Regulatory Reality:

IT General Controls

1

April 23, 2010  10:14 PM

Compliance professionals need thick skins



Posted by: David Schneier
assessment, assessments, Audit, bcp, business continuity planning, controls, framework, general controls, GLBA, IT General Controls, NCUA, Regulatory Compliance, Security, security awareness, Vendor Management

I've often surprised people when it comes to conducting audit/assessment work or developing compliance programs.  Generally speaking I'm a reasonable person who typically exhibits an abundance of flexibility in my day-to-day life.  However when it comes to my career, I tend to be much more of a...

March 14, 2010  3:59 AM

Muddy waters: Governance, risk and compliance



Posted by: David Schneier
assessment, Audit, framework, GLBA, GRC, IT General Controls, ITGC, Regulatory Compliance, risk, risk management

I had an email exchange with a colleague last week in which GRC (governance, risk and compliance as a unified methodology) was central to the discussion.  She felt that there's been a blurring of the lines in how people view GRC versus ERM (enterprise risk management) as disciplines and wanted to...


February 12, 2010  11:38 PM

IT audit reports: Why you can’t handle the truth



Posted by: David Schneier
Audit, corruption, fraud, GLBA, Information Technology General Controls, infrastructure, IT, IT General Controls, ITGC, NCUA, Regulatory Compliance

I was reading the local newspaper this morning and was surprised to find a front page story ripped from the headlines of my professional life (ironic, I know). Right there on the front page of today's News and Observer was a story about how a recent audit claimed corruption at a local college...


December 29, 2009  5:30 PM

Was 2009 the year regulatory compliance became a good thing?



Posted by: David Schneier
Audit, business continuity planning, GLBA, information security, IT General Controls, red flags, red flags identity theft, Regulatory Compliance, Vendor Management

When I sat down to write my last blog post for 2009, I was planning to write either about my predictions for 2010 or a retrospective of 2009. But that’s just so clichéd; everyone does that or tries to. And as I’d wrote in a recent post about...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: