Thursday, August 16, 2007

IT Audit, Information Security and Internal Control, why do we need to bother?

Why do we need to audit and control all these boring things?
Do the people really need somebody, who will crack a whip,
indeed?

Unfotunately our practice and experience shows that it is our case. It is like Murphy's low: If something could be done wrong, it will be done wrong.

The answer, why it is happen, if the answer exists at all, lies in areas of philosophy and psychology. But it easy to see, that even highly motivated people are often suffer from the lack of the desire to adhere to all formalities, that they call bureaucracy.

That is why we IT Auditors and Information Security specialists will always have a job. And it is not only as result of SOX or Basel II or any other local requirements to the management of IT Audit, Information Security, Information Risk Management function.

So the main purpose of this blog is to provide you with information how to fully accomplish your functions and make people believe that they want your recommendations. :)

Do you think it is possible? Let's try together!

4 comments:

Anonymous said...

Andrey Almabekov:

I think if you want that people want your recommendations you should make good recommedations.
Controls or "bureaucracy" should not be as additional head ache for executor, but help to make his work easier.
It is like working table. You may let things (papers, pencils) be in mess or spend a few minutes to organize it.
This few minutes for organize will save a lot of time for search something and prevent loss of important things in future.

PS: I hope this blog will be interesting and useful.
Good luck! :)

Andrey said...

Just want to check if my google account works.

I audit said...

Andrey, thank you for your comment!
The analogy with working table is very interesting and graphic. Don't you mind if I put it in my piggy bank ? :)

Andrey said...

I audit, sure you can use "table story" to illustrate how controls works for management. If it helps :)