Five biggest secrets to an it audit webinar slides
1. Five Biggest Secrets to a Successful IT Audit Focus on Getting and Staying CompliantCraig Tobey, VP of Sales, Aldon
2. Go-to-Webinar Controls Click here to minimize/maximize the Go-To-Webinar control box. Click here to type and submit your questions.
3. Challenges of IT Audit Compliance Five Biggest Secrets to a Successful IT Audit Aldon and Compliance Simplification Q&A Agenda
4. Sarbanes-Oxley COBIT HIPAA FDA PCI Basel & Basel II SEI/CMMI ITIL Common Criteria (National Institute of Standards and Technology) Individual Internal/External Audit Compliance and Best Practices
5. Inventory management Process automation Deployment management Incident/problem tracking Communication tracking Workflow management Areas Auditors Review
6. Increased complexity of software system’s on multiple platforms (Windows, Linux, UNIX, IBM Mainframe, IBM i, etc.) Process documentation and activity tracking while under deadline pressures Geographically distributed teams Increased business involvement Requirement management, reviews, approvals, notifications, etc. Agile development Communication with Auditors Non-Technical Auditors Adversarial relationship between auditors and IT staff Variety of audit standards The Challenges
18. For the Auditors: Detailed Activity History Auditors can easily see who did what and when (every field change, every email, every approval, etc. with date, time and user information)
20. Application Lifecycle Process Automation Easy process setup Simple process maintenance ‘Set it and forget it’ process automation Re-usable process templates Automated process exception handling Sophisticated permissions/approval management Comprehensive history logging History reporting The Solution
21. 65% are using Aldon to adhere to compliance regulations and pass audits Compliance requirements have changed things for the better Once in place, IT Compliance solutions can provide many other productivity benefits IT Compliance Survey
First Secret: Get rid of binders and process sheets. Establish and encapsulate compliance processes into an automated system. Documentation of a process is often created, put on a shelf, and never touched again—except during audits. As processes change, the documentation becomes obsolete. Implementing an automated compliance solution allows an organization to encapsulate its processes within the system. As processes are updated, they are viewable directly through the compliance system from a web interface where you can see, view, and update as needed.
Second Secret: Don’t Panic. There is a starting point. Sit down as a team and create structured, controlled software development processes.In a nutshell, repeatable and measurable processes—structured, defined, implemented, and enforced—are key to effectively and easily complying with regulatory requirements. Determining the most effective change processes and then ensuring they are used consistently not only reflects IT best practices, it also reduces the cost of compliance.
Third Secret: Applying Best Practice Methodologies Over the last 60 years, we have learned a great deal about how to rapidly create high quality applications. Those lessons have been encapsulated in many of the existing and readily available IT best practices standards. The top best practice frameworks stress automated, structured, repeatable processes within IT—the very thing the regulations demand. Six Sigma, COSO, COBIT, ITIL, and CMMI, to name a few, all strive to make software development and frequent service delivery true business processes that can be tracked, measured, and controlled. Although each standard has its own approach and objectives, they have many requirements in common. In many cases, a single IT best practice standard will address compliance requirements for a number of different regulations and standards.
In order to meet the service levels required by most compliance standards, business users and IT staff must work closely throughout the software change lifecycle. It is essential to keep everyone in the loop to avoid re-work and missed objectives, and to ensure that the entire organization is moving in the same direction.
Spend a little to save a lot. Too often, IT is the last place to get the benefits of the kind of value technology can produce. They rely on Open Source Tools just a little too much. But just as technology can help the business serve its customers, technology can help IT serve its end users. Using technology to implement the secrets outlined above can significantly enhance the productivity and morale of IT organizations, while at the same time, meeting the compliance objectives of the company. There are a variety of technologies or approaches to consider. Application Lifecycle Management (ALM) solutions, Service Desk software, Project Management and Asset Management programs will provide the basic infrastructure necessary. A strong software compliance solution should:• Establish repeatable, automated compliance and change processes• Link change lifecycle workflow to Best Practice Methodologies• Include compliance-related report templates supporting standards• Create centralized management and visibility of IT assets, and progress reporting for auditing and performance improvement• Provide a collaborative communication infrastructure that ensures IT services and software initiatives support overall business goals• Reduce IT costs by ensuring project teams build the application correctly the first time around• Enable communication between stakeholders of all changes in projects, and ensure appropriate notification, reviews and approvals• Provide a secure, visible repository of all application artifacts.
You are one step ahead of the game if you work with your auditors to determine exactly what information they need and when they need it. Because once you have a centralized repository of information with structured, repeatable processes (if you have followed tips 1 through 5), you can pre-define reports and queries for your auditors. These can simply be scheduled to run at the appropriate time or can be executed on demand. Management can check compliance on an ongoing basis via dashboards or other customizable reports. With IT and business users working together, you can establish built-in, structured, repeatable, and auditable change processes and appropriate workflows for everyone involved. Ongoing compliance is simply a matter of using point-and-click procedures to maintain processes and populate and generate the necessary reports.
We did a survey last year on how many of our customers use Aldon for IT compliance. The number impressed us. Nearly 65% said they are using Aldon in some form to adhere to compliance regulations and make their auditors happy. In the past when teams talked about compliance issues, the discussions revolved around all the struggles, like enforcing rigid processes, manually documenting everything, complex training of staff, buying new technology, etc. But it doesn’t have to be all bad. In fact, many IT organizations have found ways to turn their biggest compliance pains into strategic corporate gains, while passing IT audits with ease. The trick is getting that compliance pendulum to swing to your side.We hear it all the time from our large Fortune 500 customers to small IT organizations —that compliance requirements have ultimately changed everything for the better. Once strategic processes and technology are in place to deal with those requirements, IT shops are often left with a bunch of other productivity benefits they now can’t live without. Think of it like starting an exercise program to reduce your blood pressure and the next thing you know you are in the best shape of your life!
Michelle: That concludes our webinar – now it’s time for your questions! If you haven’t asked a question already and would like to submit one, you can open the question/answer panel on your GotoWebinar interface and submit your question now. We’ve had a few questions come in since the start of the webinar: (Ask 2 canned questions). Now I’m going to hand it over to Joe for a few more questions. Joe?
For Questions:Can I manage other kinds of user requests (non-software)Administrator – looking at pending approvalsEmails replies attached to textCan you link into other systems?