Skip navigation
All Places > Products > RSA Archer Suite > Blog > 2018 > November
2018

What is audit planning?

Audit planning is the practice where internal audit functions assess the risk across their audit universe and determines the audit engagements they need to perform in the months and quarters ahead. They plan their audits based on risk and compliance gaps, strategic objectives of the organization, important topics and other priorities.

 

What is audit quality measurement?

Audit quality measurement is the execution of quality surveys to monitor the effectiveness and comprehensiveness of audit processes.  These surveys provide key insight on how well the audit function is meeting the business' needs and working with business and IT management during an audit.

 

Why is audit planning and quality important?

According to PwC’s 2018 State of the Internal Audit Profession Study and survey of more than 2,500 audit executives, 82% of innovative audit functions collaborate with other lines of defense to align technology tools' uses and functions, vs. 45% for non-innovative audit functions.  Internal audit’s main challenge is not having access to broad, dynamic enterprise risk and control information and analysis, but it's actually using the information for agile audit planning.  Instead, many audit teams rely only on their point-in-time risk assessments to drive audit work. This prevents internal audit from adjusting their audit plans to rapidly changing risks and business concerns.

 

With decentralized audit plan and risk assessment documentation captured in multiple tools and systems that are difficult to integrate, there is no easy, fluid way to manage audit plans, let alone coordinate objectives among risk and compliance groups.  Internal audit is also under pressure from audit committees and management to improve their processes; yet their quality control procedures are sporadic, inconsistent and difficult to follow up on.

 

RSA Archer Audit Planning & Quality

The RSA Archer Audit Planning & Quality use case addresses the problems outlined above through key features that include:

  • Complete workflow to create and assess audit entities, perform risk assessments, and create and manage audit plans
  • Workflow to schedule audits and tie forecast and actual expense and time in between audit engagements and the audit plan
  • Centralized location for storing and managing audit plans, audit entities, and assessment results
  • Audit quality assurance and review questionnaire workflows

 

With RSA Archer Audit Planning & Quality, you will be able to:

  • Execute a more dynamic, risk-driven audit plan that is easily adjusted to match the organization’s priorities and focuses on the most important risks
  • Easily provide Board-level reporting that keeps the audit committee well-informed of the status of audit plans, risks and critical findings
  • Demonstrate the strategic value of internal audit and more efficient use of audit resources
  • Reduce external auditor fees by providing self-access to information they need

 

RSA Archer Audit Planning & Quality enables internal audit teams to define their audit universe, assess risks and plan audit engagements that better address risk, and manage their audit staff and audit schedule. RSA Archer Audit Planning & Quality is a critical element of Integrated Risk Management (IRM). Since RSA Archer Audit Planning & Quality integrates management risk and control information, internal audit can ensure their audit objectives are aligned with IRM teams and play their essential role as the third line of defense. As your company drives business growth with new initiatives, technology adoption or market expansion, your internal audit function can evolve and react to risk with more agility and integration than ever before.

 

RSA Archer can help your organization manage multiple dimensions of risk on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.

 

For more information, visit RSA.com or read the Datasheet.

With today’s launch of RSA Exchange Release R6, we're very excited to deliver two new integrations in support of our mobility strategy. As we previewed at RSA Archer Summit 2018 in August:

  • A new integration with Mendix enables customers to access the RSA Archer Platform via a variety of supported mobile devices both on iOS and Android. Customers can customize their Mendix-based apps to suit their specific user experience and business requirements and interact with the RSA Archer Suite using the RSA Archer public APIs.
  • A new integration with KONEXUS provides an intuitive mobile solution that integrates with RSA Archer Business Resiliency use cases. The integration streamlines crisis response and transforms business continuity and crisis management plans into actionable, role-based, task lists that put critical information in the hands of users via their mobile devices.  

 

RSA Exchange Release R6 also includes integrations with, erwin, Rapid Ratings, SoftWarfare, ThreatConnect, and ThreatQuotient. as well as the following offerings:

 

  • App-Packs – pre-built applications addressing adjacent or supporting GRC processes (e.g. niche, industry, geo-specific)

     

    • Tools & Utilities - pre-built functions enabling administrators to more easily manage their RSA Archer implementations

     

     

    RSA Exchange Release R6 also includes updated content for Australian Government Information Security Manual (ISM) to include Controls. Content library packages are available on the RSA Exchange Documentation & Downloads subspace.

     

    All RSA Exchange offerings are available on RSA Link, along with implementation guides, demo videos, and installation guides where available. For existing RSA Archer customers, you can learn more about these new and updated offerings in upcoming Free Friday Tech Huddles.

    What is a cyber incident / breach response program?

    Cyber and security breaches continue dominating front page headlines all over the world. It’s not enough to hope it doesn’t happen to you or assume you’ll be able to respond effectively if it does. Companies need a proactive, program-level approach to IT & security risk management based on sound methods for prioritizing actionable security events combined with consistent operational response procedures. Poor handoffs between security functions and IT teams leave limited visibility into remediation efforts to close declared cyber incidents, and can weaken the overall process to the point where it breaks down when needed most, namely during a breach.

     

    Why are cyber incident & breach response capabilities so important?

    The identification of potential security issues and the process of responding to a possible cyber incident are the first lines of defense against a significant business event. Many organizations have deployed security information and event management (SIEM) technology and log collection tools in their infrastructures to track events and provide alerts. These systems produce an overwhelming amount of data for the security team to review. Uncoordinated security response processes managed in spreadsheets, email, and through other ad-hoc mechanisms further raises the overall risk that the organization will not be able to respond in time and effectively.

     

    RSA Archer Cyber Incident & Breach Response Program Management

    RSA Archer Cyber Incident and Breach Response enables customers to centrally catalog organizational and IT assets, establishing insightful business context to drive incident prioritization and implement processes designed to escalate, investigate and resolve declared incidents effectively. This use case is designed for teams to work effectively through their defined incident response and triage procedures and prepare for data breaches. Built-in workflows and reporting allow security managers to streamline processes while staying on top of the most pressing concerns. Issues related to a declared incident investigation can be tracked and managed in a centralized portal, enabling full visibility, stakeholder accountability and reporting. If an incident escalates into a data breach, prebuilt workflows and assessments are designed to help the broader business team work with your security team to respond appropriately.

     

    With RSA Archer Cyber Incident and Breach Response, declared cyber and security events are escalated quickly and consistently, a crucial aspect of robust Integrated Risk Management programs. Advanced workflows and insights allow more efficient utilization of security team resources, resulting in faster response, analysis, and closure rates for critical security incidents. With improved processes and capabilities, the security team can more effectively leverage existing infrastructure, such as SIEMs, log and packet capture tools, and endpoint security technologies, to focus on the most impactful incidents. These capabilities improve the security team’s preparedness for serious incidents involving potential data breaches, while increasing the return on infrastructure investments and lowering overall security risk.

     

    For more information, please visit RSA.com and review the Datasheet.

    What is Business Continuity & IT Disaster Recovery Planning?

    Business continuity (BC) and IT disaster recovery (DR) planning is defined as the development of strategies, plans and actions which provide protection or alternative modes of operation for those activities or business processes which, if they were to be interrupted, might otherwise bring about a seriously damaging or potentially fatal loss to the enterprise.

     

    Why is Business Continuity & IT Disaster Recovery Planning important?

    In today’s world, 24/7 service delivery requirements are putting greater pressure on business and IT resource availability, making it even more important to have effective recovery plans. Interruptions ranging from isolated infrastructure failures to natural disasters have the potential to cause serious harm to the organization’s finances and reputation. Unfortunately, recovery efforts are often chaotic, ad hoc and uncoordinated due to little or non-existent planning efforts and business recovery and IT disaster recovery teams working in silos.

    Your continuity and recovery teams live in a world of regulatory saturation, with dozens of regulations, methodologies, maturity models, guidelines and laws. These authoritative sources affect how you implement and manage your business continuity programs. The demands from regulators for strengthened programs have increased, while the number and type of catastrophic man-made and natural disasters are on the rise, resulting in regulatory fines and penalties due to the inability to comply during a disruption.

     

    Another challenge affecting the ability of companies to recover after a disruption are recovery plans kept in multiple, inadequate tools that don’t allow management visibility to quickly answer questions, like which business processes or IT infrastructure are missing recovery plans or which plans have not been tested. Further, many IT disaster recovery teams are working with an understanding of what is critical or most important to recover that is different than that of business continuity teams. This results in an inability to align on and recover critical business and supporting IT infrastructure to deliver products and services according to recovery objectives.

     

    RSA Archer Business Continuity & IT Disaster Recovery Planning

    The RSA Archer Business Continuity & IT Disaster Recovery Planning use case addresses the problems outlined above through key features that include:

    • Centralized location, templates, workflow, review and approval processes for developing standardized business continuity and IT disaster recovery plans that are built around best practices and industry standards
    • Project management capabilities to help drive the entire lifecycle of continuity planning, from plan development, to testing, to continuous improvement
    • Dashboards and reports that provide visibility into the current state of the organization’s plans status, review dates, test results and remediation status
    • Workflows and reporting that enables coordination between business continuity, IT DR, and crisis teams

    With RSA Archer Business Continuity & IT Disaster Recovery Planning, you will be able to:

    • Improve your response to disruptions, which can reduce the impact on revenue, brand and customer loyalty and availability of products and services for customers, employees and third parties
    • Implement a consistent and coordinated planning process and methodology for business and IT supported through one central tool
    • Increase trust by senior management, the board, regulators and employees with higher-quality, tested recovery plans
    • Ensure plans are aligned with the organization’s priorities and include the most critical processes and company assets
    • Coordinate information, priorities and objectives among business continuity, IT disaster recovery and crisis teams, and responders, enabling better focus on the right priorities in the event of a disaster

     

    RSA Archer Business Continuity & IT Disaster Recovery Planning is one element of Integrated Risk Management. This use case provides a coordinated, consistent and automated approach to business continuity and IT disaster recovery planning and execution, allowing you to respond swiftly in crisis situations to protect your ongoing operations. As your company drives business growth with new initiatives, technology adoption or market expansion, your program must evolve and manage risk with more agility and integration than before.  Managing recovery planning is one ingredient to building resiliency across the organization and reducing risk.

     

    RSA Archer can help your organization manage multiple dimensions of risk on one configurable, integrated software platform. With RSA Archer solutions, organizations can efficiently implement risk management processes using industry standards and best practices and significantly improve their business risk management maturity.

     

    For more information, visit RSA.com or read the Datasheet.

    According to Oxford Metrica, during the next five years, over 80% of companies will face a crisis that negatively impacts their share price by 20% to 30%. Business disruptions from events such as cyber threats, natural disasters or third-party interruptions have the potential to cause serious harm to the organization’s operations, finances and reputation.  In today’s increasingly digital world, 24/7 service delivery requirements are putting greater pressure on business and IT resource availability, making it even more important to have effective continuity plans.

     

    Business continuity, IT disaster recovery and crisis management teams are facing surmounting challenges. From trying to build resilience in increasingly complex businesses, to dealing with more diverse and frequent disruptions, to living in a world with a growing number of regulations, methodologies, maturity models, guidelines and laws that affect their resiliency program requirements. Driving recovery and resiliency in today's organizations isn't getting easier.  

     

    Too often, approaches to continuity and recovery in today's organizations are overly complex and not built on a solid foundation. Manual processes, information silos, separate teams with conflicting priorities, and lack or ownership just complicates things even more.

     

    Join me on November 15 for a webinar to discuss these and other challenges, as well as focus on the basic building blocks of a solid business continuity program. 

     

    You can register here Event Registration and take the first step to ignite your business resiliency program!

    Filter Blog

    By date: By tag: