 national governments 1000+regional,state and local governments