Tag Archive | section

Management Attestations

signatureAttesting To Compliance

An Attestation is management’s internal assessment and compliance with regulatory compliance certifications. These letters are also known as Compliance Certifications, GRC Agreements and the list goes on.

Typically only the CEO and CFO are required by law to sign an attestation. But more and more corporations are including the CIO in that requirement. Primarily because IT now plays such a critical role in ensuring the corporations data is secured and properly managed to retain reliable accounting systems.

Many CIOs become very uncomfortable in signing a corporate level attestation for their organization. How does the CIO know for sure that his direct staff is properly overseeing the IT components they manage? And how do those senior IT executives know that their directors and managers are giving proper attention and accountability to the processes they manage?

Because of this, many IT organizations are implementing an IT management wide Attestation to their compliance standards. From the lowest manager up, these attestations define the responsibility of each manager to adhere to corporate standards and compliance regulations. Each one roles up into a package for the next level manager to review and certify by signing their own attestation. Until finally, all of IT’s management has attested to the oversight of controls. And the CIO now feels like his/her back is covered.

See my IT Governance section for more information about IT Audit, and Governance, Risk Management & Compliance (GRC) and Risk, Security & Compliance Assessments (RSCA).

Continue reading

Implementing GRC In IT

sox404IT Governance

All IT organizations need to implement some type of Governance, Risk Management and Compliance (GRC) in their environment. No matter how big or small your organization might be, if your company has 1 password for something, you need oversight.

Oversight of risk has long been a best practice for any company that wants to remain competitive. A controlled environment provides an organization with stream lined processes, reusable procedures, better functioning systems, and typically under budget of expected costs.

This isn’t just some thing to do in order to meet federal, state or industry regulations. It’s about doing being a reliable business partner, a reputable company and an organization that can be trusted with integrity. All the things any size business needs to get an advantage in their local market.

See my IT Governance section for more information about IT Audit, and Governance, Risk Management & Compliance (GRC) and Risk, Security & Compliance Assessments (RSCA).

Continue reading

IT Governance, Risk Management & Compliance

soxWhat Is It?

Governance, Risk Management & Compliance (GRC) is an overall label for companies to implement best practices in their business and IT process to protect consumers and financial markets.

The concept began in the mid-to-late 1990s when several large publicly traded companies were found to have implemented shady practices to defraud customers, falsely report earnings and evade Federal Regulations.

As a result U.S. Senator Paul Sarbanes (D-MD) and U.S. Representative Michael G. Oxley (R-OH) sponsored a bill known as the ‘Public Company Accounting Reform and Investor Protection Act’ (in the Senate) and the ‘Corporate and Auditing Accountability and Responsibility Act’ (in the House). The bill has become affectionately known as the Sarbanes-Oxley Act or simply SOx and was signed into law in 2002.  Continue reading