IT Governance, Risk, and Compliance:

September, 2011

1

September 30, 2011  8:54 PM

Auditing Information Security Governance – Part III

Robert Davis Robert Davis Profile: Robert Davis

Reflective of ISACA standards and guidelines, the IT audit process should be replicated within for-profit and not-for-profit entities. Foundational assurance topics which should be considered from a management perspective are presented within the Information...

September 27, 2011  8:19 PM

Auditing Information Security Governance – Part II

Robert Davis Robert Davis Profile: Robert Davis

Management is responsible for developing and deploying good security governance, which has been typically defined to include resilient protection regarding the IT infrastructure and related information systems supporting critical functions and business processes. Within the information security...


September 23, 2011  7:47 PM

Auditing Information Security Governance – Part I

Robert Davis Robert Davis Profile: Robert Davis

Governance supports stakeholder expectations related to management’s fiduciary responsibilities. Governance also reflects how an entity achieves its stated mission. Specifically, governance can be considered the program by which entities are directed and controlled.


September 20, 2011  8:33 PM

Common Risk Determinants for an IT Architecture – Part VIII

Robert Davis Robert Davis Profile: Robert Davis

At the departmental-level, value delivery risks are generally an inducement for the entity’s executive management to designate an IT managerial group (e.g. IT Portfolio Management Committee) or individual (e.g. Chief Information Officer) to oversee


September 16, 2011  9:24 PM

Common Risk Determinants for an IT Architecture – Part VII

Robert Davis Robert Davis Profile: Robert Davis

As a logical assumption, IT project management is a primary governance point for the entity’s ITG program. Therefore, derivatively, management’s CE due diligence regarding IT project governance policies will significantly reduce systems and infrastructure life cycle risks. At the...


September 13, 2011  8:56 PM

Common Risk Determinants for an IT Architecture – Part VI

Robert Davis Robert Davis Profile: Robert Davis

An entity's oversight committee should provide internal and external controls due diligence. In this regard, entity oversight committees normally delegate responsibility, accountability, and authority to an audit oversight committee that: evaluates project controls, interfaces...


September 9, 2011  8:31 PM

Common Risk Determinants for an IT Architecture – Part V

Robert Davis Robert Davis Profile: Robert Davis

IT project governance can only be effective if those influencing project decisions are adequately informed. Project management policies, procedures, rules, and individual responsibilities should be distributed to all affected parties. Furthermore, the risk awareness program...


September 6, 2011  7:35 PM

Common Risk Determinants for an IT Architecture – Part IV

Robert Davis Robert Davis Profile: Robert Davis

Fundamentally, IT policies and procedures should be deployed based on assessed effectiveness and efficiency in addressing managements’ risk appetite. Supporting CE


September 2, 2011  9:23 PM

Common Risk Determinants for an IT Architecture – Part III

Robert Davis Robert Davis Profile: Robert Davis

Controlled environments provide a structured method for effective IT project management. Partially reflecting the COBIT framework; systems and infrastructure delivered to the core business processes through procurement...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: