Professional Documents
Culture Documents
KPMG IT Kontrole I Upravljanje Rizicima Informacionih Sistema PDF
KPMG IT Kontrole I Upravljanje Rizicima Informacionih Sistema PDF
upravljanje rizicima
informacionih
sistema
Neboja Jankovi, CISA
KPMG, IT Advisory
Assistant Manager
InfoTech 2012, Vrnjaka Banja
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
Sadraj
Strana
Izazovi upravljanja informacionim sistemima
Relevantna istraivanja
10
15
20
25
28
O KPMG-u
31
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
Izazovi upravljanja
informacionim
sistemima
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
Primeri IT rizika:
Oslanjanje na sisteme i programe koji netano obrauju podatke
Neautorizovan pristup podacima
Krenje pravila podele dunosti
Propust da se naprave neophodne izmene u sistemima ili programima
Potencijalan gubitak ili nemogunost pristupa podacima, softveru ili hardveru
Nedostupnost potrebnih ljudskih resursa
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
Rizik u poslovanju postoji bez obzira na to hoe li organizacija sama obavljati aktivnosti
vezane za informacioni sistem ili e se koristiti spoljnim pruaocima usluga.
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
Relevantna istraivanja
2011
78%
46%
31%
30%
28%
27%
19%
10%
9%
2010
86%
58%
31%
33%
35%
23%
26%
7%
15%
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
The e-Crime Report 2011 Managing risk in a changing business and technology environment (published by AKJ Associates sponsored by KPMG)
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
Upravljanje rizicima
informacionih sistema
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
11
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
12
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
13
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
14
IT Kontrole i
revizija informacionih
sistema
16
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
17
Proces odobravanja
Upravljanje projektom i razvojne metodologije
Proces testiranja
4. Kompjuterske operacije
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
18
Aplikativne kontrole
Aplikativne kontrole se odnose se na razne kontrole rada aplikacija i najee su specifine samo
za konkretne sisteme. Mogu biti ugnjedene u poslovne procese upotrebom aplikacija i pokrivaju:
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
19
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
20
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
21
CobiT 4.1
RUKOVOENJE
ORGANIZACIJOM
Opti pregled
RUKOVOENJE
PROCESIMA
ME1 Kontrolisanje i procena IT
performansa
ME2 Kontrolisanje i procena internih
kontrola
ME3 Usaglaavanje sa spoljanjim
zahtevima
ME4 Odreivanje rukovoenja IT
procesima
VANOST
PODATAKA
KONTROLA I
PROCENA (ME)
DS1 Odreivanje i rukovoenje
uslugama
DS2 Rukovoenje uslugama vendora
DS3 Rukovoenje performansom i
kapacitetom
DS4 Odravanje neprekidne podrke
DS5 Odravanje sigurnosti sistema
DS6 Odreivanje i rasporeivanje
trokova
DS7 Obuka korisnika
DS8 Rukovoenje servisnim kadrom i
kvarovima
DS9 Odreivanje konfiguracije
DS10 Rukovoenje problemima
DS11 Kontrola podataka
DS12 Rukovoenje okruenjem
DS13 Rukovoenje dnevnim poslovima
Efektivnost
Efikasnost
Poverljivost
Integritet
Raspoloivost
Dostupnost
Usklaenost
Pouzdanost
PLANIRANJE I
ORGANIZACIJA (PO)
IT RESURSI
Aplikacije
Podaci
Infrastruktura
Ljudi
IZVRENJE I
ODRAVANJE (DS)
NABAVKA I
IMPLEMENTACIJA (AI)
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
22
Zrelost procesa
Pri ocenjivanju zrelosti svakog od 34 procesa, oslanja se na CMM- Control Maturity Model.
Model zrelosti odreuje karakteristike za proveru i dodeljuje ocene za svaku karakteristiku.
CobiT 4.1 definie sledee karakteristike koje se koriste pri proceni:
Karakteristike za ocenu zrelosti
Obavetenost i komunikacija
0 Nepostojei proces
Alati i automatizacija
Znanje i strunost
3 Definisan proces
5 Optimizovan proces
Na osnovu ovakve analize dolazi se do nivoa zrelosti svakog procesa u organizaciji koji pokazuje gde
se nalazi danas, gde bi elela da bude i ako postoje podaci, vri se poreenje sa industrijskim
prosekom. Okvir predlae da se razmatraju samo oni procesi koji su relevantni za konkretnu
organizaciju i koji mogu imati uticaj na IT sigurnost.
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
23
b) IT resursi u okviru
CobiT-a
Da bi se odgovorilo na poslovne
zahteve, potrebno je da se ulae u
resurse koji su potrebni da bi se
stvorile tehnike mogunosti koje e
podrati poslovanje to e dovesti
do eljenih rezultata. IT resursi na
koje ima uticaj proces () su
predstavljeni tabelom na sledei
nain
Aplikacije
Informacije
Infrastruktura
fokusira IT upravljanje
koje izvrno rukovodstvo
da bi upravljalo IT-em. Za
predstavljeno na sledei
Ljudi
d) RACI matrica
Za svaki od procesa je utvrena RACI odgovornost. RACI odgovornost (Responsible, Accountable, Consulted, Informed) odreuje ko je
izvrno odgovoran za proces (A), ko e taj proces operativno izvesti (R) po nalogu od osobe (A), ko se pita za miljenje u vezi procesa
ili indirektno pomae (C) i ko je sve informisan o dobijenim rezultatima ali nema udela u izvrenju (I).
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
24
Sprovoenje
implementacije IT
kontrola
FAZA 3
FAZA 2
FAZA 1
Dokumentovanje
procesa i kontrola
Identifikovanje
nedostataka u
kontrolama
Preporuke
KONTINUIRANE
AKTIVNOSTI
Rukovoenje
projektom
Razmena
informacija
Prenos znanja
i propusta u kontrolama.
Izrada metodologije
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
Saradnja sa
rukovodstvom
Struna
podrka i
savetovanje
26
Upoznavanje sa organizacijom
Pregled hardverske infrastrukture
Pregled softvera
Razgovor sa zaposlenima odgovornim za pojedine procese
Pregled postojeih politika, procedura i internih pravila
Razumevanje dizajna i implementacije kontrola
Izvravanje kontrola
Izvravanje upita i skripti
Skeniranje korienjem specifinih alata
Runo testiranje parametara
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
27
Specifine IT kontrole i
testiranja
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
29
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
30
O KPMG-u
KPMG u svetu
Ko smo mi
ta radimo
EBIA
Azija i Pacifik
Revizija
Porezi
Savetovanje
Revizija je nezavisna
usluga koja doprinosi
poveanju
pouzdanosti
informacija koje
koriste investitori i
druge zainteresovane
strane.
Pristupi poreskim
pitanjima se menjaju.
Odeljenje za
finansijsko
savetovanje sarauje
sa klijentima u
prevazilaenju
izazova vezanih za
transakcije i
restrukturiranje,
finansijske rezultate,
tehnologije i rizike,
kao i ispunjenje
zakonskih obaveza.
Organizacije razliitih
veliina su sve vie
izloene novim
kretanjima u poreskoj
regulativi, i to ne
samo na lokalnom,
ve i na
meunarodnom
nivou.
153
Partnera
7.900
145.000
USD 22,7
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
32
Letonija
Litvanija
Belorusija
Poljska
eka
Slovaka
Zemalja
18
Kancelarija
36
Partnera
166
Moldavija
Maarska
Slovenija
Hrvatska
Rumunija
BiH
Srbija
Crna Gora
Albanija
Bugarska
Makedonija
Osoblja (ukupno)
Neto prihod
4.300
EUR 283 m
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
33
KPMG u Srbiji
KPMG d.o.o. Beograd
Osnovan 1996.
Preko 160 zaposlenih ukljuujui 7 partnera
Usluge
Revizija
Poresko savetovanje
Finansijsko savetovanje
Upravljanje rizicima poslovanja
Podrka
Direktor: Boris Miloevi, Managing Partner
KPMG je otvorio kancelariju u Beogradu u Avgustu 1996. godine i u Srbiji posluje pod imenom KPMG d.o.o. Beograd. Organizaciono,
KPMG d.o.o. Beograd je lan regiona centralne i istone Evrope, sa centralom u Pragu. KPMG je izgradio jaku nacionalnu praksu
koja se zasniva na kombinaciji lokalnog i meunarodnog znanja i iskustva zaposlenih.
Srpska kancelarija poseduje znaajno iskustvo u pruanju punog obima usluga poslovnog savetovanja domaim privrednim
drutvima, vladinim organizacijama, stranim investitorima, bankama i finansijskim institucijama, agencijama za finansiranje i drugim
firmama koje posluju u Srbiji.
KPMG d.o.o. Beograd trenutno broji preko 150 zaposlenih, od ega 15 ovlaenih revizora i 4 ovlaenih raunovoa u skladu sa
srpskim zakonodavstvom. Pored toga, 19 zaposlenih poseduje meunarodna ovlaenja (ACCA, ICAEW, ICAO, CISA itd.). KPMG u
Srbiji prua usluge najvieg kvaliteta zahvaljujui meunarodnom iskustvu, kao i odlinom poznavanju lokalnog zakonodavstva u
oblasti revizije, poreza i optih poslovnih pitanja.
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
34
Usluge IT savetovanja
Pruamo usluge i reenja vezano za:
Poboljanje sigurnosti vaih IT sistema,
Umanjenje relevantnih rizika
Usklaivanje IT procesa sa poslovnim ciljevima,
Ispunjenje potrebnih standarda i regulatornih zahteva
Razvoj procedura, politika i IT procesa
Unapreenje IT organizacije i raspodele dunosti
Pregled implementacije informacionih sistema
Uspenost migracije sistema i konverzije podataka
Osnovna namera je da se prui pomo vaoj organizaciji da pobolja upravljanje informacionim
sistemom, da ga bolje uskladi sa poslovnim procesima i izbalansira rizike i kontrole na trokovno
efikasan nain.
Na pristup sprovoenju IT usluga podrazumeva fazni pristup baziran na naem viegodinjem
iskustvu i u praksi potvrenoj metodologiji kako bi se pobolja bezbednost, funkcionalnost i
efikasnost informacionog sistema.
2012 KPMG d.o.o. Beograd, a Serbian limited liability Company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.
35
Duan Tomi
Partner, FS
Kraljice Natalije 11
11000 Beograd
dtomic@kpmg.com
Tel. +381 (11) 20 50 521
Mob +381 (60) 20 55 521
Neboja Jankovi
Assistant Manager,
IT Advisory
Informacije sadrane u ovoj prezentaciji su opte prirode i nisu posebno
namenjene nijednom pravnom ili fizikom licu.
Naziv KPMG, logo i cutting through complexity su registrovani zatitni znaci
KPMG International Cooperative, vajcarskog pravnog lica.
Kraljice Natalije 11
11000 Beograd
njankovic@kpmg.com
Tel. +381 (11) 20 50 603
Mob +381 (60) 20 55 603