T2P bridges the gaps between IT governance and practice, technology and business, regulation and control, risk management and market pressures, and the knowledge of you and your peers.
[+] An open forum and community...
T2P seeks to create a common pool of knowledge—one big brain—that lets you work more efficiently, build technology and business practices more effectively, and endure audits more effortlessly.
[+] A plexus nexus...
T2P is a knowledge hub through which you can find valuable information nodes, resource collections, and organizations that are helping people like you already, but in fractured ways.
[+] A rebellion...
Why should you have to pay auditors, analysts, and consultancies for information that's already out there? T2P's goal is to unlock the vast knowledge, insight, and conventional wisdom that we all have, make it freely available to you, and help you use and interpret it—without undue cost, bias, or hype.
Auditors are required to tell management when control failures are exposing them to risk. Still, many managers at some point disagree with their auditor's assessment. Can companies make auditors revise their assessment? And if not, what's the best way to find common ground in those disparate views?
Compliance is a risky business, even if your business isn't risky. From scoping to control remediation, risk defines compliance. So, why are companies with robust business intelligence systems still slogging through financial spreadsheets?
Few IT professionals really understand business, and few finance executives really understand IT. Centralized business rules management (BRM) helps bridge the divide between the business vision and policy execution—and enable IT efficiencies in the process.
IT leaders are increasingly challenged to implement processes and controls that are in line with business objectives, IT policies, and external rules and standards. In this article, certified internal auditor and certified information systems auditor Xenia Ley Parker offers inside advice on the factors that motivate and define IT audit processes.
Laws and policies concerning electronic waste are evolving rapidly. Computer components are hazardous due to heavy metals and plastics but trying to get rid of them means entering an uncharted regulatory minefield, where environmental concerns may end up being the least of your worries. Discover the most cost and time efficient way of electronic recycling, while eliminating compliance liabilities and maintaining social responsibilities.
Auditors are camped at the corporate gate, business managers are beating on your door, and the executive board is concerned about your compliance spending. How can IT compliance managers keep regulators, business units, auditors, and corporate bean counters happy? Standardize, simplify, and, above all, unify.
The days of retaining information as an undifferentiated mass are coming to an end. Higher information volume, stringent regulatory requirements, and high user expectations are driving companies to adopt tiered storage strategies. The question is what gets saved, why, and how. Can information lifecycle management (ILM) provide the answers?
One of the biggest threats to compliance isn’t rogue insiders or hackers, but a trusted tool: the lowly spreadsheet. Its life is unstructured, untracked, and unsecured—control challenges that can run afoul of everything from SOX to federal accounting rules. Learn to recognize top spreadsheet risks and what you can do to reduce them.
Internal policies are degraded if external contractors ignore their control objectives. Draft an IT outsourcing contract that allows you to monitor specific aspects of your service provider’s compliance efforts or risk being guilty by association.
From designing readable policies to making reasonable exceptions, IT and compliance managers must apply both professional insight and personal intelligence to policy enforcement. Eight best practices can help IT managers beat employee resistance to new policies.
The greatest sources of inspiration are often found in the strangest places. Thus, compliance management can take a lesson from lunchtime in Mumbai, where a 99.9999 accuracy rate in meal manufacturing and distribution offers a model of efficiency and control for complex compliance processes.
Controlling change and its impact can be a make-or-break factor of project success. Establishing a change board can help ensure that requested changes are realistic, do not cause downstream problems, and work within the project scope and budget. But what makes for a good change board?
Business systems are seldom designed with audit in mind. But as risk, assurance, and compliance practices expand, more data and transactional systems are falling within audit scope. These five questions can help you assess whether your internal systems are likely to produce positive findings.
Electronic data proliferation is economically neutral—it grows exponentially in good times or bad, and the costs of managing electronically stored information (ESI) continue to increase irrespective of budgetary increases. Corporations and counsel must anticipate increased litigation and regulation by instituting sound data-management practices and getting corporate data in order.
If your organization or business receives federal money through grants or contracts, you most likely have a duty regarding effective policies and procedures. Even if you do not have the express or implied obligation, however, there are plenty situations where the lack of good polices and procedures can cost a business, agency or organization.
To manage increasingly complex information environments, many companies turn to Enterprise Content Management (ECM) systems. These tales from the front lines of a multimillion-dollar procurement process illustrate some of the key dos and don'ts of enterprise solution evaluation.
With the proliferation of Web-based services, the world has become your IT department. But can you ensure your internal privacy controls are maintained in external services? These key questions and concrete actions can help ensure privacy compliance in the cloud.
Your IT budget can determine whether the CIO is invited to the executive table or left in the dark. Does your budget reflect the structure and insight that gives business leaders confidence in your IT operations?
Through strategy or rogue initiative, most companies are now communicating through "new" media channels such as blogs, online forums, and wikis. While the benefits of these new channels can be great, managers must also recognize and control the risks associated with rapid publication to vast audiences—and the difficulty of retracting information once it hits cyberspace.
Under increasing regulatory pressures, many firms are frantically seeking qualified people to head their compliance efforts. But in this emerging and competitive job market, hiring pitfalls abound. Where do companies go wrong when they're hiring a CCO?
Promising critical business functions on demand, Web-based services represent an almost irresistible operational sourcing option for many companies. But do managers understand the legal privacy and e-discovery ramifications of storing sensitive information with third-party hosts?
With the end-of-year holidays approaching quickly, it's a good time to reflect on some of the popular activities associated with this time of year. Given the economic environment, you might be thinking I'm going to talk about retail and its related threats, but you'd be wrong. No, there's something much more interesting, from a security perspective, that happens: kids get out of school on long holiday breaks.
AuditNetis an online portal for auditors. Created and run by the venerable Jim Kaplan, the organization's mission is to develop a complete "utility" for audit-related information, products, and services.
BeyeNETWORKprovides resources and professional community support for business intelligence, performance management, data warehousing, data integration and data quality.