IT Governance, Risk, and Compliance:

Business Continuity


March 21, 2013  1:02 AM

Risk Management: Is it just another set of business buzzwords? – Part VIII



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

IT policies, directives, standards, procedures, and rules should be deployed based on assessed effectiveness and efficiency in addressing managements risk appetite. Deployed controlling and monitoring activities should reflect management’s strategy for ensuring an adequate IT control system. IT...

March 16, 2013  3:40 PM

Risk Management: Is it just another set of business buzzwords? – Part VII



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

Management should establish standards as baselines for measuring quantity, weight, extent, value, or quality.  Standards can be considered specific goals or objectives against which performance is compared.  Selection of points where performance will be measured is critical to...


March 14, 2013  1:10 AM

Risk Management: Is it just another set of business buzzwords? – Part VI



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

Controlling and monitoring activities attempting to ensure acceptable risk responses include:

  • Policies
  • Directives
  • Standards
  • Procedures
  • Rules
Strategically; policies are definite courses or methods of action...


March 8, 2013  10:41 PM

Risk Management: Is it just another set of business buzzwords? – Part V



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

Usually, IT risk analysis has four primary goals:

  • Identifying assets and their associated values
  • Identifying vulnerabilities and threats
  • Quantifying the probability and business impact of potential threats
  • Providing an economic balance between threat...


March 7, 2013  1:54 AM

Risk Management: Is it just another set of business buzzwords? – Part IV



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

The risk management process introduces a systematic approach for identifying, assessing, and reducing risks as well as maintaining defined acceptable risk levels.  An IT risk assessment should be considered a key risk management practice area.  When management institutionalizes an IT governance...


March 2, 2013  4:38 PM

Risk Management: Is it just another set of business buzzwords? – Part III



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

Similar to business risk management, IT risk management is a continuous process that should be interlaced into the fabric of an entity.  IT risks directly impact an entity’s ability to provide goods and/or services at an acceptable price.  Inherently, computer hardware and software as well as...


February 28, 2013  2:50 AM

Risk Management: Is it just another set of business buzzwords? – Part II



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management System, Operating Style, Risk Management, Threat Management

An entity’s business risk management framework should be a strategic axial enabled to accept diverse strategy spokes. Proactively, business risk management should represent the process whereby an entity methodically addresses risks attached to activities with the objective of achieving sustained...


February 23, 2013  6:44 PM

Risk Management: Is it just another set of business buzzwords? – Part I



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management System, Operating Style, Risk Management, Threat Management

Risk management is not an issue any ‘going concern’ should consider a platitude used to demonstrate effective leadership.  Those responsible for governance...


December 13, 2011  9:15 PM

Auditing Business Continuity and Disaster Recovery – Part VIII



Posted by: Robert Davis
BCP, Business Continuity, Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, Crisis Management, Disaster Recovery, DRP, IT Audit

An IT auditor should perform a preliminary control environment (CE) assessment corresponding to the audit area being examined to enable reasonable assurance that all significant items will be adequately addressed during the


December 9, 2011  10:39 PM

Auditing Business Continuity and Disaster Recovery – Part VII



Posted by: Robert Davis
BCP, Business Continuity, Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, Crisis Management, Disaster Recovery, DRP, IT Audit

Primary drivers for organizational continuity assurance service planning are: verifying continuity plan existence and assessing continuity plan adequacy. However, as with standard IT audits, a general control environment, information systems, and control procedures understanding should be obtained...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: