Technology - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Technology

Description:

Past President of the Los Angeles Chapter of the Information Systems Audit and ... Also known as General Controls Review (GCR) or General Network Controls (GNC) ... – PowerPoint PPT presentation

Number of Views:58
Avg rating:3.0/5.0
Slides: 24
Provided by: april75
Category:
Tags: gnc | technology

less

Transcript and Presenter's Notes

Title: Technology


1
Technology Security Risk Services
TSRS 10/12/05
  • October 12, 2005
  • CSUN MISA Meeting

2
Introductions
  • Debbie Lew
  • Manager 4
  • School Attended York University (yes, thats in
    Canada)
  • With the Firm 1 year
  • Over 15 years in industry IT Audit, Project
    Management, Strategic Planning, Marketing
  • Past President of the Los Angeles Chapter of the
    Information Systems Audit and Control Association
    (ISACA). Currently on the International ISACA
    Audit Committee representing membership.
  • Isaac Clarke
  • Staff 2
  • School Attended - BYU and UVA
  • With the Firm - 1 years

3
Overview of Ernst Young
Relationships
Brand
  • Global professional services firm with over
    100,000 people in 700 locations and 140 countries
  • We operate under a global market strategy and
    have a strong value system
  • Our culture is Peoplefirst
  • We believe in Quality in Everything We Do.
  • We have diverse business career opportunities
    available

Market Leadership
Reputation
Share
Q U A L I T Y
P E O P L E
G R O W T H
EXECUTION
EXECUTION
OPERATIONAL EXCELLENCE
ACCOUNT-CENTRICITY
SHARED VALUES
GLOBAL MINDSET
4
Where is TSRS within Ernst Young?
5
What Does TSRS Do?
  • Computer Control Reviews
  • ERP Integrity Reviews
  • Continuity Availability
  • IT Effectiveness Reviews
  • SAS No. 70
  • Business Risk Services
  • Risk Assessment Methodology
  • Data Analysis Review
  • Sarbanes-Oxley Section 404

6
Computer Control Reviews (CCR)
  • Also known as General Controls Review (GCR) or
    General Network Controls (GNC)
  • Performed as part of the financial statement
    audit to identify and evaluate the information
    technology controls that impact the preparation
    of the companys financial statements
  • Significant Areas
  • Program Change Controls
  • User Access Controls
  • Logical Security
  • Application Controls
  • Computer Operations

7
ERP Integrity Reviews
  • Review ERP Solutions such as SAP, Oracle,
    PeopleSoft and J.D. Edwards
  • Review other less commercialized software
  • Review the integrity of the key business
    processes, the application, and the underlying
    infrastructure
  • Key focus on the design of the controls form a
    roles and responsibilities perspective at the
    application level
  • Deliverables Include
  • Detailed observations and recommendations report
  • Specific vulnerabilities related to security
    parameters
  • Suggestions to mitigate identified weaknesses

8
Continuity Availability (CA)
  • Also known as Business Continuity Planning (BCP)
  • Review a clients business to ensure that
    critical systems, processes or data will not be
    substantially impacted should a disaster occur
  • EY makes recommendations on current CA
    practices and documentation
  • EY also develops both automated and manual
    solutions to help the company maintain the
    availability of critical business processes and
    data

9
IT Effectiveness Reviews
  • EY determines if IT is properly aligned with the
    clients business strategies
  • Includes a formal review of current business
    requirements, key business processes, the current
    IT infrastructure, including hardware, software,
    and personnel
  • Also a review of IT related budgeted and spending
    can be performed.

10
SAS No. 70 Service Auditor Examinations
  • Examine processes and controls at third party
    service organizations that are relevant to user
    organizations and their auditors.
  • EY renders an opinion regarding the design and
    operating effectiveness of the service
    organizations controls.
  • EYs service auditors report is then available
    for distribution to the clients customers and
    their auditors

11
Business Risk Services (BRS)
  • Engagements include the following
  • Assessing the clients current IT internal audit
    function
  • Supplementing existing resources in specific
    areas
  • Providing a full IT audit function
  • Some types of engagements that fall under the BRS
    umbrella include
  • Application reviews
  • Process reviews
  • Disaster Recovery Plan reviews

12
Risk Assessment Methodology
  • Engagements consist of gaining client
    requirements, understanding current security
    programs, and identifying current controls in
    place to create a customized risk assessment
    methodology.
  • The methodology uses a weighted,
    questionnaire-based tool, supported by a detailed
    methodology that specifies the logistics of the
    program to help the client identify risks at the
    people, process, and technology levels

13
Data Analysis Review
  • Data Analysis services are designed to improve
    decision-making, reduce project delivery
    time/costs, and effectively manage and analyze
    risks.
  • Engagements consist of examining raw client data
    and producing reports for client management that
    summarize and analyze the data.
  • Routine computer assisted audit techniques
    (CAATs) are processed at our shared analysis
    center (ISAC) in Cleveland, Ohio.
  • Tools used
  • ACL and Microsoft Access

14
Sarbanes-Oxley Section 404 Assistance
  • EY reviews a Companys current internal controls
    documentation.
  • Recommendations are made on ways to improve their
    documentation.
  • For certain clients, EY can assist the client in
    documenting the clients current internal
    controls.
  • Reviews are performed in preparation for SOA
    Section 404 requirement for FY after 6/15/04.

15
TSRS Geographic Coverage
  • 4 Primary Marketplace Areas
  • West Coast
  • Central, including Canada
  • North East
  • South
  • 13 Geographic TSRS Areas
  • West Coast Marketplace
  • Security Technology Solutions Team
  • Pacific Northwest IT Risk Team
  • Pacific Southwest IT Risk Team
  • We have approximately125 PNW and 85 PSW TSRS
    professionals in the West Zone

16
West Zone Industry Focus
  • Technology, Communication Entertainment
  • Life Sciences
  • Retail, Manufacturing and Distribution
  • Financial Service Industries
  • Real Estate
  • Health Care

17
Pacific Southwest Office Locations
  • Offices
  • Woodland Hills
  • Los Angeles
  • Irvine
  • San Diego
  • Denver
  • Phoenix
  • Las Vegas
  • Honolulu

18
Ernst Youngs Values
  • Our values reflect how we work and interact with
    our colleagues, serve our clients, and engage our
    stakeholders.

19
People FirstBuilding a Culture
  • Talent
  • Motivation
  • Satisfaction
  • Business Success

20
Praise for EY culture
21
As a Part of Our Team
  • You will be challenged
  • as much as you can handle as soon as you can
    handle it
  • You will learn
  • School after school
  • You will have choices
  • Career opportunities in all areas of the firm
  • You will make friends
  • Co-workers, clients, etc.
  • You will have fun
  • what its really all about

22
Education at Ernst Young
  • Orientation TSRS Training
  • New hire orientation
  • TSRS training locally
  • Continuing Education
  • Re-imbursement for CPA fees and other TSRS
    certifications
  • Audit focus on the COBIT framework
  • Certifications CISA, CISSP, CPA
  • Financial audit rotation available in order to
    obtain CPA hours
  • Increased training on Sarbanes Oxley Section 404

23
Questions?
Write a Comment
User Comments (0)
About PowerShow.com