Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence...
Transcript of Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence...
![Page 1: Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence and IT audit in a downturn 1. Keeping your balance 2. IT auditor and risk management](https://reader030.fdocuments.net/reader030/viewer/2022040704/5e0174923338f5515f2995a4/html5/thumbnails/1.jpg)
©Deloitte
Risk Intelligence and IT audit in a downturn
Balancing risk and reward in
volatile times
VU Seminar
Wednesday 29 April 2009
Jacques Buith
Deloitte
![Page 2: Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence and IT audit in a downturn 1. Keeping your balance 2. IT auditor and risk management](https://reader030.fdocuments.net/reader030/viewer/2022040704/5e0174923338f5515f2995a4/html5/thumbnails/2.jpg)
©Deloitte
Agenda - Risk Intelligence and IT audit in a downturn
1. Keeping your balance
2. IT auditor and risk management
3. Losing Ground
4. What have we learned
5. Questions & Answers
2
![Page 3: Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence and IT audit in a downturn 1. Keeping your balance 2. IT auditor and risk management](https://reader030.fdocuments.net/reader030/viewer/2022040704/5e0174923338f5515f2995a4/html5/thumbnails/3.jpg)
©Deloitte
Keeping your balance
• Staying Aligned
• Risk seeking vs recklessness
• The face of the company
• Work smarter
• Fighting fraud at the source
• We’re all in this together
• This too, shall pass
3
![Page 4: Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence and IT audit in a downturn 1. Keeping your balance 2. IT auditor and risk management](https://reader030.fdocuments.net/reader030/viewer/2022040704/5e0174923338f5515f2995a4/html5/thumbnails/4.jpg)
©Deloitte
Joint reporting on KPI’s and KRI’s
Value
KPI KPI
KPIRisk
KRI KRI
KRI
Revenue
# new IPB
subscriptions
Delinquencies
# open bills
tolerance
tolerancetolerance
3%
target
targettarget
10K / month
determines
Report on KPI’s achieved and tolerances not exceeded
Report on # new IPB subscriptions on and the percentage of open bills
Example
4
![Page 5: Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence and IT audit in a downturn 1. Keeping your balance 2. IT auditor and risk management](https://reader030.fdocuments.net/reader030/viewer/2022040704/5e0174923338f5515f2995a4/html5/thumbnails/5.jpg)
©Deloitte
IT auditing & Risk management
Getting tired?
• How many boxes will your IT Audit team check this year?
• How many general computer controls will they audit?
• How many years have you been telling management that
it needs a comprehensive business continuity plan?
• How many years have they ignored that
recommendation?
Here’s the everyday truth for many organizations:
IT Audit has audited Unix for the last five years; IT Audit is
auditing Unix again this year. Nothing has changed.
5
![Page 6: Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence and IT audit in a downturn 1. Keeping your balance 2. IT auditor and risk management](https://reader030.fdocuments.net/reader030/viewer/2022040704/5e0174923338f5515f2995a4/html5/thumbnails/6.jpg)
©Deloitte
High-flying IT Auditing
Which prototype best describes your IT audit group?
• Type 1 – drifting along
• Type 2 – getting aloft
• Type 3 – flying high
6
![Page 7: Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence and IT audit in a downturn 1. Keeping your balance 2. IT auditor and risk management](https://reader030.fdocuments.net/reader030/viewer/2022040704/5e0174923338f5515f2995a4/html5/thumbnails/7.jpg)
©Deloitte
Type I – Drifting Along
IT audit floats through its audit
plan, engaged in traditional GCC
and systems work, diligently
checking the boxes, but with no
clear destination in sight.
Type II – getting aloft: IT audit
has a little lift under its wings.
The group helps drive current
initiatives, such as Innovation,
business transformation
(including downturn scenario’s)
and integration and system
implementations.
7
![Page 8: Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence and IT audit in a downturn 1. Keeping your balance 2. IT auditor and risk management](https://reader030.fdocuments.net/reader030/viewer/2022040704/5e0174923338f5515f2995a4/html5/thumbnails/8.jpg)
©Deloitte
Type III – Flying High
IT audit has a clear view of the future. The group is
involved in value-generating work, applying the principles
of risk management to both risks and opportunities.
With its sophisticated radar, IT audit is addressing IT
risks before they become issues.
8
![Page 9: Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence and IT audit in a downturn 1. Keeping your balance 2. IT auditor and risk management](https://reader030.fdocuments.net/reader030/viewer/2022040704/5e0174923338f5515f2995a4/html5/thumbnails/9.jpg)
©Deloitte
Green IT
Have you
conducted a
Green IT
audit?
Emerging
Reporting
Standards
Are your
systems
ready?
Continuous
Controls
Monitoring
Do you
know ROI?
Industrial
Espionage,
Computer
Piracy &
Technology
Terrorism
Embedded
Processing
Units
Which
EPU’s are in
place?9
![Page 10: Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence and IT audit in a downturn 1. Keeping your balance 2. IT auditor and risk management](https://reader030.fdocuments.net/reader030/viewer/2022040704/5e0174923338f5515f2995a4/html5/thumbnails/10.jpg)
©Deloitte
2009 Global Security Survey Losing Ground
10
![Page 11: Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence and IT audit in a downturn 1. Keeping your balance 2. IT auditor and risk management](https://reader030.fdocuments.net/reader030/viewer/2022040704/5e0174923338f5515f2995a4/html5/thumbnails/11.jpg)
©Deloitte
1. Security investment is spiraling down with the economy
2. Social networking adds to the list of insider threats
Losing Ground - survey findings
11
Short term gain Long term pain
Status Update: Risk is here
![Page 12: Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence and IT audit in a downturn 1. Keeping your balance 2. IT auditor and risk management](https://reader030.fdocuments.net/reader030/viewer/2022040704/5e0174923338f5515f2995a4/html5/thumbnails/12.jpg)
©Deloitte
3. Outsourcing outpaces security
4. Going public about Privacy
Losing Ground - survey findings
12
Outsourcing business
Outsourcing control
With great power comes
great responsibility
![Page 13: Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence and IT audit in a downturn 1. Keeping your balance 2. IT auditor and risk management](https://reader030.fdocuments.net/reader030/viewer/2022040704/5e0174923338f5515f2995a4/html5/thumbnails/13.jpg)
©Deloitte13
5. Regulatory issues are moving to the forefront
6. Virtual and physical security worlds collide
Losing Ground - survey findings
Good boy
Body & Mind
![Page 14: Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence and IT audit in a downturn 1. Keeping your balance 2. IT auditor and risk management](https://reader030.fdocuments.net/reader030/viewer/2022040704/5e0174923338f5515f2995a4/html5/thumbnails/14.jpg)
©Deloitte
What have we learned
• It’s not impossible, it’s just very, very improbable
• Smoking out the correlations
• Planning is just the beginning
14
![Page 15: Risk Intelligence and IT audit in a downturn - vurore.nl · ©Deloitte Agenda -Risk Intelligence and IT audit in a downturn 1. Keeping your balance 2. IT auditor and risk management](https://reader030.fdocuments.net/reader030/viewer/2022040704/5e0174923338f5515f2995a4/html5/thumbnails/15.jpg)
©Deloitte
Questions & Answers
Enterprise Risk Services
Laan van Kronenburg 2
1183 AS Amstelveen
Jacques Buith The Netherlands
Partner Tel: + 31 20 454 7431
Mobile: +31 65 585 3449
Member of
Deloitte Touche Tohmatsu
Enterprise Risk Services
Laan van Kronenburg 2
1183 AS Amstelveen
Jacques Buith The Netherlands
Partner Tel: + 31 20 454 7431
Mobile: +31 65 585 3449
Member of
Deloitte Touche Tohmatsu
15