Can anyone share their approach to performing a IT focused risk assessment in the support of audit planning? Would any one have a IT risk universe that they would be willing to share?

Security & GRCInfrastructureCloud+1 more
174 views3 Comments
India Head and Director of Global Finance Shared Services in Hardware, 5,001 - 10,000 employees
The risk assessment for IT areas should cover a number of areas for ensuring that an organization's IT systems and processes are effective, secure, and compliant with relevant regulations. The Audit Plan can typically focus on a range of topics to assess risks and controls. Here are some key areas to consider when planning IT focused risk assessment. 
1. Information Security 2. Cybersecurity 3. Systems and Applications Controls 4. IT Vendor Management 4. IT Audit trail and single / multiple logins for various Applications. 
Founder in Miscellaneous, Self-employed
Hello,

This will depend on your current infrastructure and the landscape of your applications.

Some initial questions to ask:

1/ Are you all working from one location, or are people spread remotely
2/ Is there a formal procedure / training for things like cyber security
3/ Are your applications administered centrally using SSO and 2FA, or are they all fragmented?
4/ Are you working from on-premise systems, or are you in the cloud?

Answers to these sorts of questions will dictate your approach to audit planning.

1/ Can we be sure our data is safe with people working remotely
2/ Are our team equipped with the knowledge that they need to reduce risk?
3/ Do we have complete control over access to internal systems?
4/ Are our systems backed up in the event we have to undergo a disaster recovery process?

You've then got second order consequences that could evolve from this:

- Risks from unauthorized access, data breaches, etc.
- Risks from system downtime, inefficient processes, etc.
- Risk of non-compliance with regulations like GDPR, SOX, etc.
- Risks from lack of adaptability to new technologies, vendor lock-in, etc.
- Risks from budget overflows in IT projects, ROI concerns, etc.

My recommendations:

1/ Start with the highest risks
2/ Ensure you have a plan in place to remain compliant
3/ Have a procedure in place for regular vulnerability assessments
4/ Map all of your systems, all of your team members and their usage
5/ Put it all into a matrix that you can colour code into a heat map of low vs high risks

Happy to provide more guidance if you want to send me a DM
Director of Finance in Consumer Goods, 10,001+ employees
One can refer to this approach while performing a IT focused risk assessment.
Understand the entity and its environment, Understand entity-level controls, Understand the transaction level controls, Use preliminary analytical procedures to identify risk, Perform fraud risk analysis, Assess risk.

Content you might like

Which browser do you use at work?

Applications & Platforms

Internet Explorer6%

Microsoft Edge16%

Google Chrome64%

Mozilla Firefox6%

Safari3%

Brave1%

Other1%


1424 PARTICIPANTS
9.2k views4 Upvotes6 Comments

What is your decision making style

Data & AnalyticsDisruptive & Emerging TechnologiesEngineering+2 more

Data driven - Analytical41%

Collaborative - Data + expert opinion78%

Intutive31%

Expert - Manual4%


113 PARTICIPANTS
533 views1 Comment

Currently, we are looking for opportunities to identify synergies across all lines of defense as per 1st line of defense from business (i.e. investment banking, corporate banking, KYC), 2nd line of defense (i.e. Anti-Financial Crime, Compliance), and 3rd line of defense as independent audit function in larger FSI enterprises. Do you know any strategic initiatives regarding data strategy, applied AI and data analytics, or RegTech/AuditTech?

Data & AnalyticsFinancial ManagementFinance+1 more
151 views1 Upvote

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
39.8k views130 Upvotes318 Comments