Tinkering the Pragmatic Way (Again)

I found a rather surprising piece of support for my quest on making Governance, Risk, and Compliance procedures (GRC's) a process improving part of the daily business. Consultants from Cordares Risk & Audit Services advocated in an article in Computable some ideas that one would not necessarily expect from an organization which bread and butter is paid by implementing control and reporting frameworks.

Remarkable comments they made:

  • Better to automate controls than rely upon human interaction.
  • Improve communication between stakeholders by defining one generic accepted standard around general IT controls (replacing the many various views by IT management, auditors and government on this topic via ITIL, COSO, CobIT, ISO 27001, SAS70, ALS, BLS etc.).
  • Make sure this standard is made public by a independent organization and supported / implied by government.
  • Start working on the above by defining an IT general control framework (in The Netherlands this is driven by the Dutch Platform on Informatica Security and Norea, the organization of IT auditors).

I support this move completely: It will give clarity, implicit possibilities for standard solutions, and save cost.

Dear audit professional: Now just add my ideas on making GRC's a cost-neutral revenue booster, and we could even become friends!

This blog is the last part of a series around tinkering:

Contact Hans van Nes at Results2Match.com.

Back to top