Changes to a company’s information technology (IT) environment, both information systems and the underlying platforms, are a source of significant operational risk for every organization. To protect its IT investment and reduce operating risk, robust change management processes are critical. The need for a positive control environment and a very unforgiving attitude regarding unauthorized IT changes by management cannot be overemphasized. Insufficiently tested IT changes is an unacceptable practice.
In January 2013, healthcare provider organizations bid farewell to an era defined by uncertainty, at least with regard to healthcare reform, and ushered in an era that may very well be defined by volatility, at least in terms of internal systems, processes and procedures. If this assessment is an exaggeration, it is only a slight one. After all, one of the primary sources of uncertainty – whether the Patient Protection and Affordable Care Act (PPACA) would be implemented – was resolved in 2012, following the Supreme Court's monumental decision regarding the law's constitutionality.
Information technology is critical to the long-term success of most organizations. It is a key driver for the cost of operations, and cost of operations tends to be a vital component of overall profitability. It facilitates the introduction of new business initiatives, as well as the ongoing improvement of current processes, and allows the management team to monitor and report on performance. IT enables business operations through connectivity, information processing, business intelligence and the like. Lastly, and especially important to this audience, IT can contribute greatly to a company’s system of internal control.
Recently Protiviti surveyed nearly 200 Chief Information Officers, Chief Technology Officers, Chief Security Officers, IT vicepresidents with more than 100 questions covering Technical Knowledge, IT processing Capabilities and Organizational Capabilities.
A wide array of industry vectors were represented including consumer products, distribution, energy, financial services, health care, hospitality, manufacturing, retail, technology and utitilities. More than half work in publically traded companies and the rest work in private, government and non-profit organizations.
Protiviti has published the second edition of its popular booklet, Guide to the Sarbanes-Oxley Act: IT Risks and Controls.
This publication is the definitive resource guide on IT risks and control issues related to compliance with SOX Section 404. This is a 45 page booklet covering an array of SOX-related topics in a questions and answers format.
Everybody is talking about IT Strategy lately. As IT managers you’re faced with considerable pressure to communicate a comprehensive strategy and also show a clear road to improving the business value of your activities. IT strategy management is often met with yawns by CEOs and other executives, yet it can advance or undermine every move a company makes. In one-sided communication models like this, it’s often the case that only problems are properly recognized or attributed to your team.
Data integrity is the assurance that information can only be accessed or modified by those authorized to access the system. Measures taken to ensure integrity include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining rigorous authentication practices. Data integrity can also be threatened by environmental hazards, such as heat, dust, and electrical surges.
Add a Comment: