Can anyone share their approach to performing a IT focused risk assessment in the support of audit planning? Would any one have a IT risk universe that they would be willing to share?

Security & GRCInfrastructureCloud+1 more
373 views3 Comments
Sort By:
Oldest
India Head and Director of Global Finance Shared Services in Hardwarea year ago
The risk assessment for IT areas should cover a number of areas for ensuring that an organization's IT systems and processes are effective, secure, and compliant with relevant regulations. The Audit Plan can typically focus on a range of topics to assess risks and controls. Here are some key areas to consider when planning IT focused risk assessment. 
1. Information Security 2. Cybersecurity 3. Systems and Applications Controls 4. IT Vendor Management 4. IT Audit trail and single / multiple logins for various Applications. 
Founder in Miscellaneousa year ago
Hello,

This will depend on your current infrastructure and the landscape of your applications.

Some initial questions to ask:

1/ Are you all working from one location, or are people spread remotely
2/ Is there a formal procedure / training for things like cyber security
3/ Are your applications administered centrally using SSO and 2FA, or are they all fragmented?
4/ Are you working from on-premise systems, or are you in the cloud?

Answers to these sorts of questions will dictate your approach to audit planning.

1/ Can we be sure our data is safe with people working remotely
2/ Are our team equipped with the knowledge that they need to reduce risk?
3/ Do we have complete control over access to internal systems?
4/ Are our systems backed up in the event we have to undergo a disaster recovery process?

You've then got second order consequences that could evolve from this:

- Risks from unauthorized access, data breaches, etc.
- Risks from system downtime, inefficient processes, etc.
- Risk of non-compliance with regulations like GDPR, SOX, etc.
- Risks from lack of adaptability to new technologies, vendor lock-in, etc.
- Risks from budget overflows in IT projects, ROI concerns, etc.

My recommendations:

1/ Start with the highest risks
2/ Ensure you have a plan in place to remain compliant
3/ Have a procedure in place for regular vulnerability assessments
4/ Map all of your systems, all of your team members and their usage
5/ Put it all into a matrix that you can colour code into a heat map of low vs high risks

Happy to provide more guidance if you want to send me a DM
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Director of Finance in Consumer Goodsa year ago
One can refer to this approach while performing a IT focused risk assessment.
Understand the entity and its environment, Understand entity-level controls, Understand the transaction level controls, Use preliminary analytical procedures to identify risk, Perform fraud risk analysis, Assess risk.

Content you might like

We are a services based organization looking at LogicSource and SpendHQ as spend analytics solutions. If you are a current or former customer of either: Did implementation meet your expectations? How much of your time was required during implementation? Any pros and cons to share? 

Applications & Platforms
9.9k views3 Upvotes

For a startup at the early ideation stage, which of these product management software is the best?

Applications & PlatformsManagement ToolsPeer Insights+1 more

Monday11%

Craft.io24%

Jira46%

Confluence10%

Wrike1%

ClickUp4%

another solution (mention in comments)1%

View Results
5.3k views1 Upvote2 Comments

Currently, we are looking for opportunities to identify synergies across all lines of defense as per 1st line of defense from business (i.e. investment banking, corporate banking, KYC), 2nd line of defense (i.e. Anti-Financial Crime, Compliance), and 3rd line of defense as independent audit function in larger FSI enterprises. Do you know any strategic initiatives regarding data strategy, applied AI and data analytics, or RegTech/AuditTech?

Data & AnalyticsFinancial ManagementFinance+1 more
Co-Founder & Director in Software10 months ago
I might not have understood the question well, but we have been implementing Data Strategies and some fortune 500 companies for a decade now. Our experience of almost 13+ years in Bigdata &  Ethical AI have been around ...read more
Read More Comments
1.1k views1 Upvote2 Comments

How do you best handle data analytics regarding the general ledger activity at your company? Do you use PowerBi? Self-made excel templates? Etc?

Applications & PlatformsData & Analytics
Global Capital Accounting Director in Consumer Goods8 months ago
We have all of it, excel spreadsheets, remedy tickets, and run book for our SAP business and Power BI is a very utilized tool on top of these data sources that can provide analytics on how we are performing. 
2
Read More Comments
3k views2 Upvotes4 Comments

What's the most important friction in deploying Robotic Process Automation (RPA) in your company?

People & LeadershipApplications & PlatformsEngineering+14 more

Cost of RPA products27%

Lack of developers who can code RPA applications44%

Amount of customization needed to automate business processes24%

Lack of RPA code maintenance resources4%

View Results
11.7k views5 Upvotes8 Comments