A process narrative is a story or a guide to define what processes your group performs and how they perform them. It’s not a high level document written from 10,000 feet up. But it’s also not a detailed installation guide. It’s a story of what you do.
A well written narrative reduces the misunderstandings that verbal communications can create when talking to auditors, coordinating backup/recovery tasks with other departments and even reference documents for your staff during emergencies when stress levels are high.
Written processes also help your team document little details that seem normal and common place to you, because you do the job. But when you’re talking about them and explaining them to someone else, you might leave those details out. It’s just part of what you do, you don’t think about it, you simply do it. But others may need to know those little things to fill in the gaps to their processes. Continue reading →
An Attestation is managements internal assessment and compliance with regulatory compliance certifications. These letters are also known as Compliance Certifications, GRC Agreements and the list goes on.
Typically only the CEO and CFO are required by law to sign an attestation. But more and more corporations are including the CIO in that requirement. Primarily because IT now plays such a critical role in ensuring the corporations data is secured and properly managed to retain reliable accounting systems. Continue reading →
All IT organizations need to implement some type of Governance, Risk Management and Compliance (GRC) in their environment. No matter how big or small your organization might be, if your company has 1 password for something, you need oversight.
Oversight of risk has long been a best practice for any company that wants to remain competitive. A controlled environment provides an organization with stream lined processes, reusable procedures, better functioning systems, and typically under budget of expected costs.
This isn’t just some thing to do in order to meet federal, state or industry regulations. It’s about doing being a reliable business partner, a reputable company and an organization that can be trusted with integrity. All the things any size business needs to get an advantage in their local market. Continue reading →