Xemba Translations Case Study
• The IT compliance control management process requires significant time and cost to meet critical IT compliance objectives and risk remediation activities.
• IT control assessment gives an initial sense of comfort, not assurance on the effectiveness of the compliance control management process.
• Identifying the need for IT compliance control re-evaluation can be a challenging activity, akin to identifying a needle in a haystack. (Jody Osborn, 2010)
• Understand IT compliance control re-evaluation — the what, why and how of the mechanism.
• Identify the need (when) for IT compliance control re-evaluation by looking for trends in incident management, IT risk assessment, exception management, control assessment and audit findings.
• Maintain direct communication with individual process owners when identifying trends, and maintain transparency with all concerned process owners when discussing results of relevant weaknesses in controls.
• Plan the changes — do not make drastic changes to all identified controls all at once.
IT Compliance Control Re-evaluation
This research presents a high-level understanding of the control re-evaluation mechanism, followed by details of five trends to help CIOs, CISOs and IT compliance managers predict when to reevaluate compliance controls. (Dieter De Smet, 2011)
What Is IT Compliance Control Re-evaluation?
It is a corrective and preventive mechanism by which IT compliance controls are validated from the perspective of the entire control development process. Control re-evaluation is different from control assessment. Typical control assessments are done to verify the control implementation against the control objective. Control re-evaluation extends to the verification of the phases of the control development process and requirements of the corresponding control attributes. It can be viewed as a...