IT Governance, Risk, and Compliance

Mar 28 2009   8:20PM GMT

Control Assessments – Part III

Robert Davis Robert Davis Profile: Robert Davis

Information security managers should prepare for audits utilizing control self-assessments to verify compliance with laws, regulations, policies and procedures. It is always a sound idea to strategically plan annual control self-assessments. Beneficially, information security practice testing assists in evaluating designed processes and validates deployed controls are functioning as intended. Following a cyclic approach to control self-assessments cannot guarantee clean audit reports. It will, however, aid in ensuring the security department is briefed on governance expectations.

There are a few traditional events that occur once a year, some are considered cheerful, while others are considered dreadful. Regarding IT audits, enlighten security managers approach the assurance process as a periodic assessment of the way business is conducted throughout the year that enables obtaining an extraneous view of the current state of IAP controls from knowledgeable professionals. IAP managers that normally encounter difficulties during audits are those that adopt an adversarial posture. IT auditors are not storm troopers sent to dismantle departmental efficiency, and security managers that build communication firewalls and ‘honeypots’ based on a perceived organizational threat premise have misinterpreted generally accepted IT audit objectives.

“View Part I of the Control Assessments series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: