You may have seen an important announcement from CA Technologies and SAP today, which can be found here.An analyst reaction to this announcement from Michael Rasmussen of Corporate Integrity can be found here. Michael is one of the most respected analysts in GRC, so his opinion often carries a significant...
Posted to
Risk Management
on 07-14-2010
Filed under: GRC, IT GRC, IT controls, business risk management
A recent blog post http://bit.ly/bVd2i1 from Forrester Research made some very useful points, in my opinion. The focus of the article was on flexibility, in two key respects. First, flexibility is a key requirement of any GRC program, primarily because the demands for risk and compliance are so fluid...
Posted to
Risk Management
on 02-03-2010
Filed under: Risk Management, GRC, Compliance, Sumner Blount, Forrester, regulation
The Problem The Chief Information Security Officer (CISO) is given the mandate to ensure the IT department is compliant with these four authority documents: SOX, COBIT, PCI and ISO 27001. The OLD Answer The CISO reads and analyzes each of these documents and identifies the “thou must…” and “thou shall...
Posted to
Risk Management
on 01-26-2010
Filed under: GRC, Compliance, CA GRC Manager, controls, Mike Hoefgen, UCF, Unified Compliance Framework, control rationalization
Many agencies have a good handle on IT security, with the FISMA guidelines spelled out in great detail. However, with the advent of the new financial stimulus packages, there is a greater impetus to streamline the process around managing financial controls. Traditionally, financial process controls and...
Posted to
Risk Management
on 01-19-2010
Filed under: Allan Gajadhar, GRC, controls, centralized approach, security, financial controls, IT Government Expo