managing your clients using tools and technologies - isaca · managing your clients using tools and...

24
1 Managing your Clients using Tools and Technologies Lydia Lynch Billy Kane August 19, 2013 Classified - Unclassified

Upload: tranduong

Post on 06-Jul-2018

221 views

Category:

Documents


0 download

TRANSCRIPT

1

Managing your Clients using Tools and Technologies

Lydia Lynch

Billy Kane

August 19, 2013

Classified - Unclassified

Agenda

● Managing Client Requests

- Problem

- Solution Implemented at TCCC

- Benefits

● Automating Data Retrieval

- Problem

- Potential Solutions

- Benefits

2 Classified - Unclassified

Managing Client Requests

● Audits/Projects requiring information/documentation

provided by the client

● PBC Requests

- Requests via Email

- Requests via Word Documents

- Requests via Excel Documents

- Requests in Shared Folder

● How to manage submission/receipt of requests,

clarification of requests, reporting?

3 Classified - Unclassified

Problem – Decentralized Process

4

Auditor 1

Auditor 2

Auditor 3

Auditor 4

Auditor 5

Client 1

Client 2

Client 3

Client 4

Client 5

Client:

• Potential for duplicate

requests (Overproduction,

Excess Processing, Not

Tapping Potential)

• Requests can get lost in

client’s email inbox (Waiting, Defects)

Team Lead:

• No visibility into overdue

requests (Waiting)

Auditor:

• Overdue requests can go

unnoticed (Waiting)

• Takes time to identify and

compile and escalate

overdue requests (Motion,

Excess Processing)

Classified - Unclassified

Problem – Centralized Process

5

Auditor 1

Auditor 2

Auditor 3

Auditor 4

Auditor 5

Client 1

Client 2

Client 3

Client 4

Client 5

Team Lead

Client:

• Requests can get lost in

client’s email inbox (Waiting, Defects)

Team Lead:

• Takes time to identify and

compile and escalate

overdue requests (Motion,

Excess Processing)

Auditor:

• Overdue requests can go

unnoticed (Waiting)

• Takes time to identify and

compile and escalate

overdue requests (Motion,

Excess Processing)

Classified - Unclassified

Problem - Request Statistics

154 Requests Managed by 3 Client Contacts

3 Auditors Issuing 85 Requests

14 Auditors Issuing Requests to 20 Client Contacts

29 Client Contacts Receiving 130 Requests

6 Classified - Unclassified

TCCC Solution

● Utilize SharePoint list functionality to centralize audit

requests for team and client

7 Classified - Unclassified

Features

● Centralized requests without the need for a single

person to manage the compilation process

● Identify requestor, client contact, due date, request

priority, etc.

● Opportunity for both audit and client teams to provide

feedback on requests

● Easily exports data to MS Excel for analysis

● Provides the capability to upload files

● Provides search capability

Classified - Unclassified 8

Solution (Centralized with SharePoint)

Classified - Unclassified 9

Auditor 1

Auditor 2

Auditor 3

Auditor 4

Auditor 5

Client 1

Client 2

Client 3

Client 4

Client 5

SharePoint

PBC List

Team Lead

Client

Management

Overdue

Requests

Open

Requests

Demo

● Click here for demo

Classified - Unclassified 10

Benefits

● Reduces burden on team lead to compile request and

manage requests

● Reduces time to identify and escalate overdue requests

● Reduces duplicate requests

● Allows team lead to measure progress of audit

● Creates a repository for requests and evidence when

planning/preparing for subsequent year’s audit

Classified - Unclassified 11

Benefits - Reporting

Classified - Unclassified 12

Benefits - Reporting

Classified - Unclassified 13

Questions?

Classified - Unclassified 14

Automating Data Retrieval

● Audits/Projects requiring information/documentation

provided by the client or pulled by auditor

- Information pulled by reports/queries

- Screenshots requiring meetings

● How to streamline the process to obtain

data/information required for audit procedures?

Classified - Unclassified 15

Problem

● The time of both the client and auditor spent

generating reports or querying data sources

● The process to validate the completeness and

accuracy of the data

● Multiple meetings with the client

- First meeting to pull data

- Second meeting to review data after analysis has

been performed by auditor

Classified - Unclassified 16

Automating Data Retrieval ● Potential solutions being utilized by Corporate Audit

Department at TCCC

- Windows AD Admin Center

- Hyena

- ACL

- Qualys

● Other tools being used?

Classified - Unclassified 17

Potential Solution – AD Admin Center

● Able to pull AD user information for Windows AD users

- User Status

- Last Logon

- Password Change Date

- Group Membership

- Create Date

● Able to pull lists of users belonging to a group

Classified - Unclassified 18

Classified - Unclassified 19

Potential Solution – AD Admin Center

Potential Solution – Hyena

● Able to pull AD user information for Windows AD users

- User Status

- Last Logon

- Password Change Date

- Group Membership

- Create Date

● Able to pull lists of users belonging to a group

- Able to generate reports of all users and users from

sub-groups

Classified - Unclassified 20

Classified - Unclassified 21

Potential Solution – Hyena

● Initially used with individual licenses for data analysis

- Scripts allowed audit team to increase our selections

(servers, parameters, etc.)

- Allows for formatting of PDF/Print File reports into workable

data

● Began use of ACL server

- Allows for full team access to server (licenses only to those

making changes on server)

- Direct Link to SAP

• Allows jobs to be run to pull data

• Removes time spent running multiple queries in SAP

Classified - Unclassified 22

Potential Solution – ACL

● Scanning of network infrastructure (servers, routers,

switches, firewalls, etc.)

- Allows for discovery

- Once discovery complete, can be utilized to identify

vulnerabilities

- Highly configurable or general scans

Classified - Unclassified 23

Potential Solution – Qualys

Questions?

Classified - Unclassified 24