Podcast: The Importance of ‘ITGCs’ 

internal control

Everybody understands that strong controls over technology are crucial to effective corporate compliance, governance, and external reporting — but not enough people (myself included) understand how those IT controls are supposed to work. So when the Institute of Internal Auditors recently announced a certificate in IT general controls, I was intrigued. What education need did…

Read More

When Cybersecurity and IT Risk Converge

risk

The other week I had the good fortune to speak on a webinar about IT risk management, and specifically how compliance and security teams should take more of a risk-focused approach to cybersecurity, rather than a compliance-focused approach.  I’d like to unpack some of that today, because the challenges within a risk-focused approach are becoming…

Read More

Thoughts on IT Risk Management

risk

Another week, another report painting a mottled picture of corporations and their approach to IT risk and compliance. This time around we have interesting points to explore about the pandemic’s effect on IT risk, how companies are responding to that pressure, and who is or isn’t in charge of all this stuff. The report is…

Read More