Getting Ahead and Staying Ahead of the Auditors NetPeoples Meeting July 2009
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Getting Ahead and Staying Ahead of the Auditors
NetPeoples Meeting
July 2009
Audit department’s responsibility
• Independent Score Keeper
• Catalyst for positive change
Audit wants to be a partner in your success
What do we fear most?
The Unknown
The Blair Witch Project
What are the trends in IT findings?
•Application Review •Change Management •Disaster Recovery •Data Center/Physical Security •Equipment Security•Service Management •Staffing •PCIDSS•IS Other
What are the emerging IT audit findings/concerns?
• Log management for servers
• Management of outsourced services – cloud technology
• Interdependence of systems and the impact on system availability
• Testing of recovery files
What tools are providing substantial leverage for
improving our risk profile?• Use and expansion of AD• Consolidation and securing of the most important servers
into central data centers• SLAs• System status page and continued work on better
communication about system outages
• Mike Balak • Connie Buechele • Brad Bostrom • Ed Clark • Ed Deegan • Paul Dokas • Ruth Dodson• David Ernst• John Grosen• Jamey Hansen
Who’s helping you get ahead of us?• Mark Hove• Jim Hugo• Steve Levin • Diane Kleinman • Jim Nichols• Scott Tisinger • John Sonnack• Lois Stark • John Snider• Steve Winckelman
Tools – Developed By IT collegiate directors and OIT
• Risk evaluation tool- template
• Disaster recovery preparation tool-template
• Securing private data tool-template
Tools – Being developed By IT collegiate directors and OIT
• Physical security assessment matrix
• Code change management tool-template
What does audit hear from the Board of Regents and senior
management about technology?
1. Effective technology is a key lever for the University accomplishing its goal of becoming one of the top three public research institutions in the world
2.Technology is very expensive and we need to effective manage those expenses
3. Management wants to shift the IT investment focus from administrative support to support of teaching and research
4. Management wants to leverage IT processes which do not provide a strategic advantage and put IT processes on the edge which are key to addressing education and research goals
What are some of the University IT actions that am I most proud?
• Collaboration and leadership between collegiate IT directors and central IT
• IT staff sharing knowledge and skills from across the University to better manage risk (e.g. groups like NetPeoples)
• The University’s IT standards
• The self assessment and peer reviews performed on OIT
What’s the bottom line?
1. The work you do is really important to the University accomplishing its goals
2. The work you do often directly impacts the University risk profile/control environment.
Audit wants to partner with you for success
Questions?Feedback?
Related Documents
