IT Governance, Risk, and Compliance:

Value Delivery


December 27, 2012  1:31 AM

eBook excerpt: Assuring Information Security – Part V



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Security Frameworks, Strategic Alignment, Value Delivery

1.1 Control Environment

“…culture determines the behaviour of people in an organisation and should, therefore, be used to influence the behaviour of people with regard to information security.” – Kerry-Lynn Thomson and Rossouw von...

December 22, 2012  1:43 AM

eBook excerpt: Assuring Information Security – Part IV



Posted by: Robert Davis
Accountability, Acquire and Implement, Asset Management, Availability Management, COBIT Domains, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Plan and Organize, Risk Management, Value Delivery

Usually, a formal ISG program is required to promote information assets safeguarding.  ISG programs should ensure the Control Objectives for Information and related Technology (COBIT) framework confidentiality, integrity, availability, compliance, and reliability information criteria are not...


December 20, 2012  2:52 AM

eBook excerpt: Assuring Information Security – Part III



Posted by: Robert Davis
Accountability, Acquire and Implement, Asset Management, Availability Management, COBIT Domains, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Plan and Organize, Risk Management, Value Delivery

Acquisitions and implementations are necessary for adequate information security.  To realize the information security strategy, information security solutions need to be identified, developed or acquired, as well as implemented and integrated into business and IT processes seamlessly.  During an...


December 15, 2012  12:05 AM

eBook excerpt: Assuring Information Security – Part II



Posted by: Robert Davis
Accountability, Acquire and Implement, Asset Management, Availability Management, COBIT Domains, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Plan and Organize, Risk Management, Security Frameworks, Value Delivery

Instituting and/or sustaining ISG requires comprehensive planning and organizing; robust acquisitions and implementations; effective delivery and support; as well as continuous monitoring and evaluation to address the myriad of managerial, operational, and technical issues that can thwart...


December 13, 2012  1:52 AM

eBook excerpt: Assuring Information Security – Part I



Posted by: Robert Davis
Accountability, Acquire and Implement, Asset Management, Availability Management, COBIT Domains, Continuity Management, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Security Frameworks, Strategic Alignment, Value Delivery

Chapter 1: Information Security Governance

“The information possessed by an organization is among its most valuable assets and is critical to its success.  The Board of Directors, which is ultimately accountable for the organization’s success, is therefore...


August 7, 2012  5:48 PM

Are Organizations Potentially Falling Short?



Posted by: Robert Davis
Accountability, Accounting, Application Portfolio Management, Asset Management, Audit Assurance, Audit Committee, Certified Information Systems Auditor, Change Control, Change Management, Control Processes, Decision Making, Enterprise Governance, ERP, Fiduciary Responsibility, Governance Tree, IT Governanace, Life Cycle Management, Organizational Structure, Project Management, Risk Management, Value Delivery

Current events posted by various news outlets, including Fox News, the Wall Street Journal, Forbes and Yahoo.com, concerning Knight Capital’s financial debacle, present some very serious allegations regarding managerial due diligence during system development...


March 6, 2012  8:43 PM

Auditing IT Governance – Part VIII



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, Internal Audit, IT Audit, ITG, Performance Measurement, Resource Management, Risk Management, Strategic Alignment, Value Delivery

Regarding audit staffing, potential IT governance engagement members should have the appropriate seniority and proficiency. Generally, when IT governance audit objectives involve a wide range of information system functions, assigned audit personnel should have extensive organizational...


March 2, 2012  10:12 PM

Auditing IT Governance – Part VII



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, Internal Audit, IT Audit, ITG, Performance Measurement, Resource Management, Risk Management, Strategic Alignment, Value Delivery

An IT auditor should include in the audit ambit relevant processes for planning, organizing, and monitoring the IT activity. Contextually, the audit ambit should include control systems for the use and protection of the full range of COBIT framework IT resources. Whereby, specifically;...


February 28, 2012  8:47 PM

Auditing IT Governance – Part VI



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, Internal Audit, IT Audit, ITG, Performance Measurement, Resource Management, Risk Management, Strategic Alignment, Value Delivery

Interpretively, an entity’s information systems represent the infrastructure to collect data, process transactions, and communicate operational results. In other words, an entity's MIS represents the aggregation of personnel, computer hardware and software, with associated policies and...


February 24, 2012  8:57 PM

Auditing IT Governance – Part V



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, Internal Audit, IT Audit, ITG, Performance Measurement, Resource Management, Risk Management, Strategic Alignment, Value Delivery

Primary drivers for IT governance audit planning are verifying governance existence, adequacy, and risk management. However, as with standard IT audits, a general control environment, information systems, and control procedures understanding...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: