This week’s resource selections highlights a variety of audit articleswhich I’ve had the pleasure of writing. By regularly studying(auditing) what is “in place” (our current state) and identifying whatthe priority improvement are (our future state) we can encourage andimplement continuous improvement. Why not consider taking an auditcourse this year!
Have another great week.
Dan Swanson
Improve IT Security: Educate StaffIntoday’s healthcare environment, information security and protection ofinformation assets are critical activities for all organizations.Information isthe lifeblood of the organization and a vital business asset.IT systems connect every internal department of an organization andconnect the enterprise to a myriad of suppliers and partners.
Expert Corner: Information Security – Are You Protected?Irecently read that many people worry about accidental death,particularly in ways that are very frightening: poisonous snakes orspiders, or even alligator attacks. This same article noted that basedon official death statistics, the vast majority of people actually diefrom chronic health causes: heart attacks, obesity, and other ailmentsthat result from poor attention to long-term personal fitness. In 2003,accidental deaths in the United States numbered around 100,000; chronichealth-related deaths were more than 2.4 million.http://ethisphere.com/expert-corner-4/
Auditing IT Initiatives Is a Recommended Quality PracticeChangesto a company’s information technology (IT) environment, bothinformation systems and the underlying platforms, are a source ofsignificant operational risk for every organization. To protect its ITinvestment and reduce operating risk, robust change managementprocesses are critical. The need for a positive control environment anda very unforgiving attitude regarding unauthorized IT changes bymanagement cannot be overemphasized. Insufficientlytested IT changes should also be an unacceptable practice.
Auditing IT Investment Management: How Aligned is IT and the Business in Your Organization?TheHoly Grail for IT has always been to be closely ‘aligned’ with businessefforts. For years business has encouraged IT to focus on deliveringbusiness priorities. At the same time IT has tried to be an integralpart of business planning and align IT efforts and investments withbusiness priorities. At the end of the day, effectiveIT alignment really does require the ongoing and consistent involvementof all key participants.
Are Your Audit Priorities Aligned with the Organization’s Needs?Internalaudit efforts must be risk-based and contribute to the long-termassurance needs of the organization and its board. Aformal audit risk assessment should be completed at leastannually and the results of that assessment should directinternal audit priorities.
Expert Corner: Auditing a compliance and ethics programBroadlyunderstood, assuring compliance with an organization’s policies andprocedures, as well as legal and regulatory requirements, is animportant activity that supports the functioning and reputation ofsuccessful organizations. Monitoring and maintaining compliance is notjust to keep the regulators happy; compliance with regulatoryrequirements and the organization’s policies and procedures is also acritical component of an effective enterprise-wide risk managementprogram and is a sign of good corporate governance. It is an importantway in which an organization achieves its business goals, sustains itsethical health, works towards long-term prosperity, and preserves andpromotes its values.http://ethisphere.com/expert-corner-1/
