Chapter 3. Importance of IT Controls
VALUE: BEYOND "BECAUSE IT IS BEST"
The idea that the recent attention provided to information technology controls is new and just a fad, or nightmare, is mistaken. Across the globe governments, industries, and stakeholders alike have asked, required, and expected diligence over the systems that make up their enterprises.[43] In the United States alone, the government has explicitly required oversight and safeguards numerous times. The two most recent, giving Sarbanes-Oxley a rest for a moment, are the Fair Credit Reporting Act (FCRA), and Office of Management and Budget Circular A-123, "Management Accountability and Control." Interestingly enough, the circular defines management controls in a way that is echoed around the world:
Management controls are the organization, policies, and procedures used by agencies to reasonably ensure that
programs achieve their intended results;
resources are used consistent with agency mission;
programs and resources are protected from waste, fraud, and mismanagement;
laws and regulations are followed; and
reliable and timely information is obtained, maintained, reported and used for decision making.[44]
At this point we realize the business and global implications that technology and its associated services provide to society. But there are other important attributes of IT controls, such as the assurance that the environment is secure from tampering and that both government and customer expectations are met regarding ...
Get It Compliance And Controls: Best Practices for Implementation now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
