The Top Five Benefits of IT Auditing
IT auditors frequently find themselves educating the business community on how their work adds value to an organization. Internal audit departments commonly have an IT audit component which is deployed with a clear perspective on its role in an organization. However, in our experience as IT auditors, the wider business community needs to understand the IT audit function in order to realize the maximum benefit. In this context, we are publishing this brief overview of the specific benefits and added value provided by an IT audit.
To be specific, IT audits may cover a wide range of IT processing and communication infrastructure such as client-server systems and networks, operating systems, security systems, software applications, web services, databases, telecom infrastructure, change management procedures and disaster recovery planning.
The sequence of a standard audit starts with identifying risks, then assessing the design of controls and finally testing the effectiveness of the controls. Skillful auditors can add value in each phase of the audit.
Companies generally maintain an IT audit function to provide assurance on technology controls and to ensure regulatory compliance with federal or industry specific requirements. As investments in technology grow, IT auditing can provide assurance that risks are controlled and that huge losses are not likely. An organization may also determine that a high risk of outage, security threat or vulnerability exists. There may also be requirements for regulatory compliance such as the Sarbanes Oxley Act or requirements that are specific to an industry.
Below we discuss five key areas in which IT auditors can add value to an organization. Of course, the quality and depth of a technical audit is a prerequisite to adding value. The planned scope of an audit is also critical to the value added. Without a clear mandate on what business processes and risks will be audited, it is hard to ensure success or added value.
So here are our top five ways that an IT audit adds value:
1. Reduce risk. The planning and execution of an IT audit consists of the identification and assessment of IT risks in an organization.
IT audits usually cover risks related to confidentiality, integrity and availability of information technology infrastructure and processes. Additional risks include effectiveness, efficiency and reliability of IT.
Once risks are assessed, there can be clear vision on what course to take – to reduce or mitigate the risks through controls, to transfer the risk through insurance or to simply accept the risk as part of the operating environment.
A critical concept here is that IT risk is business risk. Any threat to or vulnerability of critical IT operations can have a direct effect on an entire organization. In short, the organization needs to know where the risks are and then proceed to do something about them.
Best practices in IT risk used by auditors are ISACA COBIT and RiskIT frameworks and the ISO/IEC 27002 standard ‘Code of practice for information security management’.
2. Strengthen controls (and improve security). After assessing risks as described above, controls can then be identified and assessed. Poorly designed or ineffective controls can be redesigned and/or strengthened.
The COBIT framework of IT controls is especially useful here. It consists of four high level domains that cover 32 control processes useful in reducing risk. The COBIT framework covers all aspects of information security including control objectives, key performance indicators, key goal indicators and critical success factors.
An auditor can use COBIT to assess the controls in an organization and make recommendations that add real value to the IT environment and to the organization as a whole.
Another control framework is the Committee of Sponsoring Organizations of the Treadway Commission (COSO) model of internal controls. IT auditors can use this framework to get assurance on (1) the effectiveness and efficiency of operations, (2) the reliability of financial reporting and (3) the compliance with applicable laws and regulations. The framework contains two elements out of five that directly relate to controls – control environment and control activities.
3. Comply with regulations. Wide ranging regulations at the federal and state levels include specific requirements for information security. The IT auditor serves a critical function in ensuring that specific requirements are met, risks are assessed and controls implemented.
Sarbanes Oxley Act (Corporate and Criminal Fraud Accountability Act) includes requirements for all public companies to ensure that internal controls are adequate as defined in the framework of the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) discussed above. It is the IT auditor who provides the assurance that such requirements are met.
Health Insurance Portability and Accountability Act (HIPAA) has three areas of IT requirements – administrative, technical and physical. It is the IT auditor who plays a key role in ensuring compliance with these requirements.
Various industries have additional requirements such as the Payment Card Industry (PCI) Data Security Standard in the credit card industry e.g. Visa and Mastercard.
In all of these compliance and regulatory areas, the IT auditor plays a central role. An organization needs assurance that all requirements are met.
4. Facilitate communication between business and technology management. An audit can have the positive effect of opening channels of communication between an organization’s business and technology management. Auditors interview, observe and test what is happening in reality and in practice. The final deliverables from an audit are valuable information in written reports and oral presentations. Senior management can get direct feedback on how their organization is functioning.
Technology professionals in an organization also need to know the expectations and objectives of senior management. Auditors help this communication from the top down through participation in meetings with technology management and through review of the current implementations of policies, standards and guidelines.
It is important to understand that IT auditing is a key element in management’s oversight of technology. An organization’s technology exists to support business strategy, functions and operations. Alignment of business and supporting technology is critical. IT auditing maintains this alignment.
5. Improve IT Governance. The IT Governance Institute (ITGI) has published the following definition:
‘IT Governance is the responsibility of executives and board of directors, and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategies and objectives.’
The leadership, organizational structures and processes referred to in the definition all point to IT auditors as key players. Central to IT auditing and to overall IT management is a strong understanding of the value, risks and controls around an organization’s technology environment. More specifically, IT auditors review the value, risks and controls in each of the key components of technology – applications, information, infrastructure and people.
Another perspective on IT governance consists of a framework of four key objectives which are also discussed in the IT Governance Institute’s documentation:
*IT is aligned with the business *IT enables the business and maximizes benefits *IT resources are used responsibly *IT risks are managed appropriately
IT auditors provide assurance that each of these objectives is met. Each objective is critical to an organization and is therefore critical in the IT audit function.
To sum up, IT auditing adds value by reducing risks, improving security, complying with regulations and facilitating communication between technology and business management. Finally, IT auditing improves and strengthens overall IT governance.
References:
ISACA. Control Objectives for Information and related Technology (COBIT).
ISO/IEC 27002 Code of practice for information security management.
Committee of Sponsoring Organizations of the Treadway Commission (COSO) Framework.
9 Suggestions for Cleaning and Washing Your Baby Quilts
Cleaning and washing your baby quilt is important since they will get plenty of use from your newborn. Babies tend to make a mess with their eating habits and dirty diapers. Many times that precious blanket just happens to get dirty and washing it is needed. Here are 9 suggestions:
- You can either hand wash or machine wash quilts in cold water on gentle cycle since they are made from either 100% baby cotton flannel or 100% cotton.
- Just as you would wash all other clothes for your newborn baby, use gentle baby detergents so not to harm the fibers. Read the directions package carefully when washing any items used for babies, especially those infants with sensitive skin.
- If pre-treating unwanted stains become necessary, rub gently on the spots, then hand wash or machine in cold water on the gentle cycle
- Custom made baby blankets are keepsakes, so keep washing to a minimum. With the new fabrics on today’s market, they do hold up better than years past, but colors will eventually fade after repeated washings.
- To remove excess water after rinsing, use the palm of your hand and press down on the quilt. Do not wring dry. Wring the quilt will leave lines and break the stitches over time.
- If machine drying, use low heat until most of the moisture is removed and then air dry.
- Use a non-porous surface when laying your quilt flat to dry. Be sure the surface is also clean and free of all items that could could poke holes or cause damage to the materials.
- Do not dry clean. This process will damage the fabrics. This process uses chemicals that are harmful. Babies should also not be exposed to any harmful chemicals, so using a mild detergent recommend for them is always best.
- Finally, keep brightly colored quilts away from sunlight. If you are not using the baby quilts, store them in a closet, under the crib, or in a dresser. Blankets that are used as wall decorations and hung on the wall will fade over time. Once stored, take the quilt out on a regular basis and refold so that permanent lines and creases are not visible over time.
All babies need a soft place to be able to lie on, a place to be able to roll over for the first time, and all those times afterwards. Be sure that you follow these 9 suggestions for cleaning and washing.
Ten Top Tips For Website Improvement
Search Engine optimisation (SEO) is the term used for a range of processes and tools that help to ensure your website is found and, hopefully, found on the first page of any search engine listing for certain words. An entire industry has sprung up as part of the internet revolution. There is one thing that many of these companies have in common. They make the whole process more confusing than it need be and they charge large amounts of money to the customer who then becomes reliant on them. The tips shown below will allow you to get up at least a couple of steps on the ladder to a high performance website. These tips are by no means exhaustive but it will at least start bringing the hits to your site.
Tip 1 Website Content
You just need to look at any website randomly and this point is amply illustrated. The text that you use should be visitor friendly. A visitor wants to see that they are searching for fairly immediately. If you are looking for a manufacturer of widgets the last thing you want to know is all the machinery that the company has got that is used to make the widgets. If you ask yourself “so what” when you have read a website then the website owners have missed the point. Any website should be about benefits to the potential customer. The same widget customer wants to know what colour he can get it in not how they make it. With this in mind your text for the website should not be all about what you do but what you can do for the customer.
Tip 2 Research Keywords and phrases
Ask yourself which search terms will people put into search engines such as Google to find you? This is the basis of all search engine optimisation. You need to follow a few simple rules and identify which are the most important ones for you. Suggestions for key words can be found using Google’s Keyword Tool. But do not be tempted to choose keywords that are the most popular. Firstly those keywords might be the hardest to optimise for and secondly they may not reflect accurately your product or service. Google helpful ly provide an indication of a keyword’s competitiveness and a keyword with less competition may be more appropriate.
Tip 3 Include relevant keywords in your text
To ensure your site is more relevant, include keywords in your text. A word of caution here. You should not be too repetitive with the keywords just to achieve a higher ranking. As we have seen you should write your text for the people who read it and not for the search engines. Also you can have different keywords on the same page or different ones on different pages. This will ensure that each page is optimised not just the home page.
Tip 4 Call to action
Ask yourself one question once you have read a web site page. “What do you want me to do now?” A lot of websites are beautifully written have nicely laid out graphics but then fail to close the deal. That deal may be to get the prospect to click on another page or even to purchase something. So it is very important to have a strong call to action on each page. This call to action can be anything from “call now” to “buy now to get free gift” etc. The aim of a website is to attract someone to it and then get them to do something else.
Tip 5 Keep Navigation Simple
Today people in general have a short attention span or they are impatient as time is precious. You will hear variations on a theme of the following statement but typically when someone lands on your site you have about 12 secs to capture them. If they do not immediately see what they want or have to search through layers of website they will leave and your competitors will benefit. As a rule of thumb no more than three clicks should get anyone to where they need to go to get information they are looking for. It goes without saying also that if you optimise a page for a particular keyword or phrase and someone searches for that phrase they should land on the right page and not on the home page where they will have to search for what they want.
Tip 6 Use Title Tags and Alternate Tags
When you carry out a search on Google or other search engine you will be returned a website name and some other text. The text used comes from the title tags. By default the many websites include something to the effect of “Welcome to our website” or similar. However a better approach would be to include some of your main keywords. And it is perfectly acceptable to include keywords only and not form them into a sentence. You should also keep the company name to the end of the title tags and not the beginning. All of this means that when someone searches on your keywords the list will include a title with the keywords they were searching for and this will encourage them to click on your link.
Alternate tags are the text messages you see when you hover your mouse over a picture or graphic. It is necessary to describe your graphic in this way as Google cannot ‘see’ graphics and therefore will consider them as uninteresting white space. Once again including keywords in your Alt tags will further improve your ranking.
Tip 7 Update regularly
There is nothing worse than seeing a last updated date of many years before. This says that the company cannot be bothered to keep it updated. If this is the case why should the customer be interested? Regular updating is essential to ranking. The more you update your site the more often Google will return and the more often that happens the higher your ranking will be. This does not necessarily mean that you have to change your whole website. It is however worth refreshing it on a regular basis. One way of updating your site regularly is to include a news feed or a blog. This will allow you to change the content of the site without it being too time consuming.
Tip 8 Build Links
Linking to other sites both incoming and outgoing is an important part of optimisation. The more traffic that you have coming from external sites the better your ranking. This means not only trying to obtain reciprocal links but other activities that can be very cost effective. Some of the newer approaches include social networking. LinkedIn, Twitter and Facebook among many others can be used to improve your brand but also to encourage people to visit your site. Once you have built up your following particularly amongst the customer base you are targeting, making offers or offering some other incentive via these media can often result in increased traffic.
Another way of doing this is to write articles like this one on your specialist subject. Including a link to your website with more information, will ensure further click throughs. There are many free press release sites to which you can send your release for distribution. Again click throughs can be obtained linked to further information on your site.
Tip 9 Add Google analytics
If you cannot measure it, you cannot control it! All these tips will lead to changes to the number and types of hits on your site. But how do you know if it is working and how do you know what else to do to improve your SEO? There are many tools available now that will allow you to see how many hits you get on each page, the conversion from enquiry to action, which keywords are important and much more. One such is Google Analytics which is free code generated on the Google website for you to include on each page of your website. This allows the software to track what happens and gives you the results in terms of a regular report. Review of this report on a regular basis will help you to make changes that will improve your site and possibly improve the journey through your site for visitors.
Tip 10 Add news letter/download sign up
How do you capture the details of those prospects who visit your site? One way is to write a regular newsletter, perhaps with offers or important information. Visitors can then sign up to receive this newsletter from your site. Similarly you may write articles, papers or other documents relevant to your industry, technology or market which you can offer free to visitors in exchange for their email address and other details. This is useful in two ways. First you can use the data to build a database for your newsletters and offers etc. Second you can use the information to carry our segmentation of your market which will allow you to precisely target your messages to different groups to make them more relevant.
In the SEO world there are no guarantees and it takes a lot of time consuming effort but the results will be worth it. Also be patient as it will take time for your site to climb the rankings. And finally keep at it. Good SEO requires persistence above all else.
How to Hire a Web Design Company
Hiring a design company is not exactly like hiring individuals for other projects. A web design company often have multiple projects they work on simultaneously and are work intensive groups. They will consistently be available for work and communication involving the work but need directives that are precise and clear in order to function properly. Think of a web design company workers like an extension of a computer. Without proper directives, there is little or nothing they can do to realize the goal you aspire to.
First and foremost, an employer who is looking to hire a web designing company should keep in mind that without a clear picture, a designer has little or no ability to work. While designers can come up with custom designs when asked to, there must be some form of direction so they can design to the proper specification or themes of the project. Without such directives, the themes or consistency of the work may clash with the overall goal of the project. When looking for a website design company, make sure you have a clear idea of what you expect before you demand it of a company.
Second, there is a heavy need for communication throughout the project. It is of no use to a web design firm to be given a task and then left with no follow up. The reason this is important is that the company may notice inconsistencies in the project or function and design conflicts that could be problematic for the overall project. When setting to hire a web designing company, one must remember to let the company know that one will be there to clear up any complication or answer any questions needed to make the project process as efficient as possible.
Finally, one must understand exactly how much money can be utilized for the project. A company must know there are sufficient funds to be utilized to reach any given goal. Most web designing companies can work around smaller budgets and allow an employer to know what they can expect from any given budget. Often they can provide a range of what can be expected given different levels of financial backing.
If these three foundation principles are followed then hiring a web design company will be much less of a headache than without. All that will be left to do is to take the time to find the right candidates for you.
Taking a Look at the Handyman Home Repair Online
The use of the internet has now become a good place for handyman home repair businesses to advertise. These businesses can increase their customer base by simply answering questions regarding house repairs or home remodeling. Thus, customers can find solutions to their questions online and if they need an in-home visit, then they are reassured that this company is a good one.
The main service that these handyman home repair businesses provide online is information. While this won’t increase business directly, it is a means to an end. Some of these sites will send out daily or weekly emails to subscribers about how to prevent a problem around the house, which tool to use, and how to avoid costly mistakes. Once a person feels comfortable with these tips and solutions, they may find that they have a major repair job to be done and will use that business. Home improvements are a major concern for all homeowners, and having quick access to information makes a repair or remodeling job that much easier.
A website for handyman home repairs also gives a business the chance to post items like photos and videos, which are essentially free advertising. Photos and videos can be part of an article on how to repair something, or they can show before and after scenes promoting the value of home improvement projects. They can also show the demeanor of the owner and workers, so potential customers can put a face to a name.
A lot of times a handyman for hire is needed for a simple house repair job, only because the owner wasn’t able to get an answer on how to solve a particular problem themselves. Yet having an online site means that there is the possibility of allowing visitors to send their questions by email. While the business may not directly receive revenue from answering those questions, it does lead to a more positive image, and then when people find they need a quality handyman service for a job they are unable to do on their own, they are more likely to go with a business that they have already had some form of interaction with.
If you place your handyman home repair business on the internet, then you are taking a strong step forward in increasing your chances of gaining more revenue. Such a business tends to require a solid customer base in order to be successful, and many of the techniques mentioned above are easy steps to take to gain the trust of clients. While it can be seen as a free service, ultimately it is about advertising and letting everyone know how dedicated you are to your work and helping others.
The Advantages And Disadvantages Of The Three Major Types Of GPS Vehicle Tracking
There are three major types of GPS vehicle tracking; cellular based tracking, wireless passive tracking and satellite based real-time GPS tracking. This article will outline the advantages and disadvantages associated with all three types of GPS Vehicle Tracking.
Cellular Based Tracking
The initial costs for setting up the system are slightly lower than the other two options. With cellular based tracking average costs are about $500. A cellular based tracking system transmits information about where a vehicle is every five minutes over a land network. The average monthly costs are about thirty-five dollars for airtime and for the information to be displayed over the internet.
Wireless Passive Tracking
A major advantage to this type of tracking system is that there is no monthly fee, so once the system is set up there will be no other costs associated with it. However, setting up the system is a little expensive. The average is about $700 for the hardware, and $800 for the software and database. With this type of system most people say the disadvantage is that the information about where the vehicle has been can only be found out when the vehicle returns back to the companies base. This is a major drawback especially for companies that are looking for a tracking system that will tell them where their vehicle is if it has been stolen or in an accident. However many systems are now inserting wireless modems to their devices so that tracking information can be viewed without having the memory card from the vehicle. With wireless modem wireless passive tracking systems are also able to collect information about how fast the vehicle is traveling, stops made and other detailed information. With this new addition many companies feel this system is a perfect fit because there is still no monthly bill.
Satellite Based Real-Time Tracking
This type of system gives less detailed information, but it works nationwide, which makes it a good choice for shipping and trucking companies. The costs for setting up the system average around $700. The monthly fees for this system vary from five dollars up to one hundred dollars; based on how detailed a company wants the reports to be.
New Technology
In the next few years GPS tracking will be able to provide companies with a number of other advantages. Some companies have already set up a way to have a customers sign and run credit cards onsite through the unit. Others are setting up ways for dispatchers to send re-routing information directly to a drivers GPS unit. Another new advancement for GPS systems is that they will have internet access and stored information about the vehicle so that a driver or mechanic can use the GPS unit to look up diagrams to help them fix the vehicle. In addition to this all of the information will be stored and saved in the companies database.
Zero Tolerance for Mediocrity
Talk to any MBA student and he or she will tell you that there are two styles of management; Theory X and Theory Y. Under Theory X management, it is assumed that people are naturally lazy and irresponsible and further that if brains were gunpowder, the average employee couldn’t blow his nose. Theory Y managers seek open communications and invites employee participation and feedback while providing clear direction and enough empowerment for their people to grow and make mistakes if necessary.
The Zero Tolerance manager comes from Theory Y and says that you respect and have empathy for the employee, while expecting them to perform to the best of their abilities and you never let them settle for less. It says that the manager (or the work team itself) sets the expectations and passes them on in such a way that people know the expectations are not arbitrary or debatable but not punitive either.
Tom Peters & Robert Waterman in their landmark book, In Search of Excellence found that; “The excellent companies are marked by very strong cultures…so strong that you either buy into their norms or you get out. There is no halfway house.” When you join the team, you understand that you have to live up to these expectations or you are not a part of the team.
Retailing superstar Nordstrom’s is a great example of Zero Tolerance. People who work there, face very high expectations (some don’t make it) and are given many responsibilities. There are only two employee rules; #1. Use your own best judgement. #2. If you follow rule #1 no other rules are necessary.
The U.S. Marines are a Zero Tolerance outfit. Expectations are high, discipline is unyielding and the pressure to perform is legendary. But don’t try to take that “Semper Phi” bumper sticker off of the car of a marine. Marines are a proud and motivated lot because they have been a part of a tough and unyielding, worthwhile organization that expects and gets the best out of it’s people. They have learned the truth about teamwork and individual responsibility and passed the test of Zero Tolerance for Mediocrity.
You can lead you people into excellence and self-pride by coaching them to understand Zero Tolerance is the only thing that is acceptable and if you are going to be on this team…you will excel.
Rules to Remember
#1 You can never not lead!
The beleaguered manager says, “I tell the employees to honor our customers. ‘They write your paycheck’ I tell them that, ‘ The Customer is # 1’ but we are still losing market share and I know it’s because of poor service habits.” Denial is more than just a river in Egypt.
Employees watch your feet not your lips. The question is what is the manager doing to show the staff where his priorities really are.
Good intentions are no substitute for positive results. I remember many years ago I was guilty of whining about the lack of sales productivity on my team of sales reps. George Morgan, our vice president of sales looked me straight in the eyes and said, “Rick, you’ll be surprised how good they will get once their manager gets good!”
Teddy Rooseveldt said, “There are no bad soldiers only bad officers.” The manager hires, trains and establishes the work environment and must ultimately take responsibility for the results. Everything that you and I do as managers affects the fragile attitude, motivation and work ethic of our employees.
As a manager, you can never not lead. You can’t nail Jello to a wall. You can’t find a sunrise by walking west and you can never not lead. Someone once said, “If you keep doing what you have always done, you’ll keep getting what you have always gotten.”
#2 Do unto your employees as you would have them do unto your customers.
Who are the most important people to walk through the doors of your business each day? Customers, right? Wrong!
We learned a long time ago while doing sales training and consulting, that the lowest paid employee on the staff can run off more business that the highest paid salesperson can bring in. Please recognize that how we treat our people, will be directly reflected in their attitude toward our customers. It’s human nature.
Some managers seem to wait for people to do something wrong, just to correct them. When rules or work directions are unclear, vacillating or arbitrary, people become frustrated and even resentful. And our customers can read it.
Give clear direction and let people know your expectations are not arbitrary, not punitive and not debatable.
Once your staff understands the rules, get them involved in the decisions about those rules. Let them know it is OK to question the rules and they will make a very positive impact in the organization. As a salesman told me one time, “Anybody can walk on water if they know where all of the stumps are.”
The German philosopher Goethe said, “Treat a man as he appears to be and you will make him worse. But treat a man as he was already what he could potentially be and you will make him what he could be.”
#3 NEVER SETTLE
Never settle? Never settle for what has always been acceptable or has worked in the past. Settling for past accomplishments, leads to complacency. How long will your customers settle for your past reputation or accomplishments? The greatest enemy of excellence is ‘good’ and once you settle for ‘good’, you will never see excellence again.
A manager once told me that an uncompromising attitude like “never settling” is unreasonable. My question is, “Are your customers reasonable?” If not then perhaps it is time to get unreasonable.
Is the unreasonable possible? If you have never stretched your staff to discover what is “unreasonable,” you don’t know what your potential really is. Have unreasonable expectations. Walk around assuming that nothing is unreasonable and you will get a whole new definition of what is possible.
One of the greatest dangers facing American industry is the under utilized employee. Typically, employees in Japanese electronics industry submit 54 suggestions per employee. For the same period, each American employee submitted less than one suggestion.
Front line people who, are intimately familiar with the details of their work environment, are not contributing their ideas to promote productivity. They continue to tell us “Nobody listens so why even try?” We can’t accept or settle for employee complacency that is rooted in old management practices. When employees are involved and empowered in the organization they will contribute and buy into the future of the organization.
One word of caution to managers: Once you ask employees to look beyond what most people assume is reasonable to what is possible, you have to become an advocate for their ideas. You will have to be an active listener and a participant in the change. Employee motivation and trust is fragile and circumstantial and that is the responsibility of the manager.
Finally, we need to understand that the impact of Zero Tolerance for Mediocrity stretches far beyond the doors of our businesses. It reaches into the very fabric of our country since the only standard of performance that can sustain a free society is excellence.
