In November 2013, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) will formally release long-anticipated updates to ISO/IEC 27001 and 27002. The last time these standards were updated was in 2005.
Topics: IT Audit, Governance, Risk & Compliance, IT Governance, IT Infrastructure
Changes to a company’s information technology (IT) environment, both information systems and the underlying platforms, are a source of significant operational risk for every organization. To protect its IT investment and reduce operating risk, robust change management processes are critical. The need for a positive control environment and a very unforgiving attitude regarding unauthorized IT changes by management cannot be overemphasized. Insufficiently tested IT changes is an unacceptable practice.
Topics: IT Audit, IT Governance, IT Infrastructure, IT Strategy
Ongoing professional development is essential for today’s internal auditors, previously outlined in Protiviti’s 2013 Internal Audit Capabilities and Needs Survey. The results of the survey provide plenty of food for thought on the importance internal auditors assign to professional development in the light of a rapidly changing environment with new challenges at every turn. At the same time, internal auditors are enjoying a broader range of career paths and becoming innovative thinkers to meet the needs and challenges of a changing environment.
Topics: Internal Audit, IT Audit, Audit Committee & Board, Audit Planning
Information technology is critical to the long-term success of most organizations. It is a key driver for the cost of operations, which tends to be a vital component of overall profitability. It facilitates the introduction of new business initiatives, as well as the ongoing improvement of current processes and allows the management team to monitor and report on performance. IT enables business operations through connectivity, information processing and business intelligence. Lastly, and especially important to this audience, IT can contribute greatly to a company’s system of internal controls.
Topics: Internal Audit, IT Audit, Reporting/Disclosure, Change Management
Everybody is talking about IT Strategy these days. As IT managers, you’re faced with considerable pressure to communicate a comprehensive strategy, and show a clear road to improving the business value of your activities. IT strategy management is often met with yawns by CEOs and other executives, yet it can advance or undermine every move that a company makes. In one-sided communication models like this, it’s often the case that only problems are properly recognized or attributed to your team.
Topics: IT Audit, IT Strategy, Digital Transformation
Many businesses today exchange goods, services, information and knowledge using network-enabled technologies. Within such business, the proper protection of confidential information is essential to achieve the desired benefits and mitigate the associated risks. Failure to adequately restrict access to critical business information from outsiders (intruders) may result in unauthorized knowledge and use of confidential information by inappropriate parties.
Topics: IT Audit, Governance, Risk & Compliance, IT Infrastructure, IT Security, IT Risk, Performance Management/Measurement
Data integrity is the assurance that information can only be accessed or modified by those authorized to access the system. Measures taken to ensure integrity include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining rigorous authentication practices. Data integrity can also be threatened by environmental hazards, such as heat, dust and electrical surges.
Topics: IT Audit, IT Infrastructure, Cloud Computing, IT Risk, IT Controls, Data Security, Data Analytics, Performance Management/Measurement, Customer Satisfaction
It is a common occurrence today to find many organizations investing more and more resources – money, time, staff, etc. – into technology. Consider a relatively small retail company, for example, that’s focusing on expanding its website and online ordering capabilities while also building web-based platforms that can function seamlessly on a variety of popular mobile devices. At the same time, this company also must manage a broad and growing range of risks related to security and privacy; regulatory compliance; federal, state and local laws; use of social media by employees; and information technology (IT) infrastructure stability, among many other areas.
Topics: IT Audit
Topics: Internal Audit, IT Audit, Audit Committee & Board, Audit Planning, Audit Testing
Performance is defined as the throughput of business transactions compared to user needs, expectations or requirements. IT performance risk is the risk that a company’s IT infrastructure will be unable to perform at required levels due to inferior internal operating practices, technology and/or external relationships that threaten the demand for the organization's products or services.
Topics: IT Audit, IT Infrastructure, IT Risk, Change Management, Performance Management/Measurement
KnowledgeLeader, provided by Protiviti, is the premier resource for internal audit and risk management professionals.
With over 1,400 customizable tools and 1,300 articles by industry experts, we offer the most comprehensive service on the market.
For more information:
