- Data classification is an important first step in establishing a cybersecurity management program, as it allows an organization to make managerial decisions about resource allocation to secure data from unauthorized access.
- The AICPA recently released an exposure draft of the proposed revisions to the Trust Services Principles and Criteria. The most significant change in the proposed revisions is the integration of the privacy principles and criteria into the common criteria.
- Contractors who can get a project done and get it done right are on owners’ short lists of firms to work with but this delivery methodology that ensures on-time delivery can be at odds with the need to preserve profit and timely billing.
- Learn more about who audits internal audit and how a Quality Assessment Review (QAR) can be a great way for the internal audit department to reflect on current activities and to enhance them.
- Since the Committee of Sponsoring Organizations (COSO) issued its Internal Control — Integrated Framework (2013 Framework) in May 2013, many organizations have implemented the new framework to comply with the initial December 15, 2014 transition deadline. The 2013 Framework requires management to assess whether 17 principles are present and functioning, which is a change from the previous framework. Further, the 2013 Framework includes points of focus, which are important characteristics of the 17 principles and assist management with determining whether controls are properly present and functioning.
- Previous Next