managing your clients using tools and technologies - isaca · managing your clients using tools and...
TRANSCRIPT
1
Managing your Clients using Tools and Technologies
Lydia Lynch
Billy Kane
August 19, 2013
Classified - Unclassified
Agenda
● Managing Client Requests
- Problem
- Solution Implemented at TCCC
- Benefits
● Automating Data Retrieval
- Problem
- Potential Solutions
- Benefits
2 Classified - Unclassified
Managing Client Requests
● Audits/Projects requiring information/documentation
provided by the client
● PBC Requests
- Requests via Email
- Requests via Word Documents
- Requests via Excel Documents
- Requests in Shared Folder
● How to manage submission/receipt of requests,
clarification of requests, reporting?
3 Classified - Unclassified
Problem – Decentralized Process
4
Auditor 1
Auditor 2
Auditor 3
Auditor 4
Auditor 5
Client 1
Client 2
Client 3
Client 4
Client 5
Client:
• Potential for duplicate
requests (Overproduction,
Excess Processing, Not
Tapping Potential)
• Requests can get lost in
client’s email inbox (Waiting, Defects)
Team Lead:
• No visibility into overdue
requests (Waiting)
Auditor:
• Overdue requests can go
unnoticed (Waiting)
• Takes time to identify and
compile and escalate
overdue requests (Motion,
Excess Processing)
Classified - Unclassified
Problem – Centralized Process
5
Auditor 1
Auditor 2
Auditor 3
Auditor 4
Auditor 5
Client 1
Client 2
Client 3
Client 4
Client 5
Team Lead
Client:
• Requests can get lost in
client’s email inbox (Waiting, Defects)
Team Lead:
• Takes time to identify and
compile and escalate
overdue requests (Motion,
Excess Processing)
Auditor:
• Overdue requests can go
unnoticed (Waiting)
• Takes time to identify and
compile and escalate
overdue requests (Motion,
Excess Processing)
Classified - Unclassified
Problem - Request Statistics
154 Requests Managed by 3 Client Contacts
3 Auditors Issuing 85 Requests
14 Auditors Issuing Requests to 20 Client Contacts
29 Client Contacts Receiving 130 Requests
6 Classified - Unclassified
TCCC Solution
● Utilize SharePoint list functionality to centralize audit
requests for team and client
7 Classified - Unclassified
Features
● Centralized requests without the need for a single
person to manage the compilation process
● Identify requestor, client contact, due date, request
priority, etc.
● Opportunity for both audit and client teams to provide
feedback on requests
● Easily exports data to MS Excel for analysis
● Provides the capability to upload files
● Provides search capability
Classified - Unclassified 8
Solution (Centralized with SharePoint)
Classified - Unclassified 9
Auditor 1
Auditor 2
Auditor 3
Auditor 4
Auditor 5
Client 1
Client 2
Client 3
Client 4
Client 5
SharePoint
PBC List
Team Lead
Client
Management
Overdue
Requests
Open
Requests
Demo
● Click here for demo
Classified - Unclassified 10
Benefits
● Reduces burden on team lead to compile request and
manage requests
● Reduces time to identify and escalate overdue requests
● Reduces duplicate requests
● Allows team lead to measure progress of audit
● Creates a repository for requests and evidence when
planning/preparing for subsequent year’s audit
Classified - Unclassified 11
Automating Data Retrieval
● Audits/Projects requiring information/documentation
provided by the client or pulled by auditor
- Information pulled by reports/queries
- Screenshots requiring meetings
● How to streamline the process to obtain
data/information required for audit procedures?
Classified - Unclassified 15
Problem
● The time of both the client and auditor spent
generating reports or querying data sources
● The process to validate the completeness and
accuracy of the data
● Multiple meetings with the client
- First meeting to pull data
- Second meeting to review data after analysis has
been performed by auditor
Classified - Unclassified 16
Automating Data Retrieval ● Potential solutions being utilized by Corporate Audit
Department at TCCC
- Windows AD Admin Center
- Hyena
- ACL
- Qualys
● Other tools being used?
Classified - Unclassified 17
Potential Solution – AD Admin Center
● Able to pull AD user information for Windows AD users
- User Status
- Last Logon
- Password Change Date
- Group Membership
- Create Date
● Able to pull lists of users belonging to a group
Classified - Unclassified 18
Potential Solution – Hyena
● Able to pull AD user information for Windows AD users
- User Status
- Last Logon
- Password Change Date
- Group Membership
- Create Date
● Able to pull lists of users belonging to a group
- Able to generate reports of all users and users from
sub-groups
Classified - Unclassified 20
● Initially used with individual licenses for data analysis
- Scripts allowed audit team to increase our selections
(servers, parameters, etc.)
- Allows for formatting of PDF/Print File reports into workable
data
● Began use of ACL server
- Allows for full team access to server (licenses only to those
making changes on server)
- Direct Link to SAP
• Allows jobs to be run to pull data
• Removes time spent running multiple queries in SAP
Classified - Unclassified 22
Potential Solution – ACL
● Scanning of network infrastructure (servers, routers,
switches, firewalls, etc.)
- Allows for discovery
- Once discovery complete, can be utilized to identify
vulnerabilities
- Highly configurable or general scans
Classified - Unclassified 23
Potential Solution – Qualys