IT Governance, Risk, and Compliance:

March, 2013

1

March 30, 2013  6:39 PM

Revisiting the Safeguarding of Information Assets – Part III

Robert Davis Robert Davis Profile: Robert Davis

IT safeguarding has generated considerable debate within the audit and management communities since the deployment of computers for performing transaction processing. Specifically, the merits of IT auditor involvement in financial statement audits and managements’ fiduciary ISG...

March 28, 2013  9:41 PM

Revisiting the Safeguarding of Information Assets – Part II

Robert Davis Robert Davis Profile: Robert Davis

Considering fiduciary tenets and accepting ISG utilizes a top-down approach for legal requirements compliance, if the entity’s executive management has an established or enforceable fiduciary duty then organizational personnel are expected to adhere to and sustain the defined obligation....


March 23, 2013  5:34 PM

Revisiting the Safeguarding of Information Assets – Part I

Robert Davis Robert Davis Profile: Robert Davis

Information Security Governance (ISG) normally addresses creating and implementing a ‘system of security controls’ that enable ethical and/or legal managerial responsibilities fulfillment for information assets protection (IAP). Ethically, management must protect an entity’s information...


March 21, 2013  1:02 AM

Risk Management: Is it just another set of business buzzwords? – Part VIII

Robert Davis Robert Davis Profile: Robert Davis

IT policies, directives, standards, procedures, and rules should be deployed based on assessed effectiveness and efficiency in addressing managements risk appetite. Deployed controlling and monitoring activities should reflect management’s strategy for ensuring an adequate IT control system. IT...


March 16, 2013  3:40 PM

Risk Management: Is it just another set of business buzzwords? – Part VII

Robert Davis Robert Davis Profile: Robert Davis

Management should establish standards as baselines for measuring quantity, weight, extent, value, or quality.  Standards can be considered specific goals or objectives against which performance is compared.  Selection of points where performance will be measured is critical to...


March 14, 2013  1:10 AM

Risk Management: Is it just another set of business buzzwords? – Part VI

Robert Davis Robert Davis Profile: Robert Davis

Controlling and monitoring activities attempting to ensure acceptable risk responses include:

  • Policies
  • Directives
  • Standards
  • Procedures
  • Rules
Strategically; policies are definite courses or methods of action...


March 8, 2013  10:41 PM

Risk Management: Is it just another set of business buzzwords? – Part V

Robert Davis Robert Davis Profile: Robert Davis

Usually, IT risk analysis has four primary goals:

  • Identifying assets and their associated values
  • Identifying vulnerabilities and threats
  • Quantifying the probability and business impact of potential threats
  • Providing an economic balance between threat...


March 7, 2013  1:54 AM

Risk Management: Is it just another set of business buzzwords? – Part IV

Robert Davis Robert Davis Profile: Robert Davis

The risk management process introduces a systematic approach for identifying, assessing, and reducing risks as well as maintaining defined acceptable risk levels.  An IT risk assessment should be considered a key risk management practice area.  When management institutionalizes an IT governance...


March 2, 2013  4:38 PM

Risk Management: Is it just another set of business buzzwords? – Part III

Robert Davis Robert Davis Profile: Robert Davis

Similar to business risk management, IT risk management is a continuous process that should be interlaced into the fabric of an entity.  IT risks directly impact an entity’s ability to provide goods and/or services at an acceptable price.  Inherently, computer hardware and software as well as...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: