MRAs in Audit Findings: How to Remediate Using BCP and DR Leading Practices?

Speaker: Marlin Ness and Asheesh Bajaj, Ernst & Young

This session will help participants understand the framework and approach for responding to MRAs (matters requiring attention) in audit findings (or similar reports) issued by a regulatory body. The participants will be provided a walk-through of real-life case study, including the overall framework, practical strategies to manage similar program, critical success factors, and lessons learned. The case study includes a financial institution that received results of examination from a regulatory body. It required strengthening of the select IT service continuity management and capacity management process components. It also addressed optimization of operational processes and single point of failures (SPOFs) for availability. A detailed program plan and control framework were developed to address the requirements resulting in multiple initiatives. The best practices from BCP and DR including integration of various processes along with strong program management discipline were key to the success of the program. The program overcame number of challenges to successfully meet the regulatory body’s requirements. These challenges; ‘gotchas’; and risks along with their respective mitigation strategies will also be discussed as part of the presentation.

To view this presentation, follow this link: MRAs in Audit Findings: How to Remediate Using BCP and DR Leading Practices? 

About the Speakers: Marlin Ness is an Executive Director in Ernst & Young’s Strategic Technology Advisory Services practice. He has over twenty-five years of enterprise IT processes and systems experience serving all service line clients in IT strategy, architectures, IT planning and project management, IT effectiveness and process improvements, systems lifecycles, and operations. Over the last fifteen years he has been responsible for the successful implementation or audit of over 50 command centers, data centers, and IT projects. He has life cycle knowledge in the planning, architecture, design, testing, and implementation of multimillion dollar data centers including facilities, networking, telephony, voice, servers, systems, storage, backup and recovery, databases, and security functional areas. Marlin routinely supports data center and IT auditors, auditing, and audit remediations. His current focus areas are in IT process effectiveness and efficiency improvements in the financial, healthcare, credit card, insurance, and pharmaceutical industries.

Asheesh Bajaj is a Manager in Ernst & Young’s Strategic Technology Advisory Services practice, with a specialty focus on IT Service Management (ITSM), Business Continuity Planning (BCP), and Disaster Recovery (DR). He assists clients in improving their IT efficiency and effectiveness through better management of risk, process optimization and governance. Asheesh has more than 13 years of IT experience with last 8 years focusing on ITSM Gap Analysis and Strategic Roadmap Planning; ROI and TCO Analysis; Process Design and Deployment; Business Continuity and Disaster Recovery; IT Application Migration / Management; Balanced Scorecard; and IT Controls and Governance. Asheesh holds MBA from Arizona State University and is certified in ITIL Service Management (ITIL Expert v3 and ITIL Service Manager v2), Certified Business Continuity Professional (ABCP), COBIT, PMP and CSQA.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s