digital risks and internal audit: moving toward the digital enterprise
DESCRIPTION
Digital risks and the role of Internal Audit No longer confined to areas of entertainment and life management, social media and social software have become an integral part of the digital business landscape. With more and more users linking, liking, friending and following, how can Internal Audit (IA) help assess and mitigate risks associated with social business? This paper discusses the proactive steps IA can take to help address such growing challenges as: Brand and reputation damage Regulatory compliance Information leakage Third-party risk Governance risk In each of these categories, IA can play a critical role in understanding the potential risks of engaging in social business. IA can also help to monitor and manage threats and strike a balance between risks and opportunities. For more: http://www.deloitte.com/view/en_US/us/Services/audit-enterprise-risk-services/Internal-Audit-Transformation/24499b17c904e310VgnVCM1000003256f70aRCRD.htmTRANSCRIPT
Digital risks and the role of Internal Audit Moving toward the Digital Enterprise
Copyright © 2014 Deloitte Development LLC. All rights reserved.2
Digital risks
Data in the Center
Corporate data and information are a vital enterprise asset that must be stored and
protected.
Data Analytics
Mobile
Social
Cloud
Cyber
Convergence
Copyright © 2014 Deloitte Development LLC. All rights reserved.3
Digital risks (cont.)
Cloud
Changing how we leverage technology
and pay for it
Data Analytics
Mobile
Social
CloudAre we in the cloud? Where is our data and how do our employees, customers and vendors
access it?
Cyber
Convergence
Copyright © 2014 Deloitte Development LLC. All rights reserved.4
Digital risks (cont.)
Cyber Security
Providing for secure conversations
Data Analytics
Mobile
Social
CloudAre we in the cloud? Where is our data and how do our employees, customers and vendors
access it?
CyberAre we prepared for attacks? What
data is at risk?
Convergence
Copyright © 2014 Deloitte Development LLC. All rights reserved.5
Digital risks (cont.)
Mobile
Connecting with people wherever
they are
Data Analytics
MobileDo we know what
tools are accessing our data? Can we keep up with the
changing devices?
Social
CloudAre we in the cloud? Where is our data and how do our employees, customers and vendors
access it?
CyberAre we prepared for attacks? What
data is at risk?
Convergence
Copyright © 2014 Deloitte Development LLC. All rights reserved.6
Digital risks (cont.)
Social
Allowing people to connect electronically
in real time
MobileDo we know what
tools are accessing our data? Can we keep up with the
changing devices?
Data Analytics
SocialAre we protecting our reputation? Do we know what is
being said?
CloudAre we in the cloud? Where is our data and how do our employees, customers and vendors
access it?
CyberAre we prepared for attacks? What
data is at risk?
Convergence
Copyright © 2014 Deloitte Development LLC. All rights reserved.7
Digital risks (cont.)
Analytics
Using data to provide deep, relevant insight
MobileDo we know what
tools are accessing our data? Can we keep up with the
changing devices?
Data Analytics
Do we understand what all our data
means? How do we keep track of
everything
SocialAre we protecting our reputation? Do we know what is
being said?
CloudAre we in the cloud? Where is our data and how do our employees, customers and vendors
access it?
CyberAre we prepared for attacks? What
data is at risk?
Convergence
Copyright © 2014 Deloitte Development LLC. All rights reserved.8
The Digital Enterprise
Convergence
New technologies embraced by businesses to keep pace
with competition have evolved to become interrelated and are the core of the Digital
EnterpriseMobile
Do we know what tools are accessing our data? Can we keep up with the
changing devices?
SocialAre we protecting our reputation? Do we know what is
being said?
CloudAre we in the cloud? Where is our data and how do our employees, customers and vendors
access it?
CyberAre we prepared for attacks? What
data is at risk?
ConvergenceDo we understand how
all the digital technologies interact? What are the risks and
are we managing them?
Data Analytics
Do we understand what all our data
means? How do we keep track of
everything
Copyright © 2014 Deloitte Development LLC. All rights reserved.9
• Understand the digital landscape
• Identify and interview relevant stakeholders
• Review supporting documentation and artifacts
• Perform external scans
• Identify risks and risk interactions
• Document observations
• Validate observations with stakeholders
• Research potential impact of risks
• Prioritize recommendations and proposed initiatives
• Consolidate initiatives into an overall roadmap identifying short term and strategic goals
• Execute risk mitigation plans
Key
Act
ivit
ies
Ph
ase
• Identify key staketholders and subject matter specialists
• Assess risks and rank for each area
• Determine areas of improvement
• Develop risk mitigation activities
Ou
tpu
ts
• An understanding of your digital landscape
• An inventory of your digital risks
• An understanding of the potential convergence risks
• A ranking of digital risks
• A listing of preliminary recommendations
• A risk intelligent response to the convergence of digital risks
Explore Assess RespondIdentify
A risk intelligent approach
Copyright © 2014 Deloitte Development LLC. All rights reserved.10
Contacts
Khalid WastiDirectorDeloitte & Touche LLP+1 212 436 [email protected]
Tune in to this brief audio/visual presentation at:http://event.on24.com/clients/deloitte/portal/index.html?playlist=itia&event=703851
This publication contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this publication, rendering business, financial, investment, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.
About DeloitteDeloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.
Copyright © 2014 Deloitte Development LLC. All rights reserved.Member of Deloitte Touche Tohmatsu Limited