Auditing Business Continuity and Disaster Recovery – Part VII
Primary drivers for organizational continuity assurance service planning are: verifying continuity plan existence and assessing continuity plan adequacy. However, as with standard IT audits, a general...
View ArticleAuditing Business Continuity and Disaster Recovery – Part VIII
An IT auditor should perform a preliminary control environment (CE) assessment corresponding to the audit area being examined to enable reasonable assurance that all significant items will be...
View ArticleRisk Management: Is it just another set of business buzzwords? – Part I
Risk management is not an issue any ‘going concern’ should consider a platitude used to demonstrate effective leadership. Those responsible for governance within an enterprise must be, without...
View ArticleRisk Management: Is it just another set of business buzzwords? – Part II
An entity’s business risk management framework should be a strategic axial enabled to accept diverse strategy spokes. Proactively, business risk management should represent the process whereby an...
View ArticleRisk Management: Is it just another set of business buzzwords? – Part III
Similar to business risk management, IT risk management is a continuous process that should be interlaced into the fabric of an entity. IT risks directly impact an entity’s ability to provide goods...
View ArticleRisk Management: Is it just another set of business buzzwords? – Part IV
The risk management process introduces a systematic approach for identifying, assessing, and reducing risks as well as maintaining defined acceptable risk levels. An IT risk assessment should be...
View ArticleRisk Management: Is it just another set of business buzzwords? – Part V
Usually, IT risk analysis has four primary goals: Identifying assets and their associated values Identifying vulnerabilities and threats Quantifying the probability and business impact of potential...
View ArticleRisk Management: Is it just another set of business buzzwords? – Part VI
Controlling and monitoring activities attempting to ensure acceptable risk responses include: Policies Directives Standards Procedures Rules Strategically; policies are definite courses or methods of...
View ArticleRisk Management: Is it just another set of business buzzwords? – Part VII
Management should establish standards as baselines for measuring quantity, weight, extent, value, or quality. Standards can be considered specific goals or objectives against which performance is...
View ArticleRisk Management: Is it just another set of business buzzwords? – Part VIII
IT policies, directives, standards, procedures, and rules should be deployed based on assessed effectiveness and efficiency in addressing managements risk appetite. Deployed controlling and monitoring...
View Article
More Pages to Explore .....