| |
|
How Facebook Broke Down Our Front Door, 07/06/2010
As companies and individuals exploit the web’s new frontier – social networking sites – we are creating for ourselves not only new avenues to generate revenue and social capital but also leaks in corporate and personal information.
Read more...
|
| |
|
Who Audits the Internal Auditors? (Conclusion), 05/25/2010
How to prepare for an External Assessment? Before the external assessment, the chief audit executive (CAE) should make sure that his/her organization has the following conditions as a minimum:
Read more...
|
| |
|
Who Audits the Internal Auditors? (First of two parts), 05/11/2010
This question has been posed to me many times, both in my past life as an internal auditor of private organizations and currently as an advisor on governance, risk and controls to our clients.
Read more...
|
| |
|
Moving towards Risk-Based Approach to Internal Audit (Conclusion), 04/27/2010
This approach requires performing periodic risk assessments (at least annual) of the auditable units and crafting an audit strategy that will prioritize and schedule audit engagements in accordance with the risk profiles.
Read more...
|
| |
|
Moving towards Risk-Based Approach to Internal Audit (First of two parts), 04/20/2010
Do you have a robust, reliable and credible internal audit department? Is the function still into the traditional, "police-type", compliance-based audit? Or has it adopted a risk-based approach?
Read more...
|
| |
|
Freedom from Risks (Second of two parts - Conclusion), 06/15/2009
Information is power. Leverage during negotiations tilts by the amount of information that is available at the hands of the negotiating parties. Business soundness and viability depend on information. Customers’ preferences are established through information feedback and market research. Almost every undertaking depends on adequate and right information to become successful. Information needs to be secured.
Read more...
|
| |
|
Freedom from Risks (First of two parts), 06/02/2009
Every facet of life has risks. The world is full of uncertainty. Business corporations are not exempted from this reality. We are all enslaved by the prospect of a loss. Is there freedom from risk?
Read more...
|
| |
|
Role of Engineering in Enterprise Risk Management, 5/05/2009
Engineering is the application of scientific and mathematical principles to practical ends such as design, manufacture, and operation of efficient and economical structures, machines, processes and systems. This is a common definition. To some, engineering is an art more than a science, as it is primarily concerned with how to direct to useful and economical ends the natural phenomena which scientists discover and formulate into acceptable theories. Engineering involves people, money, material, machines and energy.
Read more...
|
| |
|
Linking corporate governance and enterprise risk management, 9/30/2008
How can board of directors and senior executives help to define corporate governance within the context of enterprise risk management (ERM) programs? With the growing acceptance of ERM, the links between good governance and effective risk management are increasingly important.
Read more...
|
| |
|
Chossing an IT Solution, 7/1/2008
“Choosing an IT solution” is a management decision that has never been easy because it presents many challenges and issues.
Read more...
|
| |
|
Penetration testing - the basics, 5/20/2008
Penetration testing as defined is the process of exploiting weaknesses in a computer or the network infrastructure
Read more...
|
| |
|
Who audits the auditor?, 1/29/2008
When I started my internal auditing career in the early 1990s, I saw the auditors then as little gods and goddesses.
Read more...
|
| |
|
Is information security vital to your business?, 1/1/2008
It was a weekend, trying to make up for the busy nights of the past weeks. Suddenly, an alarm sounded and discovered that it was the phone ringing. Slowly reached for the phone, only to find out that some marketing agent is offering a certain product!
Read more...
|
| |
|
Preparing for the Implementation of an Information Security Management System (ISMS), 12/4/2007
Some organizations maintain a traditional approach to their IT security. But, given the numerous threats and risks in today’s security environment, this is no longer enough. Whenever there are manifestations of employee ignorance, user errors and fraud, these have to be immediately addressed.
Read more...
|
| |
|
Do your own periodic IT backups, 9/25/2007
As we become more and more dependent on digital information in our daily lives, our world seems to crumble when these digital information are corrupted or are lost.
Read more...
|
| |
|
Moving towards information technology governance, 8/21/2007
Is your organization dependent on information technology (IT)?
Read more...
|
| |
|
Business continuity management - It's not always about buying a second car, 7/31/2007
Business continuity management (BCM) is often perceived as having a backup IT system or a secondary office in a different location so that if a disaster does occur, the IT people will just turn on a switch that will make the backup IT system available or business operations can just move to that secondary office and the company can go about its usual business.
Read more...
|
| |
|
Moving towards enterpirse risk management, 7/24/2007
What keeps you up at night? How well are you in managing your risks? Are you achieving an acceptable return on the risks you take? Have you identified and assessed all your risks? What are your top 10 or 20 risks? Are you still into the traditional or “silo” risk management? Or, have you adopted the new, better and integrated approach to risk management? Do you have a fully integrated risk management program to assess and manage risks on a more integrated basis, across all lines of business and activities of the company?
Read more...
|
| |
|
The Value of IT Risk Advisors, 5/15/2007
How well do you sleep at night thinking that your Information Technology (IT) systems are safe from untoward incidents? How confident are you that any IT failure will not lead to the debut of your pink slip? How satisfied are you that the IT risk advisor/consultant you hired provided you the value you truly need?
Read more...
|
| |
|
|