Urton Anderson, CCEP Director of the Von Allmen School of Accountancy and Professor
description
Transcript of Urton Anderson, CCEP Director of the Von Allmen School of Accountancy and Professor
Discussion: The Influence of IA on Information Security Effectiveness: Perceptions of Internal
Auditors
Urton Anderson, CCEP Director of the Von Allmen School of Accountancy and Professor
The University of Kentucky
AgendaContribution – Putting the Paper in a Larger Context IA and its relationship to other assurance
providers 3 Lines of Defense Model Reliance on assurance providers
Some specific issues for discussion Should incidents go down? What is a finding? What is the “quality of relationship”?
IA and its relationship to other assurance providers
Who provides assurance in organizations?
Organization as a Web of Assurance
Assurance Network
3 Lines of Defense
Reliance on assurance providers
COMBINED ASSURANCE
King III
Principle 3.5
The audit committee should ensure that a combined assurance model is
applied to provide a coordinated approach to all assurance activities.
2/22/20128
Performance Provider
Management1st Line
Assurance Provider
Functional Oversight2nd Line
Independent3rd Line
RegulatoryOversight4th Line
Results
Corrective Action
Finance
Human
Resources
Treasury
Operations
IT
Procurement
Legal
Commercial
Planning
Communications
Risk Manageme
ntProcesses
Compliance
Performance Revie
wMeetin
g
Safety Review Board
Environment
alManageme
nt Group
Network
Developme
nt Forum
SOX
IT Steering
Group
Internal Audit
External Audit
Quality Audit
\ Compliance
Investigations -
Proactive Safety
Monitoring
Regulators
Assurance Provision
Obtain Independen
tAssurance
Review
Other Assurance
Providers
Remove
Duplicate
Assurance Activit
y
Asset Safeguarding
Business Continuity
Crisis Management
Competitive Environment
Economic Environment
Hedging/Liquidity Management
Financial Reporting
Finance Processing
International Operations
Information Technology
Labor Relations/Staff
Legal
Operations
Regulator & Stakeholders
Revenue & Reputation
Environment
Suppliers & Key Relationships
Provider Assessment Overall Provision
Opportunity to Remove /Refocus Effort
Low Assura
nce
Medium Assurance
High Assurance
Assurance Gap
Risk Assurance Map – Starting Template
Maintain Current Status
Assurance Map (PWC)
Specific IssuesWhat is a finding?
Should incidents go down?
What is the “quality of relationship”?
Relational Coordination Theory
Jody Hoffer Gittell - Brandeis University
Relational Coordination Theory “New Directions for Relational Coordination
Theory,” in The Oxford Handbook of Positive Organizational Scholarship, 2011
The Southwest Airlines Way: Using the Power of Relationships to Achieve High Performance (McGraw-Hill, 2003)
High Performance Healthcare: Using the Power of Relationships to Achieve Quality, Efficiency and Resilience (McGraw-Hill, 2009)
Urton AndersonVon Allmen School of Accountancy
The University of Kentucky(859)218-1788