MIS guest speaker session

Weird day yesterday was. Started with heading to school for a guest speaker session. Meeting terrible news on the way. And then getting marked absent for leaving class to attend to a phone call. Which led to even worse repercussions.

Anyway, the guest speaker was Mr.Sajid Khan. And he spoke about IT Assurance and Risk Management.

Wouldn't expect there to be much room for creativity there but read on.. =)

IT Risk Management leads to 3 key risks :

1. Confidentiality of the Data
2. Integrity of the Data; making sure that its reliable
3. Availability of the Data
   

There are 4 major firms who offer this service

1. Earnest and Young
2. KPMG
3. Price Waterhouse Coopers
4. Deloitte

A good knowledge of business administration, IT aswell as Accounting and Auditing is essential for the effective provision of this service.

You can assess their services on the following bases :

1. IT entry level controls : strategy, policy and procedures, training and development
2. IT general level control :
   SDLC (System Devp. Life Cycle) and Change Management (Integrity),
   Logical Access (Confidentiality),
   IT Operations (Availabilty).
3. IT application controls : with SOX 404 (a requirement to show that internal audits are working) With IT being an integral part of the audit.