IT Governance, Risk, and Compliance

Jul 1 2013   2:02AM GMT

Government-Audit Convergence Part VII

Robert Davis Robert Davis Profile: Robert Davis

Technology deployment and associated management information systems can provide a competitive advantage as well as increased control requirements. Legal noncompliance risks are an irrefutable fact, where consequences range from significant financial penalties to the threat of damage to an entity’s reputation. IT auditors are indirectly, if not directly, an entity control mechanism assuring mandated compliance expectations are adequately addressed by management. In one form or another, ensuring legal compliance serves as a significant information security audit objective for most entities. Amplifying information security criticality is the number of IAP related laws and regulations impacting compliance expectations.


Bakman, Alex. “If Compliance Is So Critical, Why Are We Still Failing Audits? How to Minimize Failure and Make the Audit Process Easier.” Information Systems Control Journal, vol. 5 (2007).

Generally Accepted Information Security Principles Committee. GAISP V3.0. N.p.: Information Systems Security Association, 2004.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: