Best Practices and Controls for Compliance and Risk Management

During this presentation we will provide a summary discussion of the COSO Model and an overview of COSO's Guidance on Monitoring Internal Control Systems. We will discuss the relevance of the guidance to other governance models, and discuss the Practical Implementation the concepts in the COSO monitoring model specific to - IT Operations - Information Security - Application Change Management - Project Management and Portfolio Management

After completing this session participants will be able to: ■ Learn about how to define the right RFP requirements for the GRC ■ Integrate risk management, compliance and audit activities into a unified GRC tool ■ Prepare strategies for streamlining the process and reducing costs associated with global trade regulatory compliance ■ Get key technical insight into how to plan and prepare your organization for a new implementation

Every key business process in an organization is reliant on and driven by technology. The importance of having effective controls to monitor user access, transactional integrity and detect fraud is critical to ensure compliance with regulations and industry mandates, as well as stopping operational losses. With the speed of business today, using manual detective controls will not provide an organization enough assurance that business risks, compliance failures or operational shortfalls won’t occur. Forward thinking organizations that implement automated, real-time business controls for monitoring user misuse of access and transactional activities are realizing substantial business benefits in terms of compliance efficiencies, reduction of inherent risk and the elimination of operational losses. This session will discuss the business drivers behind implementing a comprehensive, automated business control monitoring approach that enables organizations to evolve their business control frameworks from detective, period-based controls to real-time preventative controls and then to predictive controls driven by data analytics.

In order to function, a GRCM platform requires extensive data input from throughout the enterprise. The GRCM must establish if IT controls should be absent or present, and whether existing IT controls are compliant or non-compliant. Since most of the controls in a GRCM relate to process, operations, and management, their related data are usually captured via questionnaires that are manually completed by staff and entered into the system. Manually capturing data is appropriate for those controls, but it cannot scale to address technical controls. A typical large enterprise can have thousands, tens of thousands, or even hundreds of thousands of global IT assets in scope, so automation becomes a mandatory requirement for discovering these assets, identifying their owners, evaluating their state of configuration, and ensuring that configurations conform to policy. This session will explore complementary solutions that augment Gartner’s eight core functions of IT GRCM and related automation capabilities by integrating functionality into the legacy IT GRCM solutions.

This e-Symposium qualifies for 3 CPE points. To obtain CPE credit, members must download and listen to all event presentations and successfully complete a CPE quiz. To access the quiz, click the CPE button at the top of this page or click the Play button below.