Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks
IT safeguarding has generated considerable debate within the audit and management communities since the deployment of computers for performing transaction processing. Specifically, the merits of IT auditor involvement in financial statement audits and managements’ fiduciary ISG responsibilities have consistently created abstraction polarity when government enacted legal mandates impacting entity-centric financial control requirements are the issue for positively asserting design and/or operational effectiveness.
IT controls should be immersed throughout an entity’s adopted ISG framework. Descriptively, structural IT control envelops all the means utilized by an entity to direct, restrain, govern and monitor its various activities. Therefore, designing IAP IT control objectives reflecting compliance with laws and regulations should be a generally accepted management responsibility. Furthermore, leveraging technology controls to support ISG compliance should also be an accepted management practice.