Tag Archive | code

Creating Your Own Website

techinfo3To Website or Blog

Ok, you have an idea and a vision for sharing your knowledge on the web or you’re starting a small business and want to create an online presence where people can find you. As long as you have little patience, and an attitude to stick with it, even you can create a web presence.

You don’t have to know HTML, although it is helpful. You don’t have to be a computer artist, just resourceful. You don’t have to be a computer programmer, you just need some of the same tools they use.

But before you begin any of that, you need to decide two things. Do you create a website or do you create a blog? That depends on what you want to do. And what are you going to call your new web space? Continue reading

RSCA Tracking

trackingTools and Manual Tracking

As I mentioned in the RSCA Methodology overview, there are many tools on the market to help you perform tracking and reporting for regulatory compliance. I strongly suggest you invest in one of these tools and share it with your Internal Audit, SOx Audit and IT Compliance organizations. Having a single source for your tracking and reporting needs saves a great deal of time, and will cut down on the miscommunications between these organizations.

Most audit software companies have tools that will track all these data types and more. They also provide multi-user authenticated signon where project leaders and managers who own actions plans can update their the status of their assigned remediation items directly.

If however, your organization simply cannot afford these tools, you can perform the tracking and reporting through a manual process using MS Excel spreadsheets. If that’s the method you chose, there are specific data types to keep track of. Continue reading

The RSCA Process

processProcess Documentation

The Risk, Security & Compliance Assessment (RSCA) approach is used to evaluate the current state of security and compliance activities for SOx remediation initiatives. RSCA is a three-step methodology that covers Planning and Data Collection, Risk and Security Assessment, and Tracking and Reporting.

Each organization has their own Audit process to define the scope of an audit, the methodology for implementing that audit and how findings are reported. When findings fall into the realm of GRC, they should be handed off to a RSCA team for tracking and oversight for remediation.

See my IT Governance section for more information about IT Audit, and Governance, Risk Management & Compliance (GRC) and Risk, Security & Compliance Assessments (RSCA).
Continue reading

RSCA Methodology

riskRisk, Security & Compliance Assessments

The RSCA approach is used to evaluate the current state of Security and Compliance activities for SOx remediation within a business. RSCA is a three-step methodology designed to manage and provide oversight for business risk and compliance. But keep in mind that neither SOx nor RSCA are designed to eliminate all risk. They are designed to ensure risks are known and either corrected or accepted.

To that end, RSCA addresses your companies governance through:

  1. Planning and Data Collection
  2. Risk and Security Assessment
  3. Tracking and Reporting

These steps have been implemented at many large corporations facing large remediation initiatives. But it’s a method that can be easily scaled to any size business. These steps help to ensure both your business and IT processes are being adhered to, identifies gaps or risks that need to be resolved, tracks those resolution efforts and provides a method of reporting through each chain of command necessary for Governance, Risk Management and Compliance (GRC) Assessments.

See my IT Governance section for more information about IT Audit, and Governance, Risk Management & Compliance (GRC) and Risk, Security & Compliance Assessments (RSCA).

Continue reading

Segregation Of Duties

sodRoles & Responsibilities

Segregation of Duties (SOD) is one of the biggest issues to hit IT organizations. Especially for those that have been in business for 40 years or more. Companies typically start out with open environments that relied on developers to implement new code straight into production. Many organizations have no change management or change control tools to help strengthen and secure their development, testing, implementation into production and subsequent maintenance changes and emergency fix processes.

Compliance initiatives have done away with the same ole procedures and now require organizations to maintain stronger and more restrictive control over their IT environments. Those that don’t make efforts for control, end up with significant deficiencies called out by their auditors. Continue reading

Management Attestations

signatureAttesting To Compliance

An Attestation is management’s internal assessment and compliance with regulatory compliance certifications. These letters are also known as Compliance Certifications, GRC Agreements and the list goes on.

Typically only the CEO and CFO are required by law to sign an attestation. But more and more corporations are including the CIO in that requirement. Primarily because IT now plays such a critical role in ensuring the corporations data is secured and properly managed to retain reliable accounting systems.

Many CIOs become very uncomfortable in signing a corporate level attestation for their organization. How does the CIO know for sure that his direct staff is properly overseeing the IT components they manage? And how do those senior IT executives know that their directors and managers are giving proper attention and accountability to the processes they manage?

Because of this, many IT organizations are implementing an IT management wide Attestation to their compliance standards. From the lowest manager up, these attestations define the responsibility of each manager to adhere to corporate standards and compliance regulations. Each one roles up into a package for the next level manager to review and certify by signing their own attestation. Until finally, all of IT’s management has attested to the oversight of controls. And the CIO now feels like his/her back is covered.

See my IT Governance section for more information about IT Audit, and Governance, Risk Management & Compliance (GRC) and Risk, Security & Compliance Assessments (RSCA).

Continue reading

Implementing GRC In IT

sox404IT Governance

All IT organizations need to implement some type of Governance, Risk Management and Compliance (GRC) in their environment. No matter how big or small your organization might be, if your company has 1 password for something, you need oversight.

Oversight of risk has long been a best practice for any company that wants to remain competitive. A controlled environment provides an organization with stream lined processes, reusable procedures, better functioning systems, and typically under budget of expected costs.

This isn’t just some thing to do in order to meet federal, state or industry regulations. It’s about doing being a reliable business partner, a reputable company and an organization that can be trusted with integrity. All the things any size business needs to get an advantage in their local market.

See my IT Governance section for more information about IT Audit, and Governance, Risk Management & Compliance (GRC) and Risk, Security & Compliance Assessments (RSCA).

Continue reading

IT Governance, Risk Management & Compliance

soxWhat Is It?

Governance, Risk Management & Compliance (GRC) is an overall label for companies to implement best practices in their business and IT process to protect consumers and financial markets.

The concept began in the mid-to-late 1990s when several large publicly traded companies were found to have implemented shady practices to defraud customers, falsely report earnings and evade Federal Regulations.

As a result U.S. Senator Paul Sarbanes (D-MD) and U.S. Representative Michael G. Oxley (R-OH) sponsored a bill known as the ‘Public Company Accounting Reform and Investor Protection Act’ (in the Senate) and the ‘Corporate and Auditing Accountability and Responsibility Act’ (in the House). The bill has become affectionately known as the Sarbanes-Oxley Act or simply SOx and was signed into law in 2002.  Continue reading

Internet Marketing

icon-socialThe Importance of Being Relevant
by Vickie Carey

Whither you’re website is a simple personal blog for you to share your talents of cooking, photography or building a faery garden, you want it to be seen and maybe even a little popular would be nice too.

If you have a company and you’re doing business in today’s world, a big part of your marketing is done online. But simply having a website isn’t enough. A company, any company no matter how small or how big must be innovative and keep the interest of its customers in marketing campaigns.

For companies that sell products, this is generally an easy task. New products are available and updates to the company’s website are constant. The social media advertising of those campaigns can grab a customer into the site which then needs to hook the sale. Continue reading

Technology Kosmos

infotech

Why are all the Technology images blue? What’s wrong with Pink?

Revamping My Old WebSite

So if you didn’t read the About page, let me bring you quickly up to date. Springwolf.com has existed on the web in some form since 1997. As a domain since 2000.

It hasn’t changed a lot during that time. 14 years of static webpages and of course some of them are outdated, some have gotten stale and some still have value. But it’s time to remodel and redecorate. It’s going to take a few days to get all that done. This is day two and I’ve just gotten started. Continue reading