SlideShare ist ein Scribd-Unternehmen logo

Re-imagine-Risk-Strategies-for-Success-IT-Internal-Audit-Conference-Highlights-Autumn-2011-secured

Charmaine Servado
Charmaine Servado
1 von 20
Downloaden Sie, um offline zu lesen
| 2 I-4 Advanced Persistent Threats: Stage 1 Good Practice Report Re-imagine Risk Strategies for Success IT Internal Audit Conference Highlights Autumn 2011 kpmg.co.uk/technologyriskconsulting
OUGH SINCE 2008. THE FUTURE DOES FOR ORGANISATIONS THROUGHOUT THE PRIVATE AND PUBLIC SECTORS LIFE’S BEEN TTOUGH SINCE 2008. THE FUTURE DOES NOT SHOW ANY SIGN OF IMPROVING EITHER, WITH CONTINUED ECONOMIC UNCERTAINTY FEEDING ALMOST RECORD-BREAKING LEVELS OF UNEMPLOYMENT; SOCIAL UNREST IN THE SHAPE OF OCCUPY LONDON AND UK UNCUT; CENTRAL BANKS PUMPING MONEY INTO THE GLOBAL FINANCIAL SYSTEM AND A SIGNIFICANT DOWNTURN IN CONSUMER CONFIDENCE. © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
RISK IS TODAY’S REALITY INTRODUCTION Senior decision-makers working in the Financial Services sector are contending with a tidal wave of regulatory demands in the shape of Solvency II, FATCA, Basel III, Dodd-Frank, RDR and Living Wills and, all the while, doing so against a rising trend in major cost efficiency drives and the emergence of technology fuelled social networks that promote openness over data security. Senior Executives working across commercial and public service organisations are wrestling with data leakage issues, social networks, cyber threats, disruptive technologies and major organisational change. These of course present a number of risks but, for forward- thinking IT internal audit professionals, opportunities too. THE GROWING WAVE Technology is growing at an unprecedented rate. PC sales hit the one billion mark almost a decade ago according to Gartner, who also forecast that the second billion mark will be reached sometime in 2014. However, this rate of growth is matched – and according to some – outstripped by the way technological use is changing. The explosion in smartphone and tablet sales; the widespread adoption of social networks as an everyday form of communication and the increasing implementation of cloud services are breaking down old certainties. This is especially apparent in the commercial world, where traditional means of safeguarding data and technology are becoming obsolete. For IT internal auditors this presents a number of challenges in protecting their organisations and clients against financial and reputational losses – and in helping them construct a clearer insight into governance, risk and compliance strategies. STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 3 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
of what KPMG terms the IT Risk Universe looking at mature internal controls and change management programmes. However, there is increasing focus from boards and clients on new and emerging risks, in areas like social media, cyber crime, and disruptive technologies. It is in helping boards understand and manage these risks where IT internal auditors can really add value to their organisations. Social networks and personal devic like smartphones and tablets have crossed the commercial frontier thanks to the phenomenal wave of consumerisation, led by Apple and Samsung. Indeed, according to pre reports1 , tablets are expected to sel 60 percent as many units as PCs in just three years time. Individuals no view them as a key tool for work an the line between home and office use; and the way we communicate with colleagues, professional networks, clients and friends, has blurred – which is why businesses must adapt and re-evaluate the way they consider risk. While the risks of unsecured personal computing brought into the heart of commercial operations do not need to be spelled out, it should not be forgotten that social networks, smartphones and other innovative technologies also offer huge opportunities. A DIFFERENT VIEW So while organisations need to continue to adapt to exploit the business opportunities afforded by technology it is the responsibility of IT internal audit leaders to help them look at the risks involved in a different way; helping them turn it to their advantage. Most IT internal audit teams spend most of their time in the quadrant es ss l w d INTRODUCTION continued 4 STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. MULTIPLE RISKS There are a number of IT risk areas: • Social networks which are changing the relationship between users and technology, and the way businesses and organisations protect their IT systems. • Cyber threats that are multiplying and which come from a variety of sources including organised crime, state-sponsored groups and hacktivists. • Disruptive technologies that if misread have the potential to fundamentally change marketplaces and leave once dominant players next to worthless. In this white paper we explore these risks in more detail and, in doing so, show how IT internal auditors can be in the driving seat when it comes to keeping their organisations ahead of the curve. Executive boards are often all too aware of the possibilities of new technologies, and the risks. However, there is a greater need to understand their organisation’s risk profile and appetite for risk, in order to develop a sound risk strategy that is aligned to key business priorities. Some leading boards insist on IT risk briefings as a matter of course. By proactively seeking out and analysing such dangers, IT internal auditors have the opportunity to play a key role in protecting their organisations and underscoring their value. Stephen Bonner, Partner, Information Protection, +44(0)20 7694 1644, stephen.bonner@kpmg.co.uk Martin Jordan, Head of Cyber Response, Information Protection, +44(0)20 7311 1000, martin.jordan@kpmg.co.uk If you would like to attend similar events in the future, then please contact charmaine.servado@ kpmg.co.uk Adam Bates, Partner, UK Head of Risk Consulting, +44(0)20 73113934, adam.bates@kpmg.co.uk SOURCE: 1 http://www.guardian.co.uk/technology/2011/sep/22/tablet-forecast-gartner-ipad
5STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE CONTENTS GETTING SOCIAL CYBER THREAT DISRUPTIVE TECHNOLOGIES CONCLUSION © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
O ONE ANALYST THERE ARE 50 SOCIAL NETWORKING HAS RECORDED INCREDIBLE GROWTH PATTERNS WITH ITS POPULARITY ENCOMPASSING ALL SOCIAL CLASSES. IT IS NOT RESTRICTED TO THE YOUNG EITHER, WITH INCREASING NUMBERS OF BABY BOOMERS EMBRACING THE TECHNOLOGY – IN THE US2 THE NUMBER OF OVER 50S USING SOCIAL MEDIA NEARLY DOUBLED IN ONE YEAR. IT IS ALSO CROSSING BORDERS. ACCORDING TTO ONE ANALYST THERE ARE 50 MILLION USERS OF SOCIAL MEDIA IN INDIA, WHO SPEND MORE TIME ON THESE NETWORKS THAN ON ANY OTHER ONLINE ACTIVITY. Presented by Stephen Bonner, Partner, Information Protection, +44(0)20 7694 1644, stephen.bonner@kpmg.co.uk SECTION SOURCE: 2 http://www.pewinternet.org/Reports/2010/Older-Adults-and-Social-Media/Report.aspx 6 STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
GETTING SOCIAL STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 7 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
01 GETTING SOCIAL OPEN FOR BUSINESS Businesses have been quick to recognise the benefits of social media, especially around marketing and customer service. One international airline recently undertook a 24-hour campaign that promised live responses within an hour to any tweets, Facebook posts or messages to Hyves – a Netherland’s-based social network. A worldwide IT firm is using social networking to boost internal collaboration, while a US broadcaster is using Facebook to give viewers exclusive content about a new show. Social networking is also a valuable recruitment tool, with 533 percent of companies admitting to using it to research and profile potential employees. LinkedIn4 – with its stated 135 million global members – is also proving a valuable hunting ground for recruitment and HR teams looking to capture talent. Social media is also a mine of customer information. Location, gender and language are all areas that some data companies can analyse, but they can also dig much deeper, looking for responses governing sentiment and influence. SOURCE: 3 This stat came from http://www.careerbuilder.co.uk/UK/share/aboutus/pressreleasesdetail.aspx?id=pr28&sd=1%2f13%2f2010 &ed=12%2f31%2f2010&siteid=cbpr&sc_cmp1=cb_pr28_ 4 http://press.linkedin.com/about 8 STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
OPEN ALL HOURS Social media is built on immediacy and openness and therein lies the risk. It was not designed for the commercial world and neither are many of the devices that people use to access it. Governments discovered the fact early on; the US experienced untold reputational damage when pictures of the abuses carried out at Abu Ghraib went viral and, as can be seen during the Arab Spring, the authorities have failed to keep a lid on video imagery of state brutality. In some cases it may be possible to exercise some kind of control over the online flow in and out of countries, but it remains difficult to stop people from posting content on social forums. In the commercial world the results of poor controls for devices and social networks are legion. • In September of this year one US broadcaster had its twitter account hacked with fake reports sent out about an attack at Ground Zero. • An Australian bank found that a hacker had infiltrated its social network channel and had been contacting customers for account information. Accidental error is also a risk. Unlike more traditional forms of marketing, with their well-established approval procedures, posting to a social network can be done in seconds. A leading telco found this to its cost recently and had to apologise for an inappropriate message originating from a member of staff. There is also the chimera of anonymity that the entire online experience has fostered. Anyone with a computer, smartphone and broadband connection can post content under any personality and name they wish, however, as history shows things will leak. A third risk is an increase in consumer power. There was a time when companies could pretty much guarantee they would emerge victorious from a dispute with an individual member of the public. However, social networks can transform a small dispute, into a major and possibly catastrophic public relations disaster. • When one customer found that an airline would not reimburse him for a guitar it had broken, he wrote a song and filmed a video, which he posted on YouTube. The exercise was a PR disaster for the airline and the video has been viewed 11 million times. WHAT CAN BE DONE? • Establish a governance group that includes all departments using social networking for a more balanced view. • Create policies that cover customer privacy; responsible network use, copyright and stress the care employees should exercise when posting personal information or pictures. • Create an inventory of every social network currently in use across your organisation, including sector-specific and function-specific sites. • Regularly test your organisation’s social networks to ensure they are safe and not delivering bad links or malware to your audiences. • Establish a thorough records management system that can log the name of the person posting to a social network and the content uploaded. • Develop a comprehensive plan that details how to respond to a mistaken or rogue posting, or a social networking campaign against your organisation. • Invest in a multi-lingual monitoring service to look at social network flows across multiple countries. • Build a local community through transparency and honesty that will listen to your position in the case of any allegations. A media company’s social networks were flooded with supportive comments when its nature programme was accused of faking footage. STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 9 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
MALWARE ATTACKS HAVE BEEN ON THE UPWARD CURVE SINCE THE WIDE ADOPTION OF HOME COMPUTERS AND 2011 SHOWS A SIMILAR TREND. IN THE ‘GLOBAL SURVEY OF SOCIAL MEDIA RISKS’, CONDUCTED BY THE PONEMON INSTITUTE, OCTOBER 2011, 52 PERCENT OF ORGANISATIONS STATED THAT AN INCREASE IN MALWARE ATTACKS WERE A DIRECT RESULT OF EMPLOYEE USE OF SOCIAL MEDIA. Presented by Martin Jordan, Head of Cyber Response, Information Protection,+44(0)20 7311 1000, martin.jordan@kpmg.co.uk 10 STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. SECTION
CYBER THREAT STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 11 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
02 CYBER THREAT 12 STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Cyber attacks are now seen widespread across the media, infiltrating our personal as well as professional lives. For example, burglars are making use of social networks to plan raids, especially twitter and Facebook where people post their whereabouts and holiday news – and as such announce that they are not at home. A computer virus has even affected the computer systems at Creech Air Force base in Nevada, where pilots from the US Air Force remotely fly drones in Afghanistan. Commercial anti-virus and data protection vendor Sophos says that it catches 95,000 pieces of malware every day, double the number on the previous year. Vendors like Sophos and others are always playing catch-up and readily admit they are involved in a continuing and never-ending battle with hackers for supremacy. Hacking now is primarily carried out by three groups: • Organised criminal gangs • State-sponsored organisations • Hacktivists. For organised crime the rewards are huge, with a recent attack netting one gang US$13m in just one-day. Gangs like the Russian Business Network, which offer technology and hosting services to criminals around the world are well documented, as are the almost non-existent consequences of getting caught. Early 2011 a 27-year­ old male received five-months probation, despite pleading guilty to a US$10m fraud that involved hacking into a bank and stealing credit card and PIN details, which he and his gang then cloned onto new cards and used at ATMs. State-sponsored cyber attacks are becoming more frequent and more complex. Norway recently revealed that oil, gas and defence firms across the country had been hit by a series of sophisticated attacks that stole industrial secrets and information on contracts. During the 2008 war between Russia and Georgia, Moscow was widely suspected of being behind various cyber attacks against its neighbour, while the US Government has officially designated cyberspace a warfare domain, alongside land, sea, air and space. In October 2011 year, computers in the Japanese Parliament were infected with a virus “For organised crime the rewards are huge, with a recent attack netting one gang US$13m in just one-day.”
designed to steal passwords and other information, with the attack traced back to a server in China. Hacktivism has been on the rise over the last couple of years, with groups like Lulzsec and Anonymous making headlines for attacks on a disparate range of victims including government media and financial services. While Hacktivism is in many cases a loose-collection of like-minded individuals – Anonymous for instance has no leaders or structure – they do tend to share an ideology, which of late has been painted as anti-capitalist. SIMPLE WEAPON Cyber attacks come in many shapes and sizes: social engineering, infected websites, phishing and spam to name just a few, but in one case the weapon comes from within organisations’ themselves. Public documents, such as downloadable PDFs, can reveal a great deal about the inner workings of an organisation’s IT infrastructure, with the metadata recording who created it, their user name, the software version they used and even the name of the last printer they accessed. WHAT CAN BE DONE? Putting in place a coherent, well- resourced strategy involving a specialist vendor of anti-malware and data protection technology is of course on top of the list, closely followed by a comprehensive usage policy. However, there are also a number of additional, day-to-day precautions that is worth taking on board. • Assess what information about your organisation is publicly available on the web, including names, structures, financials and partnerships. Then put in place a policy to minimise the corporate information you may not want made public. • Put in place a process whereby all metadata is cleansed from public documents as a matter of policy. • Patch every computer within your organisation – not just the web-facing ones – as attacks are often written to exploit known weaknesses in computer code. In some cases, it’s not just computers that are at risk either, but other machines including printers. • Put in place a plan that details the responses to every possible cyber attack. • Educate all users – from mailroom to boardroom – in sensible web and email behaviour. STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 13 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
TECHNOLOGY RISK IS NOT JUST ABOUT SECURITY ATTACKS AND THE PREVENTION OF CYBER ATTACKS. THE EMERGENCE OF NEW TECHNOLOGIES AND USER BEHAVIOUR CAN SOUND THE DEATH KNELL FOR COMPANIES WHO FAIL TO SEE WHERE IT MIGHT LEAD. Presented byAdam Bates, Partner, UK Head of Risk Consulting, +44(0)20 73113934, adam.bates@kpmg.co.uk 14 STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. SECTION
STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 15 DISRUPTIVE TECHNOLOGIES © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
03 DISRUPTIVE TECHNOLOGIES STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE16 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. WHERE THE FUTURE LIES Company survival now is far less certain than it has ever been. In 1937 the average time a company spent in the S&P 500 was 75 years, in 2011 that has dropped to 15 years and by 2025 it is predicted to be just five years5 . As we have seen with some organisations, being an alumnus of the index is no guarantee of survival. It is an example that presents a salutary lesson to executives on how technology can disrupt their businesses to the point of potential extinction. Similar examples have occurred in a range of industries including retail, telecoms, music and computing and will be seen in more industries as technology enables changes in their business models. What’s also apparent is that we’re at the start of this technology wave; developments will only get faster and the risks more pronounced. Disruptive technology has no respect for borders or sectors; executives should not be fooled into thinking that their business is safe because their immediate markets are unaffected. All threats begin life over the horizon and it is the job of IT internal audit to ensure their organisation maintains a sharp view of ongoing technological developments. Examples of possible disruptive technology are everywhere. In Kenya M-Pesa is a microfinance system that allows individuals without bank accounts – which accounts for 77 percent of the adult population – to undertake basic banking functions from specialist kiosks and mobile phones. It is operated by a Vodafone affiliate and completely bypasses the traditional banking structure, with 14 million users and year-end revenue growth rates of 56 percent. Other countries have also begun working on their own systems, which begs the question how will the banking industry react when – and not if – this technology begins encroaching on more established markets?
Nanotechnology and additive manufacturing (3D printing) are further sources of disruption where emerging technologies could seriously impact the healthcare and pharmaceutical market and make existing players more vulnerable. It might sound like something straight out of Star Trek, but researchers are already using 3D printing to produce human organs and muscles for research. While the mass production of living human tissue is years away, at some point in the future it may be a fact of life, and will have a significant impact on companies who manufacture kidney dialyses machines, and even insurance companies will need to factor in increased life expectancy. DISRUPTING THE DISRUPTORS... WHAT CAN BE DONE? Disruptive technology is not just a risk, but an opportunity too. Telematics for instance is increasingly being used by the insurance industry as a way of targeting young drivers who have been priced off the road by excessive premiums. By monitoring how safely an individual drives – for example whether they are avoiding driving when dark – a tailored premium can be provided. These companies are showing how new technologies can be harnessed to drive revenues and business. Harnessing technology to enhance rather than disrupt your organisation cannot be the preserve of one team as it crosses multiple disciplines such as R&D, marketing, sales and business strategy. IT internal audit professionals can encourage their boards to bring together cross-functional teams to maintain an up-to-date analysis of the market. • Undertake regular horizon scanning of your sector and any related industries, including trade media, individual blogs and social media. • Begin research on potential competitors sooner rather than later. Be aware that new competitors could come from non-traditional sources. • When dealing with new technology take the time to really understand its potential benefits and pitfalls. Ensure the opportunities and risks of being an early adopter of the technology, a fast follower or doing nothing are understood, when planning or reviewing strategy. • Ensure the agenda is not dominated by a small group of enthusiasts who could skew the discussion. Involve a wide range of relevant stakeholders. • Keep in mind that computer performance doubles approximately every two years, with that in mind, five and ten-year plans will always be out of date. STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 17 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
CONCLUSION 04 So, are the executives in your organisation sleepwalking into the future – unaware that there are technological risks that can literally kill their business? Technology is of course a great enabler and presents a myriad of business opportunities. Over a billion of the world’s population uses a social network6 , almost one-in­ seven of the world’s total population7 , with social networking revenues reaching almost $15bn in 2012 according to Gartner8 . The growth in smartphones and tablets has seen methods of network interaction change, with obvious dangers to commercial infrastructure that now cannot rely solely on firewalls and anti-virus software to protect itself. The cyber threat remains real – the barbarians are always at the gate and their technological resources are greater than that of the average organisation. Finally, there are technologies under development that have the ability to significantly impact your organisation, however market- entrenched and successful it is at the moment. The message is clear, technological risk must become a regular boardroom issue, on a par with finance reporting, regulatory issues and strategic direction. Indeed, it must become embedded within your organisation’s strategy. IT internal auditors stake a claim in this space if they put in place now the processes to give them proactive visibility of not just current trends, but technology that hasn’t been invented yet. It’s now easier than ever through organisations like TED to discover ideas that could change your organisation’s world, even if they sound far-fetched at the moment. Research9 is already showing email use dropping among 12 to 17-year-olds, which of course will alter the digital communication strategies of those organisations looking at the horizon. In fact it’s happening already, with French IT services company Atos announcing that it intends to ban staff from using internal email and turn to instant messaging and social networking technologies instead10 . Information and Technology risk management isn’t just about security and regulatory compliance. We need to shift our focus in the IT Risk Universe away from the mature controls and change management programmes and processes we take comfort in, and re-imagine IT risk. How organisations leverage technology will determine financial viability, performance and outcomes. KPMG can help you make difficult decisions with greater confidence. Our Technology Risk Consulting team takes a forward view of our client’s business and de-risks the impact of change, unlocking value and building confidence. SOURCE: 5 The Economist, April 16, 2011 6 http://www.strategyanalytics.com/default.aspx?mod=reportabstractviewer&a0=6818 7 http://esa.un.org/unpd/wpp/Excel-Data/population.htm 8 http://www.gartner.com/it/page.jsp?id=1820015 9 http://www.comscore.com/Press_Events/Press_Releases/2011/1/Web-based_Email_ Shows_Signs_of_Decline_in_the_U.S._While_Mobile_Email_Usage_on_the_Rise 10 http://www.telegraph.co.uk/technology/news/8921033/Staff-to-be-banned-from-sending­ emails.html STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE18 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
CONTACTS Financial Services Jon Dowie, Partner, Technology Risk Consulting T +44 (0)20 7311 5295 E jon.dowie@kpmg.co.uk Michael Elysee, Partner, Technology Risk Consulting T +44 (0)20 7311 5429 E michael.elysee@kpmg.co.uk Ameet Sharma Director, IT Internal Audit T +44 (0)20 7694 4073 E ameet.sharma@kpmg.co.uk Corporates Gerry Penfold, Partner, Technology Risk Consulting T +44 (0)20 7311 8489 E gerry.penfold@kpmg.co.uk Mohammed Rahman, Partner, Technology Risk Consulting T +44 (0)121 232 3301 E mohammed.rahman@kpmg.co.uk Andrew Shefford Director, IT Internal Audit T +44 (0)20 7694 5507 E andrew.shefford@kpmg.co.uk Public Sector Keith Bannister, Partner and UK Head of Technology Risk Consulting T +44 (0)20 7311 6558 E keith.bannister@kpmg.co.uk David Timms Senior Manager, IT Internal Audit T +44 (0)20 7311 6618 E david.timms@kpmg.co.uk © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 19
ABOUT KPMG KPMG’s Technology Risk Consulting practice brings together specialists with skills focussed on the Information and Technology Risk agenda. We have member practices of over 3,500 professionals advising clients across all markets and geographies of the technology and data risks they face. We are part of KPMG’s global network of over 140,000 professionals in 150 countries. We help clients to identify, prevent and remediate Information and Technology failures and ensure systems are fit for the future. KPMG firms’ independent advice and advanced technology capabilities help our clients manage their technology risks and use their data to its full potential. • We bring technology risk awareness to the boardroom • We provide insight from data and help to embed genuine technology risk management into organisations • Our tailored services are designed to keep information assets secure, systems functioning and controls operating effectively For more information visit www.kpmg.co.uk/technologyriskconsulting The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom. The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. www.kpmg.co.uk RR Donnelley I RRD264567 I February 2012 I Printed on recycled material.

Empfohlen

European technology sector financing q1 2014
European technology sector financing q1 2014European technology sector financing q1 2014
European technology sector financing q1 2014Business of Software Conference
 
http://www.slideshare.net/slideshow/embed_code/28627951
http://www.slideshare.net/slideshow/embed_code/28627951http://www.slideshare.net/slideshow/embed_code/28627951
http://www.slideshare.net/slideshow/embed_code/28627951N0b10111
 
Walking The Talk On Openness
Walking The Talk On OpennessWalking The Talk On Openness
Walking The Talk On OpennessTrond Arne Undheim
 
Q1:2019 Tech M&A Report
Q1:2019 Tech M&A ReportQ1:2019 Tech M&A Report
Q1:2019 Tech M&A ReportCorum Group
 
Tech M&A Monthly: 6 Merger Myth and Misconceptions
Tech M&A Monthly: 6 Merger Myth and MisconceptionsTech M&A Monthly: 6 Merger Myth and Misconceptions
Tech M&A Monthly: 6 Merger Myth and MisconceptionsCorum Group
 
2019 Tech M&A Annual Report
2019 Tech M&A Annual Report2019 Tech M&A Annual Report
2019 Tech M&A Annual ReportCorum Group
 
Tech M&A Monthly: Valuations for an Optimal Outcome
Tech M&A Monthly: Valuations for an Optimal OutcomeTech M&A Monthly: Valuations for an Optimal Outcome
Tech M&A Monthly: Valuations for an Optimal OutcomeCorum Group
 
Venture Backed IPOs in FinTech
Venture Backed IPOs in FinTechVenture Backed IPOs in FinTech
Venture Backed IPOs in FinTechFrontline Ventures
 

Empfohlen

European technology sector financing q1 2014
European technology sector financing q1 2014European technology sector financing q1 2014
European technology sector financing q1 2014Business of Software Conference
 
http://www.slideshare.net/slideshow/embed_code/28627951
http://www.slideshare.net/slideshow/embed_code/28627951http://www.slideshare.net/slideshow/embed_code/28627951
http://www.slideshare.net/slideshow/embed_code/28627951N0b10111
 
Walking The Talk On Openness
Walking The Talk On OpennessWalking The Talk On Openness
Walking The Talk On OpennessTrond Arne Undheim
 
Q1:2019 Tech M&A Report
Q1:2019 Tech M&A ReportQ1:2019 Tech M&A Report
Q1:2019 Tech M&A ReportCorum Group
 
Tech M&A Monthly: 6 Merger Myth and Misconceptions
Tech M&A Monthly: 6 Merger Myth and MisconceptionsTech M&A Monthly: 6 Merger Myth and Misconceptions
Tech M&A Monthly: 6 Merger Myth and MisconceptionsCorum Group
 
2019 Tech M&A Annual Report
2019 Tech M&A Annual Report2019 Tech M&A Annual Report
2019 Tech M&A Annual ReportCorum Group
 
Tech M&A Monthly: Valuations for an Optimal Outcome
Tech M&A Monthly: Valuations for an Optimal OutcomeTech M&A Monthly: Valuations for an Optimal Outcome
Tech M&A Monthly: Valuations for an Optimal OutcomeCorum Group
 
Venture Backed IPOs in FinTech
Venture Backed IPOs in FinTechVenture Backed IPOs in FinTech
Venture Backed IPOs in FinTechFrontline Ventures
 
Final report Strategic Policy Forum_18.03.2015
Final report Strategic Policy Forum_18.03.2015Final report Strategic Policy Forum_18.03.2015
Final report Strategic Policy Forum_18.03.2015Daniela Florea
 
The Top 5 Fintech Trends Everyone Should Be Watching In 2020
The Top 5 Fintech Trends Everyone Should Be Watching In 2020The Top 5 Fintech Trends Everyone Should Be Watching In 2020
The Top 5 Fintech Trends Everyone Should Be Watching In 2020Bernard Marr
 
Media Kit 2015 - Public Sector - IDG ASEAN
Media Kit 2015 - Public Sector - IDG ASEANMedia Kit 2015 - Public Sector - IDG ASEAN
Media Kit 2015 - Public Sector - IDG ASEANGiang Dang
 
EY Digital Deal Economy - Nederland
EY Digital Deal Economy - NederlandEY Digital Deal Economy - Nederland
EY Digital Deal Economy - Nederlandreichske
 
Switzerland must seize the FinTech opportunity now!
Switzerland must seize the FinTech opportunity now!Switzerland must seize the FinTech opportunity now!
Switzerland must seize the FinTech opportunity now!Kuble AG
 
Startups and Venture Capital in Ireland
Startups and Venture Capital in Ireland Startups and Venture Capital in Ireland
Startups and Venture Capital in Ireland Frontline Ventures
 
European tech scaleups report 2016 health tech
European tech scaleups report 2016 health techEuropean tech scaleups report 2016 health tech
European tech scaleups report 2016 health techSofie Staelraeve
 
1000807_Brochure
1000807_Brochure1000807_Brochure
1000807_BrochureBinu Thankappan
 
Innovation trends observatory covid 19 edition
Innovation trends observatory covid 19 editionInnovation trends observatory covid 19 edition
Innovation trends observatory covid 19 editionClaire Calmejane
 
Tech M&A Monthly: Sellers Panel
Tech M&A Monthly: Sellers PanelTech M&A Monthly: Sellers Panel
Tech M&A Monthly: Sellers PanelCorum Group
 
Investorppt V 1 3 7 17 2009
Investorppt V 1 3 7 17 2009Investorppt V 1 3 7 17 2009
Investorppt V 1 3 7 17 2009guest306b881
 
The Future of Fintech in Southeast Asia
The Future of Fintech in Southeast AsiaThe Future of Fintech in Southeast Asia
The Future of Fintech in Southeast AsiaFinch Capital
 
Getting the Deal Through: Fintech 2020
Getting the Deal Through: Fintech 2020Getting the Deal Through: Fintech 2020
Getting the Deal Through: Fintech 2020Matheson Law Firm
 
What's happening to London Compliance jobs in 2018?
What's happening to London Compliance jobs in 2018?What's happening to London Compliance jobs in 2018?
What's happening to London Compliance jobs in 2018?Morgan McKinley
 
Air Pocket Investor Presentation
Air Pocket Investor PresentationAir Pocket Investor Presentation
Air Pocket Investor PresentationRedChip Companies, Inc.
 
e-commerce
e-commercee-commerce
e-commercekhe hajar
 
Forecast 2016 - Global Tech M&A Report
Forecast 2016 - Global Tech M&A ReportForecast 2016 - Global Tech M&A Report
Forecast 2016 - Global Tech M&A ReportCorum Group
 
Luke Nolan, Student.com - NOAH18 London
Luke Nolan, Student.com - NOAH18 LondonLuke Nolan, Student.com - NOAH18 London
Luke Nolan, Student.com - NOAH18 LondonNOAH Advisors
 
WeDo Technologies Worldwide User Group 2013 - Post Event Brochure
WeDo Technologies Worldwide User Group 2013 - Post Event BrochureWeDo Technologies Worldwide User Group 2013 - Post Event Brochure
WeDo Technologies Worldwide User Group 2013 - Post Event BrochureSérgio Silvestre
 
The Philippine FinTech Landscape
The Philippine FinTech LandscapeThe Philippine FinTech Landscape
The Philippine FinTech LandscapeTCI Network
 
Financier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewFinancier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewMorgan Jones
 
Business First, Technology Second for Italy's CIOs
Business First, Technology Second for Italy's CIOsBusiness First, Technology Second for Italy's CIOs
Business First, Technology Second for Italy's CIOsHewlett Packard Enterprise Business Value Exchange
 

Weitere ähnliche Inhalte

Was ist angesagt?

Final report Strategic Policy Forum_18.03.2015
Final report Strategic Policy Forum_18.03.2015Final report Strategic Policy Forum_18.03.2015
Final report Strategic Policy Forum_18.03.2015Daniela Florea
 
The Top 5 Fintech Trends Everyone Should Be Watching In 2020
The Top 5 Fintech Trends Everyone Should Be Watching In 2020The Top 5 Fintech Trends Everyone Should Be Watching In 2020
The Top 5 Fintech Trends Everyone Should Be Watching In 2020Bernard Marr
 
Media Kit 2015 - Public Sector - IDG ASEAN
Media Kit 2015 - Public Sector - IDG ASEANMedia Kit 2015 - Public Sector - IDG ASEAN
Media Kit 2015 - Public Sector - IDG ASEANGiang Dang
 
EY Digital Deal Economy - Nederland
EY Digital Deal Economy - NederlandEY Digital Deal Economy - Nederland
EY Digital Deal Economy - Nederlandreichske
 
Switzerland must seize the FinTech opportunity now!
Switzerland must seize the FinTech opportunity now!Switzerland must seize the FinTech opportunity now!
Switzerland must seize the FinTech opportunity now!Kuble AG
 
Startups and Venture Capital in Ireland
Startups and Venture Capital in Ireland Startups and Venture Capital in Ireland
Startups and Venture Capital in Ireland Frontline Ventures
 
European tech scaleups report 2016 health tech
European tech scaleups report 2016 health techEuropean tech scaleups report 2016 health tech
European tech scaleups report 2016 health techSofie Staelraeve
 
Innovation trends observatory covid 19 edition
Innovation trends observatory covid 19 editionInnovation trends observatory covid 19 edition
Innovation trends observatory covid 19 editionClaire Calmejane
 
Tech M&A Monthly: Sellers Panel
Tech M&A Monthly: Sellers PanelTech M&A Monthly: Sellers Panel
Tech M&A Monthly: Sellers PanelCorum Group
 
Investorppt V 1 3 7 17 2009
Investorppt V 1 3 7 17 2009Investorppt V 1 3 7 17 2009
Investorppt V 1 3 7 17 2009guest306b881
 
The Future of Fintech in Southeast Asia
The Future of Fintech in Southeast AsiaThe Future of Fintech in Southeast Asia
The Future of Fintech in Southeast AsiaFinch Capital
 
Getting the Deal Through: Fintech 2020
Getting the Deal Through: Fintech 2020Getting the Deal Through: Fintech 2020
Getting the Deal Through: Fintech 2020Matheson Law Firm
 
What's happening to London Compliance jobs in 2018?
What's happening to London Compliance jobs in 2018?What's happening to London Compliance jobs in 2018?
What's happening to London Compliance jobs in 2018?Morgan McKinley
 
Forecast 2016 - Global Tech M&A Report
Forecast 2016 - Global Tech M&A ReportForecast 2016 - Global Tech M&A Report
Forecast 2016 - Global Tech M&A ReportCorum Group
 
Luke Nolan, Student.com - NOAH18 London
Luke Nolan, Student.com - NOAH18 LondonLuke Nolan, Student.com - NOAH18 London
Luke Nolan, Student.com - NOAH18 LondonNOAH Advisors
 
WeDo Technologies Worldwide User Group 2013 - Post Event Brochure
WeDo Technologies Worldwide User Group 2013 - Post Event BrochureWeDo Technologies Worldwide User Group 2013 - Post Event Brochure
WeDo Technologies Worldwide User Group 2013 - Post Event BrochureSérgio Silvestre
 
The Philippine FinTech Landscape
The Philippine FinTech LandscapeThe Philippine FinTech Landscape
The Philippine FinTech LandscapeTCI Network
 

Was ist angesagt? (20)

Final report Strategic Policy Forum_18.03.2015
Final report Strategic Policy Forum_18.03.2015Final report Strategic Policy Forum_18.03.2015
Final report Strategic Policy Forum_18.03.2015
 
The Top 5 Fintech Trends Everyone Should Be Watching In 2020
The Top 5 Fintech Trends Everyone Should Be Watching In 2020The Top 5 Fintech Trends Everyone Should Be Watching In 2020
The Top 5 Fintech Trends Everyone Should Be Watching In 2020
 
Media Kit 2015 - Public Sector - IDG ASEAN
Media Kit 2015 - Public Sector - IDG ASEANMedia Kit 2015 - Public Sector - IDG ASEAN
Media Kit 2015 - Public Sector - IDG ASEAN
 
EY Digital Deal Economy - Nederland
EY Digital Deal Economy - NederlandEY Digital Deal Economy - Nederland
EY Digital Deal Economy - Nederland
 
Switzerland must seize the FinTech opportunity now!
Switzerland must seize the FinTech opportunity now!Switzerland must seize the FinTech opportunity now!
Switzerland must seize the FinTech opportunity now!
 
Startups and Venture Capital in Ireland
Startups and Venture Capital in Ireland Startups and Venture Capital in Ireland
Startups and Venture Capital in Ireland
 
European tech scaleups report 2016 health tech
European tech scaleups report 2016 health techEuropean tech scaleups report 2016 health tech
European tech scaleups report 2016 health tech
 
1000807_Brochure
1000807_Brochure1000807_Brochure
1000807_Brochure
 
Innovation trends observatory covid 19 edition
Innovation trends observatory covid 19 editionInnovation trends observatory covid 19 edition
Innovation trends observatory covid 19 edition
 
Tech M&A Monthly: Sellers Panel
Tech M&A Monthly: Sellers PanelTech M&A Monthly: Sellers Panel
Tech M&A Monthly: Sellers Panel
 
Investorppt V 1 3 7 17 2009
Investorppt V 1 3 7 17 2009Investorppt V 1 3 7 17 2009
Investorppt V 1 3 7 17 2009
 
The Future of Fintech in Southeast Asia
The Future of Fintech in Southeast AsiaThe Future of Fintech in Southeast Asia
The Future of Fintech in Southeast Asia
 
Getting the Deal Through: Fintech 2020
Getting the Deal Through: Fintech 2020Getting the Deal Through: Fintech 2020
Getting the Deal Through: Fintech 2020
 
What's happening to London Compliance jobs in 2018?
What's happening to London Compliance jobs in 2018?What's happening to London Compliance jobs in 2018?
What's happening to London Compliance jobs in 2018?
 
Air Pocket Investor Presentation
Air Pocket Investor PresentationAir Pocket Investor Presentation
Air Pocket Investor Presentation
 
e-commerce
e-commercee-commerce
e-commerce
 
Forecast 2016 - Global Tech M&A Report
Forecast 2016 - Global Tech M&A ReportForecast 2016 - Global Tech M&A Report
Forecast 2016 - Global Tech M&A Report
 
Luke Nolan, Student.com - NOAH18 London
Luke Nolan, Student.com - NOAH18 LondonLuke Nolan, Student.com - NOAH18 London
Luke Nolan, Student.com - NOAH18 London
 
WeDo Technologies Worldwide User Group 2013 - Post Event Brochure
WeDo Technologies Worldwide User Group 2013 - Post Event BrochureWeDo Technologies Worldwide User Group 2013 - Post Event Brochure
WeDo Technologies Worldwide User Group 2013 - Post Event Brochure
 
The Philippine FinTech Landscape
The Philippine FinTech LandscapeThe Philippine FinTech Landscape
The Philippine FinTech Landscape
 

Ähnlich wie Re-imagine-Risk-Strategies-for-Success-IT-Internal-Audit-Conference-Highlights-Autumn-2011-secured

Financier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewFinancier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewMorgan Jones
 
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012Charmaine Servado
 
Publish and be damned
Publish and be damned Publish and be damned
Publish and be damned Martin Jordan
 
FTSE350 Cyber Governance - An insight into the issues of today and tomorrow
FTSE350 Cyber Governance - An insight into the issues of today and tomorrowFTSE350 Cyber Governance - An insight into the issues of today and tomorrow
FTSE350 Cyber Governance - An insight into the issues of today and tomorrowLeona Markham
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
article - Directorship - Q4 - 2015 - IT Governance v1
article - Directorship - Q4 - 2015 - IT Governance v1article - Directorship - Q4 - 2015 - IT Governance v1
article - Directorship - Q4 - 2015 - IT Governance v1Marlon Moodley
 
Going Social How businesses are making the most of social media
Going Social How businesses are making the most of social mediaGoing Social How businesses are making the most of social media
Going Social How businesses are making the most of social mediaIgnacio Horcajada
 
iBe A State of Digital Innovation Report 2015
iBe A State of Digital Innovation Report 2015iBe A State of Digital Innovation Report 2015
iBe A State of Digital Innovation Report 2015Phil Falato
 
iBe A State of Digital Innovation Report May 2015 issued
iBe A State of Digital Innovation Report May 2015 issuediBe A State of Digital Innovation Report May 2015 issued
iBe A State of Digital Innovation Report May 2015 issuedRoger Camrass
 
Facing the Big Data Revolution: A German Perspective
Facing the Big Data Revolution: A German PerspectiveFacing the Big Data Revolution: A German Perspective
Facing the Big Data Revolution: A German PerspectiveAdaptant Solutions AG
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sDr Lendy Spires
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionThe Economist Media Businesses
 
01-Build-an-IT-Risk-Management-Program--Phases-1-3.pptx
01-Build-an-IT-Risk-Management-Program--Phases-1-3.pptx01-Build-an-IT-Risk-Management-Program--Phases-1-3.pptx
01-Build-an-IT-Risk-Management-Program--Phases-1-3.pptxjamiejohngianna
 
biid - NOAH17 London
biid - NOAH17 Londonbiid - NOAH17 London
biid - NOAH17 LondonNOAH Advisors
 
WealthTech Views: Looking into 2021 from William Rouse, Contemi Solutions
WealthTech Views: Looking into 2021 from William Rouse, Contemi SolutionsWealthTech Views: Looking into 2021 from William Rouse, Contemi Solutions
WealthTech Views: Looking into 2021 from William Rouse, Contemi SolutionsContemi Solutions
 
Business Intelligence System
Business Intelligence SystemBusiness Intelligence System
Business Intelligence SystemLisa Martinez
 

Ähnlich wie Re-imagine-Risk-Strategies-for-Success-IT-Internal-Audit-Conference-Highlights-Autumn-2011-secured (20)

Financier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewFinancier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual review
 
Business First, Technology Second for Italy's CIOs
Business First, Technology Second for Italy's CIOsBusiness First, Technology Second for Italy's CIOs
Business First, Technology Second for Italy's CIOs
 
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012KPMG Publish and Be Damned Cyber Vulnerability Index 2012
KPMG Publish and Be Damned Cyber Vulnerability Index 2012
 
Publish and be damned
Publish and be damned Publish and be damned
Publish and be damned
 
FTSE350 Cyber Governance - An insight into the issues of today and tomorrow
FTSE350 Cyber Governance - An insight into the issues of today and tomorrowFTSE350 Cyber Governance - An insight into the issues of today and tomorrow
FTSE350 Cyber Governance - An insight into the issues of today and tomorrow
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
The Convergence of Digital & the Customer Experience: Madrid
The Convergence of Digital & the Customer Experience: MadridThe Convergence of Digital & the Customer Experience: Madrid
The Convergence of Digital & the Customer Experience: Madrid
 
article - Directorship - Q4 - 2015 - IT Governance v1
article - Directorship - Q4 - 2015 - IT Governance v1article - Directorship - Q4 - 2015 - IT Governance v1
article - Directorship - Q4 - 2015 - IT Governance v1
 
Going Social How businesses are making the most of social media
Going Social How businesses are making the most of social mediaGoing Social How businesses are making the most of social media
Going Social How businesses are making the most of social media
 
iBe A State of Digital Innovation Report 2015
iBe A State of Digital Innovation Report 2015iBe A State of Digital Innovation Report 2015
iBe A State of Digital Innovation Report 2015
 
iBe A State of Digital Innovation Report May 2015 issued
iBe A State of Digital Innovation Report May 2015 issuediBe A State of Digital Innovation Report May 2015 issued
iBe A State of Digital Innovation Report May 2015 issued
 
Facing the Big Data Revolution: A German Perspective
Facing the Big Data Revolution: A German PerspectiveFacing the Big Data Revolution: A German Perspective
Facing the Big Data Revolution: A German Perspective
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimension
 
01-Build-an-IT-Risk-Management-Program--Phases-1-3.pptx
01-Build-an-IT-Risk-Management-Program--Phases-1-3.pptx01-Build-an-IT-Risk-Management-Program--Phases-1-3.pptx
01-Build-an-IT-Risk-Management-Program--Phases-1-3.pptx
 
Digital disruption – dive in to thrive
Digital disruption – dive in to thriveDigital disruption – dive in to thrive
Digital disruption – dive in to thrive
 
biid - NOAH17 London
biid - NOAH17 Londonbiid - NOAH17 London
biid - NOAH17 London
 
WealthTech Views: Looking into 2021 from William Rouse, Contemi Solutions
WealthTech Views: Looking into 2021 from William Rouse, Contemi SolutionsWealthTech Views: Looking into 2021 from William Rouse, Contemi Solutions
WealthTech Views: Looking into 2021 from William Rouse, Contemi Solutions
 
Business Intelligence System
Business Intelligence SystemBusiness Intelligence System
Business Intelligence System
 

Re-imagine-Risk-Strategies-for-Success-IT-Internal-Audit-Conference-Highlights-Autumn-2011-secured

  • 1. | 2 I-4 Advanced Persistent Threats: Stage 1 Good Practice Report Re-imagine Risk Strategies for Success IT Internal Audit Conference Highlights Autumn 2011 kpmg.co.uk/technologyriskconsulting
  • 2. OUGH SINCE 2008. THE FUTURE DOES FOR ORGANISATIONS THROUGHOUT THE PRIVATE AND PUBLIC SECTORS LIFE’S BEEN TTOUGH SINCE 2008. THE FUTURE DOES NOT SHOW ANY SIGN OF IMPROVING EITHER, WITH CONTINUED ECONOMIC UNCERTAINTY FEEDING ALMOST RECORD-BREAKING LEVELS OF UNEMPLOYMENT; SOCIAL UNREST IN THE SHAPE OF OCCUPY LONDON AND UK UNCUT; CENTRAL BANKS PUMPING MONEY INTO THE GLOBAL FINANCIAL SYSTEM AND A SIGNIFICANT DOWNTURN IN CONSUMER CONFIDENCE. © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
  • 3. RISK IS TODAY’S REALITY INTRODUCTION Senior decision-makers working in the Financial Services sector are contending with a tidal wave of regulatory demands in the shape of Solvency II, FATCA, Basel III, Dodd-Frank, RDR and Living Wills and, all the while, doing so against a rising trend in major cost efficiency drives and the emergence of technology fuelled social networks that promote openness over data security. Senior Executives working across commercial and public service organisations are wrestling with data leakage issues, social networks, cyber threats, disruptive technologies and major organisational change. These of course present a number of risks but, for forward- thinking IT internal audit professionals, opportunities too. THE GROWING WAVE Technology is growing at an unprecedented rate. PC sales hit the one billion mark almost a decade ago according to Gartner, who also forecast that the second billion mark will be reached sometime in 2014. However, this rate of growth is matched – and according to some – outstripped by the way technological use is changing. The explosion in smartphone and tablet sales; the widespread adoption of social networks as an everyday form of communication and the increasing implementation of cloud services are breaking down old certainties. This is especially apparent in the commercial world, where traditional means of safeguarding data and technology are becoming obsolete. For IT internal auditors this presents a number of challenges in protecting their organisations and clients against financial and reputational losses – and in helping them construct a clearer insight into governance, risk and compliance strategies. STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 3 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
  • 4. of what KPMG terms the IT Risk Universe looking at mature internal controls and change management programmes. However, there is increasing focus from boards and clients on new and emerging risks, in areas like social media, cyber crime, and disruptive technologies. It is in helping boards understand and manage these risks where IT internal auditors can really add value to their organisations. Social networks and personal devic like smartphones and tablets have crossed the commercial frontier thanks to the phenomenal wave of consumerisation, led by Apple and Samsung. Indeed, according to pre reports1 , tablets are expected to sel 60 percent as many units as PCs in just three years time. Individuals no view them as a key tool for work an the line between home and office use; and the way we communicate with colleagues, professional networks, clients and friends, has blurred – which is why businesses must adapt and re-evaluate the way they consider risk. While the risks of unsecured personal computing brought into the heart of commercial operations do not need to be spelled out, it should not be forgotten that social networks, smartphones and other innovative technologies also offer huge opportunities. A DIFFERENT VIEW So while organisations need to continue to adapt to exploit the business opportunities afforded by technology it is the responsibility of IT internal audit leaders to help them look at the risks involved in a different way; helping them turn it to their advantage. Most IT internal audit teams spend most of their time in the quadrant es ss l w d INTRODUCTION continued 4 STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. MULTIPLE RISKS There are a number of IT risk areas: • Social networks which are changing the relationship between users and technology, and the way businesses and organisations protect their IT systems. • Cyber threats that are multiplying and which come from a variety of sources including organised crime, state-sponsored groups and hacktivists. • Disruptive technologies that if misread have the potential to fundamentally change marketplaces and leave once dominant players next to worthless. In this white paper we explore these risks in more detail and, in doing so, show how IT internal auditors can be in the driving seat when it comes to keeping their organisations ahead of the curve. Executive boards are often all too aware of the possibilities of new technologies, and the risks. However, there is a greater need to understand their organisation’s risk profile and appetite for risk, in order to develop a sound risk strategy that is aligned to key business priorities. Some leading boards insist on IT risk briefings as a matter of course. By proactively seeking out and analysing such dangers, IT internal auditors have the opportunity to play a key role in protecting their organisations and underscoring their value. Stephen Bonner, Partner, Information Protection, +44(0)20 7694 1644, stephen.bonner@kpmg.co.uk Martin Jordan, Head of Cyber Response, Information Protection, +44(0)20 7311 1000, martin.jordan@kpmg.co.uk If you would like to attend similar events in the future, then please contact charmaine.servado@ kpmg.co.uk Adam Bates, Partner, UK Head of Risk Consulting, +44(0)20 73113934, adam.bates@kpmg.co.uk SOURCE: 1 http://www.guardian.co.uk/technology/2011/sep/22/tablet-forecast-gartner-ipad
  • 5. 5STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE CONTENTS GETTING SOCIAL CYBER THREAT DISRUPTIVE TECHNOLOGIES CONCLUSION © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
  • 6. O ONE ANALYST THERE ARE 50 SOCIAL NETWORKING HAS RECORDED INCREDIBLE GROWTH PATTERNS WITH ITS POPULARITY ENCOMPASSING ALL SOCIAL CLASSES. IT IS NOT RESTRICTED TO THE YOUNG EITHER, WITH INCREASING NUMBERS OF BABY BOOMERS EMBRACING THE TECHNOLOGY – IN THE US2 THE NUMBER OF OVER 50S USING SOCIAL MEDIA NEARLY DOUBLED IN ONE YEAR. IT IS ALSO CROSSING BORDERS. ACCORDING TTO ONE ANALYST THERE ARE 50 MILLION USERS OF SOCIAL MEDIA IN INDIA, WHO SPEND MORE TIME ON THESE NETWORKS THAN ON ANY OTHER ONLINE ACTIVITY. Presented by Stephen Bonner, Partner, Information Protection, +44(0)20 7694 1644, stephen.bonner@kpmg.co.uk SECTION SOURCE: 2 http://www.pewinternet.org/Reports/2010/Older-Adults-and-Social-Media/Report.aspx 6 STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
  • 7. GETTING SOCIAL STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 7 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
  • 8. 01 GETTING SOCIAL OPEN FOR BUSINESS Businesses have been quick to recognise the benefits of social media, especially around marketing and customer service. One international airline recently undertook a 24-hour campaign that promised live responses within an hour to any tweets, Facebook posts or messages to Hyves – a Netherland’s-based social network. A worldwide IT firm is using social networking to boost internal collaboration, while a US broadcaster is using Facebook to give viewers exclusive content about a new show. Social networking is also a valuable recruitment tool, with 533 percent of companies admitting to using it to research and profile potential employees. LinkedIn4 – with its stated 135 million global members – is also proving a valuable hunting ground for recruitment and HR teams looking to capture talent. Social media is also a mine of customer information. Location, gender and language are all areas that some data companies can analyse, but they can also dig much deeper, looking for responses governing sentiment and influence. SOURCE: 3 This stat came from http://www.careerbuilder.co.uk/UK/share/aboutus/pressreleasesdetail.aspx?id=pr28&sd=1%2f13%2f2010 &ed=12%2f31%2f2010&siteid=cbpr&sc_cmp1=cb_pr28_ 4 http://press.linkedin.com/about 8 STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
  • 9. OPEN ALL HOURS Social media is built on immediacy and openness and therein lies the risk. It was not designed for the commercial world and neither are many of the devices that people use to access it. Governments discovered the fact early on; the US experienced untold reputational damage when pictures of the abuses carried out at Abu Ghraib went viral and, as can be seen during the Arab Spring, the authorities have failed to keep a lid on video imagery of state brutality. In some cases it may be possible to exercise some kind of control over the online flow in and out of countries, but it remains difficult to stop people from posting content on social forums. In the commercial world the results of poor controls for devices and social networks are legion. • In September of this year one US broadcaster had its twitter account hacked with fake reports sent out about an attack at Ground Zero. • An Australian bank found that a hacker had infiltrated its social network channel and had been contacting customers for account information. Accidental error is also a risk. Unlike more traditional forms of marketing, with their well-established approval procedures, posting to a social network can be done in seconds. A leading telco found this to its cost recently and had to apologise for an inappropriate message originating from a member of staff. There is also the chimera of anonymity that the entire online experience has fostered. Anyone with a computer, smartphone and broadband connection can post content under any personality and name they wish, however, as history shows things will leak. A third risk is an increase in consumer power. There was a time when companies could pretty much guarantee they would emerge victorious from a dispute with an individual member of the public. However, social networks can transform a small dispute, into a major and possibly catastrophic public relations disaster. • When one customer found that an airline would not reimburse him for a guitar it had broken, he wrote a song and filmed a video, which he posted on YouTube. The exercise was a PR disaster for the airline and the video has been viewed 11 million times. WHAT CAN BE DONE? • Establish a governance group that includes all departments using social networking for a more balanced view. • Create policies that cover customer privacy; responsible network use, copyright and stress the care employees should exercise when posting personal information or pictures. • Create an inventory of every social network currently in use across your organisation, including sector-specific and function-specific sites. • Regularly test your organisation’s social networks to ensure they are safe and not delivering bad links or malware to your audiences. • Establish a thorough records management system that can log the name of the person posting to a social network and the content uploaded. • Develop a comprehensive plan that details how to respond to a mistaken or rogue posting, or a social networking campaign against your organisation. • Invest in a multi-lingual monitoring service to look at social network flows across multiple countries. • Build a local community through transparency and honesty that will listen to your position in the case of any allegations. A media company’s social networks were flooded with supportive comments when its nature programme was accused of faking footage. STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 9 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
  • 10. MALWARE ATTACKS HAVE BEEN ON THE UPWARD CURVE SINCE THE WIDE ADOPTION OF HOME COMPUTERS AND 2011 SHOWS A SIMILAR TREND. IN THE ‘GLOBAL SURVEY OF SOCIAL MEDIA RISKS’, CONDUCTED BY THE PONEMON INSTITUTE, OCTOBER 2011, 52 PERCENT OF ORGANISATIONS STATED THAT AN INCREASE IN MALWARE ATTACKS WERE A DIRECT RESULT OF EMPLOYEE USE OF SOCIAL MEDIA. Presented by Martin Jordan, Head of Cyber Response, Information Protection,+44(0)20 7311 1000, martin.jordan@kpmg.co.uk 10 STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. SECTION
  • 11. CYBER THREAT STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 11 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
  • 12. 02 CYBER THREAT 12 STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Cyber attacks are now seen widespread across the media, infiltrating our personal as well as professional lives. For example, burglars are making use of social networks to plan raids, especially twitter and Facebook where people post their whereabouts and holiday news – and as such announce that they are not at home. A computer virus has even affected the computer systems at Creech Air Force base in Nevada, where pilots from the US Air Force remotely fly drones in Afghanistan. Commercial anti-virus and data protection vendor Sophos says that it catches 95,000 pieces of malware every day, double the number on the previous year. Vendors like Sophos and others are always playing catch-up and readily admit they are involved in a continuing and never-ending battle with hackers for supremacy. Hacking now is primarily carried out by three groups: • Organised criminal gangs • State-sponsored organisations • Hacktivists. For organised crime the rewards are huge, with a recent attack netting one gang US$13m in just one-day. Gangs like the Russian Business Network, which offer technology and hosting services to criminals around the world are well documented, as are the almost non-existent consequences of getting caught. Early 2011 a 27-year­ old male received five-months probation, despite pleading guilty to a US$10m fraud that involved hacking into a bank and stealing credit card and PIN details, which he and his gang then cloned onto new cards and used at ATMs. State-sponsored cyber attacks are becoming more frequent and more complex. Norway recently revealed that oil, gas and defence firms across the country had been hit by a series of sophisticated attacks that stole industrial secrets and information on contracts. During the 2008 war between Russia and Georgia, Moscow was widely suspected of being behind various cyber attacks against its neighbour, while the US Government has officially designated cyberspace a warfare domain, alongside land, sea, air and space. In October 2011 year, computers in the Japanese Parliament were infected with a virus “For organised crime the rewards are huge, with a recent attack netting one gang US$13m in just one-day.”
  • 13. designed to steal passwords and other information, with the attack traced back to a server in China. Hacktivism has been on the rise over the last couple of years, with groups like Lulzsec and Anonymous making headlines for attacks on a disparate range of victims including government media and financial services. While Hacktivism is in many cases a loose-collection of like-minded individuals – Anonymous for instance has no leaders or structure – they do tend to share an ideology, which of late has been painted as anti-capitalist. SIMPLE WEAPON Cyber attacks come in many shapes and sizes: social engineering, infected websites, phishing and spam to name just a few, but in one case the weapon comes from within organisations’ themselves. Public documents, such as downloadable PDFs, can reveal a great deal about the inner workings of an organisation’s IT infrastructure, with the metadata recording who created it, their user name, the software version they used and even the name of the last printer they accessed. WHAT CAN BE DONE? Putting in place a coherent, well- resourced strategy involving a specialist vendor of anti-malware and data protection technology is of course on top of the list, closely followed by a comprehensive usage policy. However, there are also a number of additional, day-to-day precautions that is worth taking on board. • Assess what information about your organisation is publicly available on the web, including names, structures, financials and partnerships. Then put in place a policy to minimise the corporate information you may not want made public. • Put in place a process whereby all metadata is cleansed from public documents as a matter of policy. • Patch every computer within your organisation – not just the web-facing ones – as attacks are often written to exploit known weaknesses in computer code. In some cases, it’s not just computers that are at risk either, but other machines including printers. • Put in place a plan that details the responses to every possible cyber attack. • Educate all users – from mailroom to boardroom – in sensible web and email behaviour. STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 13 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
  • 14. TECHNOLOGY RISK IS NOT JUST ABOUT SECURITY ATTACKS AND THE PREVENTION OF CYBER ATTACKS. THE EMERGENCE OF NEW TECHNOLOGIES AND USER BEHAVIOUR CAN SOUND THE DEATH KNELL FOR COMPANIES WHO FAIL TO SEE WHERE IT MIGHT LEAD. Presented byAdam Bates, Partner, UK Head of Risk Consulting, +44(0)20 73113934, adam.bates@kpmg.co.uk 14 STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. SECTION
  • 15. STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 15 DISRUPTIVE TECHNOLOGIES © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
  • 16. 03 DISRUPTIVE TECHNOLOGIES STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE16 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. WHERE THE FUTURE LIES Company survival now is far less certain than it has ever been. In 1937 the average time a company spent in the S&P 500 was 75 years, in 2011 that has dropped to 15 years and by 2025 it is predicted to be just five years5 . As we have seen with some organisations, being an alumnus of the index is no guarantee of survival. It is an example that presents a salutary lesson to executives on how technology can disrupt their businesses to the point of potential extinction. Similar examples have occurred in a range of industries including retail, telecoms, music and computing and will be seen in more industries as technology enables changes in their business models. What’s also apparent is that we’re at the start of this technology wave; developments will only get faster and the risks more pronounced. Disruptive technology has no respect for borders or sectors; executives should not be fooled into thinking that their business is safe because their immediate markets are unaffected. All threats begin life over the horizon and it is the job of IT internal audit to ensure their organisation maintains a sharp view of ongoing technological developments. Examples of possible disruptive technology are everywhere. In Kenya M-Pesa is a microfinance system that allows individuals without bank accounts – which accounts for 77 percent of the adult population – to undertake basic banking functions from specialist kiosks and mobile phones. It is operated by a Vodafone affiliate and completely bypasses the traditional banking structure, with 14 million users and year-end revenue growth rates of 56 percent. Other countries have also begun working on their own systems, which begs the question how will the banking industry react when – and not if – this technology begins encroaching on more established markets?
  • 17. Nanotechnology and additive manufacturing (3D printing) are further sources of disruption where emerging technologies could seriously impact the healthcare and pharmaceutical market and make existing players more vulnerable. It might sound like something straight out of Star Trek, but researchers are already using 3D printing to produce human organs and muscles for research. While the mass production of living human tissue is years away, at some point in the future it may be a fact of life, and will have a significant impact on companies who manufacture kidney dialyses machines, and even insurance companies will need to factor in increased life expectancy. DISRUPTING THE DISRUPTORS... WHAT CAN BE DONE? Disruptive technology is not just a risk, but an opportunity too. Telematics for instance is increasingly being used by the insurance industry as a way of targeting young drivers who have been priced off the road by excessive premiums. By monitoring how safely an individual drives – for example whether they are avoiding driving when dark – a tailored premium can be provided. These companies are showing how new technologies can be harnessed to drive revenues and business. Harnessing technology to enhance rather than disrupt your organisation cannot be the preserve of one team as it crosses multiple disciplines such as R&D, marketing, sales and business strategy. IT internal audit professionals can encourage their boards to bring together cross-functional teams to maintain an up-to-date analysis of the market. • Undertake regular horizon scanning of your sector and any related industries, including trade media, individual blogs and social media. • Begin research on potential competitors sooner rather than later. Be aware that new competitors could come from non-traditional sources. • When dealing with new technology take the time to really understand its potential benefits and pitfalls. Ensure the opportunities and risks of being an early adopter of the technology, a fast follower or doing nothing are understood, when planning or reviewing strategy. • Ensure the agenda is not dominated by a small group of enthusiasts who could skew the discussion. Involve a wide range of relevant stakeholders. • Keep in mind that computer performance doubles approximately every two years, with that in mind, five and ten-year plans will always be out of date. STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 17 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
  • 18. CONCLUSION 04 So, are the executives in your organisation sleepwalking into the future – unaware that there are technological risks that can literally kill their business? Technology is of course a great enabler and presents a myriad of business opportunities. Over a billion of the world’s population uses a social network6 , almost one-in­ seven of the world’s total population7 , with social networking revenues reaching almost $15bn in 2012 according to Gartner8 . The growth in smartphones and tablets has seen methods of network interaction change, with obvious dangers to commercial infrastructure that now cannot rely solely on firewalls and anti-virus software to protect itself. The cyber threat remains real – the barbarians are always at the gate and their technological resources are greater than that of the average organisation. Finally, there are technologies under development that have the ability to significantly impact your organisation, however market- entrenched and successful it is at the moment. The message is clear, technological risk must become a regular boardroom issue, on a par with finance reporting, regulatory issues and strategic direction. Indeed, it must become embedded within your organisation’s strategy. IT internal auditors stake a claim in this space if they put in place now the processes to give them proactive visibility of not just current trends, but technology that hasn’t been invented yet. It’s now easier than ever through organisations like TED to discover ideas that could change your organisation’s world, even if they sound far-fetched at the moment. Research9 is already showing email use dropping among 12 to 17-year-olds, which of course will alter the digital communication strategies of those organisations looking at the horizon. In fact it’s happening already, with French IT services company Atos announcing that it intends to ban staff from using internal email and turn to instant messaging and social networking technologies instead10 . Information and Technology risk management isn’t just about security and regulatory compliance. We need to shift our focus in the IT Risk Universe away from the mature controls and change management programmes and processes we take comfort in, and re-imagine IT risk. How organisations leverage technology will determine financial viability, performance and outcomes. KPMG can help you make difficult decisions with greater confidence. Our Technology Risk Consulting team takes a forward view of our client’s business and de-risks the impact of change, unlocking value and building confidence. SOURCE: 5 The Economist, April 16, 2011 6 http://www.strategyanalytics.com/default.aspx?mod=reportabstractviewer&a0=6818 7 http://esa.un.org/unpd/wpp/Excel-Data/population.htm 8 http://www.gartner.com/it/page.jsp?id=1820015 9 http://www.comscore.com/Press_Events/Press_Releases/2011/1/Web-based_Email_ Shows_Signs_of_Decline_in_the_U.S._While_Mobile_Email_Usage_on_the_Rise 10 http://www.telegraph.co.uk/technology/news/8921033/Staff-to-be-banned-from-sending­ emails.html STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE18 © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
  • 19. CONTACTS Financial Services Jon Dowie, Partner, Technology Risk Consulting T +44 (0)20 7311 5295 E jon.dowie@kpmg.co.uk Michael Elysee, Partner, Technology Risk Consulting T +44 (0)20 7311 5429 E michael.elysee@kpmg.co.uk Ameet Sharma Director, IT Internal Audit T +44 (0)20 7694 4073 E ameet.sharma@kpmg.co.uk Corporates Gerry Penfold, Partner, Technology Risk Consulting T +44 (0)20 7311 8489 E gerry.penfold@kpmg.co.uk Mohammed Rahman, Partner, Technology Risk Consulting T +44 (0)121 232 3301 E mohammed.rahman@kpmg.co.uk Andrew Shefford Director, IT Internal Audit T +44 (0)20 7694 5507 E andrew.shefford@kpmg.co.uk Public Sector Keith Bannister, Partner and UK Head of Technology Risk Consulting T +44 (0)20 7311 6558 E keith.bannister@kpmg.co.uk David Timms Senior Manager, IT Internal Audit T +44 (0)20 7311 6618 E david.timms@kpmg.co.uk © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. STRATEGIES FOR SUCCESS IT INTERNAL AUDIT CONFERENCE 19
  • 20. ABOUT KPMG KPMG’s Technology Risk Consulting practice brings together specialists with skills focussed on the Information and Technology Risk agenda. We have member practices of over 3,500 professionals advising clients across all markets and geographies of the technology and data risks they face. We are part of KPMG’s global network of over 140,000 professionals in 150 countries. We help clients to identify, prevent and remediate Information and Technology failures and ensure systems are fit for the future. KPMG firms’ independent advice and advanced technology capabilities help our clients manage their technology risks and use their data to its full potential. • We bring technology risk awareness to the boardroom • We provide insight from data and help to embed genuine technology risk management into organisations • Our tailored services are designed to keep information assets secure, systems functioning and controls operating effectively For more information visit www.kpmg.co.uk/technologyriskconsulting The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. © 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom. The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International. www.kpmg.co.uk RR Donnelley I RRD264567 I February 2012 I Printed on recycled material.