IT Governance, Risk, and Compliance:

April, 2011

1

April 29, 2011  8:28 PM

Right-sizing IT Controls – Part VII



Posted by: Robert Davis
Control Environment, Control Evaluation, Control Processes, Control System, Governance Tree, Internal Control Systems, IT Controls, IT Governanace, IT Management, Risk Management, Roles and Responsibilities

An entity’s controlling and monitoring activities should reflect management’s strategy for ensuring an adequate IT control system. Consequently, IT policies, directives, standards, procedures, and rules should have a one-to-one or one-to-many correspondence with the assessed...

April 26, 2011  8:53 PM

Right-sizing IT Controls – Part VI



Posted by: Robert Davis
Control Environment, Control Evaluation, Control Processes, Governance Tree, Internal Control Systems, IT Controls, IT Governanace, IT Management, Risk Management, Roles and Responsibilities

The risk management process introduces a systematic approach for identifying, assessing, and reducing risks as well as maintaining defined acceptable risk levels. An IT risk assessment should be considered a key risk management practice area. When management institutionalizes an...


April 22, 2011  8:16 PM

Right-sizing IT Controls – Part V



Posted by: Robert Davis
Control Environment, Control Evaluation, Control Processes, Governance Tree, Internal Control Systems, IT Controls, IT Governanace, IT Management, Roles and Responsibilities

IT organization is implemented to prevent chaos and assist in identifying processes for objective achievement. The organizing process transforms the entity plan into controllable areas and includes:

  • Identification and...


April 19, 2011  8:27 PM

Right-sizing IT Controls – Part IV



Posted by: Robert Davis
Control Environment, Control Evaluation, Control Processes, Governance Tree, Internal Control Systems, IT Controls, IT Governanace, IT Management, Roles and Responsibilities

Processes modify system elements deployed to assist in achieving IT program goals. When pursuing identification, process maps are a standard method to document all pertinent system information. Developmentally,...


April 15, 2011  8:01 PM

Right-sizing IT Controls – Part III



Posted by: Robert Davis
Control Environment, Control Evaluation, Control Processes, Governance Tree, Internal Control Systems, IT Controls, IT Governanace, IT Management, Roles and Responsibilities

During IT governance framework construction; personnel, structures, processes, and risk management integration are foundational. Nevertheless, professionals generally agree defining...


April 12, 2011  3:11 PM

Right-sizing IT Controls – Part II



Posted by: Robert Davis
Control Environment, Control Evaluation, Control Processes, Governance Tree, Internal Control Systems, IT Controls, IT Governanace, IT Management, Tone at the Top

As illustrated by the ‘Governance Tree’ model, an entity’s ‘Tone at the Top’ impacts IT governance effectiveness. IT governance effectiveness and efficiency are...


April 8, 2011  8:39 PM

Right-sizing IT Controls – Part I



Posted by: Robert Davis
Control Environment, Control Evaluation, Control Processes, Internal Control Systems, IT Controls, IT Governanace, IT Management

IT has enhanced control processes. It has enabled opportunities for utilizing close-loop control systems and provided the means for more timely corrective actions. Unfortunately, IT has also introduced the potential...


April 5, 2011  5:45 PM

Managing the Dynamic Uncertainties of IT – Part VIII



Posted by: Robert Davis
Adaptive Process, Adaptive Systems, COBIT, Control Environment, Dynamic Equilibrium, Illegal Acts, Risk Assessment, Risk Management

Technology is an enabler, not a solution, for deploying and executing a sound operational strategy. To ensure effectiveness, responsibility for executing an adopted strategy should be shared across the entity, making all employees accountable as...


April 1, 2011  6:32 PM

Managing the Dynamic Uncertainties of IT – Part VII



Posted by: Robert Davis
Adaptive Process, Adaptive Systems, COBIT, Control Environment, Dynamic Equilibrium, Illegal Acts, Risk Assessment, Risk Management

An IT risk assessment can classify information assets by criticality, sensitivity, and impact on operations. For most entities, comprehensive IT risks evaluations should be iterative and adaptive processes. Therefore, adequate IT risk management...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: