Scribd Logo
Upload

Welcome to Scribd!

  • แนวทาง กรอบการบริหารความเสี่ยงทั่วทั้งองค์กร

    Uploaded by

    Nadia Daokajai
    12 views34 pages
    Risk

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Risk

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views34 pages

    แนวทาง กรอบการบริหารความเสี่ยงทั่วทั้งองค์กร

    Uploaded by

    Nadia Daokajai
    Risk

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 34

    http://www.itgthailand.

    com/author/admin/page/25/

    Information Technology Governance .

    GRC, COBIT, GEIT, Integrated Management and Audit, COSOERM, IT Audit


    Author Archive for Metha Suvanasarn

    20th, 2009 Metha Suvanasarn







    8 COSO






    ERM
    ERM







    8
    ERM 8


    ERM




    ERM ERM








    ERM ERM



    ERM
    ERM






    ERM





    (Internal Environment)
    ERM 8 COSO

    !
    Healthcare IT Security
    15th, 2009 Metha Suvanasarn

    Virginia Prescription Monitoring Program


    10







    IT Risk Business Risk






    ( Segregration of duty )


    500


    Healthcare IT Security
    Virginia

    Eletronic Medical Record


    Virginia
    35
    Backup Files 8.5

    10 7


    30 2552
    Virginia (www.dhp.virginia.gov ) ( 9 .. 2552 )

    1.
    ( Backup Files Off Site
    Backup )

    2.

    Cyber Crime Cyber Terrorism
    8






    3.


    Identiy Theft








    (
    2


    )

    4. Virginia



    5.



    Compromised





    6.



    7.






    Virginia









    10

    Business Model for Information Security and Audit Committee/Auditors

















    ITG

    ()

    15th, 2009 Metha Suvanasarn

    Performance Measurement
    IT Governance

    . .
    ITG


    IT Risk

    Business Risk
    IT Risk


    Impact Business Process
    IT

    COSO ERM



    S O F C



    (word)
    Article
    ITG


    GRC_Value Creation
    CG ITG
    4 5

    4 :

    1.
    3

    ///
    2.





    ) / /
    (
    /

    3.

    (Value Enhancement)

    3.1



    3.2 /


    (Growth, Return)


    / /


    /







    (Value Creation)


    (Learning Organization)


    3.3
    )
    ( /



    4.



    -

    -

    /


    -

    5.






    6.


    6.1




    IT
    6.1.1

    (Off-Site Back Up)
    6.1.2


    (IT Security Room)

    BS/EN1047-2 COBIT
    .

    (Recovery Time : t0 t1
    (Recovery Point)
    . IT Security Room (EN 1047-2)

    (Recovery Time: t0 t1)

    -
    (Recovery Point)
    - Critical Infrastructure
    2) 2549
    (


    /Critical Infrastructure

    4 (



    )


    /Critical Infrastructure

    3.95 (



    )

    6.1.3 (Business Continuity Management : BCM)


    (Business Impact Analysis : BIA)




    BCM

    ( IT, IT
    Related Non IT

    )
    6.2

    IT
    IT (IT Strategy Committee)
    6.3 IT

    IT


    6.4 e-DOC (Electronic Department Operation Center)

    S-O-F-C



    7.





    -

    (

    1

    /
    )



    -




    -

    ( =
    )

    x



    Strategic Risk /Operational Risk/ Financial Risk
    Compliance Risk (S-O-F-C)
    (Key Risk Indicators : KRI) 2550
    -


    KRI

    / KRI


    ()


    15th, 2009 Metha Suvanasarn


    .
    400











    Mornitor
    Operation


    Risk
    People, Process Technology Compliance Risk




    Value Creation for Effectiveness & Efficiency of Operations


    .




    Business Process Business Objective

    ISO 27001
    COBIT IT Governance


    Corporate Governance

    COSO ERM






    Business Process
    Business Model









    COSO ERM



    IT Non IT
    Scenario


    (Root Cause)
    (Business Process) (Technology)



    (People)

    Functional Perspectives & Competency to drive IT Security + Successful Business







    Risk Convergence

    IT Governance IT Management
    (Risk Management & Audit Risk)



    - Poor Security & Reporting
    - Poor Management Control

    7



    - Poor Financial Transparency

    IT Investments


    ITG
    COBIT IT Security

    - Fraud


    Business Process Business Objective
    Internal Control
    Risk
    Management Internal Audit Risk Based Audit Instinct

    IT Audit Non IT Audit
    Non IT
    Impact IT Risk
    Business Risk




    IT Audit Non IT Audit


    2
    IT Risk

    15th, 2009 Metha Suvanasarn



    (ERM Enterprise Risk


    COSO
    Management)

    8


    1.









    2.


    ERM




    /

    3.







    4.


    5.








    6.








    7.








    8. ERM



    ERM


    8 ERM

    ERM 8
    ERM 3

    ERM

    - 4



    - 8

    -
    3

    IT Governance COSO ERM


    12th, 2009 Metha Suvanasarn


    . IT Governance





    CG ITG + GRC


    1
    2 3 4



    COSO ERM


    COSO ERM v2.

    8

    8





    COSO ERM









    CG ITG


    3 5


    3 :

    1.
    2

    2.
    ()

    (Risk Appetite)


    (Risk Tolerance)

    Risk Appetite/Risk Tolerance
    Strategic Risk /Operational Risk/ Financial Risk Compliance Risk (S-O-F-C)
    Risk Appetite Risk Tolerance

    / /


    3.



    3.1 /




    (



    )

    (
    )

    3.2 /



    - /

    -


    -
    /




    (Workshop)



    (Integration)
    4.
    // //
    4.1

    4.2

    (
    Risk Map )

    Risk Map
    2550
    5.


    5.1 IT ITG



    5.2

    IT









    -




    One Stop Service
    -




    5.3



    IT
    5.4 (Charter)

    IT
    5.5 e-DOC (Electronic Department Operation Center)


    6.






    -

    (

    1

    /
    )



    -




    -

    ( =
    )

    x



    Strategic Risk /Operational Risk/ Financial Risk
    Compliance Risk (S-O-F-C)
    (Key Risk Indicators : KRI) 2550
    -


    KRI

    / KRI


    12th, 2009 Metha Suvanasarn

    .







    1. COSO 1.






    IT




    (Exposure)


    2. CSA 1.

    Scenario








    (Technology)
    (Process)

    (People) (Root Cause)


    3 )
    )
    )

    3.
    Online








    10 30





    2 4



    4. .
    2






    3.


    .



    Suspense Account



    Conseptual Flow Processing Flow Data Flow Activity
    Flow


    Computer Control
    Manual Control

    Override











    5.





    Suspense Account Sundry


    Account








    COSO ERM


    Risk Appetite Risk

    Tolerance
    Suspense Account

    Suspense Account


    Suspense Account
    Sundry Account

    (Embed) Code
    6.
    5.











    IT Non IT



    Suspense Account




    Mind
    Map (Audit Instinct)








    PPT
    People Risk + Process Risk + Technology Risk

    Compliance Risk






    ?

    Risk Appetite

    Risk Appetite




    Stakeholders


    (Process Risk) System Risk


    Suspense Account




    IT Governance

    9th, 2009 Metha Suvanasarn


    IT Governance
    IT

    Intangible Assets
    Tangible Assets
    IT Governance






    IT Governance







    .
    IT Governance


    Corporate Governance









    .

    ITG & Value Creation


    IT Governance .

    5

    1

    /



    3
    ///



    5




    (Value

    Creation)


    4

    9th, 2009 Metha Suvanasarn

    update




    US

    Excalibur

    Metal Storm


    IT Security




    COSO ERM

    Strategic
    Risk S, Operational Risk O, Financial / Reporting Risk F, Compliance Risk C




    Data & Information
    COBIT 7


    CG








    Fighter Bomber




    Society Generale
    . Audit Risk
    9th, 2009 Metha Suvanasarn

    400 .


    Society Generale SG
    FSA






    CSA

    Fraud from Operational Risk & Poor Mgmt.


    FSA



    SG







    CG ITG
    GRC Statement


    FSA

    FSA


    Off-market rates
    9. .
    Off market rates Trader (Yellow
    flag)
    9.1 Off market rate
    . Trader


    9.2 .


    Off-market rate

    Trader
    P&L attribution
    10. .


    11. .




    11.1 .

    .



    11.2 .


    Reconciliations
    12. .

    12.1



    . Front office , Back office Risk Management
    Custodians / Nostro account / Broker .







    12.2


    Confirmations
    13. .
    (Confirmation)


    (Unconfirmed trade)
    Outstanding
    14. .


    confirmation
    14.1 .


    Position

    .
    . . (Track)
    Outstanding confirmation




    Service level agreement
    14.2 . Confirmation Back office . Back office

    ( Front office)
    14.3 .
    Confirmation








    14.4 . Confirmation OTC










    Margin
    Margining collateralization and cash management
    15. .

    Margin

    Margin

    15.1

    Margin


    .
    Margin
    Margin

    Position
    15.2 .
    Gross Net cash-flow
    Net cashflow
    Net cash-flow
    Offset Unrealized gain/loss
    Unmargined/Uncollaterized gain/loss
    Segregation of duties and IT security
    16. .
    Access control

    17. .
    User
    .
    17.1 . IT security Access control

    User

    (Makerchecker)

    .




    3
    Front office, Middle office Back office
    17.2

    Password Password

    User
    Password Lock
    Password




    Front office Back office .
    Password Password

    Good Corporate Governance & Internal Audit






    Gap Analysis

    COSO
    ERM FSA





    FSA
    Risk Appetite Risk Tolerance


    Posted in IT Audit, Non - IT Audit /


    Tags: Audit Risk, Fraud from Operational Risk & Poor Mgmt., IT Audit, Non IT Audit, Non IT Audit /
    , Poor Management, , ,
    Society Generale
    No Comments

    You might also like