IT Governance, Risk, and Compliance:

Assurance Services


January 17, 2013  12:01 AM

eBook excerpt: Assuring Information Security – Part XI



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

Roles and responsibilities assignment for providing adequate IAP is typically considered critical to effective and efficient IT security.  However, depending on the entity, IAP management roles and responsibilities may focus solely on IT security or IT and business security.  Roles and...

January 12, 2013  5:59 PM

eBook excerpt: Assuring Information Security – Part X



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

Classically, managers are individuals assigned to and functioning at various responsibility, accountability, and authority levels.  Top-level managers are usually responsible for overall entity direction, accountable to stakeholders, and have the authority to establish measurable and achievable...


January 10, 2013  3:33 AM

eBook excerpt: Assuring Information Security – Part IX



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

In fulfilling addressable COBIT information criteria, an IAP program should include processes and steps for assessing tangible as well as intangible property.  The distinction between tangible and intangible is the physical nature of the property.  Properties having a physical existence -- such...


January 5, 2013  4:52 PM

eBook excerpt: Assuring Information Security – Part VIII



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

1.2 IAP Management

“Applying similar management practices to [i]nformation security management is unavoidable as the security environment keeps on increasing in complexity and insecurity.” – Security...


January 3, 2013  1:35 AM

eBook excerpt: Assuring Information Security – Part VII



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

Compliance...


February 8, 2010  7:39 PM

IT Audit Fieldwork: Generally Accepted Processes – Part VIII



Posted by: Robert Davis
AA, Applications, Assurance Services, Audit Assurance, CA, CIA, CICA, CISA, CITP, Compliance Testing, CPA, Evidence, Files, Information Technology, Infrastructure, IT, IT Audit, PM, Programs, Project Management, Risk Assessment, Risk Management, Study, Substantive Testing

When providing audit assurance, auditors commonly have an opportunity to define current risks to resources and subsequently recommend remedial activities to reduce assessed risks to resources. Professionally, three generally accepted audit fieldwork standards guide auditors in the performance...


March 31, 2009  9:36 PM

Control Assessments – Part IV



Posted by: Robert Davis
Assurance Services, Control Self-assessment, CSA, IAP, ICR, Illegal Acts, Information Asset Protection, Information Security Management, Internal Control Review, Irregularities

Arguably, data security is the most significant domain supporting information reliability. Entity oversight committees should monitor control activities for on-going relevance and effectiveness as well as responses to information security...


March 28, 2009  8:20 PM

Control Assessments – Part III



Posted by: Robert Davis
Assurance Services, Control Self-assessment, CSA, IAP, ICR, Illegal Acts, Information Asset Protection, Information Security Management, Internal Control Review, Irregularities

Information security managers should prepare for audits utilizing control self-assessments to verify compliance with laws, regulations, policies and procedures. It is always a sound idea to strategically plan annual control self-assessments....


March 24, 2009  7:11 PM

Control Assessments – Part II



Posted by: Robert Davis
Assurance Services, Control Self-assessment, CSA, IAP, ICR, Illegal Acts, Information Asset Protection, Information Security Management, Internal Control Review, Irregularities

Management needs to understand the status of the entity's IT systems to decide what safeguarding mechanisms should be deployed to meet business requirements. When IAP monitoring is built into the entity's operating activities, and process performance is reviewed on a real-time basis; control...


March 19, 2009  7:56 PM

Control Assessments – Part I



Posted by: Robert Davis
Assurance Services, Control Self-assessment, CSA, IAP, Illegal Acts, Information Asset Protection, Information Security Management, Internal Control Review, Irregularities

For most entities, information and related technologies compliance management is critical to survival as well as success. As with other organizational programs, security compliance does not occur through managerial intent transmissions from a remote planet in some distant galaxy far, far away....


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: