SlideShare une entreprise Scribd logo

it grc

Télécharger en tant que PPTX, PDF
9
9535814851

1 st sem mcom it grc module ppt

Formation
1  sur  73
INTRODUCTION Information technology has a tremendous impact on the discipline of accounting by introducing new ways of retrieving and processing information about performance deviations and control effectiveness. It for managing organizational controls by analyzing value drivers for particular accounting information systems that commonly runs under the label of governance, risk management and compliance (GRC IS). Information systems such as enterprise resource planning systems separate financial from nan-financial data and therefore enable better financial accounting. On the other hand, they provide new potential for management control as “data become accurate, shareable and available to many different parties but does hardly create the panoptic dreams of visibility and action at a distance”.
Governance The process by which policy is set and decision making is executed. Governance is the of policies, laws, culture, and institutions that define how an organization should be managed.
• The process for preventing an unacceptable level of uncertainty in business objectives with a balance of avoidance through reconsideration of objectives, mitigation through the application of controls, transfer through insurance and acceptance through governance mechanisms. It is also the process to ensure that important business processes and behaviors remain within the tolerances associated with policies and decisions set through the provenance process. Risk management is coordinate activities that direct and control an organization forecasting and managing events/risks that might have a negative impact on the business.
The process of adherence to policies and decisions. Policies can be derived from internal directives, procedures and requirements, or external laws, regulations, standards and agreements. Compliance is the act of adhering to regulations as well as corporate policies and procedures.
 Create and distribute policies and controls and map them to regulations and internal compliance requirements.  Assess whether the controls are actually in place and working and fix them if they are not.  Ease risk assessment and mitigation.  IT GRC provide coordination and standardization of policies and controls.  Automate information gathering.  It enable enterprises to rapidly adapt to change.
governance Enterprise risk management and assessment Board compliance capabilities such as options policy compliance, ethics and policy compliance, etc. Business performance reporting such as balanced scorecards, risk scorecards, operational controls dashboards, etc Policy management, documentation and communication
• Risk assessment • Risk analysis and prioritization • Root cause analysis of issues and mitigation • Risk analytics and trend analysis
• Flexible controls hierarchy • Assessments and audits • Issues tracking and remediation • analytics
Importance of IT-GRC • An improvement in the quality and availability of information; • A reduction in breaches and errors; • A reduction in costs and greater efficiencies; • A more flexible and externally focused workforce capable of rapid change to meet customer and organizational needs; • A greater assurance for the organization and its board and senior management that grace issues are being appropriately dealt with and the organization remains “on target” with its performance objectives; and • Improved levels of communication across the organization the organization.
BUSINESS IS MORE DEPENDENT ON IT • IT environment is more complex. • Less time between IT failures and organizational impact. • Increase in threats related to IT. • Increase in threats related to IT. • Increase in regulations, standards and controls.
IT GRC Challenges • Mapping the policies and control • Audit fatigue • Security exposure • Redundancy and inefficiency
Other Challenges • A perception by staff that the initiative may have an ulterior motive, for example a cost recovery drive or head count reduction. • Business unit managers or middle management are fearful of being marginalized as GRC responsibilities are devolved to those in lower levels of the hierarchy. • Organizations are sometimes skeptical regarding the targeting and measurement systems proposed and are concerned that there will not ultimately be an appropriate return on investment given the establishment and maintenance costs involved. • Corporate cynicism and skepticism around the outcomes and results achieved from past planned organizational change (and management “fads” generally).
Factors to be consider at the time of implementation of IT GRC • Strategy • Reporting and audit • Legal function • Information technology • Ethics and corporate social responsibility • Corporate culture • Business process management
Information system audit standards
Introduction Information systems auditing involves using technical tools and expertise to evaluate the adequacy and effectiveness of information systems in an organization. Further, it involves working with management to identify weak controls and risk, which arises due to the application of technology in a business. It also suggests ways to enhance these weak controls to increase the reliability of IS, which will help an organization to achieve its strategic objectives.
Meaning Information systems audit is a process to collect and evaluate evidence to determine whether the information systems safeguard assets, maintain data integrity, achieve organizational goals effectively and consume resources efficiently. The common element between any manual audit and IS audit is data integrity. All type of audits (information audits) have to evaluate the data integrity. Since IS audit involves efficiency and effectiveness, it includes some elements of management and proprietary audit too.
IS auditing methodology • Step 1: define objectives of the audit. • Step 2: obtain basic understanding of systems and flow of transactions. • Step 3 : Detailed information gathering • Step 4 : Search for exposures that exist under the system and suggest the control in eliminate the exposure. • Step 5 : Define Auditing procedures to verify controls. • Step 6 : Perform audit test using various techniques and tools. • Step 7 : Evaluation of findings. • Step 8 : Generation of Report.
Scope of IS audit • Data • Application systems • Technology • Facilities • People
Elements of IS audit Exposures Causes Controls Physical and environmental review System administration review System administration review Application software review Network security review Business continuity review Data integrity review
Need for IS audit • Confidentiality • Integrity • Availability • Reliability
Categories of IS audits • Systems and applications • Information processing facilities • Systems development • Management of IT and enterprise architecture • Telecommunications intranets and extranets
Information Security and management standard Meaning information security relates to the physical and logical protection of data or information recorded, processed, shared, transmitted or received from an electronic from. The protection is provided against joss, inaccessibility, alternation, or unauthorized disclosure. The protection is achieved through physical safeguard such as locks, security guard, insurance etc. and logical safeguard as user identifiers, passwords, firewalls.
Information security • Meaning: • It is the practice of defending information from unauthorized access, use discloser, disruption modification, perusal, inspection recording or destruction • Definition • “Information security is the process of protecting the intellectual property of an organization” • IT security: it is referred to as computer security .a computer is any device with a processor and some memory such device can range from non-networked standalone device as simple as calculator to networked mobile computing device such as smart phone ad tablet .IT security is mainly used in major enterprise establishment due to the nature and value of the data within larger business
Information assurance • The act of ensuring that data is not lost when critical issues aries.thes issues include but are not limited to natural disaster computer server malfunction physical theft or any other instance where data potential of being lost.
Threats Computer system threats come in many different forms. some of the most common threats today are software attack, theft of intellectual property identity theft of equipment or info are common example of software attack Key concept of information security Confidentiality Integrity Availability
Risk management ‘Risk management is the process of identifying vulnerabilities and threats to the information resources ‘
control Selecting proper control and implementing those will initially help an organization to bring down risk to acceptable level. Control selection should follow and should be based on the risk assessment .control can vary in nature but they are fundamentally they are ways of protecting the confidentially. Types of control are • Administrative control • Logical control • Physical control
Security organization structure 1. Information security forum (ISF) 2. Information security management group (ISMG) 3. Assistant group security officer (AGSO) 4. System owner 5. Personal security officer (PSO) 6. Line manager 7. Users
Standards For Information Securities The international organization for standardization[ISO] established in 1947, is a non-governmental international body that collaborates with the international commission technology[ITC] standard. The following is commonly referenced ISO security standards.
Introduction to ISO 27001 ISO 27001 is a specification for creating an ISMS. It does not mandate specific actions, but includes suggestions for documentation, internal audits, continual improvement, and corrective and preventive action.
Framework of ISO 27001 implementation of ISO 27001 is an ideal response legal requirements and potential security threats such as: • Vandalism/Terrorism • Fire • Misuse • Theft • Viral attack
Features of ISO 27001 • Adopted PDCA(PLAN-DO-CHECK-ACT) model. • Adopted a process approach. • Identify-manage actives-function effectively. • Stress on continual process improvements • Scope covers information security not only IT security. • Focused on people, process, technology. • Combination of management control, operational controls and technical control.
Benefits of ISMS ISO 27001 certification: • Independent framework that will take account of all legal and regulatory requirements. • Helps provide a competitive edge to the company. • Helps to identify and meet contractual and regulatory requirements. • Independently verifies that risks to the company are properly identified and managed. • Demonstrates to customers that security of three information is taken seriously.
CONTROL OBJECTIVES FOR INFORMATION AND RELATED TECHNOLOGY (COBIT) INTRODUCTION: COBIT was first released in 1996; the current vision, COBIT 5 was published in 2012. Its mission is “to research, develop, publish and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers, IT professionals and assurance professionals.
Theframeworkprovidesgoodpracticesacrossadomainandprocessframework: “The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement and identifying the associated responsibilitiesofbusinessandIT processowners.” COBIT is a framework of generally applicable information systems security and control. The framework allows: 1) Benchmarking of the security andcontrol arrangement. 2) Auditor to review internal controls and advise on ITsecurity matters. 3) Users of IT services to beassured that adequate security and control exist
The framework addresses the issue of control from 3 vantage points
IT Processes Controls are required to be implemented in all the processes, which are broken into 4 domains:  Planning and organization  Acquisition and implementation.  Delivery and support and  Monitoring.
Business objectives To satisfy business objectives, information must satisfy some criteria that COBIT refers to as business requirement for information. The criteria are divided into seven categories:  Effectiveness  Efficiency  Confidentiality  Integrity
IT RESOURCES To protect the IT resources must be developed which includes:  People  Application system  Hardware devices  Facilities and data  Security controls.
Advantages of COBIT I. COBIT is aligned with other standards and best practices and should be used together with them. II. It’s framework and supporting best practices provide a well-managed and flexible IT environment in an organization. III. COBIT provides a control environment that is responsive to business needs and serves management and audit functions in terms of their control responsibilities. IV. It provides tools to help manage IT activities.
1) Strategic alignment focuses on ensuring the linkage of business and IT plans; defining maintaining and validating the IT value proposition; and aligning IT operations with enterprise operations. 2) Value delivery is about executing the value proposition throughout delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimizing cost and providing the intrinsic value of IT. Cobit has five IT governance areas of concentration
3) Resource management is about the optimum investment and proper management of critical IT resources: applications. Information, infrastructure and people. 4) Risk management is a clear understanding of the enterprises, appetite for risk, understanding of compliance requirements, and transparency into the organization 5) Performance measurements track and monitors strategy implementation, project completion, resource usage, process performance and service delivery, for example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting. Cobit has five IT governance areas of concentration
Health Insurance Portability And Act(HIPAA)
Introduction • The health insurance portability and accountability act (HIPAA) became law in 1996. The purpose of the HIPAA is to improve the efficiency and effectiveness of healthcare transactions by standardizing the exchange of administrative and financial data, as well as protecting the privacy and security of individual health information that is maintained or transmitted.
• HIPAA imposes stringent privacy and security requirements on health plans, healthcare providers, and healthcare clearinghouses that maintain and/or transmit individual health information in electronic form. The term “healthcare provider” includes individual physicians, physician group practices, dentists, other healthcare practitioners, hospitals, and nursing facilities.
Specific objectives of the regulations are: • Standardizing the format and content of primary commercial and administrative electronic healthcare transactions. • Developing standards to protect confidential patient information from improper use or disclosure and establishing patients rights to control such uses. • Developing standards for computer systems and networks to ensure the security, integrity, and availability of patient data.
HIPAA is also know as public law. The Act has five top-level titles: • Title 1. health access, portability, and renewability. • Title 2. preventing health care fraud and abuse (administrative simplification0, which includes: • (1) transaction and code sets (2) identifiers (3) privacy (4) security. • Title 3. Tax-related health previsions (medical savings accounts and health insurance tax deductions for self-employed individuals).
• Title 4. Group health plan provisions • Title 5. Revenue offset provisions.
HIPAA Transaction And Codes • HIPAA is named for its contribution to portability of insurance and accountability for insurance claims. The administrative simplification section of HIPAA requires the standardization of identifiers, code sets and, transactions. HIPAA provides various limits to the exclusions that insurers may use, provides credit for past insurance, and attempts to assure that insurance can be purchased. As stated previously, HIPAA ensures only that insurance is available, not that it is inexpensive.
The Security Rule: • The security lays out three types of security safeguards required for compliance: administrative, physical, and technical. For each of these types, the rule identifies various security standards, and for each standard, it names both required and addressable implementation specifications. Required specifications must be adopted and administered as dictated by the rule.
The Standards And Specifications Are As Follows: • Covered entities must adopt a written set of privacy procedures and designate a privacy officer to be responsible for developing and implementing all required policies and procedures. • The policies and procedures nust reference management oversight and organizational buy-in to compliance with the documented security controls. • Procedures should clearly identify employees or classes of employees who will have access to protected health information (PHI). • The procedures must address access authorization, establishment, modification, and termination
• A contingency plan should be in place for responding to emergencies. • Internal audits play a key role in HIPAA compliance by reviewing operations with the goal of identifying potential security violations. • Procedures should document instructions for addressing and responding to security breaches that are identified either during the audit or the normal course of operations.
Technical Safeguards: • Controlling access to computer systems and enabling covered entities to protect communications containing PHI transmitted electronically over open networks from being intercepted by anyone other than the intended recipient. • Information systems housing PHI must be protected from intrusion. When information flows over open networks, some form of encryption must be utilized.
• Each covered entity is responsible for ensuring that the data within its systems has not been changed or erased in an unauthorized manner. • Data corroboration, including the use of check sum, double-keying, message authentication, and signature may be used to ensure data integrity. • Covered entities must also authenticate entities it communicates with authentication consists password systems, two or three-way handshakes, telephone call-back, and token systems.
Physical safeguards: • Controlling physical access to protect against inappropriate access to protected data • Controls must govern the introduction and removal of hardware and software from the network. • Access to equipment containing health information should be carefully controlled and monitored. • Access to hardware and software must be limited to properly authorized individuals.
STATEMENT OF AUDITING STANDARDS FOR SERVICE ORGANISATION
Introduction Statement on Auditing Standards No.70: Service Organizations, commonly abbreviated as SAS 70 is an auditing statement issued by the Auditing Standards Board of American Institute of Certified Public Accountants(AICPA), officially titled “Reports on the Processing of Transactions by Service Organizations”. SAS 70 defines the professional standards used by a service auditor to assess the internal control of a service organization and issue a service auditor’s report.
Meaning of SAS SAS 70 (the Statement on Auditing Standards No. 70) defines the standards an auditor must employ in order to asses the contracted internal controls of a service organization. Service organizations, such as hosted data centers , insurance claims processors and credit processing companies, provide outstanding services that affect the operation of the contracting enterprise.
Under SAS 70 (the Statement on Auditor reports are classified as either Type I or Type II. In a Type I report the auditor evaluates the efforts of a service organization at the time of audit to prevent accounting inconsistencies, errors and misrepresentation. The auditor also evaluate the likelihood that those efforts will produce the future results. A Type II report includes the same information as that contained in a Type I report; in addition, the auditor attempts to determine the effectiveness of agreed-on controls since their implementation. Type II reports also incorporate data complied during a specific time period, usually a minimum of six months.
1. Statement on Auditing Standards (SAS) No. 70, Service Organizations, in an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants(AICPA). 2. SAS 70 provides guidance to enable an independent auditor (“service auditor”) to issue an opinion on a service organization’s description of controls through a Service Auditor’s Report. 3. Service auditors are required to follow the AICPA’s standards for fieldwork, quality control, and reporting. 4. A formal report including the auditor’s opinion (“Service Auditor’s Report”) is issued to the service organization at the conclusion of a 70 examination. CHARACTERSTICS or STATEMENT OF AUDITING standards for service organizations
5. A SAS 70 examination is not a “checklist” audit. SAS No. 70 is generally applicable when an auditor (“user auditor”) is auditing the financial statements of an entity (“user organization”) that obtains services from another organization (“service organization”). Service organizations that provide such services could be application service providers, bank trust departments, claims processing centers, Internet data centers, or other data processing service bureaus. 6. A SAS 70 audit or service auditor’s examination is widely recognized, because it represents that a service organization has been through an in-depth audit of their control activities which generally include controls over information technology and related processes.
Type I SAS 70 audits opinion on controls that are in place of a date in time. The opinion deals with the fairness of presentation of the controls and the design of the controls in terms of their ability to meet defined control objectives. Since these reports only provide assurance over a single day, they are of limited value to third parties. Type II SAS 70 audits opinion on controls that were in place over a period of time, which is typically a period of six months or more. The opinion deals with fairness of presentation of the controls, the design of the controls in terms of their ability to meet defined control objectives, and the operational effectiveness of those controls over the defined period. Third parties are better able to rely on these reports since verification is provided regarding these matters for a substantial period of time. Type I and type ii audit standards
1. A service auditor’s report ensure that all user organization and their auditors have access to the same information and in many cases this will satisfy the user auditor’s requirements. 2. SAS 70 engagements are generally performed by control oriented professionals who have experience in accounting, auditing, and information security. 3. A service auditor’s report with an unqualified opinion that is issued by an independent accounting firm differentiate the service organization from its peers by demonstrating the establishment of effectively designed control objectives and control activities. 4. A SAS 70 engagement allows a service organization who have its control policies procedures evaluated and tested (in the case of a TYPEII engagement) by an independent party 5. A service auditor’s report also helps a service organization build trust with its users organizations (I.e. Customers). Benefits of the service organization
CAPABILTY MATURITY MODEL(CMM) INTRODUCTION: The CMM was developed from 1984 by Watts Humphrey and the Software Engineering Institute(SEI). The SEI is a part of Carnegie Mellon University. The work was funded and continues to be funded by the Department of Defense(DoD), which was originally looking for ways to compare and measure the various contractors that were developing software for the DoD.
Meaning : “A Capability of Maturity Model(CMM) is a formal archetype of the levels through which an organization evolves as it defines, implements , measures, controls and improves its processes in a particular area of operation. It thus enables the organization to consciously choose a certain target level ofmaturityandthen toworktowardsthatlevel.” Definition: “The definition implies that the CMM concept is mainly applicable to organizational processes, such as development processes or business processes. This process orientation underlies the model described in this paper and thus with knowledge within the framework of business processes.
PROCESS OF CAPABILITY MATURITY MODEL(CMM) INITIAL MATURITY LEVEL REPEATABLE MATURITY LEVEL DEFINED MATURITY LEVEL MANAGED MATURITY LEVEL OPTIMIZING MATURITY LEVEL
INITIALMATURITY LEVEL The software process is characterized as inconsistent and occasionally even chaotic. Defined processes and standard practices that exist are abandoned during a crisis. Success of the organization majorly depends on an individual effort, talent and heroics. The heroes eventually move on to other organizations taking their wealth of knowledge or lessons learnt with them.
REPEATABLE MATURITY LEVEL This level of Software Development Organization has a basic and consistent project management processes to track cost, schedule and functionality. The process is in place to replace the earlier successes on projects with similar applications. Program management is a key characteristics of a level two organization.
DEFINED MATURITY LEVEL The software process for both management and engineering activities and documented, standardized and integrated into a standard software process for the entire organization and all projects across the organization use an approved, tailored version of the organization’s standard software process for developing, testing and maintaining the application.
MANAGED MATURITY LEVEL Management can effectively control the software development effort using precise measurements. At this level, organization set a quantitative quality goal for both software process and software maintenance. At this maturity level, the performance of processes is controlled using statistical and other quantitative techniques and is quantitatively predictable.
The key characteristics of this level is focusing on continually improving process performance through both incremental and innovative technological improvements. At this level changes to the process are to improve the process performance and at the same time maintaining statistical probability to achieve the established quantitative process - improvement objectives. OPTIMIZING MATURITY LEVEL
it grc

Recommandé

Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesCapgemini
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Legal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceLegal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceEffacts
 

Recommandé

Governance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionGovernance, Risk & Compliance Management Solution
Governance, Risk & Compliance Management SolutionRishabh Software
 
Governance, risk and compliance framework
Governance, risk and compliance frameworkGovernance, risk and compliance framework
Governance, risk and compliance frameworkCeyeap
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesCapgemini
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & complianceHR Globe Consulting
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
ISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfISO 27001 How to accelerate the implementation.pdf
ISO 27001 How to accelerate the implementation.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Legal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceLegal Governance, Risk Management and Compliance
Legal Governance, Risk Management and ComplianceEffacts
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certificationtschraider
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course PreviewInvensis Learning
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCorporater
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk AssessmentCompliance Consultant
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementRamiro Cid
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRCTranscendent Group
 
GRC Fundamentals
GRC FundamentalsGRC Fundamentals
GRC Fundamentals3Sixty Insights
 
GRC
GRCGRC
GRCMaryam Hidayatallah CPFA,MIPA,MA,CICA
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Introduction to Risk Management ISO31000:2009
Introduction to Risk Management ISO31000:2009Introduction to Risk Management ISO31000:2009
Introduction to Risk Management ISO31000:2009Ahmad Azwang Aisram Omar
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementChristian F. Nissen
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationCISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationInfosecTrain
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
Demo of ISO 37001:2016 documentation kit
Demo of ISO 37001:2016 documentation kitDemo of ISO 37001:2016 documentation kit
Demo of ISO 37001:2016 documentation kitGlobal Manager Group
 
Fix nix, inc
Fix nix, incFix nix, inc
Fix nix, incFixNix Inc.,
 
jComply grc_platform_v1.0
jComply grc_platform_v1.0jComply grc_platform_v1.0
jComply grc_platform_v1.0jComply
 

Contenu connexe

Tendances

Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certificationtschraider
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCorporater
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementRamiro Cid
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
 
Introduction to Risk Management ISO31000:2009
Introduction to Risk Management ISO31000:2009Introduction to Risk Management ISO31000:2009
Introduction to Risk Management ISO31000:2009Ahmad Azwang Aisram Omar
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementChristian F. Nissen
 
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationCISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationInfosecTrain
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
Demo of ISO 37001:2016 documentation kit
Demo of ISO 37001:2016 documentation kitDemo of ISO 37001:2016 documentation kit
Demo of ISO 37001:2016 documentation kitGlobal Manager Group
 

Tendances (20)

Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certification
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance Solutions
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk Assessment
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity Management
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRC
 
GRC Fundamentals
GRC FundamentalsGRC Fundamentals
GRC Fundamentals
 
GRC
GRCGRC
GRC
 
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksC-Suite’s Guide to Enterprise Risk Management and Emerging Risks
C-Suite’s Guide to Enterprise Risk Management and Emerging Risks
 
Introduction to Risk Management ISO31000:2009
Introduction to Risk Management ISO31000:2009Introduction to Risk Management ISO31000:2009
Introduction to Risk Management ISO31000:2009
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationCISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
 
Demo of ISO 37001:2016 documentation kit
Demo of ISO 37001:2016 documentation kitDemo of ISO 37001:2016 documentation kit
Demo of ISO 37001:2016 documentation kit
 

En vedette

jComply grc_platform_v1.0
jComply grc_platform_v1.0jComply grc_platform_v1.0
jComply grc_platform_v1.0jComply
 
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...FulcrumWay
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceSPAN Infotech (India) Pvt Ltd
 
Expertool GRC Accelerator
Expertool GRC AcceleratorExpertool GRC Accelerator
Expertool GRC Acceleratorslideshareneilj
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
CMLGroup - What is GRC?
CMLGroup - What is GRC?CMLGroup - What is GRC?
CMLGroup - What is GRC?CML Group
 
Reciprocity_GRC Software Buyers Guide v5
Reciprocity_GRC Software Buyers Guide v5Reciprocity_GRC Software Buyers Guide v5
Reciprocity_GRC Software Buyers Guide v5justinklooster
 
Software Evaluation Checklist
Software Evaluation ChecklistSoftware Evaluation Checklist
Software Evaluation ChecklistSalina Saharudin
 
The Evaluation Checklist
The Evaluation ChecklistThe Evaluation Checklist
The Evaluation Checklistwmartz
 
Corporate compliance powerpoint
Corporate compliance powerpointCorporate compliance powerpoint
Corporate compliance powerpointsmcmanus3
 

En vedette (11)

Fix nix, inc
Fix nix, incFix nix, inc
Fix nix, inc
 
jComply grc_platform_v1.0
jComply grc_platform_v1.0jComply grc_platform_v1.0
jComply grc_platform_v1.0
 
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
FulcrumWay - Ed. Webinar - Identify and Eliminate False Positives from your S...
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and compliance
 
Expertool GRC Accelerator
Expertool GRC AcceleratorExpertool GRC Accelerator
Expertool GRC Accelerator
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013
 
CMLGroup - What is GRC?
CMLGroup - What is GRC?CMLGroup - What is GRC?
CMLGroup - What is GRC?
 
Reciprocity_GRC Software Buyers Guide v5
Reciprocity_GRC Software Buyers Guide v5Reciprocity_GRC Software Buyers Guide v5
Reciprocity_GRC Software Buyers Guide v5
 
Software Evaluation Checklist
Software Evaluation ChecklistSoftware Evaluation Checklist
Software Evaluation Checklist
 
The Evaluation Checklist
The Evaluation ChecklistThe Evaluation Checklist
The Evaluation Checklist
 
Corporate compliance powerpoint
Corporate compliance powerpointCorporate compliance powerpoint
Corporate compliance powerpoint
 

Similaire à it grc

Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxjoellemurphey
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear LLC
 
Information Governance Program
Information Governance ProgramInformation Governance Program
Information Governance ProgramBohdiman
 
Ch2-CIISA_IT Governance.pdf
Ch2-CIISA_IT Governance.pdfCh2-CIISA_IT Governance.pdf
Ch2-CIISA_IT Governance.pdfDanteHayashi
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxJoshJaro
 
CISM_WK_1.pptx
CISM_WK_1.pptxCISM_WK_1.pptx
CISM_WK_1.pptxdotco
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
crisc_wk_2a.pptx
crisc_wk_2a.pptxcrisc_wk_2a.pptx
crisc_wk_2a.pptxdotco
 
IT Governance.pptx
IT Governance.pptxIT Governance.pptx
IT Governance.pptxFaith Shimba
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems Jeffrey Paulette
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Security Experts
 
Introduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfIntroduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfSALES97
 
vertical in CISA certification and Five Domains are in CISA
vertical in CISA certification and Five Domains are in CISAvertical in CISA certification and Five Domains are in CISA
vertical in CISA certification and Five Domains are in CISAarjunnegi34
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptxHardikKundra
 
Seven Elements Of Effective Compliance Programs
Seven Elements Of Effective Compliance ProgramsSeven Elements Of Effective Compliance Programs
Seven Elements Of Effective Compliance ProgramsMaria Macri
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.pptKhalilIdhman
 

Similaire à it grc (20)

Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
 
Information Governance Program
Information Governance ProgramInformation Governance Program
Information Governance Program
 
Ch2-CIISA_IT Governance.pdf
Ch2-CIISA_IT Governance.pdfCh2-CIISA_IT Governance.pdf
Ch2-CIISA_IT Governance.pdf
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
Task 2
Task 2Task 2
Task 2
 
Grc and is audit
Grc and is auditGrc and is audit
Grc and is audit
 
CISM_WK_1.pptx
CISM_WK_1.pptxCISM_WK_1.pptx
CISM_WK_1.pptx
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
crisc_wk_2a.pptx
crisc_wk_2a.pptxcrisc_wk_2a.pptx
crisc_wk_2a.pptx
 
IT Governance.pptx
IT Governance.pptxIT Governance.pptx
IT Governance.pptx
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems
 
insider threat research
insider threat researchinsider threat research
insider threat research
 
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
 
Introduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfIntroduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdf
 
vertical in CISA certification and Five Domains are in CISA
vertical in CISA certification and Five Domains are in CISAvertical in CISA certification and Five Domains are in CISA
vertical in CISA certification and Five Domains are in CISA
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptx
 
Seven Elements Of Effective Compliance Programs
Seven Elements Of Effective Compliance ProgramsSeven Elements Of Effective Compliance Programs
Seven Elements Of Effective Compliance Programs
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
 

Plus de 9535814851

Wireless application prorocol
Wireless application prorocolWireless application prorocol
Wireless application prorocol9535814851
 
information system and computers
information system and computersinformation system and computers
information system and computers9535814851
 
Information technology govenance
Information technology govenanceInformation technology govenance
Information technology govenance9535814851
 
information system and computers
information system and computersinformation system and computers
information system and computers9535814851
 
human resource information system
human resource information system human resource information system
human resource information system 9535814851
 
information system and computers
information system and computersinformation system and computers
information system and computers9535814851
 
Software development life cycle copy
Software development life cycle copySoftware development life cycle copy
Software development life cycle copy9535814851
 
Database management system
Database management system Database management system
Database management system 9535814851
 
information system and computers
information system and computersinformation system and computers
information system and computers9535814851
 
information system and computers
information system and computers information system and computers
information system and computers 9535814851
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)29535814851
 
Information system
Information systemInformation system
Information system9535814851
 
Mc card new product launch
Mc card new product launchMc card new product launch
Mc card new product launch9535814851
 
marketing information system
marketing information system marketing information system
marketing information system9535814851
 
information system and computers
information system and computersinformation system and computers
information system and computers9535814851
 
2007 mcom mis module 1.0
2007 mcom mis module 1.02007 mcom mis module 1.0
2007 mcom mis module 1.09535814851
 

Plus de 9535814851 (17)

Wireless application prorocol
Wireless application prorocolWireless application prorocol
Wireless application prorocol
 
it act
it act it act
it act
 
information system and computers
information system and computersinformation system and computers
information system and computers
 
Information technology govenance
Information technology govenanceInformation technology govenance
Information technology govenance
 
information system and computers
information system and computersinformation system and computers
information system and computers
 
human resource information system
human resource information system human resource information system
human resource information system
 
information system and computers
information system and computersinformation system and computers
information system and computers
 
Software development life cycle copy
Software development life cycle copySoftware development life cycle copy
Software development life cycle copy
 
Database management system
Database management system Database management system
Database management system
 
information system and computers
information system and computersinformation system and computers
information system and computers
 
information system and computers
information system and computers information system and computers
information system and computers
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2
 
Information system
Information systemInformation system
Information system
 
Mc card new product launch
Mc card new product launchMc card new product launch
Mc card new product launch
 
marketing information system
marketing information system marketing information system
marketing information system
 
information system and computers
information system and computersinformation system and computers
information system and computers
 
2007 mcom mis module 1.0
2007 mcom mis module 1.02007 mcom mis module 1.0
2007 mcom mis module 1.0
 

Dernier

Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxcallscotland1987
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 

Dernier (20)

Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 

it grc

  • 1.
  • 2. INTRODUCTION Information technology has a tremendous impact on the discipline of accounting by introducing new ways of retrieving and processing information about performance deviations and control effectiveness. It for managing organizational controls by analyzing value drivers for particular accounting information systems that commonly runs under the label of governance, risk management and compliance (GRC IS). Information systems such as enterprise resource planning systems separate financial from nan-financial data and therefore enable better financial accounting. On the other hand, they provide new potential for management control as “data become accurate, shareable and available to many different parties but does hardly create the panoptic dreams of visibility and action at a distance”.
  • 3. Governance The process by which policy is set and decision making is executed. Governance is the of policies, laws, culture, and institutions that define how an organization should be managed.
  • 4. • The process for preventing an unacceptable level of uncertainty in business objectives with a balance of avoidance through reconsideration of objectives, mitigation through the application of controls, transfer through insurance and acceptance through governance mechanisms. It is also the process to ensure that important business processes and behaviors remain within the tolerances associated with policies and decisions set through the provenance process. Risk management is coordinate activities that direct and control an organization forecasting and managing events/risks that might have a negative impact on the business.
  • 5. The process of adherence to policies and decisions. Policies can be derived from internal directives, procedures and requirements, or external laws, regulations, standards and agreements. Compliance is the act of adhering to regulations as well as corporate policies and procedures.
  • 6.  Create and distribute policies and controls and map them to regulations and internal compliance requirements.  Assess whether the controls are actually in place and working and fix them if they are not.  Ease risk assessment and mitigation.  IT GRC provide coordination and standardization of policies and controls.  Automate information gathering.  It enable enterprises to rapidly adapt to change.
  • 7. governance Enterprise risk management and assessment Board compliance capabilities such as options policy compliance, ethics and policy compliance, etc. Business performance reporting such as balanced scorecards, risk scorecards, operational controls dashboards, etc Policy management, documentation and communication
  • 8. • Risk assessment • Risk analysis and prioritization • Root cause analysis of issues and mitigation • Risk analytics and trend analysis
  • 9. • Flexible controls hierarchy • Assessments and audits • Issues tracking and remediation • analytics
  • 10. Importance of IT-GRC • An improvement in the quality and availability of information; • A reduction in breaches and errors; • A reduction in costs and greater efficiencies; • A more flexible and externally focused workforce capable of rapid change to meet customer and organizational needs; • A greater assurance for the organization and its board and senior management that grace issues are being appropriately dealt with and the organization remains “on target” with its performance objectives; and • Improved levels of communication across the organization the organization.
  • 11. BUSINESS IS MORE DEPENDENT ON IT • IT environment is more complex. • Less time between IT failures and organizational impact. • Increase in threats related to IT. • Increase in threats related to IT. • Increase in regulations, standards and controls.
  • 12. IT GRC Challenges • Mapping the policies and control • Audit fatigue • Security exposure • Redundancy and inefficiency
  • 13. Other Challenges • A perception by staff that the initiative may have an ulterior motive, for example a cost recovery drive or head count reduction. • Business unit managers or middle management are fearful of being marginalized as GRC responsibilities are devolved to those in lower levels of the hierarchy. • Organizations are sometimes skeptical regarding the targeting and measurement systems proposed and are concerned that there will not ultimately be an appropriate return on investment given the establishment and maintenance costs involved. • Corporate cynicism and skepticism around the outcomes and results achieved from past planned organizational change (and management “fads” generally).
  • 14. Factors to be consider at the time of implementation of IT GRC • Strategy • Reporting and audit • Legal function • Information technology • Ethics and corporate social responsibility • Corporate culture • Business process management
  • 16. Introduction Information systems auditing involves using technical tools and expertise to evaluate the adequacy and effectiveness of information systems in an organization. Further, it involves working with management to identify weak controls and risk, which arises due to the application of technology in a business. It also suggests ways to enhance these weak controls to increase the reliability of IS, which will help an organization to achieve its strategic objectives.
  • 17. Meaning Information systems audit is a process to collect and evaluate evidence to determine whether the information systems safeguard assets, maintain data integrity, achieve organizational goals effectively and consume resources efficiently. The common element between any manual audit and IS audit is data integrity. All type of audits (information audits) have to evaluate the data integrity. Since IS audit involves efficiency and effectiveness, it includes some elements of management and proprietary audit too.
  • 18. IS auditing methodology • Step 1: define objectives of the audit. • Step 2: obtain basic understanding of systems and flow of transactions. • Step 3 : Detailed information gathering • Step 4 : Search for exposures that exist under the system and suggest the control in eliminate the exposure. • Step 5 : Define Auditing procedures to verify controls. • Step 6 : Perform audit test using various techniques and tools. • Step 7 : Evaluation of findings. • Step 8 : Generation of Report.
  • 19. Scope of IS audit • Data • Application systems • Technology • Facilities • People
  • 20. Elements of IS audit Exposures Causes Controls Physical and environmental review System administration review System administration review Application software review Network security review Business continuity review Data integrity review
  • 21. Need for IS audit • Confidentiality • Integrity • Availability • Reliability
  • 22. Categories of IS audits • Systems and applications • Information processing facilities • Systems development • Management of IT and enterprise architecture • Telecommunications intranets and extranets
  • 23. Information Security and management standard Meaning information security relates to the physical and logical protection of data or information recorded, processed, shared, transmitted or received from an electronic from. The protection is provided against joss, inaccessibility, alternation, or unauthorized disclosure. The protection is achieved through physical safeguard such as locks, security guard, insurance etc. and logical safeguard as user identifiers, passwords, firewalls.
  • 24. Information security • Meaning: • It is the practice of defending information from unauthorized access, use discloser, disruption modification, perusal, inspection recording or destruction • Definition • “Information security is the process of protecting the intellectual property of an organization” • IT security: it is referred to as computer security .a computer is any device with a processor and some memory such device can range from non-networked standalone device as simple as calculator to networked mobile computing device such as smart phone ad tablet .IT security is mainly used in major enterprise establishment due to the nature and value of the data within larger business
  • 25. Information assurance • The act of ensuring that data is not lost when critical issues aries.thes issues include but are not limited to natural disaster computer server malfunction physical theft or any other instance where data potential of being lost.
  • 26. Threats Computer system threats come in many different forms. some of the most common threats today are software attack, theft of intellectual property identity theft of equipment or info are common example of software attack Key concept of information security Confidentiality Integrity Availability
  • 27. Risk management ‘Risk management is the process of identifying vulnerabilities and threats to the information resources ‘
  • 28. control Selecting proper control and implementing those will initially help an organization to bring down risk to acceptable level. Control selection should follow and should be based on the risk assessment .control can vary in nature but they are fundamentally they are ways of protecting the confidentially. Types of control are • Administrative control • Logical control • Physical control
  • 29. Security organization structure 1. Information security forum (ISF) 2. Information security management group (ISMG) 3. Assistant group security officer (AGSO) 4. System owner 5. Personal security officer (PSO) 6. Line manager 7. Users
  • 30. Standards For Information Securities The international organization for standardization[ISO] established in 1947, is a non-governmental international body that collaborates with the international commission technology[ITC] standard. The following is commonly referenced ISO security standards.
  • 31. Introduction to ISO 27001 ISO 27001 is a specification for creating an ISMS. It does not mandate specific actions, but includes suggestions for documentation, internal audits, continual improvement, and corrective and preventive action.
  • 32. Framework of ISO 27001 implementation of ISO 27001 is an ideal response legal requirements and potential security threats such as: • Vandalism/Terrorism • Fire • Misuse • Theft • Viral attack
  • 33. Features of ISO 27001 • Adopted PDCA(PLAN-DO-CHECK-ACT) model. • Adopted a process approach. • Identify-manage actives-function effectively. • Stress on continual process improvements • Scope covers information security not only IT security. • Focused on people, process, technology. • Combination of management control, operational controls and technical control.
  • 34. Benefits of ISMS ISO 27001 certification: • Independent framework that will take account of all legal and regulatory requirements. • Helps provide a competitive edge to the company. • Helps to identify and meet contractual and regulatory requirements. • Independently verifies that risks to the company are properly identified and managed. • Demonstrates to customers that security of three information is taken seriously.
  • 35. CONTROL OBJECTIVES FOR INFORMATION AND RELATED TECHNOLOGY (COBIT) INTRODUCTION: COBIT was first released in 1996; the current vision, COBIT 5 was published in 2012. Its mission is “to research, develop, publish and promote an authoritative, up-to-date, international set of generally accepted information technology control objectives for day-to-day use by business managers, IT professionals and assurance professionals.
  • 36. Theframeworkprovidesgoodpracticesacrossadomainandprocessframework: “The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement and identifying the associated responsibilitiesofbusinessandIT processowners.” COBIT is a framework of generally applicable information systems security and control. The framework allows: 1) Benchmarking of the security andcontrol arrangement. 2) Auditor to review internal controls and advise on ITsecurity matters. 3) Users of IT services to beassured that adequate security and control exist
  • 37. The framework addresses the issue of control from 3 vantage points
  • 38. IT Processes Controls are required to be implemented in all the processes, which are broken into 4 domains:  Planning and organization  Acquisition and implementation.  Delivery and support and  Monitoring.
  • 39. Business objectives To satisfy business objectives, information must satisfy some criteria that COBIT refers to as business requirement for information. The criteria are divided into seven categories:  Effectiveness  Efficiency  Confidentiality  Integrity
  • 40. IT RESOURCES To protect the IT resources must be developed which includes:  People  Application system  Hardware devices  Facilities and data  Security controls.
  • 41. Advantages of COBIT I. COBIT is aligned with other standards and best practices and should be used together with them. II. It’s framework and supporting best practices provide a well-managed and flexible IT environment in an organization. III. COBIT provides a control environment that is responsive to business needs and serves management and audit functions in terms of their control responsibilities. IV. It provides tools to help manage IT activities.
  • 42. 1) Strategic alignment focuses on ensuring the linkage of business and IT plans; defining maintaining and validating the IT value proposition; and aligning IT operations with enterprise operations. 2) Value delivery is about executing the value proposition throughout delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimizing cost and providing the intrinsic value of IT. Cobit has five IT governance areas of concentration
  • 43. 3) Resource management is about the optimum investment and proper management of critical IT resources: applications. Information, infrastructure and people. 4) Risk management is a clear understanding of the enterprises, appetite for risk, understanding of compliance requirements, and transparency into the organization 5) Performance measurements track and monitors strategy implementation, project completion, resource usage, process performance and service delivery, for example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting. Cobit has five IT governance areas of concentration
  • 45. Introduction • The health insurance portability and accountability act (HIPAA) became law in 1996. The purpose of the HIPAA is to improve the efficiency and effectiveness of healthcare transactions by standardizing the exchange of administrative and financial data, as well as protecting the privacy and security of individual health information that is maintained or transmitted.
  • 46. • HIPAA imposes stringent privacy and security requirements on health plans, healthcare providers, and healthcare clearinghouses that maintain and/or transmit individual health information in electronic form. The term “healthcare provider” includes individual physicians, physician group practices, dentists, other healthcare practitioners, hospitals, and nursing facilities.
  • 47. Specific objectives of the regulations are: • Standardizing the format and content of primary commercial and administrative electronic healthcare transactions. • Developing standards to protect confidential patient information from improper use or disclosure and establishing patients rights to control such uses. • Developing standards for computer systems and networks to ensure the security, integrity, and availability of patient data.
  • 48. HIPAA is also know as public law. The Act has five top-level titles: • Title 1. health access, portability, and renewability. • Title 2. preventing health care fraud and abuse (administrative simplification0, which includes: • (1) transaction and code sets (2) identifiers (3) privacy (4) security. • Title 3. Tax-related health previsions (medical savings accounts and health insurance tax deductions for self-employed individuals).
  • 49. • Title 4. Group health plan provisions • Title 5. Revenue offset provisions.
  • 50. HIPAA Transaction And Codes • HIPAA is named for its contribution to portability of insurance and accountability for insurance claims. The administrative simplification section of HIPAA requires the standardization of identifiers, code sets and, transactions. HIPAA provides various limits to the exclusions that insurers may use, provides credit for past insurance, and attempts to assure that insurance can be purchased. As stated previously, HIPAA ensures only that insurance is available, not that it is inexpensive.
  • 51. The Security Rule: • The security lays out three types of security safeguards required for compliance: administrative, physical, and technical. For each of these types, the rule identifies various security standards, and for each standard, it names both required and addressable implementation specifications. Required specifications must be adopted and administered as dictated by the rule.
  • 52. The Standards And Specifications Are As Follows: • Covered entities must adopt a written set of privacy procedures and designate a privacy officer to be responsible for developing and implementing all required policies and procedures. • The policies and procedures nust reference management oversight and organizational buy-in to compliance with the documented security controls. • Procedures should clearly identify employees or classes of employees who will have access to protected health information (PHI). • The procedures must address access authorization, establishment, modification, and termination
  • 53. • A contingency plan should be in place for responding to emergencies. • Internal audits play a key role in HIPAA compliance by reviewing operations with the goal of identifying potential security violations. • Procedures should document instructions for addressing and responding to security breaches that are identified either during the audit or the normal course of operations.
  • 54. Technical Safeguards: • Controlling access to computer systems and enabling covered entities to protect communications containing PHI transmitted electronically over open networks from being intercepted by anyone other than the intended recipient. • Information systems housing PHI must be protected from intrusion. When information flows over open networks, some form of encryption must be utilized.
  • 55. • Each covered entity is responsible for ensuring that the data within its systems has not been changed or erased in an unauthorized manner. • Data corroboration, including the use of check sum, double-keying, message authentication, and signature may be used to ensure data integrity. • Covered entities must also authenticate entities it communicates with authentication consists password systems, two or three-way handshakes, telephone call-back, and token systems.
  • 56. Physical safeguards: • Controlling physical access to protect against inappropriate access to protected data • Controls must govern the introduction and removal of hardware and software from the network. • Access to equipment containing health information should be carefully controlled and monitored. • Access to hardware and software must be limited to properly authorized individuals.
  • 57. STATEMENT OF AUDITING STANDARDS FOR SERVICE ORGANISATION
  • 58. Introduction Statement on Auditing Standards No.70: Service Organizations, commonly abbreviated as SAS 70 is an auditing statement issued by the Auditing Standards Board of American Institute of Certified Public Accountants(AICPA), officially titled “Reports on the Processing of Transactions by Service Organizations”. SAS 70 defines the professional standards used by a service auditor to assess the internal control of a service organization and issue a service auditor’s report.
  • 59. Meaning of SAS SAS 70 (the Statement on Auditing Standards No. 70) defines the standards an auditor must employ in order to asses the contracted internal controls of a service organization. Service organizations, such as hosted data centers , insurance claims processors and credit processing companies, provide outstanding services that affect the operation of the contracting enterprise.
  • 60. Under SAS 70 (the Statement on Auditor reports are classified as either Type I or Type II. In a Type I report the auditor evaluates the efforts of a service organization at the time of audit to prevent accounting inconsistencies, errors and misrepresentation. The auditor also evaluate the likelihood that those efforts will produce the future results. A Type II report includes the same information as that contained in a Type I report; in addition, the auditor attempts to determine the effectiveness of agreed-on controls since their implementation. Type II reports also incorporate data complied during a specific time period, usually a minimum of six months.
  • 61. 1. Statement on Auditing Standards (SAS) No. 70, Service Organizations, in an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants(AICPA). 2. SAS 70 provides guidance to enable an independent auditor (“service auditor”) to issue an opinion on a service organization’s description of controls through a Service Auditor’s Report. 3. Service auditors are required to follow the AICPA’s standards for fieldwork, quality control, and reporting. 4. A formal report including the auditor’s opinion (“Service Auditor’s Report”) is issued to the service organization at the conclusion of a 70 examination. CHARACTERSTICS or STATEMENT OF AUDITING standards for service organizations
  • 62. 5. A SAS 70 examination is not a “checklist” audit. SAS No. 70 is generally applicable when an auditor (“user auditor”) is auditing the financial statements of an entity (“user organization”) that obtains services from another organization (“service organization”). Service organizations that provide such services could be application service providers, bank trust departments, claims processing centers, Internet data centers, or other data processing service bureaus. 6. A SAS 70 audit or service auditor’s examination is widely recognized, because it represents that a service organization has been through an in-depth audit of their control activities which generally include controls over information technology and related processes.
  • 63. Type I SAS 70 audits opinion on controls that are in place of a date in time. The opinion deals with the fairness of presentation of the controls and the design of the controls in terms of their ability to meet defined control objectives. Since these reports only provide assurance over a single day, they are of limited value to third parties. Type II SAS 70 audits opinion on controls that were in place over a period of time, which is typically a period of six months or more. The opinion deals with fairness of presentation of the controls, the design of the controls in terms of their ability to meet defined control objectives, and the operational effectiveness of those controls over the defined period. Third parties are better able to rely on these reports since verification is provided regarding these matters for a substantial period of time. Type I and type ii audit standards
  • 64. 1. A service auditor’s report ensure that all user organization and their auditors have access to the same information and in many cases this will satisfy the user auditor’s requirements. 2. SAS 70 engagements are generally performed by control oriented professionals who have experience in accounting, auditing, and information security. 3. A service auditor’s report with an unqualified opinion that is issued by an independent accounting firm differentiate the service organization from its peers by demonstrating the establishment of effectively designed control objectives and control activities. 4. A SAS 70 engagement allows a service organization who have its control policies procedures evaluated and tested (in the case of a TYPEII engagement) by an independent party 5. A service auditor’s report also helps a service organization build trust with its users organizations (I.e. Customers). Benefits of the service organization
  • 65. CAPABILTY MATURITY MODEL(CMM) INTRODUCTION: The CMM was developed from 1984 by Watts Humphrey and the Software Engineering Institute(SEI). The SEI is a part of Carnegie Mellon University. The work was funded and continues to be funded by the Department of Defense(DoD), which was originally looking for ways to compare and measure the various contractors that were developing software for the DoD.
  • 66. Meaning : “A Capability of Maturity Model(CMM) is a formal archetype of the levels through which an organization evolves as it defines, implements , measures, controls and improves its processes in a particular area of operation. It thus enables the organization to consciously choose a certain target level ofmaturityandthen toworktowardsthatlevel.” Definition: “The definition implies that the CMM concept is mainly applicable to organizational processes, such as development processes or business processes. This process orientation underlies the model described in this paper and thus with knowledge within the framework of business processes.
  • 67. PROCESS OF CAPABILITY MATURITY MODEL(CMM) INITIAL MATURITY LEVEL REPEATABLE MATURITY LEVEL DEFINED MATURITY LEVEL MANAGED MATURITY LEVEL OPTIMIZING MATURITY LEVEL
  • 68. INITIALMATURITY LEVEL The software process is characterized as inconsistent and occasionally even chaotic. Defined processes and standard practices that exist are abandoned during a crisis. Success of the organization majorly depends on an individual effort, talent and heroics. The heroes eventually move on to other organizations taking their wealth of knowledge or lessons learnt with them.
  • 69. REPEATABLE MATURITY LEVEL This level of Software Development Organization has a basic and consistent project management processes to track cost, schedule and functionality. The process is in place to replace the earlier successes on projects with similar applications. Program management is a key characteristics of a level two organization.
  • 70. DEFINED MATURITY LEVEL The software process for both management and engineering activities and documented, standardized and integrated into a standard software process for the entire organization and all projects across the organization use an approved, tailored version of the organization’s standard software process for developing, testing and maintaining the application.
  • 71. MANAGED MATURITY LEVEL Management can effectively control the software development effort using precise measurements. At this level, organization set a quantitative quality goal for both software process and software maintenance. At this maturity level, the performance of processes is controlled using statistical and other quantitative techniques and is quantitatively predictable.
  • 72. The key characteristics of this level is focusing on continually improving process performance through both incremental and innovative technological improvements. At this level changes to the process are to improve the process performance and at the same time maintaining statistical probability to achieve the established quantitative process - improvement objectives. OPTIMIZING MATURITY LEVEL