tag:blogger.com,1999:blog-4030420308121324662024-02-24T01:11:59.426-08:00CORPORATE MANAGEMENT CONTROLSMethods, policies, procedures, techniques, articles and tools about governance and controls and how all of these improve the strategic and operational aspects of private and public-sector organizations in all business functions of the modern organizations and enterprises.jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.comBlogger20125tag:blogger.com,1999:blog-403042030812132466.post-2437661340647203632012-03-14T11:37:00.000-07:002012-03-14T11:37:10.313-07:00COSO 2011 DRAFT- COMMENTS and RECOMMENDATIONS<div dir="ltr" style="text-align: left;" trbidi="on"> <br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="font-family: "Times New Roman","serif"; font-size: 16pt;">COSO 2011 DRAFT- COMMENTS and RECOMMENDATIONS<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">by John Kyriazoglou*<o:p></o:p></span></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">Submitted on date: 14 March 2012</span></u></b><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"> <o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"><a href="http://www.ic.coso.org/provide-feedback.aspx"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.ic.coso.org/provide-feedback.aspx</span></span></a><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Summary<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold; mso-highlight: yellow;">This document contains the details comments and recommendations of John Kyriazoglou (credentials at the end of this document) as the result of reviewing the 2011 COSO Draft Exposure, available at: <b><u><a href="http://www.ic.coso.org/provide-feedback.aspx"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.ic.coso.org/provide-feedback.aspx</span></span></a><o:p></o:p></u></b></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold; mso-highlight: yellow;">These relate to a variety of issues, such as: Comparison of new COSO (2011 version) to COSO 1992 Model, Using and applying new COSO framework, Strategy, Importance of strategy, </span><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">Strategic and operational control, <span style="mso-bidi-font-weight: bold;">Objectives, Objective setting and internal control, </span>General business goals, Business objectives, <span style="color: black; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">Principles, Internal Control Activities, Preventive and Detective controls, </span></span><strong><span lang="EN" style="background: yellow; font-size: 12pt; font-weight: normal; mso-ansi-language: EN; mso-highlight: yellow;">The role of the board in strategy, Lines of Defense, Performance</span></strong><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN; mso-highlight: yellow;"> </span></b><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">Measures,<b style="mso-bidi-font-weight: normal;"> </b></span><strong><span lang="EN" style="background: yellow; font-size: 12pt; font-weight: normal; mso-ansi-language: EN; mso-highlight: yellow;">Performance and risks, </span></strong><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">Role of board and management in performance, Role of board and management in accountability for internal control, </span><strong><span lang="EN" style="background: yellow; font-size: 12pt; font-weight: normal; mso-ansi-language: EN; mso-highlight: yellow;">Role of data privacy officer, Technology general controls, </span></strong><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">General IT Controls, Application Systems Controls, </span><strong><span lang="EN" style="background: yellow; font-size: 12pt; font-weight: normal; mso-ansi-language: EN; mso-highlight: yellow;">Safeguarding of assets, Audit trail, Compliance measurement, </span></strong><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">Business process control activities and Glossary.</span><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"><o:p></o:p></span></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: aqua; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: aqua;">A. GENERAL COMMENTS</span></u></b><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Comparison of new COSO (2011 version) to COSO 1992 Model <o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">1.</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;"> The new COSO (2011 version) is definitely an improvement over the old COSO (1992 version). <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">2.</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;"> The principles approach is good guidance. It provides a foundation upon which to build your own control model. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">3</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">. The description and use of objectives, risk and compliance are also very good. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Using and applying new COSO framework<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">4.</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;"> The new COSO framework may be directly applicable to business or commercial or financial transaction-oriented organizations like most private companies, where there is an exchange of assets (information, goods/products, services, etc.) for payments. It may not be applicable to organizations that provide services without generating business or financial transactions, like public ministries, etc., which exchange information, goods/products or services and which also do not charge for their services. Also some real-life examples and case studies on applying the new COSO would make this new framework more helpful. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">5.</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;"> Several conceptual issues, however, must be cleared and dealt with. See my detail comments next.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: lime; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: lime;">B. DETAIL COMMENTS</span></u></b><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">6.</span></u></b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;"> <b>Strategy<o:p></o:p></b></span></u></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">6.1. Strategy in COSO</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">: In the new COSO document, this strategic aspect of organizations does not exist in its proper status. Strategy, in one small reference, is conceptualized as being subservient to operations! It should be the other way around. Strategic objectives are contained in the 2004 Enterprise Risk Management- Integrated Framework. Why are they not included in this framework? <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">6.2. Importance of strategy</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">: I conceptualize organizations as living organisms. They envision where they should be going to by formulating a vision, mission and values. These drive, enable and lead management to craft and implement a strategy. The specific corporate strategy is effected by operational transactions with the production and delivery of products, services, results and outcomes (the strategic and operational control process). All of these aim to benefit its stakeholders and society. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">6.3. Strategic and operational control</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">: Strategic and operational control<b style="mso-bidi-font-weight: normal;"> </b>is the process by which managers monitor the ongoing activities of an organization and its members to evaluate whether activities are being performed efficiently and effectively and to take corrective action to improve performance if they are not. First, strategic and operational managers choose the organizational strategy and structure they hope will allow the organization to use its resources most effectively to create value for its customers. Second, strategic and operational managers create control systems to monitor and evaluate whether, in fact, their organization’s strategy and structure are working as the managers intended, how they could be improved, and how they should be changed if they are not working. Strategic and operational control does not just mean reacting to events <i style="mso-bidi-font-style: normal;">after</i> they have occurred; it also means keeping an organization on track, anticipating events that might occur, and responding swiftly to new opportunities that present themselves. Thus strategic and operational control is not just about monitoring how well an organization and its members are achieving current goals or about how well the firm is utilizing its existing resources. It is also about keeping employees motivated, focused on the important problems confronting an organization now and in the future, and working together to find solutions that can help an organization perform better over time<b style="mso-bidi-font-weight: normal;"><u><o:p></o:p></u></b></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">7.</span></u></b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;"> <b>Objectives</b><o:p></o:p></span></u></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">7.1. Conceptual clarity</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">: Categories of objectives (operations, reporting, compliance) are fine. I think that strategy is missing (see my point 6 for explanatory details). Also these objectives are not well connected, conceptually, at least.<span style="mso-spacerun: yes;"> </span>Objectives should follow the chain that would link them and bond them together in the following sequence: <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">7.1.1. Vision, mission and values statements are promulgated and communicated. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">7.1.2. These enable, facilitate and develop corporate and operational strategy and business goals. 7.1.3. Business goals become more specific as objectives by senior and middle-level management.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">7.1.4. The achievement of objectives are to be compared if achieved to performance targets.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">7.1.5. All of these are to be managed by a performance management system. No such clear link is represented in the new COSO framework.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">7.2. Objective setting and internal control</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">: The statement made in the new COSO that ‘objective-setting is not part of internal control’, is, I think, quite wrong: see reasons noted in points 7.1 and 6 before.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">7.3. Business goals and objectives</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">: The term ‘objective’ in the new COSO needs a better definition. For example ‘avoid waste and rework, reduce cost, etc., are described as objectives. But these are goals more than objectives. Goals are more general while objectives are more specific, measurable, attainable, realistic, and relate both to a performance target and a time-frame. See examples next.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">7.3.1. General business goals</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">: 1. Increase market share in each of our markets, 2. Improve customer satisfaction, 3. Improve company profitability, 4. Increase company sales in products ‘x’, ‘y’ and ‘z’, 5. Create better products and services, etc.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">7.3.2. Business objectives</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">: 1. Increase customer base by 3% in each year for the next 4 years, 2. Decrease of production costs by 5% in each of the next 4 years, 3. Increase revenues by 5% in each of the next 4 years.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><b><u><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic;">8. Term ‘Other personnel’<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">This term is too general and does no justice to all involved and impacted participants in today’s business environment. It should be expanded to include employees, external service providers, joint-project staff, stakeholders, shareholders, regulators, community members.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><b><u><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic;">9. Principles</span></u></b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;"> <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">The proposed 17 principles of the new COSO are a good base. I think 3 more principles should be added, as described below, and therefore the total should become: 20. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic;">9.1. Control Environment (5 principles) </span></b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">: Principle 1 of the new COSO ‘integrity, ethical values’ should be expanded to include the following set of human factors, defined as ‘soft controls’, which include: </span><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">tone at the top, </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">understanding of the organization by the board, culture, structure of reporting relationships,<span style="mso-spacerun: yes;"> </span></span><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">morale, integrity and ethical values, operational philosophy, trust, ethical climate, empowerment, corporate attitudes, competences, leadership, employee motivation, expectations, openness and shared values, information flow throughout the organization, and emotional contracting. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">9.1.1.</span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;"> </span><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Tone at the top: </span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Tone at the top<b style="mso-bidi-font-weight: normal;"> </b>refers to how an organization's leadership creates the tone at the top - an ethical (or unethical) atmosphere in the workplace. Management's tone has a trickle-down effect on employees. If top managers uphold ethics and integrity so will employees. But if upper management appears unconcerned with ethics and focuses solely on the bottom line, employees will be more prone to commit fraud and feel that ethical conduct isn't a priority. In short, employees will follow the examples of their bosses.</span><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;"><o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">9.1.2. Understanding of the organization by the board: </span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">The board needs to fully understand the organization they supervise and control so that they are as effective as possible in discharging their duties. This understanding involves both the internal (size, form, strategy, structure, people, policies, procedures, operating style, culture, beliefs, etc.) and external (industry, rules, regulations, market, geopolitical locations, etc.) aspects of the organization <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">9.1.3. Structure of reporting relationships</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">: The structure of reporting relationships is usually depicted in an organizational chart. This chart can provide a great deal of information and may help organizational members understand the overall structure of the organization and its strategy. <br style="mso-special-character: line-break;" /> <br style="mso-special-character: line-break;" /> </span><span style="background: yellow; mso-highlight: yellow;"><o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">9.1.4. Culture</span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">: Culture is the environment that surrounds you at work all of the time. Culture is made up of <span style="mso-bidi-font-weight: bold;">the values, beliefs, underlying assumptions, attitudes, and behaviors shared by a group of people.</span> Culture is the behavior that results when a group arrives at a set of - generally unspoken and unwritten - rules for working together. An organization’s culture is made up of all of the life experiences each employee brings to the organization. Culture is especially influenced by the organization’s founder, board of directors, executives, and other managerial staff because of their role in decision making and strategic direction.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">9.1.5. Morale</span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">: <span style="mso-bidi-font-weight: bold;">Morale is </span></span><span lang="EN" style="color: black; font-family: "Georgia","serif"; mso-ansi-language: EN;">"moral principles or practice". In corporate terms it </span><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">describes the capacity of employees to maintain belief in the organization they work for, or a goal set by their superiors. It refers to the level of faith of individual employees in the collective benefit gained by such performance. Managers must pay special attention in improving morale for their employees. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">9.1.6. Integrity and ethical values: </span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">Integrity is the inner sense of "wholeness" deriving from qualities such as honesty, truthfulness and consistency of personal character. In a corporate environment, integrity and ethical values mean that both employees and their managers must interact with each other, in all their business activities, on the basis of integrity, honesty, truthfulness and consistency in the actions they execute, methods and measures they use to monitor performance, principles they activate, and expectations, results and outcomes they manage. Also in this regard, managers must lead by example, so that their employees follow.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">9.1.7. Operational philosophy: </span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">Operational philosophy is an explicit (written) or implicit (unwritten) declaration of how a person, group or organization operates. In corporate terms, it represents how business is conducted by all levels of management in various areas, such as: investments, funding, managing employee relationships, customer transactions, regulatory authorities, risk-taking, quality, profits, ethical standards, environment, etc.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">9.1.8. Trust: </span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">Trust means ‘reliance to another person or entity’. Aristotle believed that trust of a speaker by the listener, was based on the listener's perception of three characteristics of the speaker: the intelligence of the speaker (correctness of opinions, or competence), the character of the speaker (reliability - a competence factor, and honesty - a measure of intentions), and the goodwill of the speaker (favorable intentions towards the listener). In corporate terms, t<span style="mso-bidi-font-weight: bold;">rust</span> forms the foundation for effective communication, employee retention, and employee motivation and is a major contributor of the extra effort and energy that people voluntarily invest in work. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">9.1.9. Ethical climate</span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">: </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">The ethical climate of an organization is the shared set of understandings about what is the correct behavior and how all ethical issues will be handled. This climate sets the tone for decision making at all levels of the organization and in all circumstances, activities and dealings of all participants in the affairs of the company. Managers must pay special attention to ensure that they always maintain a positive and ethical climate in managing and interacting with their employees, their superiors and their customers. They may need to leave aside and amend, a little, their personal self-interest, company profit, operating efficiency, rules, procedures, etc., in order to preserve and improve this ethical climate.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">9.1.10. Empowerment: </span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN; mso-bidi-font-weight: bold;">Empowerment</span><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;"> refers to increasing the spiritual, political, social, racial, educational, economic or other strength of individuals and communities. </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Empowerment in corporate environments for employees means three things: (1) Enabling employees to make more, better and larger-scope decisions without having to refer to someone more senior, (2) Involving employees in assuming responsibility for improving the way that things are done in their daily work activities and (3) Encouraging employees to assume a more energetic and effective role in their work. Empowering employees is carried out by senior management of organizations by giving the authority and the responsibility to employees of carrying out specific actions to achieve corporate goals and monitoring these results to ensure that these are properly done.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">9.1.11. Corporate attitudes: </span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">The concept of <span style="mso-bidi-font-weight: bold;">attitude</span> represents an individual's degree of like or dislike for something (person, place, thing, or event). In a corporate work-place attitudes play a great role in employees executing corporate tasks and achieving strategic and operational goals predetermined by senior managers. If they like the organization or their manager or the task they will perform better, in most cases. If they dislike the organization or their manager or their task they are bound to perform at a lesser degree.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">9.1.12. Competences</span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">: Competence m<span style="color: black;">eans "sufficiency to deal with what is at hand". </span><span style="mso-bidi-font-weight: bold;">Competence</span> in a corporate environment is the ability, the will, the commitment, the knowledge, the skills and the dexterities of an individual to perform a job or task properly. </span><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt;">Managers must manage and improve the competences of themselves and their employees through education, training, coaching, mentoring, etc.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">9.1.13. Leadership: </span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">Leadership is "organizing a group of people to achieve a common goal". Leadership in a corporate environment is manifested in managers exhibiting traits, such as: intelligence, personal effectiveness and efficiency, high level of creativity in resolving issues and problems, adjustment, extraversion, conscientiousness, and motivation, which are used for accomplishing goals for the given corporate entity.<span style="mso-spacerun: yes;"> </span><b style="mso-bidi-font-weight: normal;"><o:p></o:p></b></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">9.1.14. Employee motivation: </span></b><span lang="EN" style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">Motivation is "inner or social stimulus for an action" for human beings. In a corporate environment, managers need to motivate employees to do a better job. This is achieved, according to various thinkers (Maslow, Argyris, McClelland, etc.) by using various strategies, such as: positive reinforcement, effective discipline and punishment, treating people fairly, satisfying employee needs, setting achievable work-related goals, restructuring jobs/tasks and rewarding people on job performance.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">9.1.15. Expectations</span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">: Expectations is t<span style="color: black;">he act or process of knowing what is anticipated in a given work situation. This means that managers must consider the issue of </span></span><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">expectations in dealing with their employees. This may be achieved by meeting with employees on a regular basis to discuss problems, issues, goals and progress. This will help employees understand the employer's expectations. Learning what interests and engages employees can help managers to distribute work in a way that promotes enthusiasm for completing tasks. Expressing confidence in each employee's ability and reinforcing past achievement is the primary key to maintaining employee motivation.<br style="mso-special-character: line-break;" /> <br style="mso-special-character: line-break;" /> <b style="mso-bidi-font-weight: normal;"><span style="background: yellow; mso-highlight: yellow;"><o:p></o:p></span></b></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">9.1.16. O</span></b><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">penness and shared values</span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">: <span style="mso-bidi-font-weight: bold;">Openness</span> is the quality of being open. Values represent what a person believes in. In corporate terms openness and shared values characterize an environment in which decisions are made and communicated by appreciating the opinions, skills and knowledge of all employees and by the tendency to re-examine traditional standards in order to achieve better and more beneficial results.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">9.1.17. Information flow throughout the organization</span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">: Information flow throughout the organization is usually attained by both informal and formal communication systems. Formal communication is used to distribute and implement rules, policies and procedures. Managers, however, must pay attention also to informal communication as this type of communication may hinder or ensure the effective conduct of work in modern organizations.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">9.1.18. Emotional contracting: </span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">All of these types of soft controls (</span><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">tone at the top, </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">understanding of the organization by the board, culture, structure of reporting relationships, </span><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN;">morale, integrity and ethical values, operational philosophy, trust, ethical climate, empowerment, etc.), </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">refer to the emotional contracting issue, also referred to as 'the psychological contract'. This is the crucial and powerful link between the organizational performance intent, and the motivations, values and aspirations of the people. This emotional contracting element is sometimes overlooked by organizations and managers, and that is the reason that may explain why the people have failed to do what the organization expected and asked them to do. In management and organizational theory many employee attitudes such as trust, faith, commitment, enthusiasm, and satisfaction depend heavily on a fair and balanced Psychological Contract. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">9.1.19</span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">. S</span><b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic;">ocial accountability: </span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">Also t</span><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">he principle of ‘<b>social accountability</b>’ should be added. See standard ‘</span><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">SA8000’ for more details.<span style="color: black; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;"><o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic;">9.2. Risk Assessment (4 principles)</span></b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">: There is a major discrepancy here between the 2004 Enterprise Risk Management-Integrated Framework and the new COSO 2011 Framework. Which risk analysis model should one use? Also I think that the new principle of ‘<b>business and IT continuity’</b> should be added to the new COSO. Business and IT continuity are part of </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Business Continuity Management (BCM) Process. This is a corporate process that identifies potential impacts that threaten an organization and its critical business functions and critical IT systems and infrastructure, and provides a framework for building resilience and the capability for an effective response and recovery which protects the interests of its key stake holders, corporate reputation and brand name and value creating activities<b><span style="color: black; mso-bidi-font-style: italic;"><o:p></o:p></span></b></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic;">9.3. Control Activities (3 principles)</span></b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">: Principle 12 of the new COSO ‘policies are effected by procedures’ needs restating. Policies define what is to be done, while procedures define how what is described in policies is to be done. But the actual effect of policies and procedures is attained by a set of human factors, defined a ‘soft controls’. See my point 9.1.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic;">9.4. Information and Communication (3 principles): </span></b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">I am recommending the following additions:<b><o:p></o:p></b></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic;">9.4.1. Data governance</span></b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">: I am suggesting that the new principle of ‘data governance’ should be added to the new COSO. Data governance relates to </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">developing specific procedures and controls to manage and protect corporate business files, records and data. These controls include procedures and actions for: (1) Business Record Keeping Systems, (2) Files, Documents and Records (FDR) Management Procedures, (3) Business Data Register, (4) Business Data Librarian, (5) Data Quality Monitoring Procedure, (6) Data Cleansing Controls, (7) Data Mart and Data Warehouse Controls, etc.<span style="color: black; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;"><o:p></o:p></span></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">9.4.2. Data classification</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">: The control of ‘data classification policy’ to categorize data according to various data privacy rules (e.g., public, confidential, sensitive and very sensitive, etc.) should also be added. </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-fareast-font-family: "MS Mincho";">The aim of this policy is to help management and staff of a corporate entity in determining what information can be disclosed to non-employees, as well as the relative sensitivity of information that should not be disclosed outside of the specific organization without proper authorization. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic;">9.5. Monitoring activities (2 principles)</span></b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">: I am suggesting that Principle 17 of the new COSO ‘<b>evaluate and communicate control deficiencies</b>’ should be expanded to include improving controls as a separate set of activities. <span style="mso-spacerun: yes;"> </span>Also the new COSO statement ‘performance evaluation against management criteria’ should include ‘as well as industry and professional well-accepted practices and standards’.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><b><u><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic;">10. Internal Control Activities<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic;">10.1. Preventive and Detective controls</span></b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">: The new COSO describes 2 control activities: Preventive controls and Detective controls. I think the following 3 should be added: Directive controls (vision and mission statements, policies and procedures, etc.), </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">Compensating Controls (review, checking, auditing and monitoring actions in the absence of segregation of duties, etc.) and </span><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">Corrective controls (disciplinary actions, backing up and recovering data and systems, correcting data in systems, using quality inspection techniques, etc.)</span></strong><strong><span lang="EN" style="font-size: 12pt; mso-ansi-language: EN;">.<o:p></o:p></span></strong></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><strong><span lang="EN" style="font-size: 12pt; mso-ansi-language: EN;">10.2. The role of the board in strategy: </span></strong><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">The new COSO states that ‘not every decision or action of management, however, is part of internal control. For example, board deciding on or approving a strategic plan is not part of internal control’. I find this statement quite problematic. Without board’s approval you are bound to have a chaotic situation, to say the least. Management should not be left alone to do as they may well please. See also my detail comments (point 6 above) why s</span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">trategy, as a major issue, is important to internal control.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><strong><u><span lang="EN" style="font-size: 12pt; mso-ansi-language: EN;">11. Lines of Defense<o:p></o:p></span></u></strong></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">The new COSO states 3 lines of defense: Management, Business functions and Internal Audit. <o:p></o:p></span></strong></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 10pt; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;"><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">I think the full lines of defense should be 5 as noted next: <o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">11.1. <b style="mso-bidi-font-weight: normal;">First Level</b> (Organize): </span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN-GB; mso-fareast-language: EL;">1. Board, management and committee roles, structure and responsibilities, 2. Business functions and resources, 3. Standards, policies and procedures.</span><strong><span lang="EN" style="background: yellow; font-size: 12pt; mso-ansi-language: EN; mso-highlight: yellow;"><o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">11.2. <b style="mso-bidi-font-weight: normal;">Second Level</b> (Envision): </span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN-GB; mso-fareast-language: EL;">1. Corporate culture, vision, mission and values, 2. Strategy, goals, objectives and targets, 3. Performance framework.</span><strong><span lang="EN" style="background: yellow; font-size: 12pt; mso-ansi-language: EN; mso-highlight: yellow;"><o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">11.3. <b style="mso-bidi-font-weight: normal;">Third Level</b> (Govern): </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-fareast-language: EL;">1. Strategy, 2. </span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN-GB; mso-fareast-language: EL;">GRC (Governance, Risk and Compliance) controls, 3. </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-fareast-language: EL;">Operational controls (purchasing, finance, IT, data, security, fraud, etc.), 4</span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN-GB; mso-fareast-language: EL;">. Segregation of duties, 5. Management & compliance reporting, 6. Community involvement.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">11.4. <b style="mso-bidi-font-weight: normal;">Fourth Level</b> (Audit): </span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN-GB; mso-fareast-language: EL;">1. Monitoring controls 2. Internal audits, 3. Self-assessments, 4. External audits, 4. Regulatory audits.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">11.5. <b style="mso-bidi-font-weight: normal;">Fifth Level</b> (Augment): </span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN-GB; mso-fareast-language: EL;">1. Comparative benchmark studies by external experts, 2. Certify personnel, 3. Certify organizational components (structure, service quality, policies and procedures).<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">12. </span></u></b><strong><u><span lang="EN" style="font-size: 12pt; mso-ansi-language: EN;">Performance</span></u></strong><b style="mso-bidi-font-weight: normal;"><u><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt;"> </span></u></b><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Measures</span></u></b><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"><o:p></o:p></span></b></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">The new COSO describes measures, rewards and incentives only. This is fine. But also I think that performance measures are only relevant when they are compared against pre-determined performance targets, while the whole process should be managed by a performance management system, which includes all of the above in an integrated and holistic way.<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><u><span lang="EN" style="font-size: 12pt; mso-ansi-language: EN;">13. Performance and risks<o:p></o:p></span></u></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">The new COSO states that performance is measured in relation to objectives and the ability to manage within risks, historical (retrospective) or forward-looking (prospective). I would also add performance targets (see 12.1. above).<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">14. Role of board and management in performance<o:p></o:p></span></u></b></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">The new COSO states that board and management evaluate performance of individuals in relation to defined performance measures. This is fine. But also I think that performance of individuals is only relevant when it is compared against pre-determined performance targets.<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">15. Role of board and management in accountability for internal control<o:p></o:p></span></u></b></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">15.1. Role of board: </span></b><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">The new COSO states that the board holds management responsible for internal control issues. This is fine. But also I think that the board itself should be held responsible to the company’s shareholders, stakeholders and regulators for their errors and omissions in all aspects of internal controls. <o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span lang="EN" style="font-size: 12pt; mso-ansi-language: EN;">15.2. Role of data privacy officer</span></strong><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">: The role of a data privacy officer should also be described in </span></strong><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;"><span style="mso-spacerun: yes;"> </span>the new COSO</span><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">. For example, the responsibilities of a data privacy officer include the following activities: (1) </span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Develop, initiate, maintain, and revise policies and procedures for the general operation of the Data Privacy Program and its related activities, including educating, training and coaching all participants of the organization to prevent illegal, unethical, or improper data privacy breaches, (2) Run and manage the day-to-day operation of the Program, and (3) Develop and periodically review and update Standards of Conduct to ensure continuing currency and relevance in providing guidance to management and employees on Data Privacy issues, according to the current national and local data privacy laws and practices). <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><u><span lang="EN" style="font-size: 12pt; mso-ansi-language: EN;">16. Technology general controls</span></u></strong><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;"> <o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span lang="EN" style="font-size: 12pt; mso-ansi-language: EN;">16.1. Concept of technology</span></strong><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">: The new COSO relates ‘technology general controls’ to include ‘Information Technology (IT) controls’ and ‘operational controls’. I think ‘research and development’ controls should be included in this new COSO definition. The term ‘technology’ refers to anything fabricated by humans by the use of various methods, techniques and procedures (such as: products of medicine, plant machines, air-planes, guns, toys, office machines, computers, software, development of new products, quality inspection methods, etc.</span></strong><span lang="EN" style="color: black; font-family: "Georgia","serif"; mso-ansi-language: EN;"> It comes from Greek, <span class="foreign1"><span style="mso-bidi-font-style: italic;"><em>technologia </em></span></span><span class="foreign1"><span style="font-style: normal; mso-bidi-font-style: italic;">meaning</span></span><span class="foreign1"><span style="mso-bidi-font-style: italic;"><em> </em></span></span>‘systematic treatment of an art, craft, or technique’</span><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">), which includes any technology used by organizations (not only IT and operational) to survive, operate and provide new and improved services and products.<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span lang="EN" style="font-size: 12pt; mso-ansi-language: EN;">16.2. IT controls</span></strong><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">: The new COSO (see note 20) defines ‘technology general controls’ as another term for ‘general computer controls’, or ‘general controls, or ‘information technology controls’.<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">This is most confusing. ‘Information Technology (IT) controls’, in the IT profession, are usually </span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">are made up of two sub-types: General IT Controls, and Application Systems Controls. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">16.2.1. General IT Controls</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"> relate to: IT organization, IT procurement, IT personnel management, systems development and maintenance, computerized applications operation, IT standards, IT security, IT disaster recovery planning, computer insurance, physical protection policies and procedures, access policies and procedures (data, software, files, forms, reports, facilities, firewalls, encryption, electronic mail, etc.), Data center operational controls, Health and safety policies and procedures, Data privacy controls, systems software controls, IT compliance controls, Security and Safety Controls for Personal Computers and Audit tools and methods. Most of these are covered, in some way, in the new COSO document. Data center, data privacy, systems software and personal computer controls are not covered. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">16.2.2. Application Systems Controls</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"> relate to: Protection of specific application systems with embedded software code, Input Controls (Accuracy of data, Completeness of input, etc.), Processing Controls (Reasonableness checks, Functional checks, Rounding off checks, Parity checks, Sequence checks, etc.), Output Controls (Schedule checks, Distribution checks, Balancing checks, Report quality checks, Output log)</span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN-GB;">, </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Database Controls (File updated report, Critical transactions report, Application-specific access authorization, Data base health checks, etc.)</span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN-GB;">, </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Change Controls</span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN-GB;">, and </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Testing Controls (Test Methodology, Test Plan, etc.). These are not covered, except for ‘edit’ and ‘completeness’ checks, in the new COSO document.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><u><span lang="EN" style="font-size: 12pt; mso-ansi-language: EN;">17. Safeguarding of assets<o:p></o:p></span></u></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">Information systems and corporate data should be added as assets to be protected in </span></strong><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">the new COSO</span><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">.<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><u><span lang="EN" style="font-size: 12pt; mso-ansi-language: EN;">18. Audit trail<o:p></o:p></span></u></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">Audit trail as a control concept is not mentioned at all in the new COSO. Audit trail is a necessary control for fraud investigation, information systems recovery and other related forensic activities.<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><u><span lang="EN" style="font-size: 12pt; mso-ansi-language: EN;">19. Compliance measurement<o:p></o:p></span></u></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">The new COSO does not define how compliance may be measured and monitored. I think that adding compliance indicators may do the job.<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">20. Business process control activities<o:p></o:p></span></u></b></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">The new COSO equates transactions to activities. I think this is wrong. Controls on transactions and activities are, and should be, different, by definition. Controls on both transactions and activities are most important for performance, fraud, abuse and reporting aspects. Lumping them together and naming them ‘transaction controls’ distorts the picture.<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span lang="EN" style="font-size: 12pt; mso-ansi-language: EN;">20.1. Transactions</span></strong><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">: Transactions relate to products/services obtained or provided and have a direct impact on the company’s financial and performance results, and I agree on the controls suggested by COSO (verifications, reconciliations, authorizations, approvals, physical controls, controls over standing data, and supervisory controls), while I would like to add: (1) data governance controls like ‘data cleansing procedures’ should be added to ‘controls over standing data’, (2) recordkeeping controls should be added to ensure the longevity of business records and the privacy aspects of the data contained in them. </span></strong><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"><o:p></o:p></span></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">20.2. Activities: </span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Activities may support transactions and/or relate to governance, administration, security, and personnel management issues (e.g., hiring, dismissal, review, etc.). I would like to suggest that the new COSO refer to controls on activities separately. The controls on activities may include Segregation of duties (described in the new COSO document) and the following, which are not noted in the new COSO, and I am recommending: Compensating controls, Visitors log (recording visitors on a daily basis), Daily work activities log (recording transactions processed, inquiries served, customers served, units produced, etc.), Problem logs (recording problems solved by date, description of problem, description of solution, who solved the problem, who tested the solution of the problem, etc.), Production jobs logs, Quality inspection logs, Computer runs logs (recording jobs executed per day of operation, etc.), Project progress reports, Activity monitor software, Exception reports, Vulnerability Automated Tools, Review of System Logs, etc. Reviewing and monitoring the activities prescribed by these control mechanisms will enable and facilitate management in controlling their organization and the board in their role and oversight duties.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">21. Glossary<o:p></o:p></span></u></b></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">21.1. Terms not defined:</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"> Asset, objective, system. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">21.2. Compliance: </span></b><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">The new COSO defines it as ‘having to do with conforming with laws and regulations applicable to an entity’. This applies to external compliance only. </span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">A better definition would also include the actions required to comply with internal compliance as well. <b style="mso-bidi-font-weight: normal;"><o:p></o:p></b></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">21.3. Procedure: </span></b><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">The new COSO defines it as ‘an </span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">action that implements a policy’. A better definition would be ‘A set of actions that implement a policy’. <b style="mso-bidi-font-weight: normal;"><o:p></o:p></b></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">21.4. Risk response: </span></b><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">The new COSO defines it as ‘the decision to accept, avoid, reduce or share a risk’. </span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">A better definition would be ‘</span><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">the decision to accept, avoid, remove, prevent, exploit, defer, transfer or mitigate a risk</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">’. <b style="mso-bidi-font-weight: normal;"><o:p></o:p></b></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span lang="EN" style="font-size: 12pt; mso-ansi-language: EN;">21.5. Technology</span></strong><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">: The new COSO defines it as ‘software applications running on a computer, manufacturing control systems, etc’. This term should be restated. The term ‘technology’ refers to anything fabricated by humans by the use of various methods, techniques and procedures (such as: products of medicine, plant machines, air-planes, guns, toys, office machines, computers, software, development of new products, quality inspection methods, etc.</span></strong><span lang="EN" style="color: black; font-family: "Georgia","serif"; mso-ansi-language: EN;"> It comes from Greek, <span class="foreign1"><span style="mso-bidi-font-style: italic;"><em>technologia </em></span></span><span class="foreign1"><span style="font-style: normal; mso-bidi-font-style: italic;">meaning</span></span><span class="foreign1"><span style="mso-bidi-font-style: italic;"><em> </em></span></span>‘systematic treatment of an art, craft, or technique’, according to current English etymological definitions</span><strong><span lang="EN" style="font-size: 12pt; font-weight: normal; mso-ansi-language: EN;">), which includes any technology used by organizations (not only IT and operational) to survive, operate and provide new and improved services and products.<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">==================================================================<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">*Author’s Credentials<o:p></o:p></span></span></u></b></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: Calibri;">John Kyriazoglou, CICA, B.A(Hon), is an International IT and Management Consultant, author of the book ‘IT STRATEGIC & OPERATIONAL CONTROLS’ (published in 2010 by </span><b style="mso-bidi-font-weight: normal;"><u><a href="http://www.itgovernance.co.uk/"><span style="color: black; font-size: 12pt; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.itgovernance.co.uk</span></span></a></u></b><span style="font-family: Calibri;">), and co-author of the book CORPORATE CONTROLS’ (published in 3/2012 by </span><b style="mso-bidi-font-weight: normal;"><u><a href="http://www.theiic.org/"><span style="color: black; font-size: 12pt; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.theiic.org</span></span></a></u></b><span style="font-family: Calibri;">), with Dr. F. Nasuti and Dr. C. Kyriazoglou.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b><u><span style="background: yellow; mso-highlight: yellow;"><span style="font-family: Calibri;">E-Mail: </span><a href="mailto:jkyriazoglou@hotmail.com"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">jkyriazoglou@hotmail.com</span></span></a><o:p></o:p></span></u></b></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b><u><span style="background: yellow; mso-highlight: yellow;"><span style="font-family: Calibri;">Profiles:</span></span></u></b><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="background: yellow; mso-ansi-language: EN; mso-highlight: yellow;"><a href="http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919</span></span></a></span></b><span lang="EN" style="background: yellow; mso-ansi-language: EN; mso-highlight: yellow;"><o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b><u><span style="background: yellow; mso-highlight: yellow;"><span style="font-family: Calibri;">Blogs:Articles, Opinions, etc.: </span><a href="http://businessmanagementcontrols.blogspot.com/"><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://businessmanagementcontrols.blogspot.com/</span></span></a><o:p></o:p></span></u></b></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b><u><span style="background: yellow; mso-highlight: yellow;"><span style="font-family: Calibri;">Publications: </span><a href="http://johnkyriazoglou-works.blogspot.com/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://johnkyriazoglou-works.blogspot.com/</span></span></a></span></u></b><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"><o:p></o:p></span></u></b></div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-27646463752392011472012-03-08T00:19:00.002-08:002012-03-08T00:19:51.763-08:00CORPORATE CONTROLS BOOK PUBLISHED<div dir="ltr" style="text-align: left;" trbidi="on"> <br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt;"><b><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt;">Announcement of New Book <o:p></o:p></span></b></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif";">Hi,<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif";">I am glad to announce my new book 'Corporate Strategic and Operational Controls', as described, in summary, next. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif";">This book is about corporate controls (such as frameworks, terms of reference (charters), methodologies, management plans, policies, procedures, forms, performance measures, and audit programs and checklists) and how these controls: (a) enable, facilitate and support board members, management and staff to drive, control, manage and evaluate the organization’s social and economic performance, and (b) allow the organization’s stakeholders to monitor and assess the specific organization and both its outcomes and results. The book is structured in three parts and an appendix. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><u><span style="font-family: "Times New Roman","serif";">The first part</span></u><span style="font-family: "Times New Roman","serif";"> (two chapters) identifies the basic concepts of controls and defines the control framework within which all organizations must operate. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif";">Chapter 1: Introduction to Management, Regulations and Controls<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif";">Chapter 2: Proposed Organizational Controls Framework<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><u><span style="font-family: "Times New Roman","serif";">The second part</span></u><span style="font-family: "Times New Roman","serif";"> (eight chapters) identifies the main organizational controls and defines the specific corporate control elements (policies, structures, procedures, measures, etc.) which could be utilized and improved by all organizations. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif";">Chapter 3: Corporate Philosophy Controls, Chapter 4: Corporate Governance Controls<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif";">Chapter 5: Strategic Management Controls, Chapter 6: Financial Controls, Chapter 7: Administrative Controls, Chapter 8: Human Resource Controls, Chapter 9: Production Controls, Chapter 10: Information Technology (IT) Controls<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><u><span style="font-family: "Times New Roman","serif";">The third part</span></u><span style="font-family: "Times New Roman","serif";"> (three chapters) describes the elements required to design, implement and monitor strategic and operational control systems more efficiently and effectively. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif";">Chapter 11: Designing Strategic and Operational Controls <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif";">Chapter 12: Implementing Strategic and Operational Controls with the BSC<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif";">Chapter 13: Monitoring and Review Controls.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><u><span style="font-family: "Times New Roman","serif";">The appendix</span></u><span style="font-family: "Times New Roman","serif";"> contains various codes, examples of BSC implementations, strategic tools, a glossary and an extended bibliography. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><u><span style="font-family: "Times New Roman","serif";">The book also contains descriptions (examples) of:</span></u><span style="font-family: "Times New Roman","serif";"> five performance<span style="mso-spacerun: yes;"> </span>frameworks, ten terms of reference (charters) of corporate departments, nine methodologies, eleven management plans, twenty-three policies, eight procedures, five forms, over 140 performance<span style="mso-spacerun: yes;"> </span>measures, and forty audit programs and checklists.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><u><span style="color: red; font-family: "Times New Roman","serif";">AUTHORS:</span></u><span style="color: red; font-family: "Times New Roman","serif";"> </span><span style="font-family: "Times New Roman","serif"; mso-font-kerning: 16.0pt;">John Kyriazoglou and Frank Nasuti, Ph.D. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif"; mso-font-kerning: 16.0pt;"><span style="mso-spacerun: yes;"> </span>with contribution by Christos Kyriazoglou, Ph.D. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><u><span style="font-family: "Times New Roman","serif";">ISBN: 978-0-557-77254-4<o:p></o:p></span></u></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><u><span style="font-family: "Times New Roman","serif";">Publisher: The Institute for Internal Controls (U.S.A.)-Spring, 2012. <span style="color: #0070c0;"><a href="http://www.theiic.org/"><b><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.theiic.org</span></span></b></a><o:p></o:p></span></span></u></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">Sincerely,<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">John Kyriazoglou (<a href="mailto:jkyriazoglou@hotmail.com"><b><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">jkyriazoglou@hotmail.com</span></span></b></a>)<o:p></o:p></span></u></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">John Kyriazoglou, CICA, B.A(Hon-University of Toronto), is an International IT and Management Consultant, author of the book ‘IT STRATEGIC & OPERATIONAL CONTROLS’ (published in 2010 by <u><a href="http://www.itgovernance.co.uk/"><b style="mso-bidi-font-weight: normal;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.itgovernance.co.uk</span></span></b></a></u>)<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">Profile:</span></u><span lang="EN" style="background: yellow; font-family: "Times New Roman","serif"; mso-ansi-language: EN; mso-highlight: yellow;"><a href="http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919"><b style="mso-bidi-font-weight: normal;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.linkedin.com/pub/john-kyriazoglou/<span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">0/9b/919</span></span></span></b></a><o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><a href="http://businessmanagementcontrols.blogspot.com/"><b><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://businessmanagementcontrols.blogspot.com/</span></span></b></a></span></u><u><span style="font-family: "Times New Roman","serif";"><o:p></o:p></span></u></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-69167614621640638562011-12-23T07:20:00.000-08:002011-12-23T07:23:18.309-08:00Strategy for Handling Difficult People<div dir="ltr" style="text-align: left;" trbidi="on">The following strategy for handling difficult situations, people and projects, has worked in several cases:<br />
1. Take a short walk outside of the location where the conflict has taken place.<br />
2. Make silence your useful tool.<br />
3. Use silence to envision happiness and success.<br />
4. Breathe slowly and get rid of all your negative thoughts.<br />
5. Allow only pleasant, happy and harmonious thoughts to fill your mind.<br />
6. Think out a solution as regards the difficlult person and situation.<br />
7. Work out a mutually-agreeed solution with the person(s) involved. <br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">*Author’s Credentials<o:p></o:p></span></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">John Kyriazoglou, CICA, M.S.,B.A(Hon), is an International IT and Management Consultant, author of the book ‘IT STRATEGIC & OPERATIONAL CONTROLS’ (published in 2010 by <b style="mso-bidi-font-weight: normal;"><u><a href="http://www.itgovernance.co.uk/"><span style="color: black; font-family: "Calibri","sans-serif"; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: "Times New Roman"; mso-hansi-theme-font: minor-latin; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.itgovernance.co.uk</span></span></a></u></b>), and co-author of the book CORPORATE CONTROLS’ ( to be published in 2/2012 by <b style="mso-bidi-font-weight: normal;"><u><a href="http://www.theiic.org/"><span style="color: black; font-family: "Calibri","sans-serif"; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: "Times New Roman"; mso-hansi-theme-font: minor-latin; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.theiic.org</span></span></a></u></b>), with Dr. F. Nasuti and Dr. C. Kyriazoglou.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">E-Mail: <a href="mailto:jkyriazoglou@hotmail.com"><span style="color: black; font-family: "Calibri","sans-serif"; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: "Times New Roman"; mso-hansi-theme-font: minor-latin; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">jkyriazoglou@hotmail.com</span></span></a><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">Profiles <o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="background: yellow; font-family: "Times New Roman","serif"; mso-ansi-language: EN; mso-highlight: yellow;"><a href="http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919"><span style="color: black; font-family: "Calibri","sans-serif"; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: "Times New Roman"; mso-hansi-theme-font: minor-latin; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919</span></span></a></span></b><span lang="EN" style="background: yellow; mso-ansi-language: EN; mso-highlight: yellow;"><o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="background: yellow; color: #2a2a2a; font-family: "Tahoma","sans-serif"; font-size: 10pt; mso-highlight: yellow;"><a href="http://www.authorsden.com/jkyriazoglou"><span style="color: black; font-family: "Calibri","sans-serif"; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Tahoma; mso-hansi-theme-font: minor-latin; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.authorsden.com/jkyriazoglou</span></span></a></span><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="background: yellow; color: #2a2a2a; font-family: "Tahoma","sans-serif"; font-size: 10pt; mso-highlight: yellow;"><a href="http://www.icttf.org/profile/johnkyriazoglou"><span style="color: black; font-family: "Calibri","sans-serif"; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: Tahoma; mso-hansi-theme-font: minor-latin; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.icttf.org/profile/johnkyriazoglou</span></span></a></span><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><a href="http://www.blogger.com/profile/15482029934015594259"><span style="color: black; font-family: "Calibri","sans-serif"; mso-ascii-theme-font: minor-latin; mso-bidi-font-family: "Times New Roman"; mso-hansi-theme-font: minor-latin; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.blogger.com/profile/15482029934015594259</span></span></a><o:p></o:p></span></u></b></div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-55295194981653402422011-12-01T01:27:00.000-08:002011-12-01T01:27:25.942-08:00CORPORATE COMPLIANCE AUDIT PROGRAMS AND CHECKLISTS<div dir="ltr" style="text-align: left;" trbidi="on"> <br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Courier New"; font-size: 14pt; line-height: 115%;">CORPORATE COMPLIANCE AUDIT PROGRAMS AND CHECKLISTS<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">By John Kyriazoglou* (author’s credentials at the end of this document)<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">The following audit program and checklists are designed to be used my managers, auditors and compliance staff in the process of establishing, controlling, reviewing, assessing and auditing the corporate compliance area and its particular components (compliance policies and procedures, corporate policies and procedures, ethics aspects, etc.).<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">The following audit programs and checklists, as detailed in the following paragraphs, should reviewed and customized before they are used in any corporate environment:<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">1. Corporate governance and internal controls systems audit program,<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">2. Assessment of the compliance controls framework,<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">3. Corporate policies and procedures <b style="mso-bidi-font-weight: normal;">checklist,<o:p></o:p></b></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">4. Records management system <b style="mso-bidi-font-weight: normal;">checklist,</b><o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">5. Financial management system <b style="mso-bidi-font-weight: normal;">checklist,</b><o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">6. Corporate fraud management system <b style="mso-bidi-font-weight: normal;">checklist,</b><o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">7. Internal audit <b style="mso-bidi-font-weight: normal;">checklist</b>, and <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">8. Ethics management <b style="mso-bidi-font-weight: normal;">checklist<o:p></o:p></b></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><u><span style="background: yellow; font-family: "Courier New"; mso-highlight: yellow;">1 Corporate governance and internal controls system audit program</span></u></b><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Courier New";"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">1. Assess Board and senior executive management responsibility for the oversight and monitoring of corporate governance and internal controls. <o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">Consider: Board and senior management should ensure that policies, procedures and systems are current and well documented. Management should establish an effective system of internal controls. Corporate, compliance, risk management and internal controls should cover the IT environment as well as the other business functions. Board and senior management should adopt and enforce appropriate policies and procedures to manage compliance, all risks (enterprise, IT, investments, etc.), and should re-evaluate and improve these controls every year or two.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">2. Assess senior executive management practices. <o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">Consider: Reporting effectiveness to the Board of Directors. Periodic review and updating of policies, standards, procedures and practices. Instituting controls to ensure that management information and detailed data are reliable and the reporting cycle is adequate, and that operating procedures are efficient and effective. Regular review of compliance issues, risks, segregation of duties, personnel controls, information security, software development and acquisition, outsourcing, insurance issues, internal and external audit results, service level agreements and performance measurements including issues and corrective action plans, ensuring that procedures are in effect to assure continuity of business, etc.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">3. Does the internal controls framework identify all the required control components? <o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">Consider: Control environment, risk assessment control activities information and communication monitoring.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">4. Do the key functions of internal controls relate to all critical elements of governance? <o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">Consider: Definition and establishment of objectives, standards and procedures. Definition of management responsibilities. Measurement of inputs, outputs and performance in relation to objectives. Critical review of the whole process. Reporting of both financial and non-financial results, compliance and performance. Taking corrective action, as necessary.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">5. Do internal controls contain all types of controls? <o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">Consider: Preventive controls (e.g. division of duties, authorization levels), detective controls (e.g. stock verification, bank reconciliation), directive controls (e.g. policies, procedures, training).<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">6. Are there adequate and effective financial controls in place at the detailed level, as required?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">7. Are there adequate and effective customer service controls in place at the detailed level, as required?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">8. Are there adequate and effective production/manufacturing controls in place at the detailed level, as required?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">9. Are there adequate and effective information and communications controls in place at the detailed level, as required?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">10. Are there adequate and effective asset management controls in place at the detailed level, as required?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">11. Are there adequate and effective sales management controls in place at the detailed level, as required?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">12. Are there adequate and effective management reporting controls in place at the detailed level, as required?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">13. Are there adequate and effective internal audit controls in place at the detailed level, as required?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">14. Are there adequate and effective human resource management controls in place at the detailed level, as required?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">15. Are there adequate and effective research and innovation controls in place at the detailed level, as required? <o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">16. Is there a formal and well-established performance management system for all functions of the organization? <o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">Consider: The performance management system should promote and accelerate the rate of successful changes, increase the predictive and early warning capabilities to management, provide a holistic perspective to the management of the organization, link to the reward and other incentive systems of the organization, link and align on an integrated mode to the objectives and measures of the other corporate levels of the organization, such as: division, department, business unit, process, function, project, teams, etc.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">17. Are critical performance data shared across all levels of the organization?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">18. Are strategic performance data reviewed at the appropriate levels of the organization, and actions taken as necessary?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">19. Are the approved personnel empowered to have access to whatever critical performance data is required to make balanced decisions?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">20. Is the accountability and follow-through process based on critical performance data?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">21. Is the psychological resistance of staff (management, line staff, etc.) managed and resolved accordingly?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">22. Is there an active audit committee in place?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">23. Is there an internal audit function in place?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">24. Is there a compliance function in place with all its constituent components (compliance officer, compliance committee, policies, procedures, action plan, etc.)?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">25. Are corrective and improvement measures taken when performance issues and compliance breaches occur?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><u><span style="background: yellow; font-family: "Courier New"; mso-highlight: yellow;">2. Assessment of the compliance controls framework</span></u></b><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Courier New";"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">Assess the organizational structure to ensure that it is neither so simple that it cannot adequately monitor the entity’s activities nor so complex that it inhibits the flow of necessary information. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">1. Does the compliance monitoring system of the organization cover all business functions?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">2. What is the management’s attitude towards compliance with laws and regulations?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">3. Does the management of the organization specify the level of competence needed for particular jobs, and translate the desired levels of competence into requisite knowledge, cultural characteristics and skills?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">4. Does the Board or governing council provide an effective oversight function to ensure that the management of the organization does not override system controls?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">5. Is the philosophy and operating style of management compliance-related?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">6. Does the assignment of responsibility, delegation of authority and establishment of related policies and procedures provide a basis for effective accountability and control?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">7. Are human resources policies the basis for recruiting and retaining competent people to enable the plans of the organization to be carried out and its goals and objectives to be achieved?<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">8. Does the Board, the senior executives and the management of the organization have a clear understanding of all strategic components, and convey the message that integrity and ethical values of the organization cannot and should not be compromised by anyone? <o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">Consider: Clear understanding of the values, mission and vision, and performance targets of the organization. Full understanding of the general goals and specific objectives of the organization and how they fit in the framework of corporate strategy. Provision of adequate information for risk identification and resolution. Clear understanding of the role played by policies and procedures in achieving effective controls and compliance.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><u><span style="background: yellow; font-family: "Courier New"; mso-highlight: yellow;">3. Corporate policies and procedures checklist</span></u></b><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Courier New";"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">1. Have compliance rules, guidelines, policies and procedures been formally established and communicated to all levels and functions of the organization?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">2. Is there an approved performance policy, system and evaluation process in place?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">3. Is there an approved human resources management policy, set of procedures, a system and an evaluation process in place?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">4. Is there an approved financial and cost management policy, and a set of related procedures in place?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">5. Is there an approved asset management, disposition and protection system in place?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">6. Is there an approved IT policy and a set of related procedures covering all areas, such as strategy, security, contingency planning and disaster recovery, information systems development and operation, database and data privacy protection, web services, etc.? <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">7. Is there an approved research and innovation system in place?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">8. Is there a Management Reporting System (MRS) in place? <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">9. Is there a quality management system in place?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">10. Is there a risk management system in operation?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">11. Is there an ethics code and policy in place?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">12. Is there a compliance policy in place?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">13. Is there a corporate social responsibility policy in place?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">14. Is there an anti-fraud policy in place?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><u><span style="background: yellow; font-family: "Courier New"; mso-highlight: yellow;">4. Records management system Checklist</span></u></b><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Courier New";"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">1. Have operational guidelines and manuals been formally established, communicated to all levels and functions of the organization, and used in every-day work by all personnel?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">2. Does the record-keeping system (for both manual and computerized files, media and data) of the organization produce complete and accurate results?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">3. Is there an adequate documentation and effective audit trail for all transactions and activities?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">4. Is there an approved segregation of duties policy, and a set of related procedures in operation?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">5. Is there an approved employee rotation policy for critical jobs/tasks in operation?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">6. Have levels of authorization been defined for all levels of management and all transactions and activities?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">7. Are adequate asset protection and disposition controls in operation?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">8. Are effective financial and cost management controls in operation?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">9. Is there an active security committee, policy and procedures (for all elements: data, plants, installations, offices, infrastructure, systems, records, files, etc.) in operation at all levels?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">10. Is there an active performance and compliance management, measurement and exception reporting system in place?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><u><span style="background: yellow; font-family: "Courier New"; mso-highlight: yellow;">5. Financial management system checklist</span></u></b><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Courier New"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">1. Does the organization have a system for recording and tracking commitments, obligations and expenditures, and reconciling financial data?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">2. Does the organization have controls that prevent incurring obligations in excess of funds available within a budget cost category?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">3. Does the organization have a mechanism to ensure that periodic audits of the financial management area are undertaken?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">4. Does the organization adjust financial plans in the light of the actual operating budget?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">5. Does the organization monitor the reliability and confidentiality of financial data used in mission critical budgetary decisions? <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">6. Does the organization guard against breaches in confidentiality and loss of budget data integrity?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">7. Does the organization use an operating budget to control project funds?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">8. Does the organization link strategic goals, objectives and operational performance targets to budget performance activities?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><u><span style="background: yellow; font-family: "Courier New"; mso-highlight: yellow;">6. Corporate fraud management system checklist</span></u></b><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Courier New";"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">1. Does the organization have, within the corporate ethics policy, a statement with respect to fraud? <o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">Consider: fraud definition, fraud hot-line, applicability to all employees, management, Board members, external contractors, media communications procedure for a disciplinary interview, employee services termination procedure, obligations of employees during notice periods and upon termination of employment, complaints procedure, conflict resolution, insurance claims, police contacting issues, investigation of fraud and corruption, theft and threats policy, obligations of external contractors, investigating procedure by the use of external approved investigators or expert internal audit personnel, and the protection procedure for the information sources. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">2. Who is responsible for the issue of this statement?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">3. Has this policy statement been approved and ratified by the Board or other top management committee?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">4. Is this statement widely publicized in the organization?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">5. Is this statement reviewed and improved annually?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">6. Is the policy statement linked to internal controls?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">7. Who (manager, function, etc.) is responsible for ownership and administration of the fraud policy?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">8. How are fraud risks monitored, e.g. through risk registers?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">9. Is there a budget for investigative costs on potential fraud issues?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">10. Does the organization specify roles and responsibilities within the fraud policy (e.g. for the audit committee, the Board, the HR function, a Fraud Liaison Officer, etc.)?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">11. What is the procedure for reporting suspicions of fraud?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">12. What guidance is provided on dealing with incoming mail (such as anonymous letters, e-mails, etc.)?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">13. Who are the first points of contact for reporting suspected dishonesty?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">14. Does the organization have a whistle-blowing policy, which sets out the principles for protection of employees when reporting suspicions?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">15. Does the organization keep a register of fraud?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">16. Who is responsible for maintenance of this register (e.g. a Fraud Officer)?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">17. What are the access rights to the fraud register?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">18. Is the fraud register held securely?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">19. Who is responsible for the investigation (e.g. internal audit)?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">20. Who oversees the investigation?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">21. Do written reports have to be submitted and to whom?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">22. Are employees suspended from work pending an investigation?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">23. Are all reasonable means of recovering any identified loss pursued?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><u><span style="background: yellow; font-family: "Courier New"; mso-highlight: yellow;">7. Internal audit checklist</span></u></b><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Courier New";"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">1. Is there an internal audit department? <o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">Consider: terms of reference, organization chart, independence, expertise in IT.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">2. Is there an internal IT audit function? <o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">Consider: IT audit plan, adequacy of resources, suitability of resources, including qualifications, experience, technical competence and training.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">3. Is there an internal audit policy document? <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">Consider: standards regarding review objectives, work plan, documentation, conclusions, report format, manager review.<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">4. Are all compliance issues subject to independent review by an internal audit function? <o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">Consider: involvement in reviewing system developments, existing systems, computer operations, security and control issues use of audit software, etc.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><u><span style="background: yellow; font-family: "Courier New"; mso-highlight: yellow;">8. Ethics management checklist</span></u></b><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Courier New";"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">1. Does a code of ethics exist for all personnel, including IT?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">2. Has an anti-fraud policy and associated procedures been put into operation for the organization?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">3. Are confidentiality statements signed by all IT personnel and all critical users? <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Courier New";">4. Do explicit corporate rules cover issues, such as:<o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">Personal use of computer services, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">proprietary rights to computer programs, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">proprietary rights to data, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">confidentiality of passwords, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">physical access to restricted areas, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">management of visitors, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">use of terminals, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">personal use of media and supplies, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">disclosure of privileged information, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">maintenance of professional relationships, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">reporting mechanism for conflict situations, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">penalties and rewards for violators, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">clear assignments of accountability, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">controls over data and files, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">Data Protection Act, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">data classification system?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">5. Is there a centralized ethics control function?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">6. Are proper international ethics standards used in the design and implementation of the code of ethics of the organization?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">7. Is there an ethics program and appointed staff in implementation or operation? <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Courier New";">8. Have all staff undertaken, or are there schedules for, ethics training?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">*Author’s Credentials<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">John Kyriazoglou, CICA, M.S.,B.A(Hon), is an International IT and Management Consultant, author of the book ‘IT STRATEGIC & OPERATIONAL CONTROLS’ (published in 2010 by <b style="mso-bidi-font-weight: normal;"><u><a href="http://www.itgovernance.co.uk/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.itgovernance.co.uk</span></span></a></u></b>), and co-author of the book CORPORATE CONTROLS’ ( to be published in 2/2012 by <b style="mso-bidi-font-weight: normal;"><u><a href="http://www.theiic.org/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.theiic.org</span></span></a></u></b>), with Dr. F. Nasuti and Dr. C. Kyriazoglou.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">E-Mail: <a href="mailto:jkyriazoglou@hotmail.com"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">jkyriazoglou@hotmail.com</span></span></a><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">Profiles <o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN; mso-highlight: yellow;"><a href="http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919</span></span></a></span></b><span lang="EN" style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN; mso-highlight: yellow;"><o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="background: yellow; color: #2a2a2a; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;"><a href="http://www.authorsden.com/jkyriazoglou"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.authorsden.com/jkyriazoglou</span></span></a></span><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="background: yellow; color: #2a2a2a; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;"><a href="http://www.icttf.org/profile/johnkyriazoglou"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.icttf.org/profile/johnkyriazoglou</span></span></a></span><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;"><a href="http://www.blogger.com/profile/15482029934015594259"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.blogger.com/profile/15482029934015594259</span></span></a><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">Blogs<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">Articles, Opinions, etc.: <a href="http://corporatecontrols.blogspot.com/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://corporatecontrols.blogspot.com/</span></span></a><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">Publications: <a href="http://johnkyriazoglou-works.blogspot.com/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://johnkyriazoglou-works.blogspot.com/</span></span></a></span></u></b><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;"><o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-81858416524328244372011-11-30T07:45:00.000-08:002011-11-30T07:45:12.868-08:00CORPORATE COMPLIANCE ACTION PLAN<div dir="ltr" style="text-align: left;" trbidi="on"> <br />
<div align="center" class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; text-align: center;"><b style="mso-bidi-font-weight: normal;"><u><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt;">CORPORATE COMPLIANCE ACTION PLAN<o:p></o:p></span></u></b></div><br />
<div align="center" class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; text-align: center;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;"><span style="mso-spacerun: yes;"> </span>By John Kyriazoglou* (author’s credentials at the end of this document)<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 12pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">A compliance program refers to an organization's management plan for conducting all of its activities within the frameworks of law, rules and regulations. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 12pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">It usually concerns: <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 12pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">(a) Identifying the laws, rules and regulations that apply to the activities of the organization, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 12pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">(b) Identifying business areas where the activities of the organization are at risk of breaching these laws, rules and regulations, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 12pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">(c) Establishing and executing systems, policies and procedures to try to avoid, prevent and protect against such breaches, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 12pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">(d) Assigning specific compliance-related responsibilities to managers and professional staff and incorporating all compliance activities within the regular business operations of the organization, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 12pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">(e) Changing behavior of all participants (board, managers, staff, external parties, etc.) through communication, education, training and coaching where this is necessary, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 12pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">(f) Monitoring and reporting all compliance-related issues, and <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 12pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">(g) Reviewing, auditing and improving the whole compliance program and effort.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">This compliance program could be implemented by a compliance action plan as follows: <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt; font-weight: normal;">The conceptual model that may be used for crafting the compliance action plan and ensuring its completeness, to the best and practical way possible, is the ADDIE Model, which is the acronym for analysis, design, development, implementation and evaluation, and its corresponding phases. This model (see, for more details: <a href="http://en.wikipedia.org/wiki/ADDIE_Model"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://en.wikipedia.org/wiki/ADDIE_Model</span></span></a>) gives us, from a practical perspective, an added level of confidence that we have not forgotten any phases in developing and implementing a compliance program. <o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><u><span style="font-size: 12pt;">Phase 1: Analysis of Compliance Requirements and Needs<o:p></o:p></span></u></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt; font-weight: normal;">The </span></strong><strong><span style="font-size: 12pt;">objective of this phase</span></strong><strong><span style="font-size: 12pt; font-weight: normal;"> is to analyze the compliance requirements and needs impacting the organization and prepare it to manage its activities and operations in a compliance-effective environment. The actions required to be executed to complete this phase are: <o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 1</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Carry out the analysis of the compliance landscape of the organization and the statutes, laws and regulations affecting all functions of the business the organization is involved in and the countries or states (provinces) it operates in.<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 2</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Define the constituent elements required by the specific organization in terms of funds, people, management structure, policies, systems, procedures, documentation, facilities, techniques, methods and tools to be effectively employed to carry out and implement the whole compliance process.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 3</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Collect all compliance rules, regulations and standards affecting the organization</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 4</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Carry out the analysis of the communication and training aspects and the readiness of the organization regarding compliance.<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 5</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Submit a report to the board of the analysis that includes a budget for the compliance process, and obtain approval and funds from the board for designing, development and operating a compliance program for the organization.<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><u><span style="font-size: 12pt;">Phase 2: Design of the Compliance Function of the Organization<o:p></o:p></span></u></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt; font-weight: normal;">The </span></strong><strong><span style="font-size: 12pt;">objective of this phase</span></strong><strong><span style="font-size: 12pt; font-weight: normal;"> is to design and set up a</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">n effective compliance program and a compliance officer and often a compliance committee who are responsible for collecting all relevant rules, regulations and standards applicable to the organization, organizing, developing, operating and monitoring the compliance program. The compliance officer and compliance committee must report directly to the organization’s governing body, and CEO, periodically and on an as-needed basis. The compliance officer must oversee the program, including making revisions as the company’s needs change, coordinating and participating in training and education for employees, independently investigating compliance matters and ensuring that any necessary corrective action is taken. <strong><span style="font-weight: normal;">The actions required to be executed to complete this phase are:</span></strong><o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 1</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Design the duties, roles and responsibilities of a Compliance Officer</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 2</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Design the responsibilities of a Compliance Committee</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 3</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Appoint the Compliance Officer</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 4</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Establish the Compliance Committee</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Action 5</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">. Design and issue a first draft of the Compliance Strategy and Program.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Action 6</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">. Design, if required, the specifications of a computerized system to support the compliance process of the organization.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 7</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Submit a report to the board of the design phase, making any required changes to the initial budget, and obtain approval and funds from the board for the execution of the next phase.<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><u><span style="font-size: 12pt;">Phase 3: Development of Compliance Policies and Procedures<o:p></o:p></span></u></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt; font-weight: normal;">The </span></strong><strong><span style="font-size: 12pt;">objective of this phase</span></strong><strong><span style="font-size: 12pt; font-weight: normal;"> is to carry out the development and distribution, by the </span></strong><span style="color: #444444; font-family: "Times New Roman","serif"; font-size: 12pt;">compliance officer, of written compliance standards, systems, policies, procedures and practices to guide the organization and its employees on a day-to-day basis. These should include a code of conduct detailing the fundamental principles, values and framework for action within the organization, general corporate policies and procedures, a summary of critical laws, regulations and standards, and specific provisions for various administrative, production, customer service, sales, marketing, financial, information technology and other business functions within the organization, including any regulations that may apply to business units in other national jurisdictions. These should be easily understood by, and posted and communicated to, all affected employees, as well as participants in the activities of the organization. </span><strong><span style="font-size: 12pt; font-weight: normal;">The actions required to be executed to complete this phase are:</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"><o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Action 1</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">. Develop and finalize the Compliance Program.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 2</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Develop the corporate compliance policies, procedures, codes of conduct and </span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">the compliance records maintenance and retention system of the organization.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Action 3</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">. Develop or obtain a ready-made software system, if required, to support the compliance process of the organization.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 4</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Obtain board approval of all corporate compliance policies, procedures and codes of conduct</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Action 5</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">: Distribute all compliance policies, procedures and codes of conduct to all staff and managers.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Action 6: </span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Develop the compliance communication procedures.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 7</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Develop the education and training plan and procedures for all compliance issues</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><u><span style="font-size: 12pt;">3. Implementation of Compliance Program<o:p></o:p></span></u></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt; font-weight: normal;">The </span></strong><strong><span style="font-size: 12pt;">objective of this phase</span></strong><strong><span style="font-size: 12pt; font-weight: normal;"> is to fully implement the compliance program. It may not be </span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">enough to appoint a compliance officer and committee, even if they are excellent in carrying out their duties and roles. The compliance officer must create and maintain effective lines of communication with all employees. This should include a process, such as a hotline or other reporting system, to encourage questions and complaints and procedures to protect the confidentiality or reports and anonymity of the complainants and to protect employees against retaliation. <strong><span style="font-weight: normal;">The actions required to be executed to complete this phase are:</span></strong><o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 1</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Implement all Corporate Compliance Policies, Procedures, Compliance Codes of Conduct, as well as </span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">the compliance records maintenance and retention system. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Action 2</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">. Implement, if required, the computerized system to support the compliance process of the organization.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 3</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Run all awareness sessions with all business functions as regards the compliance policies and procedures of the organization.</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"> <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 4</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Implement the compliance reporting system, including a Hot Line for compliance issues.</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"> <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 5</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Execute the education and training plan for all compliance issues</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Action 6</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">: Link compliance to management and employee performance.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Action </span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">7: Enforce compliance standards through well-publicized disciplinary guidelines.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><u><span style="font-size: 12pt;">4. Evaluation and Improvement of Compliance Program<o:p></o:p></span></u></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt; font-weight: normal;">The </span></strong><strong><span style="font-size: 12pt;">objective of this phase</span></strong><strong><span style="font-size: 12pt; font-weight: normal;"> is to a</span></strong><strong><span style="font-size: 12pt;">ssess </span></strong><strong><span style="font-size: 12pt; font-weight: normal;">the effectiveness of the Compliance Program of the organization</span></strong><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">.</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"> The compliance program must be evaluated periodically to assess its effectiveness as a whole, including how it performs in practice to monitor the operations of the organization on a day-to-day basis. If the same problems recur time and time again, specific actions must be undertaken and compliance requirements and needs must be addressed. Compliance policies, standards and practices are only effective if they have the commitment of the management of the organization, are clearly written and communicated to staff, and are interpreted by a compliance officer with the proper skills, dexterities and experience. In the event of a regulatory investigation or potential breach, complete documentation of all aspects of the company’s compliance program is necessary to demonstrate the good faith of the company and the specific program’s effectiveness. <strong><span style="font-weight: normal;">The actions required to be executed to complete this phase are:</span></strong><o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 1</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Monitor the execution of all Corporate Compliance Policies and Procedures by the designated officer and committee of the organization</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">. <o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 2</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Request auditing of Corporate Compliance Policies and Procedures by internal audit.</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"><o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 3</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Review all Corporate Compliance Policies and Procedures by external auditors, including subject experts.<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 4</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Develop correctives actions and execution of responses to detected offences.<o:p></o:p></span></strong></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 5</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Evaluate the effectiveness of Corporate Compliance Policies and Procedures</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 6</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Evaluate the effectiveness of Compliance Program</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">.<o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><strong><span style="font-size: 12pt;">Action 7</span></strong><strong><span style="font-size: 12pt; font-weight: normal;">: Improve all Corporate Compliance Policies and Procedures and Compliance Program</span></strong><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">*Author’s Credentials<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">John Kyriazoglou, CICA, M.S.,B.A(Hon), is an International IT and Management Consultant, author of the book ‘IT STRATEGIC & OPERATIONAL CONTROLS’ (published in 2010 by <b style="mso-bidi-font-weight: normal;"><u><a href="http://www.itgovernance.co.uk/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.itgovernance.co.uk</span></span></a></u></b>), and co-author of the book CORPORATE CONTROLS’ ( to be published in 2/2012 by <b style="mso-bidi-font-weight: normal;"><u><a href="http://www.theiic.org/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.theiic.org</span></span></a></u></b>), with Dr. F. Nasuti and Dr. C. Kyriazoglou.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">E-Mail: <a href="mailto:jkyriazoglou@hotmail.com"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">jkyriazoglou@hotmail.com</span></span></a><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">Profiles <o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN; mso-highlight: yellow;"><a href="http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919</span></span></a></span></b><span lang="EN" style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN; mso-highlight: yellow;"><o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="background: yellow; color: #2a2a2a; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;"><a href="http://www.authorsden.com/jkyriazoglou"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.authorsden.com/jkyriazoglou</span></span></a></span><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="background: yellow; color: #2a2a2a; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;"><a href="http://www.icttf.org/profile/johnkyriazoglou"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.icttf.org/profile/johnkyriazoglou</span></span></a></span><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;"><a href="http://www.blogger.com/profile/15482029934015594259"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.blogger.com/profile/15482029934015594259</span></span></a><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">Blogs<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">Articles, Opinions, etc.: <a href="http://corporatecontrols.blogspot.com/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://corporatecontrols.blogspot.com/</span></span></a><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">Publications: <a href="http://johnkyriazoglou-works.blogspot.com/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://johnkyriazoglou-works.blogspot.com/</span></span></a></span></u></b><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;"><o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none;"><br />
</div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-45396497108731350702011-11-17T07:52:00.001-08:002011-11-17T07:52:57.015-08:00Free IT Audit Material (Worth £29.95)<div dir="ltr" style="text-align: left;" trbidi="on"> <br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="background: aqua; font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-highlight: aqua;">Free IT Audit Material (Worth <strong>£29.95)</strong><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Announcement re: Free IT Audit Material (Worth <strong>£29.95)</strong><o:p></o:p></span></u></b></div><br />
<strong>Hi,<o:p></o:p></strong><br />
<br />
<strong>Please check out the following offer.<o:p></o:p></strong><br />
<br />
<strong>Buy book (1) before the end of November 2011 and receive a comprehensive set of customisable IT audit programmes and checklists (<a href="http://www.itgovernance.co.uk/products/3143"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black; text-decoration: none; text-underline: none;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">the addendum to this book</span></span></a>-book 2) absolutely FREE - worth £29.95!</strong><o:p></o:p><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b><u><span style="background: aqua; color: #190026; font-family: "Times New Roman","serif"; font-size: 14pt; line-height: 115%; mso-highlight: aqua;">Book (1): 'IT Strategic & Operational Controls’</span></u></b><b><u><span style="color: #190026; font-family: "Times New Roman","serif"; font-size: 14pt; line-height: 115%;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b><span style="color: #190026; font-family: "Times New Roman","serif";">Author: John Kyriazoglou, Publisher: IT Governance Publishing<o:p></o:p></span></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="color: #190026; font-family: "Times New Roman","serif"; mso-bidi-font-weight: bold;">ISBN: 978-1-84928-061-7, Pages: 686, Format: Softcover, Date: 2 September 2010<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; mso-ansi-language: EN;">Available at: </span></b><b><i style="mso-bidi-font-style: normal;"><u><span style="color: #0070c0; font-family: "Times New Roman","serif";">www.itgovernance.co.uk/products/3066</span></u></i></b><i style="mso-bidi-font-style: normal;"><span style="color: #190026; font-family: "Times New Roman","serif"; mso-bidi-font-weight: bold;"> <o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; mso-ansi-language: EN;">For a full list <span style="mso-spacerun: yes;"> </span>of contents<span style="mso-spacerun: yes;"> </span>and a sample of what is contained in this book, please see:</span></b><b><span lang="EN" style="font-family: "Times New Roman","serif";"> </span></b><span lang="EN" style="mso-ansi-language: EN;"><a href="http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Times New Roman","serif"; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919</span></span></b></a><o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span lang="EN" style="mso-ansi-language: EN;"><span style="font-family: Calibri;">And follow to ‘Published Books/IT_CONTROLS_BOOK_Contents_Sample.PDF’.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b><u><span style="background: aqua; color: #190026; font-family: "Times New Roman","serif"; font-size: 14pt; line-height: 115%; mso-highlight: aqua;">Book (2): ‘ Addendum to IT Strategic & Operational Controls’</span></u></b><b><u><span style="color: #190026; font-family: "Times New Roman","serif"; font-size: 14pt; line-height: 115%;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: "Courier New";">ISBN 978-1-84928-075-4. </span><span style="font-family: Calibri;"><b><i style="mso-bidi-font-style: normal;"><u><span style="color: #0070c0;">www.itgovernance.co.uk/products/3143</span></u></i></b><span style="color: #190026; mso-bidi-font-weight: bold;"> <o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="mso-bidi-font-weight: bold;"><span style="font-family: Calibri;">This separate volume contains Customisable IT audit programmes and checklists in word format.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; mso-ansi-language: EN;">For a full list of contents and a sample of what is contained in this book,<o:p></o:p></span></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; mso-ansi-language: EN;">please see:</span></b><b><span lang="EN" style="font-family: "Times New Roman","serif";"> </span></b><span lang="EN" style="mso-ansi-language: EN;"><a href="http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Times New Roman","serif"; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919</span></span></b></a><span style="font-family: Calibri;"> <o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span lang="EN" style="mso-ansi-language: EN;"><span style="font-family: Calibri;">And follow to ‘Published Books/IT_CONTROLS_BOOK_Contents_Sample.PDF’.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt;"><b><span style="font-family: "Cambria","serif"; font-size: 12pt; mso-bidi-font-family: Tahoma;">Please disregard this message if you have received it twice.</span></b><span style="font-family: "Tahoma","sans-serif"; font-size: 10pt;"><o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt;"><span style="font-family: "Cambria","serif"; font-size: 12pt; mso-bidi-font-family: Tahoma;">Thank you for your kind support.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt;"><span style="font-family: "Cambria","serif"; font-size: 12pt; mso-bidi-font-family: Tahoma;">Sincerely,</span><span style="font-family: "Tahoma","sans-serif"; font-size: 10pt;"><o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: Cambria;">John Kyriazoglou<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-3019469984553524762011-11-13T00:33:00.000-08:002011-11-13T00:33:53.838-08:00INFORMATION SENSITIVITY POLICY<div dir="ltr" style="text-align: left;" trbidi="on"> <br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">INFORMATION SENSITIVITY POLICY<o:p></o:p></span></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">By John Kyriazoglou* (author’s credentials at the end of this document)<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">The primary objective of the Information Sensitivity Policy is to provide guidelines for the <b style="mso-bidi-font-weight: normal;">data classification</b> issues of information collected and processed by information systems activities of an organization. This example may be used for educational purposes only and it should be amended to suit the particular organization’s legal and regulatory requirements and operating conditions, before it is put to effective use and is implemented in a real environment. The author assumes no responsibility whatsoever for the contents, suitability and accuracy of this policy.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">An example of such a policy is described next.<o:p></o:p></span></span></div><br />
<div style="background: rgb(229, 229, 229); border: 2.25pt double black; mso-element: para-border-div; mso-pattern: gray-10 black; mso-shading: white; padding: 0in;"> <div class="MsoNormal" style="background: rgb(229, 229, 229); border: currentColor; margin: 0in 0in 10pt; mso-border-alt: double black 2.25pt; mso-padding-alt: 0in 0in 0in 0in; mso-pattern: gray-10 black; mso-shading: white; padding: 0in;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%; mso-bidi-font-family: Times;"><span style="mso-spacerun: yes;"> </span>Company ‘XYZ-Fictitious Enterprise Corporation’ Information Sensitivity Policy</span></b><span style="font-size: 10pt; line-height: 115%; mso-bidi-font-family: Times;"><o:p></o:p></span></span></div></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">1. Purpose</span></u></b><u><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"> <o:p></o:p></span></u></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">The Information Sensitivity Policy of </span><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%; mso-bidi-font-family: Times;">‘XYZ-Fictitious Enterprise Corporation’ </span></b><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">(referred to as Company, from now on), is intended to help management and staff of a corporate entity determine what information can be disclosed to non-employees, as well as the relative sensitivity of information that should not be disclosed outside of <Company Name> without proper authorization. <o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><span style="font-family: Calibri;">2. Coverage<o:p></o:p></span></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><span style="font-family: Calibri;">The information covered in these guidelines includes, but is not limited to, information that is either stored or shared via any means. This includes: electronic information, information on paper, and information shared orally or visually (such as telephone and video conferencing). <o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><span style="font-family: Calibri;">3. Classification Definitions<o:p></o:p></span></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><span style="font-family: Calibri;">All <Company> information is categorized into three main classifications: <b style="mso-bidi-font-weight: normal;"><i style="mso-bidi-font-style: normal;"><Company> Public</i></b>, or <b style="mso-bidi-font-weight: normal;"><i style="mso-bidi-font-style: normal;"><Company> Confidential, </i></b>or<b style="mso-bidi-font-weight: normal;"><i style="mso-bidi-font-style: normal;"> <Company> Restricted</i></b>. <o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><i style="mso-bidi-font-style: normal;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><Company> Public</span></i></b><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"> information is information that has been declared public knowledge by someone with the authority to do so, and can freely be given to anyone without any possible damage to <</span><span lang="EN-GB" style="font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB; mso-fareast-font-family: "MS Mincho";"> Company</span><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">>. <o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><i style="mso-bidi-font-style: normal;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><Company> Confidential</span></i></b><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"> contains all other information that is not public or restricted such as information stored in computer files and network servers, telephone directories, general corporate information, personnel information, etc., which is, however, critical to the every-day activities of the company. <span style="mso-spacerun: yes;"> </span><o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><i style="mso-bidi-font-style: normal;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><Company> Restricted </span></i></b><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">contains information that is more sensitive than other information, and should be protected in a more secure manner. This information </span><span lang="EN-GB" style="font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB; mso-fareast-font-family: "MS Mincho";">includes: </span><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">trade secrets, development programs, patents, copyrighted material, potential acquisition targets, and other information integral to the success of the company. <o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><span style="font-family: Calibri;">This classification, for all digital and non-digital information of the organization, should be carried out initially and reviewed and improved periodically by a management mechanism that includes: (a) Information Owners, (b) Information Systems Managers, and (c) Security Manager, with the support and advice of other corporate officers, such as data privacy officer, compliance officer, etc.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><span style="font-family: Calibri;">4. Encryption of Information<o:p></o:p></span></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><span style="font-family: Calibri;">All<b style="mso-bidi-font-weight: normal;"><i style="mso-bidi-font-style: normal;"> <Company> Confidential</i></b> and <b style="mso-bidi-font-weight: normal;"><i style="mso-bidi-font-style: normal;"><Company> Restricted </i></b>information should be encrypted<b style="mso-bidi-font-weight: normal;"><i style="mso-bidi-font-style: normal;"> </i></b>in accordance with the Acceptable Encryption Policy. International issues regarding encryption are complex. Corporate guidelines on export controls on cryptography should be followed. For more details consult your manager and/or corporate legal services for further guidance. <o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><u><span lang="EN-GB" style="font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB; mso-fareast-font-family: "MS Mincho";">5. Sensitivity Guidelines</span></u></b><u><span lang="EN-GB" style="font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB; mso-fareast-font-family: "MS Mincho";"> <o:p></o:p></span></u></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">The Sensitivity Guidelines below provide details on how to protect information at varying sensitivity levels. </span><span style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "MS Mincho";"><o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">5.1. <Company> Public</span></b><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">: This relates to general corporate information, some personnel and technical information of a generalized nature. <o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">Access: </span></b><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">This information should be allowed to <Company> employees, contractors, and people with a business need to know. All accesses to this type of information should be authorized and recorded.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">Distribution: </span></b><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">Internal distribution of<b style="mso-bidi-font-weight: normal;"> </b>this information <b style="mso-bidi-font-weight: normal;">within</b> <Company> should be carried out by standard inter-office mail, approved electronic mail and electronic file transmission methods. Distribution of this information <b style="mso-bidi-font-weight: normal;">outside</b> of <Company’s> internal mail should be carried out by n</span><span lang="EN-GB" style="font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB; mso-fareast-font-family: "MS Mincho";">ational </span><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">mail and other public or private carriers, approved electronic mail and electronic file transmission methods. If this information is distributed in an electronic way, it should be sent to only approved recipients.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 6pt 0in 0pt; text-align: justify; text-justify: inter-ideograph;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; mso-fareast-font-family: "MS Mincho";">Storage: </span></b><span style="font-size: 12pt; mso-fareast-font-family: "MS Mincho";">This information should be protected from loss. All electronic transmissions should have individual access controls where possible and appropriate.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 6pt 0in 0pt; text-align: justify; text-justify: inter-ideograph;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; mso-fareast-font-family: "MS Mincho";">Disposal/Destruction</span></b><span style="font-size: 12pt; mso-fareast-font-family: "MS Mincho";">: Special disposal bins should be used for outdated paper information. Electronic data should be expunged, cleared and erased with specialized devices. Media should be physically destroyed.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">5.2. <Company> Confidential</span></b><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">: Business, financial, technical, and most personnel information.</span><span lang="EN-GB" style="font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB; mso-fareast-font-family: "MS Mincho";"><o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">Access: </span></b><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">This information should be allowed to <Company> employees, contractors, and people with signed non-disclosure agreements who have a business need to know. All accesses to this type of information should be authorized and recorded.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">Distribution: </span></b><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">Internal distribution of<b style="mso-bidi-font-weight: normal;"> </b>this information <b style="mso-bidi-font-weight: normal;">within</b> <Company> should be carried out by standard inter-office mail, approved electronic mail and electronic file transmission methods. Distribution of this information <b style="mso-bidi-font-weight: normal;">outside</b> of <Company’s> internal mail should be carried out by n</span><span lang="EN-GB" style="font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB; mso-fareast-font-family: "MS Mincho";">ational </span><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">mail and other public or private carriers, approved electronic mail and electronic file transmission methods. If this information is distributed in an electronic way, it should be sent to only approved recipients. <o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">Storage: </span></b><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">This information should be protected from loss. All electronic transmissions should have individual access controls.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 6pt 0in 0pt; text-align: justify; text-justify: inter-ideograph;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; mso-fareast-font-family: "MS Mincho";">Disposal/Destruction</span></b><span style="font-size: 12pt; mso-fareast-font-family: "MS Mincho";">: Special disposal bins should be used for outdated paper information. Electronic data should be expunged, cleared and erased with specialized devices. Media should be physically destroyed. All these actions should be authorized, recorded and reported.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">5.3. <Company> Restricted</span></b><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">: Trade secrets & marketing, operational, personnel, financial, source program code, & technical information integral to the success of <Company Name>.</span><span style="font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB; mso-fareast-font-family: "MS Mincho";"> </span><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">Access: </span></b><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">This information should be allowed to <Company> staff with signed non-disclosure agreements who have a specific board authorization. All accesses to this type of information should be recorded and reported.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 6pt 0in 0pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; mso-fareast-font-family: "MS Mincho";">Distribution within <Company></span></b><span style="font-size: 12pt; mso-fareast-font-family: "MS Mincho";">: This information should be delivered directly to the approved recipient upon their signatures. All envelopes should be stamped confidential. Electronic file transmissions should not be allowed.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 6pt 0in 0pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; mso-fareast-font-family: "MS Mincho";">Distribution outside of <Company> internal mail</span></b><span style="font-size: 12pt; mso-fareast-font-family: "MS Mincho";">:<span style="mso-spacerun: yes;"> </span>This information should be delivered directly, by approved private carriers, to the approved recipient upon their signatures. All envelopes should be stamped confidential. Electronic file transmissions should not be allowed. <o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 6pt 0in 0pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; mso-fareast-font-family: "MS Mincho";">Storage</span></b><span style="font-size: 12pt; mso-fareast-font-family: "MS Mincho";">: Individual access controls to this information should be enforced for electronic information. Appropriate physical security measures should be used, and information should be encrypted and stored in a physically secured computer.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 6pt 0in 0pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; mso-fareast-font-family: "MS Mincho";">Disposal/Destruction</span></b><span style="font-size: 12pt; mso-fareast-font-family: "MS Mincho";">: This information should be physically destroyed by paper shredders, and other specialized digital crunching devices. Digital media should be cleared and erased before disposal. All these actions should be authorized, recorded and reported.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><u><span lang="EN-GB" style="font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB; mso-fareast-font-family: "MS Mincho";">6. Business Connections</span></u></b><u><span lang="EN-GB" style="font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB; mso-fareast-font-family: "MS Mincho";"> <o:p></o:p></span></u></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 6pt 0in 0pt; text-align: justify; text-justify: inter-ideograph;"><span style="font-size: 12pt; mso-fareast-font-family: "MS Mincho";"><span style="font-family: Calibri;">Access to <Company> computers and information systems by business partners, competitors and unauthorized external personnel must be restricted so that, in the event of an attempt to access <Company> corporate information, the amount of information at risk is minimized. Connections may be set up to allow others (business partners, etc.) to see only what they need to see only when specifically authorized by the board. Unauthorized personnel should only have access to information classified as <b style="mso-bidi-font-weight: normal;"><Company> Public, </b>upon recording their details and their needs for accessing this information. This involves setting up both applications and network configurations to allow access to only what is necessary. All these actions should be recorded and reported.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="background: yellow; font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho"; mso-highlight: yellow;"><span style="font-family: Calibri;">7. Penalties<o:p></o:p></span></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="background: yellow; font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho"; mso-highlight: yellow;"><span style="font-family: Calibri;">The penalty for deliberate or inadvertent disclosure of any information by any staff member (management, board, professional staff, line employee, etc.) found to have violated this policy may include disciplinary action, up to and including termination of employment, possible civil and/or criminal prosecution to the full extent of the law.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">8. Responsibility of management </span></u></b><u><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><span style="mso-spacerun: yes;"> </span><o:p></o:p></span></u></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><span style="font-family: Calibri;">All <Company> personnel should use these guidelines in securing <b style="mso-bidi-font-weight: normal;"><i style="mso-bidi-font-style: normal;"><Company> Restricted</i></b> and <b style="mso-bidi-font-weight: normal;"><i style="mso-bidi-font-style: normal;"><Company> Confidential</i></b> information to the proper extent possible. All department heads are responsible to supervise the classification activities of all the information managed by their function. A register of such files should be maintained and reported to the senior management of the company. If a manager is not certain of the classification to be applied, he or she should contact a higher level of authority (such as CEO, Ethics Committee, Compliance Committee, Compliance Officer, Legal Department, etc.), as specified by the internal controls policy and practices of the company.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">9. Responsibility of staff </span></u></b><u><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><span style="mso-spacerun: yes;"> </span><o:p></o:p></span></u></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><span style="font-family: Calibri;">If an employee is uncertain of the sensitivity of a particular piece of information, he/she should contact their manager. If an employee feels that their manager is not following these guidelines, he or she should contact a higher level of authority (such as CEO, Compliance Committee, Ethics Office, Compliance Officer, Legal Department, etc.), as specified by the internal controls policy and practices of the company.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";">10. Responsibility of Compliance Officer </span></u></b><u><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><span style="mso-spacerun: yes;"> </span><o:p></o:p></span></u></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-size: 12pt; line-height: 115%; mso-fareast-font-family: "MS Mincho";"><span style="font-family: Calibri;">It is the responsibility of the compliance officer to provide guidance to all personnel on the use of these guidelines, and ensure that these guidelines are complied with. The compliance officer should also report to both the compliance committee and the board, on the basis of the company’s reporting standards, all compliance related activities.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">*Author’s Credentials<o:p></o:p></span></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">John Kyriazoglou, CICA, M.S.,B.A(Hon), is an International IT and Management Consultant, author of the book ‘IT STRATEGIC & OPERATIONAL CONTROLS’ (published in 2010 by <b style="mso-bidi-font-weight: normal;"><u><a href="http://www.itgovernance.co.uk/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.itgovernance.co.uk</span></span></a></u></b>), and co-author of the book CORPORATE CONTROLS’ ( to be published in 2/2012 by <b style="mso-bidi-font-weight: normal;"><u><a href="http://www.theiic.org/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.theiic.org</span></span></a></u></b>), with Dr. F. Nasuti and Dr. C. Kyriazoglou.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">E-Mail: <a href="mailto:jkyriazoglou@hotmail.com"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">jkyriazoglou@hotmail.com</span></span></a><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">Profiles <o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="background: yellow; font-family: "Times New Roman","serif"; mso-ansi-language: EN; mso-highlight: yellow;"><a href="http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919</span></span></a></span></b><span lang="EN" style="background: yellow; mso-ansi-language: EN; mso-highlight: yellow;"><o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="background: yellow; color: #2a2a2a; font-family: "Tahoma","sans-serif"; font-size: 10pt; mso-highlight: yellow;"><a href="http://www.authorsden.com/jkyriazoglou"><span style="color: black; mso-bidi-font-family: Tahoma; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">http://www.authorsden.com/jkyriazoglou</span></span></span></a></span><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="background: yellow; color: #2a2a2a; font-family: "Tahoma","sans-serif"; font-size: 10pt; mso-highlight: yellow;"><a href="http://www.icttf.org/profile/johnkyriazoglou"><span style="color: black; mso-bidi-font-family: Tahoma; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">http://www.icttf.org/profile/johnkyriazoglou</span></span></span></a></span><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><a href="http://www.blogger.com/profile/15482029934015594259"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.blogger.com/profile/15482029934015594259</span></span></a><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">Blogs<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">Articles, Opinions, etc.: <a href="http://corporatecontrols.blogspot.com/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://corporatecontrols.blogspot.com/</span></span></a><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">Publications: <a href="http://johnkyriazoglou-works.blogspot.com/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://johnkyriazoglou-works.blogspot.com/</span></span></a></span></u></b><span style="background: yellow; font-size: 12pt; mso-fareast-font-family: "Times New Roman"; mso-highlight: yellow;"><o:p></o:p></span></div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-91530246565303498582011-11-12T02:49:00.000-08:002011-11-12T02:49:36.926-08:00PRIVACY OF INFORMATION POLICY<div dir="ltr" style="text-align: left;" trbidi="on"> <br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">PRIVACY OF INFORMATION POLICY<o:p></o:p></span></span></u></b></div><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">By John Kyriazoglou* (author’s credentials at the end of this document)<o:p></o:p></span></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">The primary objective of this Privacy of Information Policy is to provide general guidelines for the privacy issues of information activities (collection, use, disclosure, monitoring, etc.) of an organization. This example may be used for educational purposes only and it should be amended to suit the particular organization’s legal and regulatory requirements and operating conditions, before it is put to effective use and is implemented in a real environment. The author assumes no responsibility whatsoever for the contents, suitability and accuracy of this policy.<o:p></o:p></span></span></div><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">An example of such a policy is described next.<span style="mso-tab-count: 1;"> </span><o:p></o:p></span></span><br />
<br />
<div style="background: rgb(229, 229, 229); border: 2.25pt double black; mso-element: para-border-div; mso-pattern: gray-10 black; mso-shading: white; padding: 0in;"> <div class="MsoNormal" style="background: rgb(229, 229, 229); border: currentColor; margin: 0in 0in 10pt; mso-border-alt: double black 2.25pt; mso-padding-alt: 0in 0in 0in 0in; mso-pattern: gray-10 black; mso-shading: white; padding: 0in;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%; mso-bidi-font-family: Times;"><span style="font-family: Calibri;"><span style="mso-spacerun: yes;"> </span></span></span></b><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%; mso-bidi-font-family: Times;"><span style="font-family: Calibri;">Company ‘XYZ-Fictitious Enterprise Corporation’ Privacy of Information Policy</span></span></b><span style="font-size: 10pt; line-height: 115%; mso-bidi-font-family: Times;"><o:p><span style="font-family: Calibri;"> </span></o:p></span></div></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;">1. Purpose of this policy</span></u></b><u><span style="background: aqua; font-size: 12pt; line-height: 115%; mso-highlight: aqua;"><o:p></o:p></span></u></span></div><span style="font-family: Calibri;"><span style="font-size: 12pt; line-height: 115%;">This policy explains how </span><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%; mso-bidi-font-family: Times;">‘XYZ-Fictitious Enterprise Corporation’ </span></b><span style="font-size: 12pt; line-height: 115%; mso-bidi-font-family: Times;">(hereby termed<b style="mso-bidi-font-weight: normal;"> the company</b>) </span><span style="font-size: 12pt; line-height: 115%;">may collect information about customers and use it in order to satisfy particular customer and regulatory requirements. It also outlines some of the security measures that <b style="mso-bidi-font-weight: normal;">the company</b> is taking in order to protect data privacy and provide certain assurances on things that <b style="mso-bidi-font-weight: normal;">the company</b> will not do. <o:p></o:p></span></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">2. Commitment<o:p></o:p></span></span></u></b></div><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%;">The Company</span></b><span style="font-size: 12pt; line-height: 115%;"> considers the protection of the privacy of customer data to be of utmost importance and is committed to providing all customers with a personalized service that meets the requirements of the specific customers in a way that safeguards their privacy. <o:p></o:p></span></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">3. Opportunity to decline<o:p></o:p></span></span></u></b></div><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">When <b style="mso-bidi-font-weight: normal;">the company</b> obtains personal information from you, or when you take a new service from <b style="mso-bidi-font-weight: normal;">the company</b>, we will give you the opportunity to indicate if you do or do not (as applicable) wish to receive information from <b style="mso-bidi-font-weight: normal;">the company</b> about other services or products. <o:p></o:p></span></span><br />
<span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">Normally this will be done by way of a tick box on an application form or contract. You may revise the choice that you have made at any time by writing to <b style="mso-bidi-font-weight: normal;">the company</b> informing us of the change. <o:p></o:p></span></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">4. Personal information collection<o:p></o:p></span></span></u></b></div><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">Some of the personal information <b style="mso-bidi-font-weight: normal;">the company</b> holds about you may be sensitive personal data within the meaning of the Data Protection Act and other relevant laws. <b style="mso-bidi-font-weight: normal;">The company</b> may collect personal information about you from a number of sources, including: (a) from you when you agree to take a service from us in which case this may include your personal and/or business contact details, (b) from you when you contact <b style="mso-bidi-font-weight: normal;">the company</b> with an enquiry or in response to a communication from <b style="mso-bidi-font-weight: normal;">the company</b>, in which case this may tell us something about your preferences, and (c) from publicly available sources.<o:p></o:p></span></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;">5. Use of information</span></u></b><u><span style="font-size: 12pt; line-height: 115%;"> <o:p></o:p></span></u></span></div><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">Information you provide to <b style="mso-bidi-font-weight: normal;">the company</b> or <b style="mso-bidi-font-weight: normal;">the company</b> holds about you may be used by <b style="mso-bidi-font-weight: normal;">the company</b> to: (a) identify you when you make enquiries, (b) help administer, and contact you about improved administration of, any accounts, services and products provided by <b style="mso-bidi-font-weight: normal;">the company</b> previously, now or in the future, (c) carry out marketing analysis and customer profiling and create statistical and testing information, (d) help <b style="mso-bidi-font-weight: normal;">the company</b> to prevent and detect fraud or loss, and (e) contact you by any means (including mail, email, telephone, etc.) about other services and products offered by <b style="mso-bidi-font-weight: normal;">the company</b>, and authorized selected partners. <o:p></o:p></span></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">6. Credit reference checks<o:p></o:p></span></span></u></b></div><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%;">The company, </span></b><span style="font-size: 12pt; line-height: 115%;">in some circumstances, may do certain credit checks with licensed credit reference agencies when you apply to take a service or product. If this is applicable, then it will be stated in the terms and conditions of doing business between you and <b style="mso-bidi-font-weight: normal;">the company</b>. <o:p></o:p></span></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;">7. Disclosure of information</span></u></b><u><span style="font-size: 12pt; line-height: 115%;"> <o:p></o:p></span></u></span></div><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%;">The company</span></b><span style="font-size: 12pt; line-height: 115%;"> may disclose information only where legitimately requested for legal or regulatory purposes, as part of legal proceedings or prospective legal proceedings. <o:p></o:p></span></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;">8. Protection of information</span></u></b><u><span style="font-size: 12pt; line-height: 115%;"> <o:p></o:p></span></u></span></div><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%;">The company</span></b><span style="font-size: 12pt; line-height: 115%;"> maintains strict security measures and controls in order to protect personal information. This includes following certain administrative and security policies, procedures, and practices to check your identity when you telephone us, encrypting data on our websites, backing up data to offsite locations, etc., in order to ensure compliance with all applicable legal requirements. <o:p></o:p></span></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;">9. Internet access</span></u></b><u><span style="font-size: 12pt; line-height: 115%;"> <o:p></o:p></span></u></span></div><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">If you communicate with <b style="mso-bidi-font-weight: normal;">the company</b> via the internet then we may occasionally use e-mail to contact you about our services and products. Please be aware that communications over the Internet, such as emails, are not secure unless they have been encrypted. T<b style="mso-bidi-font-weight: normal;">he company </b>cannot accept responsibility for any unauthorized access or loss of personal information that is beyond <b style="mso-bidi-font-weight: normal;">the company’s </b>control. We may use "cookies" to monitor website user traffic patterns and site usage. You can normally alter the settings of your browser to prevent acceptance of cookies. However, rejecting cookies may affect your ability to use some of the products and/or services at <b style="mso-bidi-font-weight: normal;">the company’s </b>web site.<o:p></o:p></span></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;">10. Monitoring of communications</span></u></b><u><span style="font-size: 12pt; line-height: 115%;"> <o:p></o:p></span></u></span></div><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">All<b style="mso-bidi-font-weight: normal;"> Company</b> communications with you (including phone conversations, emails, etc.) may be monitored and recorded by <b style="mso-bidi-font-weight: normal;">the company</b> for security, quality assurance, legal, regulatory and training purposes.<o:p></o:p></span></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-size: 12pt; line-height: 115%;"><o:p><span style="font-family: Calibri;"> </span></o:p></span></b><b style="mso-bidi-font-weight: normal;"><u><span style="font-size: 12pt; line-height: 115%;"><span style="font-family: Calibri;">*Author’s Credentials<o:p></o:p></span></span></u></b></div><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">John Kyriazoglou, CICA, M.S.,B.A(Hon), is an International IT and Management Consultant, author of the book ‘IT STRATEGIC & OPERATIONAL CONTROLS’ (published in 2010 by <b style="mso-bidi-font-weight: normal;"><u><a href="http://www.itgovernance.co.uk/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.itgovernance.co.uk</span></span></a></u></b>), and co-author of the book CORPORATE CONTROLS’ ( to be published in 2/2012 by <b style="mso-bidi-font-weight: normal;"><u><a href="http://www.theiic.org/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.theiic.org</span></span></a></u></b>), with Dr. F. Nasuti and Dr. C. Kyriazoglou.<o:p></o:p></span><br />
<br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">E-Mail: <a href="mailto:jkyriazoglou@hotmail.com"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">jkyriazoglou@hotmail.com</span></span></a><o:p></o:p></span></u></b></div><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">Profiles <o:p></o:p></span></u></b><br />
<b style="mso-bidi-font-weight: normal;"><span lang="EN" style="background: yellow; font-family: "Times New Roman","serif"; mso-ansi-language: EN; mso-highlight: yellow;"><a href="http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919</span></span></a></span></b><span lang="EN" style="background: yellow; mso-ansi-language: EN; mso-highlight: yellow;"><o:p></o:p></span><br />
<span style="background: yellow; color: #2a2a2a; font-family: "Tahoma","sans-serif"; font-size: 10pt; mso-highlight: yellow;"><a href="http://www.authorsden.com/jkyriazoglou"><span style="color: black; mso-bidi-font-family: Tahoma; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">http://www.authorsden.com/jkyriazoglou</span></span></span></a></span><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><o:p></o:p></span></u></b><br />
<span style="background: yellow; color: #2a2a2a; font-family: "Tahoma","sans-serif"; font-size: 10pt; mso-highlight: yellow;"><a href="http://www.icttf.org/profile/johnkyriazoglou"><span style="color: black; mso-bidi-font-family: Tahoma; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">http://www.icttf.org/profile/johnkyriazoglou</span></span></span></a></span><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><o:p></o:p></span></u></b><br />
<b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><a href="http://www.blogger.com/profile/15482029934015594259"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.blogger.com/profile/15482029934015594259</span></span></a><o:p></o:p></span></u></b><br />
<br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">Blogs<o:p></o:p></span></u></b></div><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">Articles, Opinions, etc.: <a href="http://corporatecontrols.blogspot.com/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://corporatecont<span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">rols.blogspot.com/</span></span></span></a><o:p></o:p></span></u></b><br />
<b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">Publications: <a href="http://johnkyriazoglou-works.blogspot.com/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://johnkyriazoglou-works.blogspot.com/</span></span></a></span></u></b><b><u><span style="font-family: "Times New Roman","serif";"><o:p></o:p></span></u></b><br />
<br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-30620496282339888492011-11-04T01:11:00.000-07:002011-11-04T01:11:11.896-07:00IT CONTROLS BOOK-FREE MATERIAL<div dir="ltr" style="text-align: left;" trbidi="on"> <b style="mso-bidi-font-weight: normal;"><u><span style="background: aqua; font-family: "Times New Roman","serif"; font-size: 14pt; mso-highlight: aqua;">PLEASE SEE MY TWO IT CONTROLS BOOKS <span style="mso-spacerun: yes;"> </span><o:p></o:p></span></u></b><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><u><span style="background: aqua; color: #190026; font-family: "Times New Roman","serif"; font-size: 14pt; mso-highlight: aqua;">BOOK (1): 'IT STRATEGIC AND OPERATIONAL CONTROLS’</span></u></b><b><u><span style="color: #190026; font-family: "Times New Roman","serif"; font-size: 14pt;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><span style="color: #190026; font-family: "Times New Roman","serif"; font-size: 11pt;">Author: John Kyriazoglou, Publisher: IT Governance Publishing<o:p></o:p></span></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; font-family: "Times New Roman","serif"; font-size: 11pt; mso-bidi-font-weight: bold;">ISBN: 978-1-84928-061-7, Pages: 686, Format: Softcover, Date: 2 September 2010<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 11pt; mso-ansi-language: EN;">Available at:</span></b><span style="font-family: "Times New Roman","serif"; font-size: 11pt;"><o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; font-family: "Times New Roman","serif"; font-size: 11pt; mso-bidi-font-weight: bold;">PRINTED VERSION:<span style="mso-spacerun: yes;"> </span></span><b><i style="mso-bidi-font-style: normal;"><u><span style="color: #0070c0; font-family: "Times New Roman","serif"; font-size: 11pt;">www.itgovernance.co.uk/products/3066</span></u></i></b><i style="mso-bidi-font-style: normal;"><span style="color: #190026; font-family: "Times New Roman","serif"; font-size: 11pt; mso-bidi-font-weight: bold;"> <o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; font-family: "Times New Roman","serif"; font-size: 11pt; mso-bidi-font-weight: bold;">E-BOOK FORMAT VERSION:<span style="mso-spacerun: yes;"> </span></span><b><i style="mso-bidi-font-style: normal;"><u><span style="color: #0070c0; font-family: "Times New Roman","serif"; font-size: 11pt;">www.itgovernance.co.uk/products/3067</span></u></i></b><i style="mso-bidi-font-style: normal;"><span style="color: #0070c0; font-family: "Times New Roman","serif"; font-size: 11pt; mso-bidi-font-weight: bold;"> <o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; font-family: "Times New Roman","serif"; font-size: 11pt; mso-bidi-font-weight: bold;">These can also be purchased from other major world distributors (e.g. AMAZON), etc.) and bookstores in several countries (England, India, Switzerland, Canada, Australia, Japan, etc.). <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;"><o:p><span style="font-family: Cambria;"> </span></o:p></span><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; mso-ansi-language: EN; mso-bidi-font-family: Cambria;">For a FULL LIST of CONTENTS<span style="mso-spacerun: yes;"> </span>and a SAMPLE of what is contained in this book, please see:</span></b><b><span lang="EN" style="font-family: "Times New Roman","serif"; mso-bidi-font-family: Cambria;"> </span></b><span lang="EN" style="mso-ansi-language: EN;"><a href="http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Times New Roman","serif"; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919</span></span></b></a><o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span lang="EN" style="mso-ansi-language: EN;"><span style="font-family: Cambria;">And follow to ‘Published Books/IT_CONTROLS_BOOK_Contents_Sample.PDF’.<o:p></o:p></span></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: Cambria;">Also access via </span><b><span style="color: black; font-family: "Arial","sans-serif"; font-size: 9pt;"><a href="http://www.archive.org/details/IT_CONTROLS_BOOK_CONTENTS_SAMPLE"><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">http://www.archive.org/details/IT_CONTROLS_BOOK_CONTENTS_SAMPLE</span></span></span></a><o:p></o:p></span></b></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><o:p><span style="font-family: Cambria;"> </span></o:p><b style="mso-bidi-font-weight: normal;"><u><span style="color: #202020; font-family: "Times New Roman","serif";">Book Testimonial<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #202020; font-family: "Verdana","sans-serif"; font-size: 9pt;">'John Kyriazoglou has produced a book that is very thorough, useful and a good source of information on a complex subject area ... John Kyriazoglou has a wealth of experience in this area and he has shared this well with the wider community. His book is a welcome addition to the field.'<br />
<br />
Rob Ratcliff, UKSMA Chair (2011)</span><b><o:p></o:p></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><u><span style="background: aqua; color: #190026; mso-highlight: aqua;"><o:p><span style="text-decoration: none;"></span></o:p></span></u></b></div><div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><u><span style="background: aqua; color: #190026; font-family: "Times New Roman","serif"; font-size: 14pt; mso-highlight: aqua;">BOOK (2): ‘ ADDENDUM to IT STRATEGIC AND OPERATIONAL CONTROLS’</span></u></b><b><u><span style="color: #190026; font-family: "Times New Roman","serif"; font-size: 14pt;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="font-family: "Courier New";">ISBN 978-1-84928-075-4. </span><span style="font-family: Cambria;"><b><i style="mso-bidi-font-style: normal;"><u><span style="color: #0070c0;">www.itgovernance.co.uk/products/3143</span></u></i></b><span style="color: #190026; mso-bidi-font-weight: bold;"> <o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="mso-bidi-font-weight: bold;"><span style="font-family: Cambria;">This separate volume contains Customisable IT audit programmes and checklists in word format.<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #202020; font-family: "Verdana","sans-serif"; font-size: 9pt;"><o:p> </o:p></span><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; mso-ansi-language: EN; mso-bidi-font-family: Cambria;">For a FULL LIST of CONTENTS <span style="mso-spacerun: yes;"> </span>and a SAMPLE of what is contained in this book, please see:</span></b><b><span lang="EN" style="font-family: "Times New Roman","serif"; mso-bidi-font-family: Cambria;"> </span></b><span lang="EN" style="mso-ansi-language: EN;"><a href="http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919"><b style="mso-bidi-font-weight: normal;"><span style="color: black; font-family: "Times New Roman","serif"; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919</span></span></b></a><o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span lang="EN" style="mso-ansi-language: EN;"><span style="font-family: Cambria;">And follow to ‘Published Books/IT_CONTROLS_BOOK_Contents_Sample.PDF’.<o:p></o:p></span></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: Cambria;">Also access via </span><b><span style="color: black; font-family: "Arial","sans-serif"; font-size: 9pt;"><a href="http://www.archive.org/details/IT_CONTROLS_BOOK_CONTENTS_SAMPLE"><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">http://www.archive.org/details/IT_CONTROLS_BOOK_CONTENTS_SAMPLE</span></span></span></a><o:p></o:p></span></b></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div><div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><u><span style="background: aqua; color: #190026; font-family: "Times New Roman","serif"; font-size: 14pt; mso-highlight: aqua;">PDF: ‘ IT_CONTROLS_EXAM_MCQs</span></u></b><b><u><span style="color: #190026; font-family: "Times New Roman","serif"; font-size: 14pt;">’<o:p></o:p></span></u></b></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: "Times New Roman","serif"; font-size: 14pt;"><o:p> </o:p></span><span style="font-family: "Times New Roman","serif"; mso-bidi-font-family: Cambria;">This document </span><span style="background: yellow; mso-highlight: yellow;"><span style="font-family: Cambria;">contains <span style="color: #190026;">100 Multiple Choice Questions (and Answers) which are based on the book by John Kyriazoglou (‘IT STRATEGIC AND OPERATIONAL CONTROLS’, as described above) and is available, free of charge, as described next.<o:p></o:p></span></span></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span lang="EN" style="mso-ansi-language: EN;"><span style="font-family: Cambria;">See link, </span></span><b style="mso-bidi-font-weight: normal;"><span lang="EN" style="font-family: "Times New Roman","serif"; mso-ansi-language: EN;"><a href="http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919</span></span></a></span></b><span lang="EN" style="mso-ansi-language: EN;"><o:p></o:p></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span lang="EN" style="mso-ansi-language: EN;"><span style="font-family: Cambria;">And follow to ‘<span style="background: yellow; mso-highlight: yellow;">Published Books/IT_CONTROLS_EXAM_MCQs.PDF’.</span><o:p></o:p></span></span></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><span style="font-family: Cambria;">Also access via </span><a href="http://www.archive.org/details/ItControlsExaminationMcqs"><b><span style="color: black; font-family: "Arial","sans-serif"; font-size: 9pt; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.archive.org/details/ItControlsExaminationMcqs</span></span></b></a><o:p></o:p></div><br />
<div class="MsoNoSpacing" style="margin: 0in 0in 0pt;"><br />
</div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-72479171996538242572011-10-22T04:13:00.000-07:002011-10-22T04:13:17.877-07:00HOW TO AVOID INTERNAL BUSINESS FRAUD<div dir="ltr" style="text-align: left;" trbidi="on"> <b style="mso-bidi-font-weight: normal;"><u><span style="background: yellow; color: #1e1e1e; font-family: "Times New Roman","serif"; mso-highlight: yellow;">HOW TO AVOID INTERNAL BUSINESS FRAUD<o:p></o:p></span></u></b><br />
<br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">A question was recently put in a discussion group, ‘</span></u></b><b style="mso-bidi-font-weight: normal;"><u><span style="background: yellow; color: #1e1e1e; font-family: "Times New Roman","serif"; mso-highlight: yellow;">What can you do to keep your business from becoming the victim of internal fraud?’</span></u></b><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">.</span></u></b><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="background-color: yellow;"><b><span style="background: yellow; color: #1e1e1e; font-family: "Times New Roman","serif"; mso-highlight: yellow;">The simple answer ‘Don’t trust anyone (Don’t trust job applicants, Don’t trust employees Don’t trust your partners)</span></b><b><span style="color: #1e1e1e; font-family: "Times New Roman","serif";">’ was offered by one writer. </span></b></span><span style="color: #1e1e1e; font-family: "Times New Roman","serif";"><br />
<br />
</span><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">I think the issue is much more complicated than simply not trusting anyone! IF YOU PORTRAY ‘ NO TRUST’ to all your business partners, employees, customers, etc., without taking the proper measures, you will likely make everyone want to commit fraud and prove you right, in your working environment!<span style="mso-spacerun: yes;"> </span></span></u></b><b style="mso-bidi-font-weight: normal;"><u><span style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt;">The desire for security is a key subconscious motivator in developing trusting relationships in an any organization.</span><span style="color: black;"><br />
<span style="font-family: Calibri;"> <br />
</span></span></u></b><span style="background-color: white;"><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">Let us not forget that as Aristotle </span><span lang="EN" style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN; mso-highlight: yellow;">(384-322 BC), writing in the <i>Rhetoric</i>, suggested that Ethos, the Trust of a speaker by the listener, was based on the listener's perception of three characteristics of the speaker: the intelligence of the speaker (correctness of opinions, or competence), the character of the speaker (reliability - a competence factor, and honesty - a measure of intentions), and the goodwill of the speaker (fri3ndship, favorable intentions towards the listener).<o:p></o:p></span></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;"><o:p> </o:p></span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Furthermore, my opinion is that you do need a friendly and trustworthy working environment but it should be complemented by a Corporate Controls Framework with control mechanisms at five levels: <span style="mso-spacerun: yes;"> </span></span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">1. Corporate </span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;">Philosophy Controls (</span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Vision Statement, Mission Statement, Values Statement, Corporate Ethics Policy, Corporate Social Responsibility Policy, Corporate Ethics Office, </span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;">etc.), <o:p></o:p></span></div><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;">2. Corporate Governance Controls (such as risk management, internal audit, compliance office, <span style="mso-spacerun: yes;"> </span>security standards, Board of Directors Charter, </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Corporate Committees</span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;">, </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Corporate Policies</span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;">, Corporate Processes and Plans, etc.), <o:p></o:p></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;">3. Strategic Management Controls (vision, mission, strategy, targets, </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Corporate Strategic Planning Committee</span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;">, </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Strategic Plans</span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;">, Strategic Budgets, Strategy Implementation Action Plans, etc.), <o:p></o:p></span></div>4<span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;">. Monitoring and Review Controls, and <o:p></o:p></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;">5. Operational Management Controls (administration procedures, HUMAN RESOURCE MANAGEMENT controls, etc.).<o:p></o:p></span></div><b><span lang="EN-AU" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-AU;">The primary purpose of</span></b><span lang="EN-AU" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-AU; mso-bidi-font-weight: bold;"> <b>human resource management controls</b> is to enable and facilitate the management of the human resources of any organization. </span><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">The main types</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;"> <b style="mso-bidi-font-weight: normal;">of human resource controls</b> are: Human Rights Policy</span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;">, </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Benefits and Personnel Committee</span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;">, </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Personnel </span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;">Administration Procedures, </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Employee Management Policies and Procedures Handbook, Human Resource (HR) Systems, and Human Resource Performance Measures</span><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;">.</span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><a href="" name="_Toc232240057"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Some of the most typical HR systems are: <b style="mso-bidi-font-weight: normal;">HR Hiring and Dismissal System, HR Planning System, Personnel Career Development System, HR Performance Management System, Organizational Work Evaluation System, Benefits and Incentives System, HR Computerized Information System, </b></span></a><a href="" name="_Toc265767337"><span style="mso-bookmark: _Toc232240057;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">and <span style="mso-bidi-font-weight: bold;">Personnel Administration Procedures</span></span></b></span></a><b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;"> (</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">screening, employment contracts and job descriptions, supervision, human resource plans, a<span style="color: black;">uthorization controls,</span> segregation of duties, rotation of duties, vacation taking, adoption of professional ethical standards, and employee documentation).<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">In closing, we should all remember the following quotation of <b><span style="color: #333333;">Ralph Waldo Emerson: <o:p></o:p></span></b></span></div><span style="color: #333333; font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">”Trust men and they will be true to you; treat them greatly, and they will show themselves great.”<o:p></o:p></span><br />
<br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">John Kyriazoglou (<a href="mailto:jkyriazoglou@hotmail.com"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">jkyriazogl<span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">ou@hotmail.com</span></span></span></a>)<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><o:p><span style="text-decoration: none;"></span></o:p></span></u></b></div><div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">PROFILES of John Kyriazoglou: <o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="background: yellow; color: #2a2a2a; font-family: "Tahoma","sans-serif"; font-size: 10pt; mso-highlight: yellow;"><a href="http://www.authorsden.cpm/jkyriazoglou"><span style="color: black; mso-bidi-font-family: Tahoma; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">http://www.authorsden.cpm/jkyriazoglou</span></span></span></a></span><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><o:p></o:p></span></u></b></div><span style="background: yellow; color: #2a2a2a; font-family: "Tahoma","sans-serif"; font-size: 10pt; mso-highlight: yellow;"><a href="http://www.icttf.org/profile/johnkyriazoglou"><span style="color: black; mso-bidi-font-family: Tahoma; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">http://www.icttf.org/profile/johnkyriazoglou</span></span></span></a></span><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><o:p></o:p></span></u></b><br />
<b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><a href="http://www.blogger.com/profile/15482029934015594259"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://www.blogger.com/profile/15482029934015594259</span></span></a><o:p></o:p></span></u></b><br />
<br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><o:p><span style="text-decoration: none;"></span></o:p></span></u></b></div><div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;">BLOGS OF John Kyriazoglou<o:p></o:p></span></u></b></div><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><a href="http://digital-society-and-economy.blogspot.com/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://digital-society-and-economy.blogspot.com/</span></span></a><o:p></o:p></span></u></b><br />
<b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><a href="http://meliorate-your-life.blogspot.com/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://meliorate-your-life.blogspot.com/</span></span></a><o:p></o:p></span></u></b><br />
<b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><a href="http://helpandsupportgreece.blogspot.com/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://helpandsupportgreece.blogspot.com/</span></span></a><o:p></o:p></span></u></b><br />
<b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><a href="http://corporatecontrols.blogspot.com/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://corporatecontrols.blogspot.com/</span></span></a><o:p></o:p></span></u></b><br />
<b><u><span style="background: yellow; font-family: "Times New Roman","serif"; mso-highlight: yellow;"><a href="http://johnkyriazoglou-works.blogspot.com/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">http://johnkyriazoglou-works.blogspot.com/</span></span></a></span></u></b><b><u><span style="font-family: "Times New Roman","serif";"><o:p></o:p></span></u></b><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><span style="color: #333333; font-family: "Verdana","sans-serif"; font-size: 9pt; line-height: 115%; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-fareast;"><span style="mso-spacerun: yes;"> </span></span><span lang="EL" style="display: none; font-family: "Arial","sans-serif"; font-size: 8pt; line-height: 115%; mso-ansi-language: EL; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-fareast; mso-hide: all;">Αρχή</span><span lang="EL" style="display: none; font-family: "Arial","sans-serif"; font-size: 8pt; line-height: 115%; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-fareast; mso-hide: all;"> </span><span lang="EL" style="display: none; font-family: "Arial","sans-serif"; font-size: 8pt; line-height: 115%; mso-ansi-language: EL; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-fareast; mso-hide: all;">φόρμας</span></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-7356427818378643842011-10-19T01:38:00.000-07:002011-10-19T01:38:03.892-07:00<div dir="ltr" style="text-align: left;" trbidi="on"> <br />
<h2 style="margin: 12pt 0in 3pt 81pt; tab-stops: .5in; text-indent: -81pt;"><a href="" name="_Toc265767149"><u><span style="font-family: "Times New Roman","serif"; font-size: 16pt; font-style: normal; line-height: 115%; mso-bidi-font-style: italic; mso-bidi-font-weight: normal;">Why are corporate controls needed in the present Digital Era</span></u></a><span style="mso-bookmark: _Toc265767149;"><u><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 16pt; font-style: normal; line-height: 115%; mso-ansi-language: EN-GB; mso-bidi-font-style: italic;"><o:p></o:p></span></u></span></h2><span style="mso-bookmark: _Toc265767149;"></span> <br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-font-kerning: 16.0pt;">John KYRIAZOGLOU, M.S., B.A (Hon.), Management Consultant<o:p></o:p></span></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span style="color: navy; font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-font-kerning: 16.0pt;">Author of ‘IT STRATEGIC & OPERATIONAL CONTROLS’ (<a href="http://www.itgovernance.co.uk/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.itgovernance.co.uk</span></span></a>),<o:p></o:p></span></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span style="color: navy; font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-font-kerning: 16.0pt;">And co-author of ‘CORPORATE CONTROLS’, to be published by <a href="http://www.theiic.org/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.theiic.org</span></span></a>, by 12/2011<o:p></o:p></span></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">A question was recently put in a discussion group whether corporate controls were indeed necessary in the present DIGITAL SOCIETY and ECONOMY.</span></u></b><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span style="background: lime; font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-highlight: lime;">My comments follow:</span></b><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">We live, at least in most Western countries, in a post-industrial society, in the knowledge society, also known as the information society. The new life-style (modus vivendi, in the sociological vernacular) enforces upon all of us a new set of operational factors and transactional characteristics in our societal and human interactions, a new socio-economic operating mode (modus operandi in the sociological vernacular). <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">This set of social interactions is permeated and driven by several socio-technical factors and functional characteristics, such as: <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(a)Globalization of markets, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(b)Liberalization of markets, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(c)Services economy, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(d)Lack of governance controls in international fiscal and financial markets, transactions and activities, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(e)Very fast developments in the fields of Information Technology, Communications, Biology, Medicine, Management, etc., <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(f) Information plurality, diffusion and potential information over-loading, Increase of the leverage and focus on the needs of customers, the so-called customer-focus approach in all dealings, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(g) Differentiation of the needs and increase of the expectations of better provision of services to citizens, the so-called citizen-based service approach in all public-sector exchanges and transactions, and <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(h) Reduction and de-strengthening of the traditional government model of a large central organization to a model of organization based on a de-centralized approach. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">All of these, interacting and inter-connected in different sets, make up a new social, economic, technological, moral and political framework, within which society, economy, enterprises, government, non-profit organizations, communities, citizens, etc., operate and function productively.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">New and more complicated roles are being created for the state (central administration, regional forms of government, local governments, etc.), for the business entities (small size, middle size, large size, conglomerate, international enterprises, etc.), and for organizations of the main public sector and related public regulatory authorities, with greater expectations for improved quality of life, and socio-economic advancement and development, in all industrial sectors and socio-economic environments. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">The noted management guru Charles Handy supports the view that we must re-examine the basic principles that govern the running of enterprises and think from scratch of what is the basic objective of doing business. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">At the level of organizations (private, public, non-profit, non-governmental, etc.) rapid changes are taking place on a continuous basis.<span style="mso-spacerun: yes;"> </span>This is due to the impact of innovative approaches of researching and designing new products and services (e.g., via the Web), the tremendous effect of quick and accurate information provided by ITC (Information Technology and Communications) infrastructure and systems, and to the new asset evaluating models. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Traditionally, organizations (at least in the private, for-profit sector) valued only physical assets (buildings, land, vehicles, heavy equipment, installations, plants, etc.), sales inventories, and profits. Presently, technology know-how, good-will and brand names, computer systems and application software, office automated support tools (Excel spreadsheet applications, etc.), electronic commerce and electronic data<span style="mso-spacerun: yes;"> </span>distribution services, etc., must also be added as valued assets to the balance sheet of organizations.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">The model and the role of the classical state is also changing, within the framework of the European Union, as well as within the framework of the international environment, with the approach of electronic government, the model for citizen one-stop shop services, and the devolvement of authorities and responsibilities to the regional and local level (prefecture, wide metropolitan area governments, city level, community, neighborhood level), etc. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">All these new and very quickly developed roles are required for: <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(1) Quicker and more effective service (in relation to costs and benefits)<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(2) Better management and more efficient use of global resources <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(3) More proper (ethical, ecology-friendly) resource management by all industries, in all countries<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(4) Continuous improvement in the quality of products and services provided, in social and citizen participation, in the commitment to democratic<span style="mso-spacerun: yes;"> </span>institutions and customer services, for all stakeholders (people and<span style="mso-spacerun: yes;"> </span>organizations) <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(5) Minimization if not total reduction of social, public sector and business fraud and corruption<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(6) Better understanding of what has gone wrong in private and public organizations and what must be done to get things right. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">All of these may be implemented on the basis of strategy (organizational philosophy, external regulations, strategy, risk and change management, and performance measurement) and management controls (at the strategic and operational levels, a management information system, and the reporting, communications, audit , monitoring and review activities), i.e. the two complementary support pillars of a Corporate Controls Framework.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">The <b style="mso-bidi-font-weight: normal;">socio-economic needs</b> in the present DIGITAL SOCIETY and ECONOMY for the establishment and existence of a Corporate Controls Framework to cover both the historical context (i.e. conformance) and the future forward-looking view (i.e. performance) will be based on the major concept that for the achievement of all of the above, there exists a requirement for the design and implementation of a new operating model for private corporations and public organizations, consisting of: <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(i) creation and implementation of strategic objectives, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(ii) best and most optimal use of resources (social, corporate), <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(iii) measurement of produced and delivered goods, services and target achievements, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(iv) monitoring and improvement efforts on a timely and continuous basis, in other words on performance, and <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">(v) a set of strategic and operational controls which includes a Compliance Monitoring and Performance Management Systems for collecting performance data, monitoring, reviewing, and improving performance and compliance. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none; mso-pagination: none;"><i style="mso-bidi-font-style: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">All of these are very critical and should be studied further and practical solutions proposed by think tanks, professional societies, scientists and researchers across the globe.<o:p></o:p></span></i></div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-87342137554502345632011-10-19T01:18:00.000-07:002011-10-19T01:18:41.003-07:00STRATEGIC AND OPERATIONAL CONTROLS<div dir="ltr" style="text-align: left;" trbidi="on"> <a href="" name="_Toc265767149"><u><span style="font-family: "Times New Roman","serif"; font-size: 16pt; font-style: normal; line-height: 115%; mso-bidi-font-style: italic; mso-bidi-font-weight: normal;">Strategic and Operational Controls</span></u></a><span style="mso-bookmark: _Toc265767149;"><u><span lang="EN-GB" style="font-family: "Times New Roman","serif"; font-size: 16pt; font-style: normal; line-height: 115%; mso-ansi-language: EN-GB; mso-bidi-font-style: italic;"><o:p></o:p></span></u></span><br />
<span style="mso-bookmark: _Toc265767149;"></span> <br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-font-kerning: 16.0pt;">John KYRIAZOGLOU, M.S., B.A (Hon.), Management Consultant<o:p></o:p></span></b></div><b style="mso-bidi-font-weight: normal;"><span style="color: navy; font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-font-kerning: 16.0pt;">Author of ‘IT STRATEGIC & OPERATIONAL CONTROLS’ (<a href="http://www.itgovernance.co.uk/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.itgovernance.co.uk</span></span></a>),<o:p></o:p></span></b><br />
<b style="mso-bidi-font-weight: normal;"><span style="color: navy; font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-font-kerning: 16.0pt;">And co-author of ‘CORPORATE CONTROLS’, to be published by <a href="http://www.theiic.org/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.theiic.org</span></span></a>, by 12/2011<o:p></o:p></span></b><br />
<br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">A question was recently put in a discussion group about the distinction between strategic and operational controls and how they interact in a corporate environment.</span></u></b><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b style="mso-bidi-font-weight: normal;"><span style="background: lime; font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%; mso-highlight: lime;">My comments follow:</span></b><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Control</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;"> is one of the managerial functions like planning, organizing, staffing and directing. It is an important function because it helps to check the errors and to take the corrective action so that deviation from standards are minimized and stated goals of the organization are achieved in desired manner. Control in management means setting standards, measuring actual performance and taking corrective action. </span></div><div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;"></span><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Management control</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;"> in a corporate environment can be defined as a systematic effort by business management to compare performance to predetermined standards, plans, or objectives in order to determine whether performance is in line with these standards and presumably in order to take any remedial action required to see that human and other corporate resources are being used in the most effective and efficient way possible in achieving corporate objectives.<o:p></o:p></span></div><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Planning</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;"> is a process by which an organization's objectives and the methods to achieve the objectives are established, and controlling is a process which measures and directs the actual performance against the planned objectives of the organization. Thus, planning and control are often referred to as Siamese twins of management.<o:p></o:p></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">The direction for overall management control comes from the <b style="mso-bidi-font-weight: normal;">general strategic goals and strategic plans </b>of the organization. General strategic plans are translated into specific performance measures such as share of the market, earnings, return on investment, budgets, customer satisfaction, etc.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">The process of <b style="mso-bidi-font-weight: normal;">strategic and operational </b>control is to review and evaluate the performance of the system against these established norms. Rewards for meeting or exceeding standards may range from special recognition to salary increases or promotions. On the other hand, a failure to meet expectations may signal the need to reorganize (organizational control), change strategic direction or redesign (strategic control). <o:p></o:p></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">In contrast to strategic control, <b style="mso-bidi-font-weight: normal;">operational control</b> serves to regulate the day-to-day output relative to schedules, specifications, and costs, by the formulation of policies and execution of corresponding procedures. Is the output of product or service the proper quality and is it available as scheduled? Are inventories of raw materials, goods-in-process, and finished products being purchased and produced in the desired quantities? Are the costs associated with the transformation process in line with cost estimates? Is the information needed in the transformation process available in the right form and at the right time? Is the energy resource being utilized efficiently?<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">The purpose</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;"> of strategic control is to see that the specified function is achieved. The objective of operational control is to ensure that variations in daily output are maintained within prescribed limits. It is one thing to design a system that contains all of the elements of control, and quite another to make it operate true to the best objectives of design. Operating "in control" or "with plan" does not guarantee optimum performance. <o:p></o:p></span></div><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Operational control systems are designed to ensure that day-to-day actions are consistent with established plans and objectives. It focuses on events in a recent period. Operational control systems are derived from the requirements of the management control system. <o:p></o:p></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">The differences between strategic and operational control</span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;"> are highlighted by reference to a set of main fundamental differences between strategic and operational management, as depicted next.<o:p></o:p></span></div><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Strategic Management is very ambiguous, most complex, organization-wide, most critical to survival and has long-term implications. Operational Management on the contrary, is less ambiguous, les complex, specific to functions, less critical to survival and has short-term implications.<o:p></o:p></span><br />
<br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Strategic and operational controls </span></b><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">are usually expressed by <b style="mso-bidi-font-weight: normal;">strategic and operational performance measures</b> and by <b style="mso-bidi-font-weight: normal;">compliance measures</b>.<o:p></o:p></span></div><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Strategic and operational performance measures are designed and implemented by models such as the BSC. Compliance measures are designed and implemented by internal control frameworks, such as: COSO Framework, Sarbanes-Oxley Act, BIS Framework, etc.<o:p></o:p></span><br />
</div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-62837866371730318472011-10-17T01:59:00.001-07:002011-10-17T01:59:52.172-07:00CYBER DIPLOMACY<div dir="ltr" style="text-align: left;" trbidi="on"> <b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">CYBER DIPLOMACY<o:p></o:p></span></u></b><br />
<br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">A question was recently put in a BLOG, whether CYBER DIPLOMACY should be studied and pursued as a distinct activity.</span></u></b><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="font-family: "Times New Roman","serif";">I think that CYBER DIPLOMACY should be a field of study and a practice on its own.<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;">The term ‘CYBER’ is referring to the science of cybernetics, and it is derived from the Greek verb ‘<span lang="EL" style="mso-ansi-language: EL;">ΚΥΒΕΡΝΑΩ</span>’ (‘Kybernao’), which means ‘TO STEER’ and which is the root of our present concept ‘TO GOVERN’. It describes both the idea of NAVIGATION through a space of <span style="mso-spacerun: yes;"> </span>interconnected networks of computers and electronic data, and of CONTROLS which is achieved by manipulating those NETWORKS <span style="mso-spacerun: yes;"> </span>and DATA.<span lang="EN" style="mso-ansi-language: EN;"><o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">The term ‘DIPLOMACY’ is referring to the art, methods and practice of conducting <b style="mso-bidi-font-weight: normal;">negotiations </b>between representatives of groups, local or international organizations (e.g. U.N.), or sovereign (e.g. U.S.) or semi-sovereign states (Canadian Province, Australian States, etc.). It is derived from the Greek word </span><span lang="EN" style="color: black; font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">DIPLOMA, which means ‘LICENCE’ or ‘CHART’ (originally defining a paper folded in a double manner).<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">Negotiation</span></b><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;"> is a DIALOGUE between two or more parties, intended to reach an understanding, resolve point of difference, etc., and finally to produce an agreement upon a course of action to settle the issues to a satisfactory level for both parties.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">In its current version DIPLOMACY pertains to the </span><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">conduct of international relations through the interactive activities of NEGOTIATION of professional diplomats with regard to issues of <b style="mso-bidi-font-weight: normal;">trade, human rights, peace-making, war, economics, environment, trade,</b> etc.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div><br />
<div class="MsoNormal" style="background: white; line-height: 15pt; margin: 0in 0in 7.5pt;"><span lang="EN" style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-ansi-language: EN;">To these issues, it is prudent to add the <b style="mso-bidi-font-weight: normal;">CYBER ISSUES</b>. And as </span><span style="color: #252525; font-family: "Times New Roman","serif"; font-size: 12pt; mso-fareast-font-family: "Times New Roman";">Secretary of State Hillary Rodham Clinton proclaimed (February 15, 2011): “The Internet has become the public space of the 21st century…We all shape and are shaped by what happens there, all 2 billion of us and counting. And that presents a challenge. To maintain an Internet that delivers the greatest possible benefits to the world, we need to have a serious conversation about the principles that will guide us…”<br style="mso-special-character: line-break;" /> <br style="mso-special-character: line-break;" /> <o:p></o:p></span></div><br />
<div class="MsoNormal" style="background: white; line-height: 15pt; margin: 0in 0in 7.5pt;"><span style="color: #252525; font-family: "Times New Roman","serif"; font-size: 12pt; mso-fareast-font-family: "Times New Roman";">Also as we all </span><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">rely, more and more, on computers and the internet now (communications, email, cellphones, entertainment, car engine systems, airplane navigation control systems, online stores, credit cards, medical equipment, medical records, etc.), weak-technologically nations are at a big disadvantage vis-à-vis their strong-technologically nations<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">For all these reasons, and to resolve the most critical issues in today’s societies related to the CYBERSPACE and its best use, exploitation and control, CYBER DIPLOMACY should be instituted, both as a field of study as well as a set of activities to be carried out by the DIPLOMATS, in order to reach a more harmonic balance in the international activities of nations.<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-70249428150917787782011-10-17T00:25:00.000-07:002011-10-17T00:25:34.683-07:00Performance Audit Questionnaire for a Board of Directors<div dir="ltr" style="text-align: left;" trbidi="on"> <b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">Performance Audit Questionnaire for a Board of Directors<o:p></o:p></span></u></b><br />
<br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">A question was recently put in a discussion group, whether there exists a simple, yet powerful tool for a quick assessment of the performance of a Board of Directors by Auditors.<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">One generic example I have used is noted below.<o:p></o:p></span></div><a href="" name="_Toc88912497"><u><span style="font-family: "Courier New"; font-size: 14pt;"><span style="color: #0d5876;">Performance audit questionnaire of the Board of Directors</span></span></u></a><u><span style="font-family: "Courier New"; font-size: 14pt;"><span style="color: #0d5876;"> <o:p></o:p></span></span></u><br />
<br />
<div align="center" class="MsoNormal" style="margin: 0in 0in 10pt; text-align: center;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Cambria","serif"; font-size: 12pt; line-height: 115%; mso-bidi-font-family: Arial;"></span></b></div><div align="center"><table border="1" cellpadding="0" cellspacing="0" class="MsoNormalTable" style="border-collapse: collapse; border: currentColor; margin: auto auto auto -16.5pt; mso-border-alt: solid windowtext .5pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-table-layout-alt: fixed; mso-yfti-tbllook: 1184;"><tbody>
<tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;"> <td style="background: rgb(102, 102, 153); border: 1pt solid windowtext; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="color: white; mso-bidi-font-family: Arial;">Seq. No.</span></b><b style="mso-bidi-font-weight: normal;"><span lang="EN-GB" style="color: white; font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></b></span></div></td> <td style="background: rgb(102, 102, 153); border-color: windowtext windowtext windowtext rgb(0, 0, 0); border-style: solid solid solid none; border-width: 1pt 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><b style="mso-bidi-font-weight: normal;"><span style="color: white; mso-bidi-font-family: Arial;">Description</span></b><b style="mso-bidi-font-weight: normal;"><span style="color: white; font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span></b></span></div></td> </tr>
<tr style="mso-yfti-irow: 1;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">1</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in; text-align: justify; text-justify: inter-ideograph;"><span style="font-family: Calibri;"><span lang="EN-GB" style="mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;">Have </span><span style="mso-bidi-font-family: Arial;">the needs and requirements of the various stakeholders and members of the board of directors (BOD) been defined?</span><span style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span></span></div></td> </tr>
<tr style="mso-yfti-irow: 2;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">2</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in; text-align: justify; text-justify: inter-ideograph;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">Are high levels of corporate ethics maintained?</span><span style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span></span></div></td> </tr>
<tr style="mso-yfti-irow: 3;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">3</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in; text-align: justify; text-justify: inter-ideograph;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">Does the BOD ensure short-term financial stability?</span><span style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span></span></div></td> </tr>
<tr style="mso-yfti-irow: 4;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">4</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in; text-align: justify; text-justify: inter-ideograph;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">Does the BOD ensure long-term financial stability ? </span><span style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span></span></div></td> </tr>
<tr style="mso-yfti-irow: 5;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">5</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">Does the BOD ensure long-term success of corporate and business-related changes? </span><span style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span></span></div></td> </tr>
<tr style="mso-yfti-irow: 6;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">6</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in; text-align: justify; text-justify: inter-ideograph;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">Does the BOD ensure high level of corporate governance and accountability?<span style="mso-spacerun: yes;"> </span></span><span style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span></span></div></td> </tr>
<tr style="mso-yfti-irow: 7;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">7</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">Does the BOD supervise the setting up and operation of<span style="mso-spacerun: yes;"> </span>an effective risk assessment and management system? </span><span style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span></span></div></td> </tr>
<tr style="mso-yfti-irow: 8;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">8</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">Does the BOD supervise the setting up and</span><span style="mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;"> </span><span style="mso-bidi-font-family: Arial;">operation of </span><span style="mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;"><span style="mso-spacerun: yes;"> </span></span><span style="mso-bidi-font-family: Arial;">an</span><span style="mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;"> </span><span style="mso-bidi-font-family: Arial;">effective</span><span style="mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;"> </span><span style="mso-bidi-font-family: Arial;">crisis assessment</span><span style="mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;"> </span><span style="mso-bidi-font-family: Arial;">and</span><span style="mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;"> </span><span style="mso-bidi-font-family: Arial;">business continuity management</span><span style="mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;"> </span><span style="mso-bidi-font-family: Arial;">system?</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> </tr>
<tr style="mso-yfti-irow: 9;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">9</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in; text-align: justify; text-justify: inter-ideograph;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">Does the BOD ensure that an effective internal audit and corporate compliance management system<span style="mso-spacerun: yes;"> </span>is in place?</span><span style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span></span></div></td> </tr>
<tr style="mso-yfti-irow: 10;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">10</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">Does the BOD ensure that an effective corporate performance management system<span style="mso-spacerun: yes;"> </span>is in place? </span><span style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span></span></div></td> </tr>
<tr style="mso-yfti-irow: 11;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">11</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in; text-align: justify; text-justify: inter-ideograph;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">Does the BOD review and approve all business plans, organizational and restructuring plans and major investments?</span><span lang="EN-GB" style="mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;"><span style="mso-spacerun: yes;"> </span></span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> </tr>
<tr style="mso-yfti-irow: 12;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">12</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in; text-align: justify; text-justify: inter-ideograph;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">Does the BOD ensure that an effective corporate management system<span style="mso-spacerun: yes;"> </span>is in place?</span><span lang="EN-GB" style="mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;"><span style="mso-spacerun: yes;"> </span></span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> </tr>
<tr style="mso-yfti-irow: 13;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">13</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">Does the BOD ensure that an effective corporate management succession system<span style="mso-spacerun: yes;"> </span>is in place (particularly for the senior positions of CEO, CFO, CTO, CIO, General Management of divisions, etc. )?</span><span lang="EN-GB" style="mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;"><span style="mso-spacerun: yes;"> </span></span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> </tr>
<tr style="mso-yfti-irow: 14;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">14</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">Does the BOD ensure that an effective BOD skills- training<span style="mso-spacerun: yes;"> </span>system<span style="mso-spacerun: yes;"> </span>is in place?</span><span lang="EN-GB" style="mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;"><span style="mso-spacerun: yes;"> </span></span><span style="mso-bidi-font-family: Arial;"><span style="mso-spacerun: yes;"> </span></span><span style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span></span></div></td> </tr>
<tr style="mso-yfti-irow: 15;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">15</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in; text-align: justify; text-justify: inter-ideograph;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">Does the BOD ensure that all IT systems, data centers, etc., are operated effectively and serve all critical business functions?</span><span lang="EN-GB" style="mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;"><span style="mso-spacerun: yes;"> </span></span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> </tr>
<tr style="mso-yfti-irow: 16; mso-yfti-lastrow: yes;"> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext; border-style: none solid solid; border-width: 0px 1pt 1pt; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 70.1pt;" width="93"> <div align="center" class="MsoNormal" style="margin: 3pt 0in; text-align: center;"><span style="font-family: Calibri;"><span lang="EN-GB" style="mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;">16</span><span lang="EN-GB" style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%; mso-ansi-language: EN-GB;"><o:p></o:p></span></span></div></td> <td style="background-color: transparent; border-color: rgb(0, 0, 0) windowtext windowtext rgb(0, 0, 0); border-style: none solid solid none; border-width: 0px 1pt 1pt 0px; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt; padding: 0in 5.4pt; width: 311.45pt;" width="415"> <div class="MsoNormal" style="margin: 3pt 0in; text-align: justify; text-justify: inter-ideograph;"><span style="font-family: Calibri;"><span style="mso-bidi-font-family: Arial;">Does the BOD ensure that an effective corporate management research and development system<span style="mso-spacerun: yes;"> </span>is in place?</span><span lang="EN-GB" style="mso-ansi-language: EN-GB; mso-bidi-font-family: Arial;"><span style="mso-spacerun: yes;"> </span></span><span style="font-family: "Arial","sans-serif"; font-size: 12pt; line-height: 115%;"><o:p></o:p></span></span></div></td> </tr>
</tbody></table></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt;"><br />
</div><br />
<div class="MsoNormal" style="background: white; margin: 0in 0in 10pt; mso-outline-level: 3;"><br />
</div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-56008062934979043632011-10-15T03:39:00.000-07:002011-10-15T03:39:15.817-07:00COMPLIANCE, ETHICS AND RISK MANAGEMENT<div dir="ltr" style="text-align: left;" trbidi="on"> <br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">COMPLIANCE, ETHICS AND RISK MANAGEMENT<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><b><u><span style="background: yellow; font-family: "Times New Roman","serif"; font-size: 12pt; mso-highlight: yellow;">A question was recently put in a discussion group, whether COMPLIANCE is distinct from ETHICS and how they interact in a corporate environment.</span></u></b><b><u><span style="font-family: "Times New Roman","serif"; font-size: 12pt;"><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">I think COMPLIANCE has to do with meeting fully to all standards, rules and regulations, whether external or internal to the ORGANIZATION. The term comes from Latin (COM=TOGETHER), and Ancient Greek (PLERE=TO FULLFILL). <o:p></o:p></span></div><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;"><o:p> </o:p></span><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">ETHICS provides the background in terms of moral character (good, evil, just, etc.), nature, disposition, habit and custom of a person to obey willingly or face the moral and other consequences if he or she does not. The term comes from Ancient Greek (ETHOS=Moral Character). <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">The question ‘If the person complies should he/she be also ethical?’ is irrelevant.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">The question ‘If the person is ethical should he/she also comply?’ is also irrelevant.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">The major philosophical question for managing organizations, to be resolved, however, is this: How to handle the case and to minimize if not avoid all-together, the possibility that the person (staff member, manager, executive, etc.) might easily damage and potentially destroy the organization, its stakeholders, customers and employees, etc., when that specific corporate person (staff member, manager, executive, etc.) who is complying fully with all rules and regulations and is or is not ethical, but WITH COMPLETE DISREGARD for the RISKS involved, makes the right decision on a strategic or operational transaction, issue or activity.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-bidi-font-weight: bold;">In other words we should see both COMPLIANCE and ETHICS co-existing within the GOVERNANCE FRAMEWORK which should also include RISK ASSESSMENT and RISK MANAGEMENT.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div><br />
<span lang="EN" style="mso-ansi-language: EN;">Also we should ensure that all these mechanisms resolve to a satisfactory and beneficial level, to society, economy, community, organization and individuals concerned, the classical <b style="mso-bidi-font-weight: normal;">principal-<span style="mso-bidi-font-weight: bold;">agent problem.<o:p></o:p></span></b></span><br />
<br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; mso-layout-grid-align: none; mso-pagination: none;"><br />
</div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-6114241534384624602011-10-14T04:39:00.000-07:002011-10-14T04:39:09.503-07:00ARTICLE: IT RISK EVALUATION<div dir="ltr" style="text-align: left;" trbidi="on"> <b><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">ARTICLE: IT RISK EVALUATION<o:p></o:p></span></b><br />
<br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; text-align: justify; text-justify: inter-ideograph;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">This article describes a methodology to be used in offering concluding remarks to the management of an audited entity as to whether, for each objective assessed during an audit assignment, the situation is satisfactory, requires improvement or unsatisfactory. The aim is to provide a conceptual and practical framework to define and implement an evaluation method for Internal Audit assignments. The main uncertainties are identified and the objectives of Internal Audit are described, then we present an evaluation methodology for risk assessment.<b style="mso-bidi-font-weight: normal;"><span style="mso-spacerun: yes;"> </span><o:p></o:p></b></span></div><br />
<div class="MsoNormal" style="line-height: normal; margin: 0in 0in 0pt; text-align: justify; text-justify: inter-ideograph;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt;">FOR MORE INFORMATION SEE: </span></b><b style="mso-bidi-font-weight: normal;"><span style="font-family: "Times New Roman","serif"; font-size: 12pt; mso-fareast-language: EL;">“IT Risk Evaluation”, Intelligent Risk Journal, Oct. 2011, Vol. 1: Issue 3, pp. 14-19, <a href="http://www.prmia.org/irisk"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.prmia.org/irisk</span></span></a><o:p></o:p></span></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 10pt; mso-layout-grid-align: none;"><br />
</div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-1482897219519064602011-10-08T07:31:00.000-07:002011-10-08T07:31:10.842-07:00IT PERFORMANCE MEASUREMENT<div dir="ltr" style="text-align: left;" trbidi="on"> <br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><u><span style="color: #0070c0; font-size: 14pt;">IT PERFORMANCE MEASUREMENT<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><i style="mso-bidi-font-style: normal;"><u><span style="color: #190026; mso-bidi-font-weight: bold;">John Kyriazoglou*, CICA, M.S, B.A(Honours), (<a href="mailto:jkyriazoglou@hotmail.com"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">jkyriazoglou@hotmail.com</span></span></a>)<o:p></o:p></span></u></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><i style="mso-bidi-font-style: normal;"><u><span style="color: #190026; mso-bidi-font-weight: bold;">IT Consultant and Author of the book ‘IT STRATEGIC & OPERATIONAL CONTROLS’ (<a href="http://www.itgovernance.co.uk/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.itgovernance.co.uk</span></span></a>) <o:p></o:p></span></u></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><i style="mso-bidi-font-style: normal;"><span style="color: #190026; mso-bidi-font-weight: bold;"><span style="mso-spacerun: yes;"> </span></span></i><i style="mso-bidi-font-style: normal;"><span style="font-family: "Arial","sans-serif";"><o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">Very complex IT projects frequently fail either due to budget overruns, or due to implementation delays, or even due to mismatches of functional specifications and business expectations. If the designers and managers of IT projects succeed in overcoming these obstacles, then the IT project is put into productive use with the optimism to satisfy the multiple targets of its users and the strategic objectives of its leadership and the organization.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">Also IT projects, frequently, during their productive operation, in their attempts to be aligned with corporate objectives, are faced with new challenges which many times change due to competitive forces, and due to a large set of threats that could both lead to undesirable developments. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">This is why the most care possible and the prior organizational preparedness and implementation of well-thought out control plans and actions (broadly termed ‘corporate controls’) are required in advance, so that on the one hand the risks that will cause damages to the reputation, effectiveness, and profitability are minimized and, on the other hand the benefits accrued due to the IT project are maximized. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">In almost all types of organizations, both private and public, corporate controls denote the set of policies, procedures, techniques, methods, and practices to manage and control their business operations. Within this corporate controls framework, Information Technology controls (or IT controls) are specific actions, usually specified by policies, procedures, practices, etc., performed by persons, hardware or software with the main objective to ensure that specific business objectives are met. The overall guiding aim of IT controls relate to the secure processing, confidentiality, integrity, and availability of data and the overall management of the IT function of the organizations. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">IT General Controls are those controls that are applicable to all IT activities (systems, services, issues, processes, operations, etc.) and data for a given organization or IT systems environment. They include controls over such areas as the strategy for IT, systems development, data center operations, data base and data communications infrastructure, systems software support and maintenance, IT security, and ready-made application systems acquisition, development and maintenance. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">IT Application controls are those controls that are appropriate for transaction processing by individual computerized subsystems, such as financial accounting, personnel administration, customer sales, inventory control, payroll or accounts payable, etc.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Both corporate and IT controls are most efficient and effective when they are monitored, reviewed and improved to deliver the expected results. This is the main objective of performance measurement and reporting system.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">A performance measurement and reporting system is an integral part of the corporate performance management process and it provides feedback, relative to the specific objectives of an organization that increases the possibility of the organization in achieving the predefined strategic and operational goals efficiently and effectively. Performance measurement gains real value when it is used as the basis for timely decisions by management. In terms of the particular function the purpose of performance measures is to provide the basis for performance management, review and improvements of the area being examined. The purpose of performance measuring is not to know how the organization is performing but to enable it to perform better. The ultimate aim of implementing a performance measurement system is to improve the performance of the given organization. If management can get the performance measurement of the organization right, the performance data generated will tell management and stakeholders where the organization is and where it is heading. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">Establishing the corporate performance management process includes: <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">Step1: formulating and setting up the performance measurement system (e.g., BSC at the corporate level, and IT BSC at the IT level, etc.), <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">Step 2: entering the performance data into the performance system, <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">Step 3: carrying out the required performance reports and analyses, and <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">Step 4: setting up a corporate awards system and linking it to performance. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">A good performance system must communicate strategy, must measure performance in real time, must offer an integrated performance project management capability, and must acknowledge and enable emotional contracting with all staff, which is so vital for linking individual commitment and activity to the attainment of organizational plans and goals. Emotional contracting (also referred to as 'the psychological contract') is the crucial and powerful link between the organizational performance intent, and the motivations, values and aspirations of the people. This emotional contracting element is sometimes overlooked by organizations, and that is the reason that may explain why the people have failed to do what the organization expected and asked them to do. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">Ensuring that the objectives of IT systems are achieved may be done by establishing, monitoring and reviewing the IT Performance and IT Compliance Measures. These measures ensure that the formulated IT plan has the required and expected performance, and to take the necessary improvement actions, as needed.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">In the IT domain and its areas of IT organization, IT strategy, systems development, application operation, etc., the typical IT performance measures are indicated next.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">These performance measures could be based on a mixed system with two components: Component 1 would be IT Strategic and Operational Performance Measures, possibly maintained by an IT-BSC (Information Technology-Balanced Scorecard) Measurement System, and Component 2 would be a Compliance Monitoring System for monitoring compliance to policies, procedures and related matters (e.g., budget issues). <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">Examples of these performance measures follow:<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><u><span style="color: #190026; font-family: "Arial","sans-serif"; font-size: 11pt;">IT Strategic and Operational Performance Measures<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><span style="color: #190026; font-family: "Arial","sans-serif"; font-size: 11pt;">IT Finance</span></b><span style="color: #190026; font-family: "Arial","sans-serif"; font-size: 11pt; mso-bidi-font-weight: bold;">: Expenditures on maintenance vs. new development, Expenditures on preventative maintenance, Return on IT Investments,<span style="mso-spacerun: yes;"> </span>IT Human Resource Management Turn-over ratios, Training per employee (amounts, hours),<span style="mso-spacerun: yes;"> </span>etc.<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><span style="color: #190026; font-family: "Arial","sans-serif"; font-size: 11pt;">IT System Development</span></b><span style="color: #190026; font-family: "Arial","sans-serif"; font-size: 11pt; mso-bidi-font-weight: bold;">: Functions developed worth to users, No. of lines coded / tested / changed, Number of Applications supporting critical business functions,<span style="mso-spacerun: yes;"> </span>etc.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><span style="color: #190026; font-family: "Arial","sans-serif"; font-size: 11pt;">IT Operations</span></b><span style="color: #190026; font-family: "Arial","sans-serif"; font-size: 11pt; mso-bidi-font-weight: bold;">: Timely delivery of reports to users, Average response time, Average availability time, Volume of data stored, Mean time between failures, etc.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><b style="mso-bidi-font-weight: normal;"><u><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">IT Compliance Performance Measures<span style="mso-spacerun: yes;"> </span><o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">IT Corporate procedures not documented and kept current, IT Corporate committee not established, IT Corporate committee not functioning, IT Personnel management controls not followed, IT procedures not followed, IT Budget not followed, IT Visitors not recorded, IT Problem solutions not recorded, Security incidents not recorded, etc.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt; mso-layout-grid-align: none;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-fareast-language: EL;">The IT management of the company, may, depending on various aspects of the organization, analyze all this performance and compliance monitoring information to review, assess and improve the elements of the IT function and the given IT activities of the specific organization.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">---------------------------------------------------------------------------------------------------------------<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">* For more detail information on IT Performance and related Controls, see the book:<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">'IT STRATEGIC AND OPERATIONAL CONTROLS'<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">PRINTED VERSION:<span style="mso-spacerun: yes;"> </span></span><i style="mso-bidi-font-style: normal;"><u><span style="color: #002060; mso-bidi-font-weight: bold;">www.itgovernance.co.uk/products/3066</span></u></i><span style="color: #002060; mso-bidi-font-weight: bold;"> <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">E-BOOK FORMAT VERSION:<span style="mso-spacerun: yes;"> </span></span><i style="mso-bidi-font-style: normal;"><u><span style="color: #002060; mso-bidi-font-weight: bold;">www.itgovernance.co.uk/products/3067</span></u></i><span style="color: #190026; mso-bidi-font-weight: bold;"> <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">CUSTOMISABLE IT AUDIT PROGRAMMES AND CHECKLISTS (WORD FORMAT): </span><i style="mso-bidi-font-style: normal;"><u><span style="color: #002060; mso-bidi-font-weight: bold;">www.itgovernance.co.uk/products/3143</span></u></i><span style="color: #190026; mso-bidi-font-weight: bold;"> <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">Author: John Kyriazoglou<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">Publisher: IT Governance Publishing<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">ISBN: 9781849280617<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">Pages: 686 <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">Format: Softcover<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">Published date: 2 September 2010<o:p></o:p></span></div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-22493788257032014082011-10-08T07:29:00.000-07:002011-10-08T07:29:40.118-07:00IT SYSTEMS AUDITING (ΕΛΕΓΧΟΣ ΣΥΣΤΗΜΑΤΩΝ ΠΛΗΡΟΦΟΡΙΚΗΣ)<div dir="ltr" style="text-align: left;" trbidi="on"> <br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><u><span style="color: #0070c0; font-size: 14pt;">IT SYSTEMS AUDITING (</span></u></b><b><u><span lang="EL" style="color: #0070c0; font-size: 14pt; mso-ansi-language: EL;">ΕΛΕΓΧΟΣ ΣΥΣΤΗΜΑΤΩΝ ΠΛΗΡΟΦΟΡΙΚΗΣ</span></u></b><b><u><span style="color: #0070c0; font-size: 14pt;">)<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><i style="mso-bidi-font-style: normal;"><u><span lang="EL" style="color: #190026; mso-ansi-language: EL; mso-bidi-font-weight: bold;">Του Ιωάννη Κυριαζόγλου*, </span><span style="color: #190026; mso-bidi-font-weight: bold;">CICA</span></u></i><i style="mso-bidi-font-style: normal;"><u><span lang="EL" style="color: #190026; mso-ansi-language: EL; mso-bidi-font-weight: bold;">, </span><span style="color: #190026; mso-bidi-font-weight: bold;">M</span></u></i><i style="mso-bidi-font-style: normal;"><u><span lang="EL" style="color: #190026; mso-ansi-language: EL; mso-bidi-font-weight: bold;">.</span><span style="color: #190026; mso-bidi-font-weight: bold;">S</span></u></i><i style="mso-bidi-font-style: normal;"><u><span lang="EL" style="color: #190026; mso-ansi-language: EL; mso-bidi-font-weight: bold;">, </span><span style="color: #190026; mso-bidi-font-weight: bold;">B</span></u></i><i style="mso-bidi-font-style: normal;"><u><span lang="EL" style="color: #190026; mso-ansi-language: EL; mso-bidi-font-weight: bold;">.</span><span style="color: #190026; mso-bidi-font-weight: bold;">A</span></u></i><i style="mso-bidi-font-style: normal;"><u><span lang="EL" style="color: #190026; mso-ansi-language: EL; mso-bidi-font-weight: bold;">(</span><span style="color: #190026; mso-bidi-font-weight: bold;">Honours</span></u></i><i style="mso-bidi-font-style: normal;"><u><span lang="EL" style="color: #190026; mso-ansi-language: EL; mso-bidi-font-weight: bold;">), Συμβούλου Πληροφορικής και Συγγραφέα (</span><span style="color: #190026; mso-bidi-font-weight: bold;">jkyriazoglou</span></u></i><i style="mso-bidi-font-style: normal;"><u><span lang="EL" style="color: #190026; mso-ansi-language: EL; mso-bidi-font-weight: bold;">@</span><span style="color: #190026; mso-bidi-font-weight: bold;">hotmail</span></u></i><i style="mso-bidi-font-style: normal;"><u><span lang="EL" style="color: #190026; mso-ansi-language: EL; mso-bidi-font-weight: bold;">.</span><span style="color: #190026; mso-bidi-font-weight: bold;">com</span></u></i><i style="mso-bidi-font-style: normal;"><u><span lang="EL" style="color: #190026; mso-ansi-language: EL; mso-bidi-font-weight: bold;">)<o:p></o:p></span></u></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><i style="mso-bidi-font-style: normal;"><span lang="EL" style="color: #190026; mso-ansi-language: EL; mso-bidi-font-weight: bold;"><span style="mso-spacerun: yes;"> </span></span></i><i style="mso-bidi-font-style: normal;"><span lang="EL" style="font-family: "Arial","sans-serif"; mso-ansi-language: EL;"><o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Τα πιο κρίσιμα περιουσιακά στοιχεία κατά τον 21<sup>ο</sup> αιώνα, για τις ιδιωτικές επιχειρήσεις και δημόσιους οργανισμούς και φορείς, και γενικά για την παγκόσμια κοινωνία και οικονομία (τοπική, εθνική, διεθνή, κ.λπ.), δεν είναι τα κτίρια, οι εγκαταστάσεις, οι μηχανές, τα εργοστάσια, τα χρήματα, οι πιστώσεις, οι μετοχές, οι επιχορηγήσεις, τα δάνεια, το λογισμικό υπολογιστών (</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">computer</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">software</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">), οι υπολογιστές (</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">computers</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">), κ.λπ., δηλ. η φυσική περιουσία, η οικονομική περιουσία, ή η πληροφοριακή περιουσία.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Τα πιο κρίσιμα περιουσιακά στοιχεία είναι η γνώση, οι έννοιες και οι ιδέες που είναι αποθηκευμένες στους εγκεφάλους των ανθρώπων, και σε πολλές περιπτώσεις, τουλάχιστον σε σύγχρονες επιχειρήσεις και οργανισμούς, είναι καταχωρημένες σε βάσεις δεδομένων που συντηρούνται από αυτοματοποιημένα πληροφοριακά συστήματα, είτε σε προσωπικούς υπολογιστές είτε και σε κεντρικά υπολογιστικά συστήματα.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Η υπολογιστική τεχνολογία και οι συγγενείς υποδομές, τα αυτοματοποιημένα πληροφοριακά συστήματα, η εθνική, διεθνής ή και επιχειρησιακή υποδομή δικτύωσης (το λεγόμενο ‘</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">network</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">backbone</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">’) και οι συμπληρωματικές τεχνολογίες αποθήκευσης μαζικών πληροφοριών παρέχουν σε όλους, και στα πλαίσια λειτουργίας εταιρειών και οργανισμών, όλες τις απαραίτητες πληροφορίες και λεπτομερειακά στοιχεία για την λειτουργία της συγκεκριμένης οργάνωσης (επιχείρησης, οργανισμού, κ.λπ.), άμεσα, έγκυρα και με σχετική ασφάλεια (συνήθως).<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Όλα αυτά τα τεχνολογικά στοιχεία, που γενικά απαρτίζουν την τεχνολογία πληροφορικής (</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">IT</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">: </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Information</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Technology</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">), και τα συναφή πληροφοριακά συστήματα (</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">IS</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">: </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Information</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Systems</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">) που λειτουργούν με βάση και εντός αυτού του τεχνολογικού πλαισίου, παρέχουν τα εξής οφέλη στις σύγχρονες επιχειρήσεις και οργανισμούς (ενδεικτικά):<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt 75.5pt; mso-list: l0 level1 lfo1; tab-stops: list 45.0pt; text-align: justify; text-indent: -39.5pt;"><span lang="EL" style="font-family: Wingdings; font-size: 11pt; line-height: 150%; mso-ansi-language: EL; mso-bidi-font-family: Wingdings; mso-fareast-font-family: Wingdings;"><span style="mso-list: Ignore;">§<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";"> </span></span></span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Πιο γρήγορη και πιο αποτελεσματική πληροφόρηση για την λήψη <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt 0.5in; text-align: justify; text-indent: 9pt;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">αποφάσεων σε όλα τα επίπεδα της οργάνωσης,<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt 45pt; mso-list: l0 level1 lfo1; tab-stops: list 45.0pt; text-align: justify; text-indent: -9pt;"><span lang="EL" style="font-family: Wingdings; font-size: 11pt; line-height: 150%; mso-ansi-language: EL; mso-bidi-font-family: Wingdings; mso-fareast-font-family: Wingdings;"><span style="mso-list: Ignore;">§<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";"> </span></span></span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Αυξημένη ανταγωνιστικότητα σε όλες τις υπηρεσίες που προσφέρονται από την συγκεκριμένη οργανωτική μονάδα,<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt 75.5pt; mso-list: l0 level1 lfo1; tab-stops: list 45.0pt; text-align: justify; text-indent: -39.5pt;"><span lang="EL" style="font-family: Wingdings; font-size: 11pt; line-height: 150%; mso-ansi-language: EL; mso-bidi-font-family: Wingdings; mso-fareast-font-family: Wingdings;"><span style="mso-list: Ignore;">§<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";"> </span></span></span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Βελτιωμένες παραγωγικές επεξεργασίες και διαχειριστικές διαδικασίες, και<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt 45pt; mso-list: l0 level1 lfo1; tab-stops: list 45.0pt; text-align: justify; text-indent: -9pt;"><span lang="EL" style="font-family: Wingdings; font-size: 11pt; line-height: 150%; mso-ansi-language: EL; mso-bidi-font-family: Wingdings; mso-fareast-font-family: Wingdings;"><span style="mso-list: Ignore;">§<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";"> </span></span></span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Καλύτερη ποιότητα σε προϊόντα και υπηρεσίες στους πελάτες (για ιδιωτικές επιχειρήσεις), πολίτες (για δημόσιους οργανισμούς), και για την κοινωνία και οικονομία (γενικότερα).<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Με δεδομένο τον γρήγορο ρυθμό ανάπτυξης της πληροφοριακής και υπολογιστικής <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">τεχνολογίας, ένα ρυθμό χωρίς προηγούμενο στην ιστορία της ανθρωπότητας, είναι τώρα ακόμη πιο εύκολο για τις επιχειρήσεις και οργανισμούς να μεταβιβάσουν (σχεδόν) όλες τις επιχειρηματικές τους συναλλαγές και λειτουργίες να εκτελούνται από ολοκληρωμένα πληροφοριακά συστήματα.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Αυτά τα συστήματα είναι σαν φάρμακα. Ενδυναμώνουν τον συγκεκριμένο οργανισμό (ή επιχείρηση) και τον διευκολύνουν να θεραπεύσει ή επιλύσει ένα συγκεκριμένο πρόβλημα ή λειτουργική αστοχία.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Με βάση το παράδειγμα αυτό (δηλ. των φαρμάκων), εάν αυτά τα συστήματα<span style="mso-spacerun: yes;"> </span>δεν χρησιμοποιηθούν με πειθαρχεία, μπορεί να δημιουργήσουν χαώδεις καταστάσεις και πολλές φορές όχι τα αναμενόμενα αποτελέσματα. Ακόμη και την μερική ή ολική καταστροφή.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Αυτά τα ολοκληρωμένα πληροφοριακά συστήματα πρέπει, λοιπόν, να λειτουργήσουν εντός ενός επιχειρησιακού περιβάλλοντος που διέπεται από κανόνες, πολιτικές και <span style="mso-spacerun: yes;"> </span>διαδικασίες και ένα σύστημα διαχείρισης κινδύνων. Αυτά συνολικά απαρτίζουν το πλαίσιο εταιρικής διακυβέρνησης το οποίο, στην περίπτωση των πληροφοριακών συστημάτων, συμπληρώνεται και από ένα πλαίσιο τεχνολογικής διακυβέρνησης.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Όπως έχει αναφέρει ο διάσημος καθηγητής πληροφορικής του ΜΙΤ (Η.Π.Α.) </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">N</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">. </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Negreponte</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> (βλέπε: ‘</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Being</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Digital</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">’, </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Alfred</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">A</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">. </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Knopf</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">, </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">New</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">York</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">, </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">U</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">.</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">S</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">.</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">A</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">., 1995): ‘Η επόμενη δεκαετία θα αναδείξει περιπτώσεις ζημιών και βλαβών σε προϊόντα πνευματικής φύσης (π.χ., παραβίαση πνευματικής ιδιοκτησίας), και παράνομης πρόσβασης της ιδιωτικής ζωής μας. Θα έχουμε εμπειρίες ψηφιακού βανδαλισμού, πειρατείας λογισμικού και κλοπής δεδομένων’.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Αυτά έχουν αποδειχθεί στην πράξη. Επεισόδια ασφάλειας και άλλα συμβάντα ηλεκτρονικών εγκλημάτων και παράνομων πράξεων με την βοήθεια ή με βάση την τεχνολογία των ηλεκτρονικών υπολογιστών και επικοινωνιών έχουν ολοένα και μεγαλύτερη αυξητική τάση (Βλέπε:</span><u><span style="color: #0070c0; font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">www</span></u><u><span lang="EL" style="color: #0070c0; font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">.</span></u><u><span style="color: #0070c0; font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">fbi</span></u><u><span lang="EL" style="color: #0070c0; font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">.</span></u><u><span style="color: #0070c0; font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">gov</span></u><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">, <a href="http://www.parliament.uk/"><span style="font-family: Times New Roman;"><span lang="EN-US" style="color: black; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www</span></span><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">.</span></span><span lang="EN-US" style="color: black; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">parliament</span></span><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">.</span></span><span lang="EN-US" style="color: black; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">uk</span></span></span></a>, </span><u><span style="color: #002060; font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">www</span></u><u><span lang="EL" style="color: #002060; font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">.</span></u><u><span style="color: #002060; font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">infosyssec</span></u><u><span lang="EL" style="color: #002060; font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">.</span></u><u><span style="color: #002060; font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">net</span></u><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">). <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Και όπως ο ‘διαβόητος’ </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Kevin</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">D</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">. </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Mitnick</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">, συγγραφέας, σύμβουλος ασφαλείας πληροφορικής και φυλακισμένος για εγκλήματα μέσω ηλεκτρονικών υπολογιστών (1995, Η.Π.Α.) έχει γράψει: ‘Πληροφορίες που έχουν αξία πρέπει α προστατευθούν ανεξάρτητα από τον τρόπο ή πού είναι αυτές αρχειοθετημένες. Ένας κατάλογος πελατών έχει την ίδια αξία ανεξάρτητα από την μορφή του (εκτυπωμένος η αποθηκευμένος σε ηλεκτρονικό αρχείο) και τον χώρο φύλαξής του (γραφείο ή ψηφιακή αρχειοθήκη). Οι εισβολείς που χρησιμοποιούν τρόπους κοινωνικής επαφής, οι λεγόμενοι ‘</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">social</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">engineers</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">’, πάντα προτιμούν τον ευκολότερο τρόπο να εισβάλουν σε ένα αδύνατο και αφύλακτο σημείο του πληροφοριακού συστήματος’.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Επίσης ο έλεγχος συστημάτων πληροφορικής (</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">IT</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">auditing</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">) θα βελτιώσει την ποιότητα των πληροφοριών, δηλ., αποτελεσματικότητα, αποδοτικότητα, εμπιστευτικότητα, διαθεσιμότητα, συμμόρφωση, εγκυρότητα και αντοχή, <span style="mso-spacerun: yes;"> </span>σύμφωνα με το Διεθνές Ινστιτούτο Ελεγκτών Πληροφορικής (</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">ISACA</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">: <a href="http://www.isaca.org/"><span style="font-family: Times New Roman;"><span lang="EN-US" style="color: black; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www</span></span><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">.</span></span><span lang="EN-US" style="color: black; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">isaca</span></span><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">.</span></span><span lang="EN-US" style="color: black; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">org</span></span></span></a>).<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Η απάντηση για τους διευθυντές και ηγέτες οργανισμών είναι να σχεδιάσουν για αυτό το νέο επιχειρησιακό περιβάλλον λειτουργίας με τα σωστά εργαλεία, μεθοδολογίες και πόρους.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Σε όλους τους τύπους των επιχειρήσεων και δημόσιων οργανισμών, τα επιχειρησιακά μέτρα ελέγχου (</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">corporate</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">controls</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">) απαρτίζονται από ένα σύνολο πολιτικών, διαδικασιών, τεχνικών, μεθόδων και πρακτικών εφαρμογής για την διοίκηση και έλεγχο των επιχειρησιακών λειτουργιών.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Εντός αυτού του επιχειρησιακού πλαισίου ελέγχου τα μέτρα ελέγχου πληροφορικής (</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">IT</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Controls</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">) καθορίζονται ως συγκεκριμένες ενέργειες, συνήθως αποτυπωμένες σε πολιτικές, διαδικασίες, πρακτικές εφαρμογής, κ.λπ., που εκτελούνται από ανθρώπους, εξοπλισμό ηλεκτρονικών υπολογιστών και επικοινωνιών, ή και λογισμικό (</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">software</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">) με μόνο στόχο την διαβεβαίωση επίτευξης των συγκεκριμένων επιχειρησιακών στόχων.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Η γενική κατεύθυνση και αναγκαιότητα των μέτρων ελέγχου πληροφορικής σχετίζονται με την ασφαλή επεξεργασία, εμπιστευτικότητα και διαθεσιμότητα των δεδομένων και την γενικότερη διοίκηση της διεύθυνσης πληροφορικής της επιχείρησης ή οργανισμού.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Τα μέτρα ελέγχου πληροφορικής διαχωρίζονται σε γενικά μέτρα ελέγχου πληροφορικής (</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">IT</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">General</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Controls</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">) και σε μέτρα ελέγχου πληροφοριακών εφαρμογών (</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">IT</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Application</span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;"> </span><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Controls</span><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">), σύμφωνα με διάφορες πηγές (<a href="http://www.isaca.org/"><span style="font-family: Times New Roman;"><span lang="EN-US" style="color: black; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www</span></span><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">.</span></span><span lang="EN-US" style="color: black; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">isaca</span></span><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">.</span></span><span lang="EN-US" style="color: black; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">org</span></span></span></a>, <a href="http://www.theiia.org/"><span style="font-family: Times New Roman;"><span lang="EN-US" style="color: black; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www</span></span><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">.</span></span><span lang="EN-US" style="color: black; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">theiia</span></span><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">.</span></span><span lang="EN-US" style="color: black; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">org</span></span></span></a>, <a href="http://www.itpi.org/"><span style="font-family: Times New Roman;"><span lang="EN-US" style="color: black; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www</span></span><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">.</span></span><span lang="EN-US" style="color: black; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">itpi</span></span><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">.</span></span><span lang="EN-US" style="color: black; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">org</span></span></span></a>).<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Γενικά μέτρα ελέγχου πληροφορικής είναι τα μέτρα που εφαρμόζονται σε όλες τις δραστηριότητες της πληροφορικής (συστήματα, υπηρεσίες, θέματα, επεξεργασίες, συναλλαγές, κ.λπ.) και στα δεδομένα της επιχείρησης ή οργανισμού σε ένα συγκεκριμένο περιβάλλον πληροφορικής. Αφορούν περιοχές όπως: στρατηγική, ανάπτυξη και συντήρηση συστημάτων, λειτουργία κέντρου δεδομένων, τράπεζες δεδομένων, λειτουργικό σύστημα, κλπ. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Τα μέτρα ελέγχου πληροφοριακών εφαρμογών είναι τα μέτρα που αρμόζουν στην επεξεργασία συναλλαγών από συγκεκριμένα πληροφοριακά συστήματα, όπως: γενική λογιστική, διαχείριση προσωπικού, πωλήσεις, έλεγχος αποθηκών, μισθοδοσία, κ.λπ. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">Σχετίζονται δε, με την επεξεργασία και αποθήκευση δεδομένων σε ψηφιακά αρχεία και βάσεις δεδομένων, βασισμένα και οργανωμένα από συστήματα ηλεκτρονικών υπολογιστών και συγκεκριμένων εφαρμογών και προγραμμάτων εφαρμογών, και που έχουν στόχο την διαβεβαίωση ότι όλες οι επιχειρησιακές συναλλαγές είναι εγκεκριμένες, και επεξεργάζονται και αποθηκεύουν και αναφέρουν τα αποτελέσματά των με ακρίβεια, ασφάλεια και εγκυρότητα.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; mso-ansi-language: EL;">Τα οφέλη των μέτρων ελέγχου πληροφορικής, είναι συνήθως:<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span lang="EL" style="color: #190026; font-family: "Arial","sans-serif"; font-size: 11pt; mso-ansi-language: EL; mso-bidi-font-weight: bold;">(1) Κατανόηση των κινδύνων ανάπτυξης και λειτουργίας συστημάτων πληροφορικής.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span lang="EL" style="color: #190026; font-family: "Arial","sans-serif"; font-size: 11pt; mso-ansi-language: EL; mso-bidi-font-weight: bold;">(2) Βελτίωση των εργασιών σχεδιασμού, ανάπτυξης, εφαρμογής και ελέγχου νέων και υπαρχόντων συστημάτων πληροφορικής,<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span lang="EL" style="color: #190026; font-family: "Arial","sans-serif"; font-size: 11pt; mso-ansi-language: EL; mso-bidi-font-weight: bold;">(3) Αύξηση της ικανότητας της διοίκησης στην επίτευξη στρατηγικών στόχων.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span lang="EL" style="color: #190026; font-family: "Arial","sans-serif"; font-size: 11pt; mso-ansi-language: EL; mso-bidi-font-weight: bold;">(4) Διαβεβαίωση υψηλών προτύπων των συστημάτων και υποδομών πληροφορικής σε όλες τις επιχειρήσεις και οργανισμούς.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">---------------------------------------------------------------------------------------------------------------<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span lang="EL" style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%; mso-ansi-language: EL;">* Για περισσότερα στο θέμα ‘Μέτρα Ελέγχου Πληροφορικής’ βλέπε το βιβλίο:<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">'IT STRATEGIC AND OPERATIONAL CONTROLS'<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">PRINTED VERSION:<span style="mso-spacerun: yes;"> </span></span><i style="mso-bidi-font-style: normal;"><u><span style="color: #002060; mso-bidi-font-weight: bold;">www.itgovernance.co.uk/products/3066</span></u></i><span style="color: #002060; mso-bidi-font-weight: bold;"> <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">E-BOOK FORMAT VERSION:<span style="mso-spacerun: yes;"> </span></span><i style="mso-bidi-font-style: normal;"><u><span style="color: #002060; mso-bidi-font-weight: bold;">www.itgovernance.co.uk/products/3067</span></u></i><span style="color: #190026; mso-bidi-font-weight: bold;"> <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">CUSTOMISABLE IT AUDIT PROGRAMMES AND CHECKLISTS (WORD FORMAT): </span><i style="mso-bidi-font-style: normal;"><u><span style="color: #002060; mso-bidi-font-weight: bold;">www.itgovernance.co.uk/products/3143</span></u></i><span style="color: #190026; mso-bidi-font-weight: bold;"> <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">Author: John Kyriazoglou<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">Publisher: IT Governance Publishing<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">ISBN: 9781849280617<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">Pages: 686 <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">Format: Softcover<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">Published date: 2 September 2010<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-69085096608228842062011-10-08T07:27:00.001-07:002011-10-08T07:27:46.703-07:00IT CONTROLS IN BUSINESS OPERATIONS<div dir="ltr" style="text-align: left;" trbidi="on"> <br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><u><span style="color: #0070c0; font-size: 14pt;">IT CONTROLS IN BUSINESS OPERATIONS<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">John Kyriazoglou, CICA, M.S, B.A (Honours), IT & Management Consultant and Author of the book 'IT STRATEGIC AND OPERATIONAL CONTROLS'<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">(</span><u><span style="color: #002060; mso-bidi-font-weight: bold;"><a href="http://www.itgovernance.co.uk/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.itgov<span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">ernance.co.uk</span></span></span></a>, and <a href="http://www.itgovernanceusa.com/"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">www.itgovernanceusa.com</span></span></a>)<o:p></o:p></span></u></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;"><span style="mso-spacerun: yes;"> </span>“It is possible to fail in many ways, while to succeed is possible only in one way”<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;"><span style="mso-tab-count: 6;"> </span>Aristotle (384 B.C. – 322 B.C.)<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;"><span style="mso-spacerun: yes;"> </span>“The global information society is increasingly dependent on electronic networking and exchanging ‘electronic goods’ with high economic value, both in private life and in business.”<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;"><span style="mso-tab-count: 2;"> </span>Prof. Heinz Thielmann, Fraunhofer Institute, Germany (2006)<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">The most critical assets, in the 21st century, for the private and public enterprises, for organizations in general, for the global society, and for the economy (local, national, international) are not of physical nature (equipment, machines, installations, plants), or of financial nature (money, credit or other financing instruments), or of computer software nature.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">The most critical assets are the knowledge and ideas (concepts) that exist in the brains of people, which are stored in computerized systems (personal and corporate), in the modern business environment.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">The computer technology and related infrastructure, the information systems, the network backbone (intranet, extranet, metropolitan, Internet, etc.) and related media technologies give everyone, within a given organizational environment, direct access to what is going on: within the given organization, in the industrial sector to which it belongs, and in the general economy and market in which it operates.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">All these technological components, broadly termed Information Technology (IT) and the related Information Systems (IS) which operate within its realm enable the modern private and public corporation and/or organization to accrue the following benefits (indicative only):<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">(1) Quicker and more effective information for decision-making at all levels,<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">(2) Increased competition in all services of the firm,<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">(3) Improved production processes and procedures, and<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">(4) Higher quality in products and services offered by information systems to customers (and citizens) and society in general.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Given the rate of development of the information processing and computer manufacturing technologies and processes, a rate without a precedent in the history of man-kind, it is possible now for organizations to transfer almost all of their daily business operations to be carried out by integrated information systems.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">These systems are like medical drugs, either strengthening the organization, or enabling it to cure or resolve a particular problem or operating malfunction.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">But, using the drug analogy, if these systems are not used in a disciplined manner, they can create havoc and many times bring about not the expected results and even catastrophe.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">These integrated information systems must therefore operate within a business environment which is ruled by the rules, policies, regulations and instructions of a corporate governance framework and a related information technology governance framework.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">As Negroponte has said (see Nicholas Negroponte: “Being Digital”, Alfred A. Knopf, N. York, U.S.A., 1995): “The next decade will see cases intellectual property abuse and invasion of our privacy. We will experience digital vandalism, software piracy and data thievery”.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">This has definitely been proven correct. Security incidents and other acts of electronic and computer-based crimes are on the rise (as per www.cert.org and other security-related sites).<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">And as the notorious Mitnick has said (see book by Kevin. D. Mitnick and William L. Simor: “The art of deception”, Wiley, 2002): “Valuable information must be protected no matter what forum it takes or where it is located. An organization’s customer list has the same value whether in hard-copy form or an electronic file at your office or in a storage box. Social engineers always prefer the easiest to circumvent, least defended point of attack. A company’s offsite backup storage facility is seen as having less risk of detection or getting caught. Every organization that stores any valuable, sensitive, or critical data with third parties should encrypt their data to protect its confidentiality”. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Also IT auditing will enhance the qualities of information (effectiveness, efficiency, confidentiality, integrity, availability, compliance, reliability) according to ISACA (www.isaca.org).<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">The answer for managers and leaders of organizations is to plan for this new operating environment with the proper tools, methodologies and resources.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Never forget that because organizations differ, their control needs also will differ. For example, all groups need change management, but how it's implemented will depend on the enterprise. Delving into the work instruction level, access controls are needed, but how they are handled on a mainframe vs. a Windows network will vary. The point is that you will need to tune your policies, procedures and work instructions not only to meet the spirit of the controls but also to be feasible in the context of your organization. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">In almost all types of organizations, both private and public, corporate controls denote the set of policies, procedures, techniques, methods, and practices to manage and control their business operations.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Within this corporate controls governance framework Information Technology controls (or IT controls) are specific actions, usually specified by policies, procedures, practices, etc., performed by persons, hardware or software with the main objective to ensure that specific business objectives are met. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">The overall guiding aim of IT controls relate to the secure processing, confidentiality, integrity, and availability of data and the overall management of the IT function of the organizations. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">IT controls are commonly described in two categories according to various sources (<a href="http://www.isaca.org/"><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">www.isaca.org</span></span></span></a>", <a href="http://www.isaca.org/"><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">www.isaca.org</span></span></span></a>, <a href="http://www.theiia.org/"><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">www.theiia.org</span></span></span></a>, <a href="http://www.theiia.org/"><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">www.theiia.org</span></span></span></a>, <a href="http://www.itpi.org/"><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">www.itpi.org</span></span></span></a>): IT General Controls and IT Application Controls.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">IT General Controls are those controls that are applicable to all IT activities (systems, services, issues, processes, operations, etc.) and data for a given organization or IT systems environment. They include controls over such areas as the strategy for IT, systems development, data center operations, data base and data communications infrastructure, systems software support and maintenance, IT security, and ready-made application systems acquisition, development and maintenance.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">IT Application controls are those controls that are appropriate for transaction processing by individual computerized subsystems, such as financial accounting, personnel administration, customer sales, inventory control, payroll or accounts payable, etc.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">They relate to the processing and storing of data in computer-based files by individual IT applications and help ensure that business transactions occurred, are authorized, and are completely and accurately recorded, stored, processed, and reported. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><span style="color: #190026;">Benefits of the existence of IT Controls to business include: <o:p></o:p></span></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">(1) Understand and control the associated risks of IT systems. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">(2) Improve the process of designing, implementing and auditing new and existing IT systems.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">(3) Increase management’s aptitude to achieve operational goals. With well-controlled, integrated and robust IT systems, you can gain a comparative advantage in a <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">competitive environment, whilst ensuring that information is relevant, accurate and timely. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">(3) Ensure high standards within your IT systems. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0tag:blogger.com,1999:blog-403042030812132466.post-56741087806863810412011-10-08T07:26:00.000-07:002011-10-08T07:26:08.336-07:00BENEFITS OF IT CONTROLS<div dir="ltr" style="text-align: left;" trbidi="on"> <br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><u><span style="color: #0070c0; font-size: 14pt;">BENEFITS OF IT CONTROLS<o:p></o:p></span></u></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><i style="mso-bidi-font-style: normal;"><u><span style="color: #190026; mso-bidi-font-weight: bold;">John Kyriazoglou*, CICA, M.S, B.A(Honours), IT Consultant and Author (jkyriazoglou@hotmail.com)<o:p></o:p></span></u></i></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><i style="mso-bidi-font-style: normal;"><span style="color: #190026; mso-bidi-font-weight: bold;"><span style="mso-spacerun: yes;"> </span></span></i><i style="mso-bidi-font-style: normal;"><span style="font-family: "Arial","sans-serif";"><o:p></o:p></span></i></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">“It is possible to fail in many ways, while to succeed is possible only in one way”<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;"><span style="mso-tab-count: 6;"> </span>Aristotle (384 B.C. – 322 B.C.)<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">“Computers are useless. They only give you answers”<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;"><span style="mso-tab-count: 2;"> </span><span style="mso-tab-count: 3;"> </span>Pablo Picasso (1881 – 1973)<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">“The global information society is increasingly dependent on electronic networking and exchanging ‘electronic goods’ with high economic value, both in private life and in business.”<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;"><span style="mso-tab-count: 2;"> </span>Prof. Heinz Thielmann, Fraunhofer Institute, Germany (2006)<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">The most critical assets, in the 21st century, for the private and public enterprises, for organizations in general, for the global society, and for the economy (local, national, international) are not of physical nature (equipment, machines, installations, plants), or of financial nature (money, credit or other financing instruments), or of computer software nature.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">The most critical assets are the knowledge and ideas (concepts) that exist in the brains of people, which are stored in computerized systems (personal and corporate), in the modern business environment.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">The computer technology and related infrastructure, the information systems, the network backbone (intranet, extranet, metropolitan, Internet, etc.) and related media technologies give everyone, within a given organizational environment, direct access to what is going on: within the given organization, in the industrial sector to which it belongs, and in the general economy and market in which it operates.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">All these technological components, broadly termed Information Technology (IT) and the related Information Systems (IS) which operate within its realm enable the modern private and public corporation and/or organization to accrue the following benefits (indicative only):<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">(1) Quicker and more effective information for decision-making at all levels,<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">(2) Increased competition in all services of the firm,<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">(3) Improved production processes and procedures, and<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">(4) Higher quality in products and services offered by information systems to customers (and citizens) and society in general.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Given the rate of development of the information processing and computer manufacturing technologies and processes, a rate without a precedent in the history of man-kind, it is possible now for organizations to transfer almost all of their daily business operations to be carried out by integrated information systems.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">These systems are like medical drugs, either strengthening the organization, or enabling it to cure or resolve a particular problem or operating malfunction.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">But, using the drug analogy, if these systems are not used in a disciplined manner, they can create havoc and many times bring about not the expected results and even catastrophe.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">These integrated information systems must therefore operate within a business environment which is ruled by the rules, policies, regulations and instructions of a corporate governance framework and a related information technology governance framework.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">As Negroponte has said (see Nicholas Negroponte: “Being Digital”, Alfred A. Knopf, N. York, U.S.A., 1995): “The next decade will see cases intellectual property abuse and invasion of our privacy. We will experience digital vandalism, software piracy and data thievery”.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">This has definitely been proven correct. Security incidents and other acts of electronic and computer-based crimes are on the rise (as per www.cert.org and other security-related sites).<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">And as the notorious Mitnick has said (see book by Kevin. D. Mitnick and William L. Simor: “The art of deception”, Wiley, 2002): “Valuable information must be protected no matter what forum it takes or where it is located. An organization’s customer list has the same value whether in hard-copy form or an electronic file at your office or in a storage box. Social engineers always prefer the easiest to circumvent, least defended point of attack. A company’s offsite backup storage facility is seen as having less risk of detection or getting caught. Every organization that stores any valuable, sensitive, or critical data with third parties should encrypt their data to protect its confidentiality”. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Also IT auditing will enhance the qualities of information (effectiveness, efficiency, confidentiality, integrity, availability, compliance, reliability) according to ISACA (www.isaca.org).<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">The answer for managers and leaders of organizations is to plan for this new operating environment with the proper tools, methodologies and resources.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Never forget that because organizations differ, their control needs also will differ. For example, all groups need change management, but how it's implemented will depend on the enterprise. Delving into the work instruction level, access controls are needed, but how they are handled on a mainframe vs. a Windows network will vary. The point is that you will need to tune your policies, procedures and work instructions not only to meet the spirit of the controls but also to be feasible in the context of your organization. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">In almost all types of organizations, both private and public, corporate controls denote the set of policies, procedures, techniques, methods, and practices to manage and control their business operations.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">Within this corporate controls governance framework Information Technology controls (or IT controls) are specific actions, usually specified by policies, procedures, practices, etc., performed by persons, hardware or software with the main objective to ensure that specific business objectives are met. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">The overall guiding aim of IT controls relate to the secure processing, confidentiality, integrity, and availability of data and the overall management of the IT function of the organizations. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">IT controls are commonly described in two categories according to various sources (<a href="http://www.isaca.org/"><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">www.isaca.or<span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;">g</span></span></span></span></a>", <a href="http://www.isaca.org/"><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">www.isaca.org</span></span></span></a>, <a href="http://www.theiia.org/"><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">www.theiia.org</span></span></span></a>, <a href="http://www.theiia.org/"><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">www.theiia.org</span></span></span></a>, <a href="http://www.itpi.org/"><span style="color: black; mso-bidi-font-family: Arial; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="color: black; mso-style-textfill-fill-alpha: 100.0%; mso-style-textfill-fill-color: black;"><span style="font-family: Times New Roman;">www.itpi.org</span></span></span></a>): IT General Controls and IT Application Controls.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">IT General Controls are those controls that are applicable to all IT activities (systems, services, issues, processes, operations, etc.) and data for a given organization or IT systems environment. They include controls over such areas as the strategy for IT, systems development, data center operations, data base and data communications infrastructure, systems software support and maintenance, IT security, and ready-made application systems acquisition, development and maintenance.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">IT Application controls are those controls that are appropriate for transaction processing by individual computerized subsystems, such as financial accounting, personnel administration, customer sales, inventory control, payroll or accounts payable, etc.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">They relate to the processing and storing of data in computer-based files by individual IT applications and help ensure that business transactions occurred, are authorized, and are completely and accurately recorded, stored, processed, and reported. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><b><span style="color: #190026;">Benefits of the existence of IT Controls to business include: <o:p></o:p></span></b></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">(1) Understand and control the associated risks of IT systems. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">(2) Improve the process of designing, implementing and auditing new and existing IT systems.<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">(3) Increase management’s aptitude to achieve operational goals. With well-controlled, integrated and robust IT systems, you can gain a comparative advantage in a <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">competitive environment, whilst ensuring that information is relevant, accurate and timely. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">(3) Ensure high standards within your IT systems. <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">---------------------------------------------------------------------------------------------------------------<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><span style="font-family: "Arial","sans-serif"; font-size: 11pt; line-height: 150%;">* For more information on IT Controls, see the book:<o:p></o:p></span></div><br />
<div class="MsoNormal" style="line-height: 150%; margin: 0in 0in 0pt; text-align: justify;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">'IT STRATEGIC AND OPERATIONAL CONTROLS'<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">PRINTED VERSION:<span style="mso-spacerun: yes;"> </span></span><i style="mso-bidi-font-style: normal;"><u><span style="color: #002060; mso-bidi-font-weight: bold;">www.itgovernance.co.uk/products/3066</span></u></i><span style="color: #002060; mso-bidi-font-weight: bold;"> <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">E-BOOK FORMAT VERSION:<span style="mso-spacerun: yes;"> </span></span><i style="mso-bidi-font-style: normal;"><u><span style="color: #002060; mso-bidi-font-weight: bold;">www.itgovernance.co.uk/products/3067</span></u></i><span style="color: #190026; mso-bidi-font-weight: bold;"> <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">CUSTOMISABLE IT AUDIT PROGRAMMES AND CHECKLISTS (WORD FORMAT): </span><i style="mso-bidi-font-style: normal;"><u><span style="color: #002060; mso-bidi-font-weight: bold;">www.itgovernance.co.uk/products/3143</span></u></i><span style="color: #190026; mso-bidi-font-weight: bold;"> <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">Author: John Kyriazoglou<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">Publisher: IT Governance Publishing<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">ISBN: 9781849280617<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">Pages: 686 <o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">Format: Softcover<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><span style="color: #190026; mso-bidi-font-weight: bold;">Published date: 2 September 2010<o:p></o:p></span></div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div><br />
<div class="MsoNormal" style="margin: 0in 0in 0pt;"><br />
</div></div>jkyriazoglouhttp://www.blogger.com/profile/15482029934015594259noreply@blogger.com0