+ All Categories
Home > Documents > JMSOXNYC

JMSOXNYC

Date post: 06-Jul-2018
Category:

Documents
Upload: rmcms
View: 214 times
Download: 0 times
Download Report this document
Share this document with a friend

of 20

Download
Transcript

  • 8/18/2019 JMSOXNYC

    1/20

    h

    Marimba Product Line

    Sarbanes-Oxley

    Act:

    Automate

    Compliance

    Processes

    ThroughoutSystem Lifecycle

     Jeanne Morain

  • 8/18/2019 JMSOXNYC

    2/20

    S-O an! "T Controls

    "nformation technology plays a crucial role insupporting the integrity of #nancialinformation$

    The PCAO% au!it stan!ar!s highlighte! theimportance of au!iting &ey "T controls$

    PCAO% re'uires (transaction

    )al&throughs* of #nancially

    signi#cant transactions

    an! assessment of

    relate! controls +including IT controls$

  • 8/18/2019 JMSOXNYC

    3/20

    Transaction,al&throughs PCAO% p./-012

    3or each signi#cant general le!ger #nancialaccount the au!itor must:

    › Trace transactions from origination through thecompany4s information systems until reected

    in the company's nancial reports.

    › Include the entire process of initiating, authorizing,recording, processing, and reporting individualtransactions … including controls intended to

    address the risk of fraud.

  • 8/18/2019 JMSOXNYC

    4/20

    3inance Systems"nterfaces

  • 8/18/2019 JMSOXNYC

    5/20

    Procurement System3lo)

  • 8/18/2019 JMSOXNYC

    6/20

    "T 5eneral Controls

    Poor controls in any of the "T infrastructureareas )ill a!6ersely a7ect reliability ofapplication controls$

    › hysical security

    › !ogical security "access controls#› $ata%ase security› &perating system security› et(ork security

    › rogram change management

  • 8/18/2019 JMSOXNYC

    7/20

    )pplication controls help ensure thecompleteness8 accuracy8 security ofinformation$

    › !ogical security "access controls#

    › rogram change management› Input controls› rocessing controls› &utput controls

    "T Application Controls

  • 8/18/2019 JMSOXNYC

    8/20

    Control 9ocumentation

    A signi#cant tas&,or& in6ol6e! !epen!s on company;s

    starting point on control !ocumentation

    Many companies !on;t ha6e goo! control

    !ocumentation$

  • 8/18/2019 JMSOXNYC

    9/20

    Control 9ocumentation

    Minimum =e'uirements for Control9ocumentation

    › $escription of the process

    › )ssociated risks

    › ontrol activities› ontrol testing

    - evaluation

    › ontrol gaps

    › lans to the gaps

  • 8/18/2019 JMSOXNYC

    10/20

    Control 3rame)or& 

    S-O >?> re'uires management to assesscontrols against an establishe! controlframe)or&$

    COSO is a recommen!e! control

    frame)or&$

    CO%"T Control Ob@ecti6es for "T2 is beinguse! for "T control assessments$

    CO%"T consists of > speci#c "T controlob@ecti6es$

  • 8/18/2019 JMSOXNYC

    11/20

    PLANNING AND

    ORGANIZATION

    ACQUISITION AND

    IMPLEMENTATIONDELIVER AND

    SUPPORT

    COBIT

    !USINESS O!"ECTIVES

    IN#ORMATION

    IT RESOURCES

    • e$$ecti%ene&&•

     e$$icienc'• con$identia(it'• inte)rit'• a%ai(abi(it'• com*(iance• re(iabi(it'

    •  data•  a**(ication &'&tem&•  tec+no(o)'•  $aci(itie&•  *eo*(e

    MONITORING

  • 8/18/2019 JMSOXNYC

    12/20

    CO%"T Control Ob@ecti6es

    A"1 Ac'uire an! Maintain Application Soft)areA" Ac'uire an! Maintain Technology "nfrastructure

    A"> 9e6elop an! Maintain Proce!ures

    A"B "nstall an! Accre!it Systems

    A" /anage hanges

    9S/ 9e#ne an! Manage Ser6ice Le6els

    9S1 Manage Thir!-Party Ser6ices

    9S Manage Performance an! Capacity

    9S> Dnsure Continuous Ser6ice 9ata Mgt2

    9SB 0nsure 1ystems 1ecurity9SE Manage the Con#guration

    9S/? Manage Problems an! "nci!ents

    9S// /anage $ata

    9S/ Manage Operations

    M/ Monitor the Processes

  • 8/18/2019 JMSOXNYC

    13/20

    S-OF>?> Compliance

    The control e6aluation8 !ocumentationan! testing are ma@or tas&s in6ol6ing

    signi#cant allocations of resources +

    primarily people an! soft)are$

    "mplementation of systems base! control

    soft)are shoul! result in process F

    control consistency an! a re!uce!

    in6estment of (people resources* for

    the control e6aluation e7orts$

  • 8/18/2019 JMSOXNYC

    14/20

    Go) prepare! are youfor an au!itH

  • 8/18/2019 JMSOXNYC

    15/20

    =e!uce %usiness "mpactof Compliance

    )utomate manual processes

    › Inventory, 1oft(are $istri%ution

    1ecure Apps8 Co!e8 =ecor!s›  atch, 11!, ode 1igning› )ccess, 1ystems, 1chedules

    )udit =eports across Dnterprise

    › )ccess, Inventory, 2ealth› $isparate 1ystems

    3educe "mpact

    › 3esources, roductivity, 4usiness› Total ost of ompliance

    Compliance Automation throughout System Lifecycle

  • 8/18/2019 JMSOXNYC

    16/20

    Sarbanes Au!it O6er6ie)

  • 8/18/2019 JMSOXNYC

    17/20

    End UsersInside/Outside

     The Firewall

    Automated Business Processes throughout Client Lifecycle

    Regulatory

    Controls

    Network

    Operations

    Help Desk

    Call Center

    Compliance Automation

    Data Center Partners/CustoersOutside The Firewall

    Pro!ureent

    Pro"isioning

  • 8/18/2019 JMSOXNYC

    18/20

    Go) !oes CCM AutomateComplianceH

    ontrol &%5ective /arim%a )utomates 4y6

    7A"1 - Ac'uire an! MaintainApplication Soft)are

    7A" I 9e6elop an! MaintainTechnology "nfrastructure

    7A"> I 9e6elop an! Maintain

    Proce!ures7A"B I "nstall an! Accre!itSystems

    7A" I Manage Changes

    Centralized Infrastructure & AdminInterface :

    7Policy %ase! Targeting -,GOF,GAT

    7Orchestration - 5lobal TASs

    7Patch =eme!iation - System"ntegrity

    79eploy OS8 Apps8 Content I Test8

    7Self Ser6ice - 3ailo6er8 =epair8Kerify

    7"n6entory I "!entify8 A!!ress =is&s

    79S 1 I Manage r! PartySer6ices

    79S I Manage Performance Capacity

    79S > I Dnsure ContinuousSer6ice 9ata2

    7=eporting I Sche!ule!8 Dmail8

    7Soft)are 9istribution I Ta&e Action

    7Content =eplication I 3ailo6er8

    7Patch =eme!iationFSoft)are

    Metering7Secure Transport I SSL8 Co!e

  • 8/18/2019 JMSOXNYC

    19/20

    Compliance Automation: Marimba =eme!y

    The Marimba "ntegration for =eme!y Combines Marimba automation an!facility )ith =eme!y applications Asset FCon#guration2 an! )or&o)

    Reedy #olutionsReedy #olutions $ari%a #olution$ari%a #olution

    Reedy &sset $anageent

    $ari%a In"entory Dis!o"eryPopulates Remedy asset repositories with

    software/hardware inventory scans providing

     current, accurate asset data

    $ari%a Desktop/$o%ile/#er"er

    $anageent #olutionAutomatic online servicing, or “taking action onsoftware assets that are not in compliance with

    corporate policies

    Reedy &sset $anageentLicense !anagement " leverage !arim#a$nventory % &oftware 'sage information to

    validate procured vs deployed assets

    Reedy Change $anageent

    Leverage Remedy change process with!arim#a policy #ased configuration

    management

  • 8/18/2019 JMSOXNYC

    20/20

    Gea! Start: CCM

    Marimba Integration for Remedy 8 is a @ointly !e6elope!8 fully-!ocumente! pro!uctiNe! integration that features:

    › !everage 8endor 9orms &3 0nterprise Integration 0ngine "0I0#:%asedinventory mapping from /arim%a inventory scanner to 3emedy asset

    repositories

    › )ccess /arim%a consoles and administration from 3emedy applications;

    › )utomatically open 3emedy trou%le tickets (hen /arim%a server is o