Analysis and Advice

How to Disagree with Auditors: An Auditor’s Guide

Auditors are required to tell management when control failures are exposing them to risk. Still, many managers at some point disagree with their auditor's assessment. Can companies make auditors revise their assessment? And if not, what's the best way to find common ground in those disparate views?

Staff in the Time of Cholera: Managing Workflow and Disaster

What if 80 percent of your staff called in sick…for a month? Epidemics and natural disasters regularly decimate workforce availability. Will you be ready if it happens to you?

The Truth Will Keep You Free: Analytics, BI, and Compliance

Compliance is a risky business, even if your business isn't risky. From scoping to control remediation, risk defines compliance. So, why are companies with robust business intelligence systems still slogging through financial spreadsheets?

Business Rules Bridge the Gap between Policies and Execution

Few IT professionals really understand business, and few finance executives really understand IT. Centralized business rules management (BRM) helps bridge the divide between the business vision and policy execution—and enable IT efficiencies in the process.

What Auditors Look for in an IT Department

IT leaders are increasingly challenged to implement processes and controls that are in line with business objectives, IT policies, and external rules and standards. In this article, certified internal auditor and certified information systems auditor Xenia Ley Parker offers inside advice on the factors that motivate and define IT audit processes.

IT Recycling: The Next Frontier

Laws and policies concerning electronic waste are evolving rapidly. Computer components are hazardous due to heavy metals and plastics but trying to get rid of them means entering an uncharted regulatory minefield, where environmental concerns may end up being the least of your worries. Discover the most cost and time efficient way of electronic recycling, while eliminating compliance liabilities and maintaining social responsibilities.

The Tao of Compliance: Unifying Controls over Chaos

Auditors are camped at the corporate gate, business managers are beating on your door, and the executive board is concerned about your compliance spending. How can IT compliance managers keep regulators, business units, auditors, and corporate bean counters happy? Standardize, simplify, and, above all, unify.

Tier of Influence: The Rise of Lifecycle-Driven Information Storage Strategy

The days of retaining information as an undifferentiated mass are coming to an end. Higher information volume, stringent regulatory requirements, and high user expectations are driving companies to adopt tiered storage strategies. The question is what gets saved, why, and how. Can information lifecycle management (ILM) provide the answers?

Top 10 Spreadsheet Compliance Risks and How to Avoid Them

One of the biggest threats to compliance isn’t rogue insiders or hackers, but a trusted tool: the lowly spreadsheet. Its life is unstructured, untracked, and unsecured—control challenges that can run afoul of everything from SOX to federal accounting rules. Learn to recognize top spreadsheet risks and what you can do to reduce them.

Tough Times and Risk Management

When the going gets tough, the tough start measuring cost, value, and risk. New economic pressures underscore the need for a risk-assessment approach to IT management overall, not just to security.

Dangerous Liaisons: Drafting Outsourcing Contracts

Internal policies are degraded if external contractors ignore their control objectives. Draft an IT outsourcing contract that allows you to monitor specific aspects of your service provider’s compliance efforts or risk being guilty by association.

Out of Breach: Eight Ways to Beat IT Policy Resistance

From designing readable policies to making reasonable exceptions, IT and compliance managers must apply both professional insight and personal intelligence to policy enforcement. Eight best practices can help IT managers beat employee resistance to new policies.

Yabba Dabbawala: Lessons in Six-Sigma Quality Control for Compliance

The greatest sources of inspiration are often found in the strangest places. Thus, compliance management can take a lesson from lunchtime in Mumbai, where a 99.9999 accuracy rate in meal manufacturing and distribution offers a model of efficiency and control for complex compliance processes.

The Most Important Tool in Managing Change Control—The Change Board

Controlling change and its impact can be a make-or-break factor of project success. Establishing a change board can help ensure that requested changes are realistic, do not cause downstream problems, and work within the project scope and budget. But what makes for a good change board?

Data Auditing Quiz: Does Your Compliance Data System Prove Your Innocence?

Business systems are seldom designed with audit in mind. But as risk, assurance, and compliance practices expand, more data and transactional systems are falling within audit scope. These five questions can help you assess whether your internal systems are likely to produce positive findings.

Protecting Corporate Data in Economic Downturn: A Legal Perspective

Electronic data proliferation is economically neutral—it grows exponentially in good times or bad, and the costs of managing electronically stored information (ESI) continue to increase irrespective of budgetary increases. Corporations and counsel must anticipate increased litigation and regulation by instituting sound data-management practices and getting corporate data in order.

Dissociative Disorder: Compliance and Data Quality

Are you sweating the auditors? How about that “make or break” business decision? Better double check your data quality: your corporate future and compliance could depend on it.

Why Written Policies and Procedures Matter

If your organization or business receives federal money through grants or contracts, you most likely have a duty regarding effective policies and procedures. Even if you do not have the express or implied obligation, however, there are plenty situations where the lack of good polices and procedures can cost a business, agency or organization.

Some Lessons out of ECM Vendor-Demo Hell

To manage increasingly complex information environments, many companies turn to Enterprise Content Management (ECM) systems. These tales from the front lines of a multimillion-dollar procurement process illustrate some of the key dos and don'ts of enterprise solution evaluation.

The Madness of Clouds: Sourcing, Control, and Privacy

With the proliferation of Web-based services, the world has become your IT department. But can you ensure your internal privacy controls are maintained in external services? These key questions and concrete actions can help ensure privacy compliance in the cloud.

What Your IT Budget Says About That Organization's Value

Your IT budget can determine whether the CIO is invited to the executive table or left in the dark. Does your budget reflect the structure and insight that gives business leaders confidence in your IT operations?

Protecting Employers from New Media

Through strategy or rogue initiative, most companies are now communicating through "new" media channels such as blogs, online forums, and wikis. While the benefits of these new channels can be great, managers must also recognize and control the risks associated with rapid publication to vast audiences—and the difficulty of retracting information once it hits cyberspace.

Seven Mistakes Companies Make in Hiring a Chief Compliance Officer

Under increasing regulatory pressures, many firms are frantically seeking qualified people to head their compliance efforts. But in this emerging and competitive job market, hiring pitfalls abound. Where do companies go wrong when they're hiring a CCO?

Cloud Computing Brings New Legal Challenges

Promising critical business functions on demand, Web-based services represent an almost irresistible operational sourcing option for many companies. But do managers understand the legal privacy and e-discovery ramifications of storing sensitive information with third-party hosts?

Hacky Holidays: Five Tips to Avoid Seasonal Blight

With the end-of-year holidays approaching quickly, it's a good time to reflect on some of the popular activities associated with this time of year. Given the economic environment, you might be thinking I'm going to talk about retail and its related threats, but you'd be wrong. No, there's something much more interesting, from a security perspective, that happens: kids get out of school on long holiday breaks.
RSS Icon