IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 2

A Primer on IT Compliance Self Assessments based on Risk, from eWeek

September 19th, 2008 · No Comments

A nice article posted at eWeek on Risk Based IT Compliance Self Assessments is linked below.  It is a great primer to give any business a nice starting place.  A few additions I would add are the following points (note I am using the articles numbering so it is easy to see where my additions would be placed).

  • 2.C – Agreeing on a risk based approach is certainly critical and coordination should exist between internal and external audit, but it should be expanded to other operational divisions.  For instance, IT Security and strategic governance operations must also be in sync with this approach to ensure that all the risks and future needs of the business are satisfied.
  • 2.D – There is a precedent, and regulatory mandate, that the “work of others” be leveraged by all parties to ensure efficiency of control environment attestations.  Centering on an agreed method of measuring risk, conducting assessments, and demonstration will ensure maximization of returns on control efforts.
  • 3.B – Technology begets more technology – a phrase I commonly state represents the final control highlighted in the article.  The use of software to collect data and validate the input requires the organization to have safeguards to ensure that THESE systems are operating correctly.  Technology should be leveraged to introduce efficiency and not layers; continuous business process redesign is prudent and indicative of leading competitive firms.

Check out the article here, and be sure to consider this as a launch point to revving up your organization.  A great companion book to my book is Paul Sobel’s on Risk and ERM available on Amazon.


James DeLuccia IV

Tags: Direcitonal Alignment · iso27001 · Risk Awareness

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment