SOX News

"IT Compliance & Controls" Offers Step-by-Step Approach to Effective Risk Management and Regulatory Compliance

(Aprl 09, 2008)-- A considerable degree of attention has been placed on organizations to improve and disclose the state of Information Technology Internal Controls worldwide by shareholders, management, industry oversight groups and governments. The integrated nature of technology now permeates all aspects of life and is mission critical for most organizations. Recent awareness of the importance of technology by key stakeholders has raised the visibility and scrutiny placed upon the safeguards employed in organizations. No longer may technology be considered after the fact, but must be evaluated prudently at the highest levels to consider the full impact of security, resiliency to operations, integrity of services, propriety of partnerships with vendors and the inevitable risks of operating any business.

In his new book released today at the RSA Conference 2008, "IT Compliance & Controls - Best Practices for Implementation," author James J. DeLuccia IV offers a step-by-step approach using industry best practices to help CIOs adopt and manage new IT controls to reach the highest levels of control and ROI within their organizations. Dispensing invaluable insight into the complex world of interweaving government and industry mandates from around the world, "IT Compliance and Controls" provides a road map to answer the question, "What is the best course of action?"

"James DeLuccia outlines a comprehensive, integrated strategy for achieving regulatory and legislative compliance," said Dr. Richard Reiner, founder of Assurent Secure Technologies. "This approach is vastly superior, both in scalability and in sustainability, to the siloed compliance strategies that are often seen."

"Managing an effective technology control environment requires a thorough understanding of the regulations and standards," said DeLuccia. Answering both the hows and the whys of IT compliance and control, "IT Compliance and Controls" clearly lays out the strategic ROI associated with implementing enterprise controls.

DeLuccia takes a practical approach to evaluating the organization's IT internal controls needs and merges these with the regulated mandates as he develops a plan to achieving a balance of business and assurance. "IT Compliance and Controls" includes a thorough breakdown of a core set of principles and the most prominent IT internal controls in place around the globe, showing readers how to implement these best practices successfully within their own organizations. It provides proven, systematic approaches to map IT controls directly to specific regulatory requirements such as the SAS 70, Sarbanes Oxley (SOX), Payment Card Industry Data Security Standard (PCI DSS), European Union (EU) Directives, Basel II, and the Hong Kong Control framework. Readers will discover the globalization of internal controls, and why this interconnected world must be understood, acknowledged and embraced universally.

Throughout "IT Compliance and Controls," managers and directors charged with supporting environments will discover a refined list of business best practice controls that are explicitly written to ensure they meet the regulations in today's environment, including:

-- The opportunities and challenges of operating in a global environment
-- How technology enables the world market
-- Importance of IT controls
-- Reality and risks to IT controls being effective
-- Enterprise risk analysis
-- Access and authorization
-- Building a system of IT compliance and controls


Written to both enlighten those with fiduciary or senior responsibilities for the enterprise on the impact of the technological relationships being established around the world, and to provide an overview and direction for the IT controls their enterprises should establish, "IT Compliance and Controls" provides readers with an in-depth understanding of the business drivers as well as a guided approach to presenting and communicating the IT control needs to the executive level and board of directors.

"DeLuccia's book is a great primer and must-read for executives who deal with risk on a day-to-day basis," said Salil J. Kulkarni, chief operating and information officer for IVOX Corporation, and former chief information officer for John H. Harland Company. "It masterfully combines the tactical nuts and bolts with the breadth of strategy that all executives must understand in dealing with mitigating risk within the walls of Information Technology in today's global economy. This book offers a structured architectural approach, a 'blueprint in effect,' for new and seasoned executives and business professionals alike to understand the world of compliance -- from the perspective of what the problems are, where they come from, and how to position your company to deal with them today and into the future."

Share or bookmarklet this web page at: