IT Governance, Risk, and Compliance


December 31, 2010  6:10 PM

Governing IT: Policy Formulation and Enforcement – Part V

Robert Davis Robert Davis Profile: Robert Davis

Management’s intentions for IT can be implemented manually and/or technologically. Nevertheless, effective IT policy enforcement ultimately depends on the actions of individuals and control systems responsible for monitoring assigned activities. IT policy enforcement is commonly based on monitoring activities considered critical to achieving the stated objective. An entity’s monitoring personnel rely on established and maintained activity-authority relationships to enforce management’s intentions conveyed in adopted policies. As potential legal consequences, various criminal and civil charges as well as fines and penalties could confront an entity as well as employees, if there are deviations from established IT policies.

View Part I of the Governing IT: Policy Formulation and Enforcement series here

December 28, 2010  7:33 PM

Governing IT: Policy Formulation and Enforcement – Part IV

Robert Davis Robert Davis Profile: Robert Davis

IT policies should be deployed based on assessed effectiveness and efficiency in addressing managements’ risk appetite for an adopted strategy. As previously suggested in this article, control policies can be considered high-level governance documentation guiding operational activities. Therefore, logically, deployed controlling activities should reflect management’s strategy for ensuring an adequate entity-centric control system.

Operationally, an IT control system is a process or set of processes that manage, command, direct or regulate the behavior of other systems, processes, activities, and/or tasks. Whereby, according to Wikipedia, “[t]here are two common classes of control systems, with many variations and combinations: logic or sequential controls, and feedback or linear controls.” For instance, fuzzy logic attempts to combine some of the design simplicity of logic based control with the utility of linear based control.

View Part I of the Governing IT: Policy Formulation and Enforcement series here


December 24, 2010  3:11 PM

Governing IT: Policy Formulation and Enforcement – Part III

Robert Davis Robert Davis Profile: Robert Davis

Developing and implementing IT Governance design effectiveness and efficiency can be a multidirectional, interactive, iterative, and adaptive process. Normally, oversight committees and executive management utilize high-level governance documents to provide general control direction. Whereby, lower-level management converts high-level governance documents into detail-level IT Governance documents assisting in ensuring control objective achievement.

From a systems perspective, the design, deployment, maintenance, and disposal of policies is a control objective development life cycle item. Operationally, this control objective development life cycle item is an available management tool utilized to obtain desired business results; while preventing, detecting, and/or conditionally correcting errors, mistakes, omissions, irregularities and illegal acts.

View Part I of the Governing IT: Policy Formulation and Enforcement series here


December 21, 2010  6:42 PM

Governing IT: Policy Formulation and Enforcement – Part II

Robert Davis Robert Davis Profile: Robert Davis

After completion of governance planning and organizing; policies direct employee activity to ensure management’s intentions are implemented throughout the entity. Strategically; IT policies are definite courses or methods of action selected by management from alternatives, considering the environment, to guide as well as determine present and future decisions.

Internal control systems are designed and operated in order to achieve the goals set in adopted governance policies or to comply with adopted governance policies. As a result, implementing an internal control system enables continuous as well as static monitoring to determine the rate of noncompliance with expected behavior.

View Part I of the Governing IT: Policy Formulation and Enforcement series here


December 17, 2010  8:34 PM

Governing IT: Policy Formulation and Enforcement – Part I

Robert Davis Robert Davis Profile: Robert Davis

IT policies are general written statements or understandings that prescribe organizational choices. Entity-centric policies typically impose guidelines enabling the execution of fairly routine judgments, consistent with current goals. Policy activation enables leadership, authority, motivation, communication, coordination, innovation, and change. Top-level entity management establishes policies as advisories for middle-level and lower-level management decision making. Therefore, it can be said, IT policies decrease the risk of managerial failure due to undefined expectations.


December 14, 2010  9:49 PM

Open Source Hardware and Software Licensing – Part VIII

Robert Davis Robert Davis Profile: Robert Davis

Open source products have emerged as the dominant thyme for some IT development projects due to cost considerations. This rise in alternative IT development can be linked to tensions between creative practices that often involve base acquisitions requiring access to patented and/or copyrighted material and increasingly restrictive intellectual property laws governing access to patented and/or copyrighted material. Nonetheless, open source hardware and software licenses generally are legally enforceable contracts. Thus, utilizing open source hardware and/or software licensing to construct products considered necessary to improve business processes mandates due diligence to ensure legal noncompliance risks are accurately assessed and effectively redressed prior to adoption and deployment.

View Part I of the Open Source Hardware and Software Licensing series here


December 10, 2010  10:23 PM

Open Source Hardware and Software Licensing – Part VII

Robert Davis Robert Davis Profile: Robert Davis

In many situations, open source licensing is an essential element enabling open source programs to qualify as open source software. However, there are numerous variations in the terms and conditions associated with an open software licensing agreement. To reduce misunderstandings that can lead to legal adjudication, current OSI license agreements are classified as: Academic, Reciprocal, Content, and Standards. Within this context, the key difference between the various types of open source licenses are what mechanism, if any, will be utilized to enforce open source software contractual terms and conditions. For instance, an OSI license can permit affirmative agreement to contractual terms and conditions by ‘clicking’ a designated web page text-box prior to accessing the open source software; therefore, providing prima facie evidence regarding acceptable software development practices of the licensee.

View Part I of the Open Source Hardware and Software Licensing series here


December 7, 2010  7:05 PM

Open Source Hardware and Software Licensing – Part VI

Robert Davis Robert Davis Profile: Robert Davis

Primary open source software development conventions are ‘peer production’ by bartering and collaboration based on mutual interest in root materials (such as source-code and documentation) and desired outcome. Nevertheless, utilizing a generally accepted open source software development process presents business, technology, and legal risks to a system development life cycle achieving the entity’s objectives. In particular, there are elevated risks to: cost management, release management, copyright infringement, and project assurance associated with undertaking an open source software development project. Thus, management needs to understand and appropriately mitigate perceived risks considering the operating environment’s requirements.

View Part I of the Open Source Hardware and Software Licensing series here


December 3, 2010  12:52 PM

Open Source Hardware and Software Licensing – Part V

Robert Davis Robert Davis Profile: Robert Davis

Simplistically, open source software “refers to any program whose source code is made available for use or modification as users or other developers see fit. Open source software is usually developed as a public collaboration and made freely available.” Depending on the product, as with open source hardware, open source software can be licensed.

Open source software developers utilize intellectual property licensing — through various types of open source licensing agreements — in order to sustain open source project integrity. In fact, for an IT program to be classified as open source software, the object must commonly address specific criteria established through the Open Source Initiative (OSI). Interpretively, to meet the OSI Open Source Definition requires permitting: the right to make source code copies, the right to freely distribute source code copies, unrestricted access to source code, and the freedom to modify the source code.

View Part I of the Open Source Hardware and Software Licensing series here


November 30, 2010  7:42 PM

Open Source Hardware and Software Licensing – Part IV

Robert Davis Robert Davis Profile: Robert Davis

IT hardware design documents, in addition to the software associated with enabling IT hardware functionality, can be released utilizing an open source software agreement. However, most hardware licenses are fundamentally different due to heavy reliance on patent law rather than copyright law. Consequently, a patent-based license may control the utilization and manufacture of a physical IT device built from design documents; whereas a copyright-based license may control the distribution of source code as well as design documents. If the Tucson Amateur Packet Radio (TAPR) Open Hardware License is selected as the basis for an agreement, particulars regarding the distinction between hardware and software licensing characteristics are addressed in the preamble to ensure an understanding of contractual intent.

View Part I of the Open Source Hardware and Software Licensing series here


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: