IT Governance, Risk, and Compliance:

Compliance Management


July 1, 2013  2:02 AM

Government-Audit Convergence Part VII



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Technology deployment and associated management information systems can provide a competitive advantage as well as increased control requirements. Legal noncompliance risks are an irrefutable fact, where consequences range from significant financial penalties to the threat of damage to an...

June 28, 2013  6:10 AM

Government-Audit Convergence Part VI



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

The most common audit practice laws and regulations influences are evidence collection and perseverance. Where legal compliance audits are decreed, if an illegal act is suspected, IT auditors must ensure evidential legal mandates are satisfied in order to successfully provide authorities with...


June 23, 2013  10:47 PM

Government-Audit Convergence Part V



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Accountability is responsibility for performance against agreed-upon expectations either stated and/or implied.  Professionally, an IT auditor should exercise due caution from disclosing information acquired in the course of an engagement to any person other than the entity’s dually  appointed...


June 21, 2013  5:02 PM

Government-Audit Convergence Part IV



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Regarding laws and regulations, when professional standards are applied to compliance engagements, an IT auditor has the right to believe that management has established appropriate controls to prevent, deter and detect illegal acts, unless tests and evaluations carried on by an IT auditor prove...


June 17, 2013  1:31 AM

Government-Audit Convergence Part III



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Professional prudence dictates legal mandates impacting IT-IAP audit practice areas should be thoroughly understood by audit team members prior to proceeding with fieldwork. Specifically, IT auditors “should review compliance with applicable statutory laws, regulations as well as contracts and,...


June 15, 2013  5:19 PM

Government-Audit Convergence Part II



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Government sponsored laws and regulations can influence auditor conduct and impose IT audit practice requirements.  Therefore, applying ISACA’s Professional Ethics and Standards, an IT auditor “should maintain the highest degree of integrity and...


June 10, 2013  2:30 AM

Government-Audit Convergence Part I



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Generally, audit has a responsibility for ensuring that (1) independence and objectivity are maintained in all phases of assignments, (2) professional judgment is utilized in planning approaches, performing procedures, and reporting results of engagements, (3) work is conducted by personnel who are...


October 18, 2010  12:48 PM

Compliance through Automation: Continuous Monitoring – Part VIII



Posted by: Robert Davis
Compliance Management, Compliance Verification Systems, Continuous Monitoring, Control System, Data Provisioning, Decision Techniques, Enterprise Resource Planning, ERP, Exception Reporting Systems, Expert Systems, Inference Engine, Knowledge Acquisition, Knowledge Engineer, Knowledge-base, Management Information Systems, MIS

Since management is responsible for the entity’s controls, they should have the means to determine, on an ongoing basis, whether selected controls are operating as designed. Continuous monitoring typically addresses management’s responsibility to assess the adequacy and effectiveness of...


October 14, 2010  3:21 PM

Compliance through Automation: Continuous Monitoring – Part VII



Posted by: Robert Davis
Compliance Management, Compliance Verification Systems, Continuous Monitoring, Control System, Data Provisioning, Decision Techniques, Enterprise Resource Planning, ERP, Exception Reporting Systems, Expert Systems, Inference Engine, Knowledge Acquisition, Knowledge Engineer, Knowledge-base, Management Information Systems, MIS

Continuous monitoring allows management to have greater insight into the entity’s current state of compliance. Typically, for IT, continuous monitoring involves...


October 11, 2010  6:02 PM

Compliance through Automation: Continuous Monitoring – Part VI



Posted by: Robert Davis
Compliance Management, Compliance Verification Systems, Continuous Monitoring, Control System, Data Provisioning, Decision Techniques, Enterprise Resource Planning, ERP, Exception Reporting Systems, Expert Systems, Inference Engine, Knowledge Acquisition, Knowledge Engineer, Knowledge-base, Management Information Systems, MIS

To ensure effective continuous monitoring, adequate segregation-of-functions must be sustained. Continuous monitoring and segregation-of-functions are not new control concepts. Yet,...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: