IT Governance, Risk, and Compliance:

Control Evaluation


July 1, 2013  2:02 AM

Government-Audit Convergence Part VII



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Technology deployment and associated management information systems can provide a competitive advantage as well as increased control requirements. Legal noncompliance risks are an irrefutable fact, where consequences range from significant financial penalties to the threat of damage to an...

June 28, 2013  6:10 AM

Government-Audit Convergence Part VI



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

The most common audit practice laws and regulations influences are evidence collection and perseverance. Where legal compliance audits are decreed, if an illegal act is suspected, IT auditors must ensure evidential legal mandates are satisfied in order to successfully provide authorities with...


June 23, 2013  10:47 PM

Government-Audit Convergence Part V



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Accountability is responsibility for performance against agreed-upon expectations either stated and/or implied.  Professionally, an IT auditor should exercise due caution from disclosing information acquired in the course of an engagement to any person other than the entity’s dually  appointed...


June 21, 2013  5:02 PM

Government-Audit Convergence Part IV



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Regarding laws and regulations, when professional standards are applied to compliance engagements, an IT auditor has the right to believe that management has established appropriate controls to prevent, deter and detect illegal acts, unless tests and evaluations carried on by an IT auditor prove...


June 17, 2013  1:31 AM

Government-Audit Convergence Part III



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Professional prudence dictates legal mandates impacting IT-IAP audit practice areas should be thoroughly understood by audit team members prior to proceeding with fieldwork. Specifically, IT auditors “should review compliance with applicable statutory laws, regulations as well as contracts and,...


June 15, 2013  5:19 PM

Government-Audit Convergence Part II



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Government sponsored laws and regulations can influence auditor conduct and impose IT audit practice requirements.  Therefore, applying ISACA’s Professional Ethics and Standards, an IT auditor “should maintain the highest degree of integrity and...


June 10, 2013  2:30 AM

Government-Audit Convergence Part I



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Generally, audit has a responsibility for ensuring that (1) independence and objectivity are maintained in all phases of assignments, (2) professional judgment is utilized in planning approaches, performing procedures, and reporting results of engagements, (3) work is conducted by personnel who are...


February 21, 2013  4:11 AM

Wikipedia: An assessment from a user’s perspective – Part VI



Posted by: Robert Davis
Adaptive Systems, Assurance Services, Attestation, Control Evaluation, Control System, Due Care, Educational Institutions, Internal Control System, Logical Security, Non-profit, Open Source, Operating Style, Quality Assurance Program, Security Risks, Trust Management

Based on my careful analysis of the factors associated with information reliability, there is a medium-to-high inherent risk of a researcher conveying unreliable information through citing Wikipedia material due to...


February 17, 2013  12:02 AM

Wikipedia: An assessment from a user’s perspective – Part V



Posted by: Robert Davis
Adaptive Systems, Assurance Services, Attestation, Control Evaluation, Control System, Due Care, Educational Institutions, Internal Control System, Logical Security, Non-profit, Open Source, Operating Style, Quality Assurance Program, Security Risks, Trust Management

To provide an appropriate answer to this foundational question regarding Wikipedia an assessor must take into consideration the primary traits of reliability. Therefore, as previously stated in Wikipedia: An assessment from a user's perspective - part 1 as well as documented in


February 14, 2013  1:45 PM

Wikipedia: An assessment from a user’s perspective – Part IV



Posted by: Robert Davis
Adaptive Systems, Assurance Services, Attestation, Control Evaluation, Control System, Due Care, Educational Institutions, Internal Control System, Logical Security, Non-profit, Open Source, Operating Style, Quality Assurance Program, Security Risks, Trust Management

Wikipedia is often been presented as a great research resource; however it is also a public forum, where any authorized user can make a declaration or an assertion. “If you find an article that provides relevant information for your research topic, you should take care to investigate the source...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: