Jobs Information Strategies

Jobs Information Strategies

More About Me...

Lorem ipsum dolor sit amet, nisl elit viverra sollicitudin phasellus eros, vitae a mollis. Congue sociis amet, fermentum lacinia sed, orci auctor in vitae amet enim. Ridiculus nullam proin vehicula nulla euismod id. Ac est facilisis eget, ligula lacinia, vitae sed lorem nunc. Orci at nulla risus ullamcorper arcu. Nunc integer ornare massa diam sollicitudin.

Another Tit-Bit...

Lorem ipsum dolor sit amet, nisl elit viverra sollicitudin phasellus eros, vitae a mollis. Congue sociis amet, fermentum lacinia sed, orci auctor in vitae amet enim. Ridiculus nullam proin vehicula nulla euismod id. Ac est facilisis eget, ligula lacinia, vitae sed lorem nunc.

SAFE TRADING

The prospect of a visit from an auditor can send shivers down a stiff spine. But a willingness to listen can smooth the process. Mary Ann Maxwell explains how to achieve compliance calm.

Never in the history of fire enterprise and commercial activity has there been such a premium on compliance. But just what is compliance? It is the process of adherence to policies and decisions. Policies can be derived from internal directives, procedures and requirements, or external laws, regulations, standards, and agreements. In simpler terms, compliance consists of the following:
 Know What To Do: interpret regulation, standards, and contracts, for your environments.
 Know What You Do: document your policies, processes and controls.
 Do What You Say: monitor for compliance and changes over time.
 Say What You Know: report as required.
The role of IT in compliance will continue to attract attention from auditors, regulators and oversight officials. Therefore, CIOs need to add auditor collaboration on their repertoire of skills. Managed audit relationships improve IT-based trust, respect, communications and value.
For world-class firms that lead in risk management, an IT audit is a shared finance/operations/IT function staffed by well-trained personal who report directly to the audit committee of the board of directors. Such visibility ensures a disciplined way to enhance risk management and control processes.
Because auditors are trained to challenge assumptions and force accountability, auditing partnerships can enable practitioners to quickly build breadth and depth of communications and negotiations expertise.
Auditors look at their clientele as being more concerned with execution than proper documentation. However, post-Sarbanes Oxley, evidentiary rules have changed from being corroborative (if three parties say it happened, it happened) to primarily documentary (only documented evidence counts).
Said differently, if it is not documented, it did not happen. Thus the role of auditors is verifying documentation exclusively is growing. Documented evidence is also one of the best ways of further raising IT credibility. Artifacts such as project plans, risk models, and business impact assessments demonstrate the IT organization’s capability to properly document their work. Incorporation of the control objectives for information and related technology (COBIT) model can accelerate a stronger relationship between IT and the finance organization. Likewise, business continuity planning and audit can advance partnerships between IT and line operations.
How do auditors think? Because audit by definition is an independent objective assurance to add value and improve operations, knowledgeable CIOs anticipate an auditor’s focus specifically on the following:
 Audit Criteria: the metrics through which an evaluation is made, including any applicable policies, their rationales, and implications.
 Condition: factual evidence found by the auditor and resulting quantifiable impact.
 Cause: an explanation of the evidence, its probability of recurring and any appropriate trending.
 Mitigation: recommended action.
 Action: activity taken to accept, transfer, mitigate, or minimize the identified issue.
Auditors typically focus on reducing risk through acceptable controls. However, good auditors also look for artifacts, such as records, data, manuals and models, that focus on the alignment between confirmed management specifications of stated acceptable risks versus documented controls.
Although auditors should be more active in helping management define policy with greater sensitivity, co-operative identification, less interrogation and mutual respect, this is not always the case. CIOs should avoid defiance, debate, defensiveness and ignorance. Leading CIOs strive from mutual respect. A “trust but verify” environment requires sensitivity by all.

Taken from MIS Asia.

0 comments:

Post a Comment