Standards, frameworks, and rules for risk management, high-level oversight, and business and operational governance.
Aimed at accountants and accountancies, this guide presents a framework for IT assurance and advisory services related to information security; system or service availability, processing and integrity; and online privacy and confidentiality.
Factor Analysis of Information Risk (FAIR) provides a framework for understanding, analyzing, and measuring information risk. The outcomes are more cost-effective information risk management, greater credibility for the information security profession, an ...
A complex regulatory requirement and framework for banks, Basel II encourages a measured risk-based approach to capital management. The rule adds emphasis to the need for comprehensive, integrated data management, including data quality controls.
An IT governance framework and supporting toolset that helps managers bridge the gap between control requirements, technical issues, and business risks. (Free site registration required to download.)
Defines essential enterprise risk management components, discusses key ERM principles and concepts, suggests a common ERM language, and provides clear direction and guidance for enterprise risk management.
Establishes a general foundation for planning, implementing, assessing, and improving internal controls.
The South African corporate governance code, including guidance on board constitution, qualifications, oversight responsibilities, and compensation. Written for relevance to governmental, public for-profit, and non-profit entities.
A substantive presentation describing definition, souring, application, interpretation, testing, cost effectiveness, calibration, and use of security measurement in a risk context. The presentation also provides insights on related concepts, such as st ...
Guidance on building information security plans, compliant with ISO 13335 risk management standard and compatible with ISO 27001.
Superseded by PCAOB Auditing Standard No. 5 in July 2005. Comprehensive standard for public company audit and assurance efforts required by the Sarbanes-Oxley Act of 2002.
Comprehensive audit standard supporting public-company audit and assurance efforts required by the Sarbanes-Oxley Act of 2002.
A practical framework for model-based risk management of security-critical systems by exploiting the synthesis of risk analysis methods with semiformal specification methods, supported by an adaptable open source tool-integration platform. Accompanied by
Practical guidance on the application of business risk-management principles, with perspectives on both the upside and a downside of risk. Developed by a consortium of UK risk management associations.
The US Securities and Exchange Commission (SEC) has identified the Turnbull guidance as a suitable framework for complying with US requirements to report on internal controls over financial reporting, as set out in Section 404 of the Sarbanes-Oxley Act of