Home/Tag: Internal Audit

ISO 27001 vs SOC 2: Choosing a Compliance Framework

In a previous blog post, we discussed the differences between SOC 2 vs ISO 27001. In this post, we will look at the factors affecting the decision of choosing which  of the two compliance frameworks best aligns with your business needs. Client Expectations The choice to adopt a compliance framework is often driven by client expectations. Clients may stipulate in [...]

By |2020-08-07T15:39:04+00:00August 3rd, 2020|ISO 27001 Compliance, SOC Reporting|0 Comments

SOC 2 vs ISO 27001: What’s The Difference?

Navigating the ins and outs of two of the most popular compliance frameworks. When it comes to vendor due diligence, many companies are raising the bar. This article will help you weigh the difference on SOC 2 vs ISO 27001.  In addition to evaluating vendor revenue, growth, and skills, security is becoming an important focus of client reviews. With almost half [...]

By |2020-08-04T12:33:07+00:00July 13th, 2020|ISO 27001 Compliance, SOC Reporting|0 Comments

Performing Effective User Access Reviews

Correcting mistakes that arise in the day-to-day management of access control.   Organizations can take many steps to manage access, such as adopting documented registration and de-registration processes, maintaining a list of service accounts, and segmenting networks. While all are effective ways of managing access, they occasionally fail.   For example, a step may be missed in the on-boarding process. A [...]

Craftsmanship in Music and Compliance

If you’ve been on stage for a speech or performing arts, you know stage fright is real. Businesses can get nervous when they hear the word "audit" in the same way musicians can get nervous before a performance. However, there is one great way to alleviate that fear: preparation. If your business prepares well, you will see the fruits of that [...]

Bridge the Gap Between Internal Audit & Enterprise Risk Management – Identify Business Drivers (PART 4)

Author’s Note: This series will help you build an ERM system that will bridge the gap between Internal Audit (IA) and Enterprise Risk Management (ERM). Part 1 | Part 2 | Part 3 | Part 4 Business Drivers are typically defined by executive management with guidance from the board of directors. From an internal audit or ERM perspective, though we do not define business drivers, [...]

Bridge the Gap Between Internal Audit & Enterprise Risk Management – ERM Framework (PART 3)

Author’s Note: This series will help you build an ERM system that will bridge the gap between Internal Audit (IA) and Enterprise Risk Management (ERM). Part 1 | Part 2 | Part 3 In Part 2 of this series I discussed what an ERM Dashboard might look like, but that still leaves out the details when it comes to creating one for yourself. [...]

By |2020-01-17T21:22:05+00:00September 28th, 2015|Cyber Risk Management, IT Audit & Compliance|0 Comments

Bridge the Gap Between Internal Audit & Enterprise Risk Management – Begin With the End in Mind (PART 2)

Author’s Note: This series will help you build an ERM system that will bridge the gap between Internal Audit (IA) and Enterprise Risk Management (ERM). Part 1 | Part 2 | Part 3 Begin with the End in Mind Our goal with an ERM system is to be able to track the health of the company by linking processes, controls, and risks to business [...]

By |2020-01-17T21:22:07+00:00September 25th, 2015|Cyber Risk Management, IT Audit & Compliance|2 Comments

Bridge the Gap Between Internal Audit & Enterprise Risk Management (Part 1)

Author’s Note: This series will help you build an ERM system that will bridge the gap between Internal Audit (IA) and Enterprise Risk Management (ERM). Part 1 | Part 2 | Part 3 Last week I had the pleasure of listening Larry Harrington speak at an IIA conference in Atlanta. One point Larry brought up was the role Internal Audit (IA) can and [...]

By |2020-01-17T21:22:13+00:00September 23rd, 2015|Cyber Risk Management, IT Audit & Compliance|0 Comments