Do we have to?

Remember the last time you deposited a check? Was it signed? Now, imagine having to book a journal entry. Does it have to be approved before it can be posted in the system? Or how about releasing an emergency fix in production. Is it likely to have been approved?

In exploring the principle of coupling, we ask two primary questions:

•  First, the elephant in the room: does the control really need to be performed for the process to be complete? Is it a nice-to-have or a must-have? Just as we expect checks to be signed, do we, in turn, expect the IT control to be performed each time?

•  Second, to what extent can the degree of coupling amongst people, data, systems and activities either support, or detract from, ...

Get Compliance by Design: IT Controls that Work now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.