IT Governance, Risk, and Compliance:

Safeguarding


July 1, 2013  2:02 AM

Government-Audit Convergence Part VII



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Technology deployment and associated management information systems can provide a competitive advantage as well as increased control requirements. Legal noncompliance risks are an irrefutable fact, where consequences range from significant financial penalties to the threat of damage to an...

June 28, 2013  6:10 AM

Government-Audit Convergence Part VI



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

The most common audit practice laws and regulations influences are evidence collection and perseverance. Where legal compliance audits are decreed, if an illegal act is suspected, IT auditors must ensure evidential legal mandates are satisfied in order to successfully provide authorities with...


June 23, 2013  10:47 PM

Government-Audit Convergence Part V



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Accountability is responsibility for performance against agreed-upon expectations either stated and/or implied.  Professionally, an IT auditor should exercise due caution from disclosing information acquired in the course of an engagement to any person other than the entity’s dually  appointed...


June 21, 2013  5:02 PM

Government-Audit Convergence Part IV



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Regarding laws and regulations, when professional standards are applied to compliance engagements, an IT auditor has the right to believe that management has established appropriate controls to prevent, deter and detect illegal acts, unless tests and evaluations carried on by an IT auditor prove...


June 17, 2013  1:31 AM

Government-Audit Convergence Part III



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Professional prudence dictates legal mandates impacting IT-IAP audit practice areas should be thoroughly understood by audit team members prior to proceeding with fieldwork. Specifically, IT auditors “should review compliance with applicable statutory laws, regulations as well as contracts and,...


June 15, 2013  5:19 PM

Government-Audit Convergence Part II



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Government sponsored laws and regulations can influence auditor conduct and impose IT audit practice requirements.  Therefore, applying ISACA’s Professional Ethics and Standards, an IT auditor “should maintain the highest degree of integrity and...


June 10, 2013  2:30 AM

Government-Audit Convergence Part I



Posted by: Robert Davis
Accountability, Administrative Control, Audit Oversight Committee, Compliance Management, Control Evaluation, Due Care, Due Diligence, Fiduciary Responsibility, Framework, Governance, Government Agencies, Illegal Acts, Information Assets Protection, Laws and Regulations, Management, Safeguarding

Generally, audit has a responsibility for ensuring that (1) independence and objectivity are maintained in all phases of assignments, (2) professional judgment is utilized in planning approaches, performing procedures, and reporting results of engagements, (3) work is conducted by personnel who are...


November 19, 2009  9:16 PM

Second-Tier Governance Deployment – Part V



Posted by: Robert Davis
CISM, Decision Theory, Fiduciary Responsibility, Framework, Governance Tree, Information Security Governance, Information Security Management, Information Theory, ISG, ISM, ITGI, Node, Safeguarding, Stakeholder

Governance usually occurs at different organizational strata, with procedures tailored for processes, with processes linking up to systems, and programs receiving objectives from the entity's oversight committee through established...


October 5, 2009  7:45 PM

Hardware Protection… Dust, Temperature, and Humidity – Oh My! – Part V



Posted by: Robert Davis
Air Flow, Availability, Boards, Cards, Care, Central Processing Unit, CPU, Delivery, Due Diligence, Humidity, Install-and-Forget, Media Errors, Monitoring, Plug-and-Play, Safeguarding, Temperature

Decreasing computer hardware replacement cost has not eliminated the need for adequate environmental protection. To avoid humidity corruption, information security managers should verify humidity and temperature levels are maintained within the...


October 1, 2009  11:22 PM

Hardware Protection… Dust, Temperature, and Humidity – Oh My! – Part IV



Posted by: Robert Davis
Air Flow, Availability, Boards, Cards, Care, Central Processing Unit, CPU, Delivery, Due Diligence, Humidity, Install-and-Forget, Media Errors, Monitoring, Plug-and-Play, Safeguarding, Temperature

IT can, and does, operate within a wide humidity range. Seasonal humidity changes are usually easier to control than hourly fluctuations. Under either circumstance, normally the primary environmental concern is preventing conditions that permit humidity alterations where condensation is the...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: