This week’s resource selections focus on audit, building security into all our IT solutions, and finally being more effective in delivering IT solution (making information systems work!).
Have another great week.
The State of IT Auditing
One of my favorite articles over the past several years was written by Gary Hinson, a close colleague out of New Zealand. Gary has pulled together the critical issues facing the profession and put forth some insightful recommendations to improve IT Audit performance. I highly recommend a read of Gary’s landmark view of the future.
Building Security In! (is needed)
We need to implement effective security by building it into our IT solutions. Some resources to assist your understanding of the issues involved and recommendations to move us forward are provided below. Does your organization incorporate security as part of its software acquisition process and system development life cycle (SDLC) process?
Privacy – Our Next Organizational Challenge?
The reality of business operations today includes an increasing oversight of data privacy and information protection. Although the protection of sensitive and personal data has always been good business strategy, implementation has often been tactical and opaquely managed by IT departments. New laws, rules, and contractual obligations are changing all of this. Even as information privacy and protection objectives grow more critical and complex, they are also increasingly subject to scrutiny by both internal and external auditors. http://www.auditnet.org/articles/DSIA200905.htm
Improving Corporate Risk Management!
Has your organization completed a comprehensive review of its corporate risk management practices lately? Richard Anderson new study regarding leading practices to adopt would be a great place to start. http://www.auditnet.org/articles/DSIA200907.htm
What lens do you use to evaluate your governance efforts?
Over the past few years I have debated and learned from a very diverse group of senior professionals. In improving our governance practices it is absolutely vital to consider the different perspectives of the various stakeholders in good governance. There has been much debate about principles-based versus rules-based governance. There is also much concern on whether our focus should be on strategy or control. Many believe, myself included, that risk management is at the intersection of good governance by promoting well defined strategic goals and objectives and then the management of risks in achieving them. Improving governance involves the board, executive management, the accountants, the auditors (both external and internal), the investor, and others. Everyone’s views are valid and contribute in moving forward and improving governance, in fact the engaged involvement of all stakeholders is part of good governance. So next time you grit your teeth when someone else expresses a position you are uncomfortable with take the time to try to understand that person’s view and learn why they are talking as if they are from Mars. http://www.auditnet.org/articles/DSIA200809.htm
Making Information Systems Work
(towards the bottom of the newsletter — in the right column)
New technology has transformed the way we interact with one another and do business. However, as systems become ever-more complex, the challenges of effective implementation are greater than ever. These are challenges to whole the business, not just IT, and require engagement from all across the organization in the effective management and use of technology. The Making Information Systems Work program considers these opportunities and challenges, engaging all sectors of the economy in the debate. http://www.auditnet.org/auditnet-l%202009-04.htm