What is design risk? To “design” is to create, fashion, execute or construct according to plan. The term design as used here refers to the entire scope of a project. A business system design is a collection of design documents and supporting materials which define the system functionality that supports one or more business processes and in the process, creates, retrieves, updates and deletes data.

Topics: IT risk, IT audit, IT controls, IT governance, IT infrastructure, IT strategy, performance management/measurement, KL Tools

|Busi*ness In*tel”li*gence|, n. - the capacity to acquire and apply business knowledge, the act or state of knowing about your business; to understand and profit from experience; the internal development and sharing of information to create a competitive advantage.

Topics: business intelligence, performance management, performance measurement, IT strategy, data analytics

The objectives of a business intelligence competency center (BICC) are to provide the organization with better control over operational and financial reporting, reduce reporting costs, improve consistency, and provide the organization with more complete information for management decisions. BICCs are often business-led cross-functional teams that provide organizational support and guidance for implementation and usage of business intelligence processes and technology. They can live within the IT organization, but more often are business driven.

Topics: business intelligence, performance management, performance measurement, IT strategy, data analytics

It is in this dynamic environment that IT audit leaders and functions must operate to help their organizations identify, mitigate and monitor an escalating volume of IT risks. Working in collaboration with executive management, the board of directors, IT, legal, human resources and numerous other departments, IT auditors face the daunting task of helping their organizations manage potential IT risks that could cripple the enterprise. Properly and proactively managing the organization’s IT strategy has never been more important.

Topics: IT strategy, IT risk, RCM, KnowledgeLeader tools

Changes to a company’s information technology (IT) environment, both information systems and the underlying platforms, are a source of significant operational risk for every organization. To protect its IT investment and reduce operating risk, robust change management processes are critical. The need for a positive control environment and a very unforgiving attitude regarding unauthorized IT changes by management cannot be overemphasized. Insufficiently tested IT changes is an unacceptable practice.

Topics: IT audit, IT strategy, IT governance, Hot Issues, Dan Swanson, IT infrastructure

The "Holy Grail" for IT has always been to be closely aligned with business efforts. For years, business has encouraged IT to focus on delivering business priorities. At the same time, IT has tried to be an integral part of business planning and align IT efforts and investments with business priorities. Ultimately, effective IT alignment really does require the ongoing and engaged involvement of all key participants. 

Topics: information technology risk, IT strategy, Hot Issues, Dan Swanson, project management, IT infrastructure, IT investment management, ISACA

Topics: Protiviti, social media risk, laws & regulations, information technology risk, regulatory updates, SEC, regulatory compliance, IT strategy, IT governance

Recently Protiviti surveyed nearly 200 Chief Information Officers, Chief Technology Officers, Chief Security Officers, IT vicepresidents with more than 100 questions covering Technical Knowledge, IT processing Capabilities and Organizational Capabilities.

A wide array of industry vectors were represented including consumer products, distribution, energy, financial services, health care, hospitality, manufacturing, retail, technology and utitilities. More than half work in publically traded companies and the rest work in private, government and non-profit organizations.

Topics: survey reports, IT strategy, IT audit

Protiviti has published the second edition of its popular booklet, Guide to the Sarbanes-Oxley Act: IT Risks and Controls.

This publication is the definitive resource guide on IT risks and control issues related to compliance with SOX Section 404. This is a 45 page booklet covering an array of SOX-related topics in a questions and answers format.

Topics: Data Integrity Risk, COSO Framework, methodology, enterprise risk management, IT strategy, IT audit, audit team, COSO, Application-Level Controls, Sarbanes-Oxley, SOX

Everybody is talking about IT Strategy lately. As IT managers you’re faced with considerable pressure to communicate a comprehensive strategy and also show a clear road to improving the business value of your activities. IT strategy management is often met with yawns by CEOs and other executives, yet it can advance or undermine every move a company makes.  In one-sided communication models like this, it’s often the case that only problems are properly recognized or attributed to your team.

Topics: IT strategy, IT audit, Audit Template