First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Author Archive - Ron Richard

Ron Richard, Quality, Information Technology and Enterprise Risk Management specialist has held positions at most any level of an organization, and acquired more than 30 years of relevant experience including related work done at the College of the North Atlantic. Ron is author of Inherent Quality Simplicity and the Inside Internal Control newsletter Modern Quality Management series. Read more

Change, exponential power, enterprise architecture, governance and stakeholder engagement

I’ve decided to take a break from blogging for Inside Internal Controls following this post. What follows here is an eclectic bit of sharing which I hope you will find of value.

 

, , , , , , , , , , , , , , , , , , , , , , ,

Take testing activities up a level

In a 2009 blog post, Dr. James Whittaker suggested all managers out there need to ask themselves what they’ve done lately to make their testers (e.g., software engineers, system analysts and anyone else who may be involved in testing activities) more creative.

 

, , , , , , , , , , , , , , , , , ,

Your service-oriented architecture expert opinion

I recently came across two different definitions of service-oriented architecture and I asked Grady Booch if he would share his expert opinion (i.e., do these two definitions align, or is one correct or more correct)?

 

, , , , , , , , , , , , , , ,

Understanding enterprise architecture and related risks

Enterprise architecture is an important topic to organizations from executives, to IT/business resources, to customers, at all levels and around the globe. This blog post features input from three EA experts, from Canada, the United States and the United Kingdom.

 

, , , , , , , , , , , , , , , , , , , , , , , , , , ,

Enhancing quality and correcting the threat of intimidation in reporting obligations

To start the year with a challenge, perhaps consider this as one of your organization’s new year’s resolutions, addressing or correcting the threat of intimidation within reporting obligations inside your organization. What am I talking about? To illustrate,

 

, , , , , , , , , , , , , , , , , , , , , , , , , ,

Privacy practices for developing mobile applications (apps)

mobile-apps

Privacy practices, and all things mobile, are both hot topics these days. This is in part because mobile devices and apps are fun, cool, provide value, and are on the rise. They are used by professionals of all types, and people of most any age, including our youth. This however feeds the assumption that technology in general, including mobile devices and apps, is threatening the privacy rights of individuals.

 

, , , , , , , , , , , , , , , , , , , , , ,

Protecting sensitive data against the insider threat with data masking

With an overabundance of information being stored or created in electronic format, and various tools for turning data (i.e., personally identifiable information, intellectual property, credit card) into cash, goods, and other services, the risks of doing business have increased. We are hearing more and more about attacks where the target is sensitive data, and the perpetrators are those with elevated levels of trust and access within the business.

 

, , , , , , , , , , , , , , , , , , , , , , ,

How well is your IT department positioned for the future?

Ideally your IT processes are effective and efficient, and the department itself is viewed favourably by its customers, employees, and management. If at all possible, your IT department is positioned well enough to meet future needs and you have a good grasp on what you are doing to develop opportunities to answer present and future challenges.

 

, , , , , , , , , , , , ,

IT, an emerging global profession

it global profession

In an emerging global IT profession a major contributor in Canada and around the world is CIPS – Canada’s Association of Information Technology Professionals…

 

, , , , , , , , , , , , , , , , , , ,

Do you have or need cyber risks insurance in case of a cyber attack?

A growing number of companies are investing in cyber risks insurance, which offers a degree of protection against the consequences of cyberattacks such as hacking, business disruptions and digital data breaches. Organizations are increasingly buying insurance to protect against losses from computer breaches.

 

, , , , , , , , , , , , , ,

When a privacy policy is not enough!

Does your organization have an IT risk management program in place that draws upon various stakeholders to identify and prioritize privacy risks and related mitigations? Does your IT risk management program maintain appropriate records and provisions for access to information and privacy? And, have you implemented a privacy policy, only to find out that during internal audits there was a lack of compliance?

 

, , , , , , , , ,

How does your organization assess the effectiveness of internal audits?

Typically, the stewardship responsibilities of a board of directors include the identification of an organization’s principal risks, the implementation of systems to manage them, and the integrity of internal control and management information systems. Typically, an internal audit function plays a key role in assessing and reporting on these areas.

 

, , , , , , , , , , , , ,

Service management scope definition

So, here it is, September, already! Ideally you’re rested from a great summer vacation and ready to dive back into providing or improving your services, or perhaps at least to revisiting how you define the scope of them. With that in mind, let’s take a look at a new publication that may be of some help to you, ISO/IEC 20000-3:2012, which as of August 14, 2012 is now at stage 60.60 (Publication Stage, International Standard published).

 

, , , , , ,

Information security guidance

According to Deloitte, IT now plays many fundamental and highly beneficial roles in businesses, including:

 

, , , , , , , , , , , , , , , ,

Risk management in the cloud

Cloud computing may indeed be “one of the biggest revolutions to emerge in recent times,” but it also presents big risks. The global principles, frameworks and standards for risk management and accountability in the cloud itself are still very much playing catch-up…

 

, , , , , , , , , ,

Previous Posts