02 ICT
Enterprise Technology Performance and Risk Assessment September 5, 2012 Protiviti Team Protiviti Team Team Employment Professional Title Role Education Member History Licensure (s) Tony Samer Managing Account Managing 10 years US Navy, 11 B.S. Mechanical CISA Director Director years professional Engineering, MBA services Daniel Hansen Associate Overall Project 11 years professional B.S. Management CISA, CBCP, Director Manager and IT Risk services Information PCI -QSA Assessment QA Systems Jason Brucker Associate IT Performance 11 years professional B.S. Chemical PMP, ITIL Director Assessment Lead services Engineering Foundations, CISA Tim Maloney Senior IT Performance 9 years professional B.S. Computer CRISC, CISA, Manager Assessment QA services Information PMP, ITIL Systems Foundations Tyler Jacobsen Senior IT Risk Assessment 10 years professional B.S. Information CISA, CRISC Manager Lead services Systems Torin Larsen Senior IT Risk Assessment 10 years professional B.A. Economics, CISA, CISSP, Manager Team services MBA CISM, PCI-QSA 2 2012 Protiviti Inc. An Equal Opportunity Employer. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. Protiviti Overview and Background Protiviti Overview Background Protiviti (www.protiviti.com) is a global business consulting and internal audit firm composed of experts specializing in risk, advisory and transaction services. Protiviti was launched in May 2002 and has over 20 years' investment in consulting tools, methodologies, business process improvement and people. Protiviti is a wholly owned subsidiary of Robert Half International Inc., a $3.78 billion public firm listed on the New York Stock Exchange (NYSE symbol: RHI), Our parent company, Robert Half International, was founded in 1948 and has over 400 offices worldwide. RHI is the world's leading specialized staffing and consulting services firm, in the placement of accounting, finance and technology professionals. Protiviti's clients include more than: 35% of all Fortune 100 Companies 25% of all Fortune 500 Companies 20% of all Fortune 1000 Companies Protiviti is one of the fastest growing consulting firms worldwide. Our revenues have increased from US $15 million in 2002 to US $424 million in 2011. Largest Independent risk consulting firm 2,500+ professionals 1,000+ clients 70 offices 14 countries in Americas, Europe and Asia-Pacific 4 2012 Protiviti Inc. An Equal Opportunity Employer. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. Global Presence Over 2,500 Professionals in Over 70 Offices 5 2012 Protiviti Inc. An Equal Opportunity Employer. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. Project Outline Project Outline Phase 1: Understand IT Organization and Structure Gather and review existing documentation around applicable IT processes, entity level, strategy/planning, controls, and identify key stakeholders. Gain an understanding of strategic company initiatives, critical projects (both planned and currently in flight). Develop initial plan for interviews to be executed and locations to be considered. Phase 2: Understand IT Environment Hold interviews with key IT management, process owners, and system owners to develop an IT footprint for consideration of risk analysis. Analyze systems architecture and topology to gain an understanding of critical systems, applications, and processes. Phase 3: Determine and Prioritize Risk Universe Aggregate findings from interviews and analysis of IT processes, applications, infrastructure and projects and evaluate underlying IT process maturity and risk levels. Utilizing IT Governance frameworks currently in place (or widely accepted frameworks such as ITIL, CoBIT, etc.), prioritize the populated risk universe based on raw and perceived risk ratings along with our experience and internally developed risk assessment tools (Protiviti IT Risk Assessment Tool). Categorize IT processes and controls by process area into the Capability Maturity Model to highlight the Company's processes and controls maturity. 7 2012 Protiviti Inc. An Equal Opportunity Employer. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. Project Outline (continued) Phase 4: IT Processes and Controls Benchmarking Work with key stakeholders and IT process owners to gather ITPI data for the IT benchmarking exercise, then tabulate the results from the ITPI survey data. Generate ITPI benchmarking results based on company size, industry, and objectives. Phase 5: IT Organizational Assessment and Improvement Benchmark gathered Port IT data and metrics against APCQ and Gartner data sources. Determine whether the IT environment, systems, and strategy are appropriate to effectively support the business today and into the future. Determine the adequacy of the Company's controls environment, especially in the areas of IT performance metrics and capacity planning. Utilizing the results of this phase assessment along with the IT Risk Assessment and the IT benchmarking exercise, determine and align the maturity of key IT organizational elements into the capability maturity model. Develop a roadmap to realize business and systems improvement opportunities and/or address existing gaps. Develop detailed list of observations and recommendations of findings, control and process improvements, and best practices for each phase executed. Develop a framework for tracking, comparing and reporting on core technology costs going-forward to demonstrate general improvement and departmental efficiencies. Phase 6: Finalize IT Audit Plan Develop a 3-year IT audit plan with defined scope and objectives with consideration of the results from the IT Risk Assessment and IT benchmarking exercise. The audit plan will be laid out in a timeline with consideration of the level of effort, resources required, and perceived/recommended organizational priorities. Communicate the IT Risk Assessment, Risk Universe, and Benchmarking results along with the 3-year audit plan to key stakeholders. 8 2012 Protiviti Inc. An Equal Opportunity Employer. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. Project Deliverables Deliverables At the conclusion of this assessment, Protiviti will provide Port with a final report that will include the following elements: Executive Summary Overview of the review procedures performed Summary of observations and key Improvement opportunities Summary of IT Risk Assessment approach and results IT improvement roadmap Audit Results IT risk heat map outlining key IT risk areas based on likelihood and impact to Port Three year audit plan with a brief description of each proposed audit, required skill sets and estimated hours Audit analysis details of IT risk universe will be included in an appendix ITPI Results: Summary of ITPI results (KPIs, key control maturity, etc.) Capability maturity model summary of core IT processes Detailed results will be included in the appendix 10 2012 Protiviti Inc. An Equal Opportunity Employer. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. Deliverables (continued) IT Organizational Performance Results: Capability Maturity Model breakdown of Port IT based on IT Governance Framework (i.e., Strategic Alignment, Value Delivery, Risk Management, Resource Management, Performance Metrics) Detailed observations and recommendations: IT organization cost analysis to comparable industry organization Recommended improvement in IT policies and procedures Improvement opportunities based on Protiviti's Model for Organizational Transformation (i.e., Strategy, Technology, Process, Organization, Common Language, Metrics, Skills, Structure, and Cultures &Values) A process maturity summary for reach critical IT process areas (e.g., Asset Management, Information Security, Business Continuity, etc.) Additional metrics and benchmarking details based on Gartner, APCQ and IT Process Institute Monitoring benchmark framework for tracking costs over time. 11 2012 Protiviti Inc. An Equal Opportunity Employer. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. High-Level Project Timeline Estimated Timing Project Week Week 1 Week 2 Week 3 Week 4 Week 5 Week 6 Week 7 Week 8 Week 9 Week 10 Week 11 Week 12 Project Phases Phase 1: Understand IT Organization and Structure Phase 2: Understand IT Environment Phase 3: Determine and Prioritize Risk Universe Phase 4: IT Processes and Controls Benchmarking Phase 5: IT Organizational Assessment and Improvement Phase 6: Finalize IT Audit Plan 13 2012 Protiviti Inc. An Equal Opportunity Employer. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. Confidentiality Statement and Restriction for Use This document contains confidential material proprietary to Protiviti Inc. ("Protiviti"), a wholly-owned subsidiary of Robert Half International Inc. ("RHI"). RHI is a publicly-traded company and as such, the materials, information, ideas, and concepts contained herein are non-public, should be used solely and exclusively to evaluate the capabilities of Protiviti to provide assistance to your Company, and should not be used in any inappropriate manner or in violation of applicable securities laws. The contents are intended for the use of your Company and may not be distributed to third parties. 14 2012 Protiviti Inc. An Equal Opportunity Employer. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
Limitations of Translatable Documents
PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.