- Know your business strategy and goals, make sure your controls support them
- ID key business processes, as these are the skills your organization sells
- Protect your key business processes through BCP/DR
- Verify and document process changes
- Risk map your processes and verify that your key controls actually are the key controls
- Consider automating processes to eliminate risks, without causing new weaknesses
- Identify sensitive data, checking for Personally Identifiable Information (PII)
- What will you do when customer data is lost or stolen? Have a detailed plan.
- Document your areas of process owneship to avoid misunderstandings of responsibilities
- Above all, attempt to work together with auditors, enjoying the helpful consultative review.
- Remember that auditors really are to help and advise.
- Auditors want to add value just like everyone else.
No comments:
Post a Comment