The most common question asked by anyone seeking to apply a process or embrace a program always seems to be where to start. While this is a great question, the problem is that it implies a beginning and an end. It may also imply the assumption of a clean slate, which hardly exists in a venture startup company and certainly is nonexistent in an established enterprise. If we accept that an organization is a constantly evolving entity that is subject to the whims of an incalculable number of variables, then we can embrace the idea that to start anywhere is a move in the right direction.

Given that organizations are constantly evolving, it follows that those organizations that are the most agile and receptive to change will have incredible competitive advantage in the marketplace. Building an effective system of information technology (IT) compliance and control requires a high level of participation throughout the organization. To get full buy-in across all levels, people must be able to see the benefits of participating. Whether these benefits are the achievement of performance targets, managing long-term capital expenditures, or ensuring low-to-reasonable turnover in high-knowledge-worker centers of the organization, the entire organization excels when technology is leveraged to the needs of the business. Therefore, if a first step must be taken, and it certainly may be a small step, it should be centered on ...