Value Creation Through Best Practice Controls

Purpose:  This site is dedicated to the implementation of best practice control frameworks for strategic sourcing, application development and maintenance, information security, data privacy and information technology infrastructures.

From regulatory challenges to improving business process, an increasingly common term in use today is “control”. In the past, discussions regarding controls were centered on finance, accounting and even manufacturing: now the term is pervasive in the Information Technology industry and is represented in enterprise policies, procedures, standards and control frameworks.  As the delivery of information systems technology is increasingly accomplished with a wide variety of partners, suppliers and third-parties, the importance of controls increases significantly.  Adding to the requirement for controls are significant regulations that include the Health Insurance Portability and Accountability Act (HIPAA), the Graham-Leach-Bliley Act (GLBA) and now the Sarbanes-Oxley Act of 2002 (SOX).  These regulatory requirements have definitely raised the awareness of controls in medium to large organizations.  In addition, business partners have demanded the implementation of compliance and control for their service providers including Statement of Accounting Standards No. 70 (SAS70) and Payment Card Industry (PCI) standards.

Bottom line, control is now an critical part of business, however, most organizations can not identify the origin of their controls nor the business requirements, risks and leading practices that support that control.