Resources for Sarbanes-Oxley (SOX)

What is the role of CIO and CISO compliance?

technology.merinews.com

AS YOUR company’s chief information officer (CIO) or chief information security officer (CISO), you are most concerned that governance requirements are not being well defined. There is ambiguity; there are redundancies; there are areas that are not being covered by current procedures. When this happens, risks and exposures are more likely to occur, threatening the integrity of your company’s compliance efforts. Add to this, the fact that you wish your information technology (IT) organisation could deliver information faster to executives, allowing them to better evaluate company performance.

Your task is not an easy one because you are straddling two worlds – the IT world and the business world. On one hand, you are responsible for the IT infrastructure in the organisation – the automated reporting, the IT staff manual activities, educating the end users on good security practices. On the other hand, you are now being increasingly expected to enforce a business application – governance -- across the entire enterprise. Since governance activities are pervasive throughout the organisation, IT is now being seen as the backbone or conduit for reporting on all of these departmental compliance activities. Your role is evolving into one that includes not only technology, but also business aspects. As such, you have to understand the business framework and the business rules in your organisation. You also have to figure out how to enforce governance at the IT infrastructure level. The IT function is expected to provide all business information regarding governance -- not just the IT compliance information -- for all operations and all departments.

View the Resource

Share or bookmarklet this web page at: