Home/Tag: Tools and Tips

Application Risk Management

Many large and medium sized businesses have the interesting problem of understanding and inventorying the various applications in use across diverse regions and departments. Without this clear understanding of how these applications are being used, who owns them, what type of data is stored inside, and the management of each application, CIOs and management's ability to assess risks are greatly handicapped. [...]

How to Design the Perfect Audit Information Request List (and status tracker)

Any consultant or auditor will tell you that the most difficult part of the job is getting the right information from clients. That is why designing an effective information request list (a.k.a. PBC List) is so important. Oddly enough - it is also a skill that is never formally "taught" to new associates. So here's a beginner's (or advanced!) guide to [...]

By |2020-01-17T21:26:29+00:00March 16th, 2015|IT Audit & Compliance|11 Comments

Creating an IT Risk Dashboard in Excel

One of the most valuable tools in my "IT Audit Arsenal" is the ability to easily identify and communicate risk patterns with a Risk Dashboard. A Risk Dashboard helps drive decisions (like what projects you take on, where company risk resides) and has become an easy way to communicate status and progress reports to the executive team. Over the years my [...]

By |2020-01-17T21:26:45+00:00February 25th, 2015|IT Audit & Compliance|6 Comments

Active Directory Management Tools

I always enjoy seeing the different tools used across different IT shops. In fact, one of the most common questions clients ask is what other companies are using to perform various functions in AD. So, today I figured I’d continue on with the Active Directory theme (started by Christian’s post regarding AD Admin accounts on Monday) and do a quick roundup of [...]

By |2020-01-17T21:26:56+00:00February 19th, 2015|Cyber Risk Management|5 Comments