developing internal controls - berrydunn
TRANSCRIPT
![Page 1: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/1.jpg)
berrydunn.com | GAIN CONTROL
Developing Internal ControlsTo Address the Top Security Risks
![Page 2: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/2.jpg)
AGENDA
Developing successful internal controls
Using risk to create and strengthen controls
Internal control monitoring
The top 10 security risks you should address now
2
![Page 3: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/3.jpg)
WHAT ARE INTERNAL CONTROLS?
A process for assuring achievement of an organization’s objectives for:
• Operational effectiveness and efficiency• Reliable financial reporting• Compliance with laws, regulations, and policies
3
![Page 4: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/4.jpg)
THE PROCESS
• Set the foundation with a strong control environment• Perform a risk assessment• Develop and implement control activities• Communicate pertinent information• Monitor the internal control system
4
![Page 5: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/5.jpg)
CONTROL ENVIRONMENT
5
![Page 6: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/6.jpg)
ASSESSMENT
• Technology
• Human capital
• Financial
• Operational
• Legal
• Strategic
• Reputational
66
![Page 7: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/7.jpg)
A 2015 study on the state of 1093 organization’s risk management practices found that 72% of organizations do not have a standardized scale and/or approach to complete risk assessments
72%NO RISK
MANAGEMENT PRACTICES
28%
Source: Poole School of Management, NC State University
77
![Page 8: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/8.jpg)
RISK LIKELIHOOD TO OCCUR IMPACT OF RISK OVERALL RISK
RATING
Financial Security Operational
Low likelihood: 1
Low impact: 1
Low impact: 1
Low impact: 1
Low overall risk:4 - 5
Medium likelihood:
2
Medium Impact:
2
Medium Impact:
2
Medium Impact:
2
Medium overall risk:6 - 8
High Likelihood: 3
High Impact: 3
High Impact: 3
High Impact: 3
High overall risk:9 - 12
88
![Page 9: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/9.jpg)
CONTROL ACTIVITIES
99
![Page 10: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/10.jpg)
INFORMATION AND COMMUNICATION
1010
![Page 11: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/11.jpg)
MONITORING
11
![Page 12: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/12.jpg)
Evaluate Control Environment
Perform Risk Assessment
Implement ControlsCommunicate
Monitor
AN ONGOING PROCESS
12
![Page 13: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/13.jpg)
Putting this to practical use – the Top 10 IT Security Control Risks and what you can do
13
![Page 14: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/14.jpg)
#10 Segregation of Duties
14
![Page 15: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/15.jpg)
#9 Finding and Maintaining Qualified Security Personnel
15
![Page 16: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/16.jpg)
#8Lack of Management Support
16
![Page 17: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/17.jpg)
#7IT Diplomatic Immunity
17
![Page 18: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/18.jpg)
#6Data on User Owned Mobile Devices
18
![Page 19: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/19.jpg)
#5Lack of Encryption
19
![Page 20: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/20.jpg)
#4Outdated Operating Systems
20
![Page 21: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/21.jpg)
#3Inadequate Event Log Monitoring
21
![Page 22: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/22.jpg)
#2Inadequate System Logging
22
![Page 23: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/23.jpg)
#1 Overreliance on Security Monitoring Software
23
![Page 24: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/24.jpg)
QUESTIONS?
24
![Page 25: Developing Internal Controls - BerryDunn](https://reader035.vdocuments.net/reader035/viewer/2022071613/6157db88ce5a9d02d46fe791/html5/thumbnails/25.jpg)
INTERESTED IN MORE? CONTACT US.
Miles Smith, [email protected]
Tina Papadopoulos, [email protected]
25