ISACA Journal Blog


Andrea Tang, ISO 27001 LA Posted: 11/4/2019 4:12:00 PM | Category: Government-Regulatory | Permalink | Email this post

Consider an organization adopting artificial intelligence (AI) as being represented by a self-driving car. Data serve as gasoline, which provides the driving force to the car; machine learning (ML) is the engine, which determines the performance of the car; and AI operates as the role of the sensor in the car, contributing to the process of automatic decision-making. A self-driving car with good performance requires more data input to obtain continuous driving force to become more competitive and make more accurate analysis and predictions. However, especially for an Internet finance organization, multiple relational datasets can easily result in “isolated islands of information,” which make it difficult to connect the datasets where they can talk to each other.


The Role of Data Strategy in Optimizing Organizational Processes

Rajul Kambli, CISA, CMA Posted: 10/31/2019 3:29:00 PM | Category: Risk Management | Permalink | Email this post

Rajul KambliThe relevance of data cannot be over emphasized in today’s world, where change is the only constant. Decisions that managers and executives tend to make emanate from the availability of data analysis. While the turnaround time to collect the data, analyze, interpret and act has shrunk significantly, those who are able to do this in not only shortest possible time but also effectively and efficiently enjoy the first-mover advantages.

Strong data strategies must account for the following:

  • Prerequisites of data—Integrity of data is must, because actions of organizations are based on representative data collected and analyzed. Insight of data with the key elements of reliability, consistency and timeliness make these data a fit foundation for long-term sustainability and appropriate actions.
  • The concept of master and transactional data—Any attribute of data is broadly classified into master or transactional data. This basic classification drives further strategies of data, on which pivotal decisions of data centralization and data sharing are heavily dependent.
  • Integration of business intelligence and market intelligence—A representative yardstick of corporate objectives are based on business intelligence. A correlation of these metrics to industry data through market intelligence is vital to be in sync with industry outlook. This integration reflects not only how realistic the corporate objectives are, but it also asks if corporate objectives align with industry outlook, and more importantly to what extent they are practical and achievable.
  • Data use—How do different business use data to understanding buyer behavior and preferences?

Timely and correct data analysis is a universal requirement. Consider the medical profession, in which a prescription of a medicine by a doctor depends on the report of a patient. The sooner the diagnosis, the sooner the remedy can be administered. But in addition to time, the accuracy of reports is vital. Similarly in sports, data related to the top players' strengths are used to determine the game plan.


Cybersustainability: Ensuring Digital Strategies That Protect Data

Karen Walsh, JD, and Joe Raschke, CRISC, CIPP, CISSP Posted: 10/8/2019 8:52:00 AM | Category: Security | Permalink | Email this post

Increasingly, security professionals use language that makes a distinct comparison between our physical environment and our digital infrastructures. We use terms such as “digital ecosystem,” “digital footprint,” “IT environment,” “data leakage” and “data pollution.” As data breaches continue to increase in number and severity, we need to begin thinking about how we protect today’s data for tomorrow’s future digital strategies.

What Is Cybersustainability?
Fundamentally, cybersustainability looks at data as a finite resource, similar to a coral reef or fossil fuels. Similarly, we can look at data from both the “prevent from being polluted” perspective and the “preserve the resource” perspective.


I Know What I Know (If You Know What I Mean)

Ian Cooke, CISA, CRISC, CGEIT, COBIT Assessor and Implementer, CFE, CIPP/E, CIPM, CIPT, FIP, CPTE, DipFM, ITIL Foundation, Six Sigma Green Belt
Posted: 9/23/2019 4:56:00 PM | Category: Audit-Assurance | Permalink | Email this post

Ian CookeEdie Brickell (incidentally the wife of singer/songwriter Paul Simon) had a modest 1988 hit titled “What I Am.” The opening lines of the song contain the lyrics “I'm not aware of too many things. I know what I know if you know what I mean.”

Besides being a nice play on words, the lyrics are quite prophetic; in reality, we all are somewhat restricted by what we know and understand. We, as ISACA members and IT specialists, all know a lot about IT risk and its 3 main categories. Specifically:


How to Prepare for Taxation in a Digitalized Economy

Helena Strauss, CISA, CA(SA) Posted: 9/9/2019 3:02:00 PM | Category: Audit-Assurance | Permalink | Email this post

Helena Strauss
While IT professionals and auditors are not required to be tax experts, they do need to have a certain level of mindfulness with regard to taxation within the digitalized economy going forward as tax collection is slowly but surely becoming part of the natural business ecosystem where taxation happens by default.

IT professionals and auditors should consider the following to better address taxes within the digitalized economy:

  • Regarding the client’s business structure, does it deliver highly digitalized services and does it have an international economic presence?
  • Does the client have sufficient IT controls in place to identify the origin of its users of digitalized services provided? Controls such as bank account details, IP addresses, customer addresses might suffice, although they can be changed or anonymized. This information should be used to bill the client and apply the correct Value Added Tax (VAT)/Goods and Services Tax (GST) rates, which is a fully digitized process.
  • Does the client make use of freelance or contract workers within the gig economy? If so, payments to them should be made after withholding taxes (dependent on the jurisdiction in which the worker resides). This is also a digitalized process in most instances.

The following IT internal controls questions should also be answered:

        Page: 1 of 92     Next >   Last >>