Being able to respond (i.e. continue critical business processes) during a major disaster and recover normal operations efficiently afterwards is a critical success factor for all organizations. An effective business continuity plan (BCP) and disaster recovery (DR) program is vital and must receive proper management attention and support. Continue reading
Are You Protecting Your Digital Assets?
Safeguarding assets has been an important objective of all organizations for centuries. In today’s digital age however, what does safeguarding your assets really mean? Who is responsible for it? And how is “protection” actually achieved?
The COSO framework for enterprise risk management recognized the importance of safeguarding assets as an implicit component of effective internal control. Its landmark 1992 framework even defined internal control as: “[A] process … designed to provide reasonable assurance regarding the achievement of objectives in the following categories: effectiveness and efficiency of operations; reliability of financial reporting; and compliance with applicable laws and regulations.”
Internal auditors play a valuable role in ensuring that IT investments are well-managed and have a positive impact on an organization. Their assurance role supports senior management, the audit committee, the board of directors, and other stakeholders. Internal auditors need to take a risk-based approach in planning their many activities on IT project audits. With limited audit resources, auditors must focus on the highest-risk project areas, while adding value to the organization. Audit best practices suggest internal auditors should be involved throughout a project’s life cycle — not just in post-implementation assessments.