This presentation will show that many controls are not effectively mitigating the risk that they were designed to manage.

--------------------------------------------------------------------------------

SPEAKERS
John Mitchell, Managing Director, LHS Business Contro

--------------------------------------------------------------------------------

AGENDA
18:00 - Registration
18:30 - Presentation
19:30 - Networking session
20:00 - Close

--------------------------------------------------------------------------------

SYNOPSIS
For many years the assurance community simply defined controls as being either preventive, detective, or corrective (reactive). In the late 1990s, List & Brewer categorised these definitions into seven control classifications which provided the first hint that not all controls were one hundred per cent operationally effective. However, they did not attempt to measure their effectiveness on a standard scale but rather left it to the judgement of the individual. Sarbanes Oxley went a stage further in 2002 by requiring companies to identify and document their controls and then to regularly test their operation, but again on the premise that control was one hundred per cent effective.

This presentation will show that many controls are not effectively mitigating the risk that they were designed to manage. An algorithm will be offered which can be used to measure the effectiveness of any control and provide supporting evidence as to how the result was obtained. Real-world examples will support the efficacy of this method in changing management behaviour.

--------------------------------------------------------------------------------

SPEAKER BIOGRAPHIES
Dr Mitchell is managing director of LHS Business Control, a consultancy which he founded in 1988 to specialise in corporate governance and risk management. He is an international authority on corporate governance, the control of computer systems, the investigation of computer crime and the impact of regulatory and compliance issues on the delivery of IT services.

John has been an expert witness in some high-profile UK criminal cases and has featured in a major British computing publication as The IT Detective. He has previously been a member of BCS Council, a member of its Risk Audit and Finance Committee and Chair of its Information Risk Management and Assurance specialist group. He is currently a member of the Community Board Finance Committee and holder of the John Ivinson medal for services to the institute.

His doctorate in risk analysis techniques was awarded by City University, London, England. His MBA in financial control was awarded, with distinction, by Middlesex University, England.

--------------------------------------------------------------------------------

This event counts for two hours towards your CPD. More information is available at www.bcs.org/cpd.

Whenever possible events will be recorded and loaded onto the BCS web site and the BCS YouTube channel for subsequent viewing by IRMA members and the public, to meet the Institute’s Royal Charter commitments.

For overseas delegates who wish to attend the event please note that BCS does not issue invitation letters.

--------------------------------------------------------------------------------

THIS EVENT IS BROUGHT TO YOU BY:
BCS Information Risk Management and Assurance (IRMA) SG
Visit www.bcs.org/membership/member-communities/irma-information-risk-management-and-assurance-specialist-group/

Measuring Control Effectiveness - IRMA SG joint with Business Change SG
Date and time
25 February, 6:00pm - 8:00pm
Location
BCS, The Chartered Institute for IT
Ground Floor
25 Copthall Avenue
London
England
EC2R 7BP
Price
Free