2008 Annual Report: IT Governance, Risk and Compliance - Improving Business Results and Mitigating Financial Risk Research Report (2008) resource White Papers OCEG Reviewed
IT governance, risk and compliance (IT GRC) is about striking an appropriate balance between business reward and risk. The maturity of IT GRC practices for managing reward and risk has a direct impact on the organization.
The 2008 Annual Report, assembled from benchmark research conducted with more than 2,600 organizations around the World, reveals the IT GRC maturity profiles, business outcomes, capabilities and practices that are most responsible for influencing and impacting business rewards and risks.
Read more
85% of Corporate Executives Believe Risk Management Needs Overhaul blog
A recent Accenture survey found that 85% of executives believed that their companies need to overhaul their risk management approach.
Acquire a global view of your organization's security state: the importance of security assessments (IBM, 2007) resource White Papers OCEG Reviewed
Today, more than ever before, security is a key issue for virtually every organization. No matter the size of your enterprise and what business you are engaged in whether a financial services company, a retail chain or a water treatment plant threats to your information security occur daily and evolve constantly. Because of that fluidity, virtually every organization has a "security gap" that is, a gap between the organization’s current protection level and the level it should be at to meet the latest security threats.
Read more
AICPA, Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®) (2006) resource Guides OCEG Reviewed
The Trust Services Principles, Criteria, and Illustrations present criteria established by the Assurance Services Executive Committee of the AICPA for use by practitioners when providing attestation services on systems in the subject matters of security, availability, processing integrity, privacy, confidentiality, and certification authorities.
Read more
Aligning People, Processes, and Technology for Effective Risk Management (IIA, 2008) resource Articles OCEG Reviewed
Learning the basic components of a continuous risk management program can help auditors provide recommendations that enhance IT security risk management practices.
Author: Paul Reymann, CEO, ReymannGroup Inc.
An Executive Guide to Corporate Defence Management (CDM) (2006) resource White Papers OCEG Reviewed
In these changing times the constantly evolving challenges facing corporations are giving rise to ongoing turbulence in the corporate world, and there are indications of ominous times ahead. Defending a corporation requires far more than simply concentrating on security or legal defence, to help ensure survival contemporary corporate defence requires a far more comprehensive brief.
Read more
An opportunity for transformation: How internal audit helps contribute to shareholder value (2008) resource White Papers OCEG Reviewed
Rapidly accelerating pressures fuel the need for internal audit to transform its thinking from financial controls-centric to shareholder value-centricand to drive efficiency into traditional internal audit processes.
This PwC whitepaper examines key topics for internal audit transformation:
Read more
- It’s time to question the internal audit status quo
- The shareholder value challenge
- How to unleash the power of internal audit
ANSI, Identity Theft Prevention and Identity Management Standards Panel resource Organizations & Associations OCEG Reviewed
Jointly sponsored by the American National Standards Institute (ANSI) and the Better Business Bureau (BBB), the Identity Theft Prevention and Identity Management Standards Panel (IDSP) is a cross-sector coordinating body whose objective is to facilitate the timely development, promulgation and use of voluntary consensus standards and guidelines that will equip and assist the private sector, government and consumers in minimizing the scope and scale of identity theft and fraud.
Read more
Architectural Risk Analysis (2005) resource Articles Member contributionOCEG Reviewed
Architectural risk assessment is a risk management process that identifies flaws in a software architecture and determines risks to business information assets that result from those flaws.
