Hi {{ session.user.profile.firstName }}
Norman D. Marks, OCEG Fellow and Vice President, Evangelist Better Run Business, SAP
A new challenge for many internal audit departments is auditing risk management. In this session, we will cover some high level principles and discuss a risk-based approach to the activity. Topics will include:

· The risk of poor risk management
· What do we audit risk management against?
· Why we need risk management, and what is the value it should provide?
· A review of the major risk management standards/frameworks
· Suggested evaluation steps
· Risk management maturity
· Reporting
Jul 19 2012
47 mins
Auditing Risk Management
More from this community:

IT Governance, Risk and Compliance

  • Date
  • Rating
  • Views
  • Our dependencies are clear. Organisations have become virtual, and all of this progress relies on systems and infrastructure that no one organisation maintains, and there is no turning back. Significant time and resources are being dedicated to coping with mistakes and oversights, while remediation time following system or data compromise is steadily getting longer.
    Industry has been cornered into a reactionary position addressing incidents as they occur.

    Such concerns are set to dominate discussions at the 2nd Annual (ISC)² Security Congress EMEA, October 20-21 in Munich, Germany.

    Join (ISC)², Infosecurity Magazine and two of the several top notch (ISC)² Security Congress EMEA speakers to examine our progress, how to challenge our reactionary position, and what is required to look forward to the future.

    Moderator: Michael Hine, Deputy Editor, Infosecurity Magazine
    Panellists: Adrian Davis, Managing Director, (ISC)² EMEA; Yiannis Pavlosoglou, Director of IT Risk, UBS; Georg Freundorfer, Director Security EMEA, Oracle

    WIN A FREE TICKET TO CONGRESS!
    (ISC)² is giving away 3 delegate passes for the 2015 (ISC)² Security Congress EMEA, to delegates who view the webinar for a minimum of 50 minutes. Winners will be announced live at the end of the webinar and subsequently emailed with information on how to redeem their prizes. The free pass is valid for all sessions including pre-conference workshops and networking opportunities. For further details on the prize draw and full T&C’s, please copy and paste the following link to your browser: http://bit.do/isc2emeacongressprize
  • The consumerization of IT, bring your own device (BYOD), and software-as-a-service (SaaS) provide organizations with impressive productivity gains, but bring with them the challenge of secure management. Grady Boggs, Principal Security Specialist, illustrates the Microsoft comprehensive cloud solution, the Enterprise Mobility Suite (EMS), and details how users can stay productive while keeping corporate information safe and secure.
  • The consumerization of IT, bring your own device (BYOD), and software-as-a-service (SaaS) provide organizations with impressive productivity gains, but bring with them the challenge of secure management. Grady Boggs, Principal Security Specialist, illustrates the Microsoft comprehensive cloud solution, the Enterprise Mobility Suite (EMS), and details how users can stay productive while keeping corporate information safe and secure.
  • Get the answers to four common questions about using data standards to grow your business.
  • Learn how to improve workflows and increase efficiency through use of data standards.
  • For oil and gas operators, the need to achieve operational excellence and stay competitive through quality information has never been greater. Meeting the demand for increased profitability, better well performance and regulatory reporting cannot be accomplished without clean, trusted data.
    Informatica Data Quality is a market proven, industry leading solution to address these challenges that oil and gas companies are facing today. For the well lifecycle, Informatica Data Quality offers out-of-the-box PPDM rules to cleanse and harmonize the well data to increase your confidence in well lifecycle information, so better decisions can be made toward achieving operational efficiency, and continued innovations.
    In this webinar, we will demonstrate how Informatica Data Quality can help oil and gas companies to:
    •Understand the patterns and identify the anomalies in your well data
    •Leverage out-of-the-box PPDM rules to cleanse and standardize the well data quickly and effectively
    •Proactively monitor the data quality process to address operational issues
  • Join cloud security expert Tricia Pattee on August 27 for a quick, cut-to-the-chase analysis on where to get the most bang for your security buck. The interactive, hour-long discussion will include:

    -The five most common security mistakes
    -Top six areas of security spend
    -How to maximize budget – and minimize risk
    -Hidden cloud security costs

    The presentation will include a Q & A to answer your specific questions about security budgeting and cost management.

    Register today.
  • Identity Access Management is a complex matrix of requirements meant to assure that only the right people have access to your data. This requires the creation of a rules, roles, and a method for preserving information about access rights. In other words, we create 'big data' that then must be mined to find the most risky individuals and risky behaviors. By starting with a risk-based approach, finding those behaviors and individuals is easier. Explore with us as we examine how risk values can be assigned as you build the database so that analyzing and reporting become easier.
  • Identity Access Management is a complex matrix of requirements meant to assure that only the right people have access to your data. This requires the creation of a rules, roles, and a method for preserving information about access rights. In other words, we create 'big data' that then must be mined to find the most risky individuals and risky behaviors. By starting with a risk-based approach, finding those behaviors and individuals is easier. Explore with us as we examine how risk values can be assigned as you build the database so that analyzing and reporting become easier.
  • As mitigating third party risk becomes an essential business function across many industries, business relationships will be tested. Organizations must now subscribe to a “trust, but verify” philosophy to ensure their third parties are secure. To verify vendor security, organizations now use BitSight Security Ratings, which are gathered externally and don’t rely on any vendor input.

    On August 27 at 1:00 pm EST join Debbie Umbach, Director of Product Marketing at BitSight as she discusses the best practices for implementing vendor security ratings. Viewers will learn:

    - different approaches for incorporating BitSight Security Ratings into vendor risk management (VRM) programs, whether your program is just getting started or is well underway
    - how companies have used BitSight Security Ratings to notify key vendors of security incidents
    - how vendor ratings can allow for more effective communication and thus greater transparency

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Auditing Risk Management
  • Live at: Jul 19 2012 4:00 pm
  • Presented by: Norman D. Marks, OCEG Fellow and Vice President, Evangelist Better Run Business, SAP
  • From:
Your email has been sent.
or close
You must be logged in to email this