-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
I think there is a place for both external and internal auditors. Important for the internal auditors to be impartial and objective. But it is also beneficial to have a third party to assist both for economies of scale, but also ensure quality. Internal auditors will know the company better than an external auditor which can be very valuable. But…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
Objectivity is crucial for auditors. Absolutely right about noting that auditors will have to return for subsequent audits and objectivity is vital to maintain. Most people will at some level be biased if they are auditing their own work. Best to maintain a separation with an uninvolved party. Same if I am editing a paper, best to have another…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
Similar to the cost of proper risk management/control, the cost of implementing compliance is higher than the benefit obtained when the actual implementation cost exceeds the benefit. Companies make the calculations all of the time and usual accept some level of risk because it is impossible to prevent everything. Still there are some risks that…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
Change usually involves some level of uncertainty which is unavoidable. Which is why communication is key in these situations. Without effective communication a myriad of problems can occur and cause other issues.
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
In future weeks we may have the privilege of having real world auditors join us for our discussions. What questions would you like to ask the Auditors to answer for us?
What is the most difficult part of auditing for you?
Have you ever completed any server virtualization audits?
What is the most challenging problem for the it audit field in…[Read more] -
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
Couldn’t agree more about employee involvement in this process. I’ve found that people always respond better when they have more information. Important for everyone to understand what is happening and why so that it does not seem superfluous. Reasons behind some decisions may not be obvious, but could be valid and employees would not know without…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
1. How have you seen change management work in your organization? What improvement recommendations do you have?
I saw a lot of management changes when I was in the military, although they were called change of commands. The Army rotates soldiers every few years to a new unit, which also includes senior enlisted and officers/commanders. At…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
I hadn’t considered a data steward position before. Definitely makes sense, especially for larger organizations. It can be very easy for data to become siloed in each department, along with rules and procedures. While it may makes sense for the individual departments, can create larger issues and risks for the organization as a whole. Without a…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
I agree that the accounting department should define and control the master data. While all three sections include financial information/transactions, they are predicated on the accuracy of the data from the accounting department. If that data is not correct, then the rest of the process can be corrupted.
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
Accuracy is absolutely essential for the integrity of business operations. I definitely agree about the need for SOD relating to master data. Especially importing when considering data that is manually entered. Increased risk for inaccurate data to be entered, and if the same person is validating the data, then there is higher probability of the…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
Which is more of a risk to a company: inaccurate data or excessive repetitive data?
Inaccurate data is a greater risk to a company than excessive repetitive data. First, both can be costly to an organization, which is the primary risk of repetitive data. Data must be clean before it can be analyzed, which is resource intensive. Unlike…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
I understand the ISP’s issue with companies such as Facebook excluded, but the two are not the same. Facebook is a website, where as Comcast and Verizon are Internet Service Providers (ISP), which are two very different things. Facebook’s access to your data is limited to when you visit their site, mobile app, and other partnerships with third…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
You made an excellent observation that even though many aware of the risks, still connect. In this example, more education does not seem to be enough of a deterrent. There is a constant need to internet, and wireless data can be expensive. As noted above, a few changes to wifi settings can be make a large difference in security.
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
Definitely agree that privacy and will continue to be an important issue as technology continues to advance. However while I do think that it is important to people, many are very quick to exchange privacy for convenience for free services (Facebook/Gmail), or for convenience. There certainly are a lot of negative consequences, but the public…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
“How Podesta became a Cybersecurity Poster Child”
The article discusses the Clinton campaign manager, John Podesta’s poor password security. Among the information in the hacked emails from the campaign were examples of staffers emailing his password, using duplicate usernames and passwords for different applications, and a weak password. In one…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
Makes me remember when I had trouble setting up my voicemail during the second internship at the same company. After some investigation the IT help desk discovered that my account from the previous summer had not been terminated. In addition, the voicemail that I had been using was actually assigned to a previous female employee. I was told this…[Read more]
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
Information security is definitely an area that requires strong segregation of duties. Not only does the employee have this type of access, also understand the system vulnerabilities and security controls. It could be very easy for an employee to commit fraud and then conceal their actions. Especially be important for a terminated or disgruntled employee.
-
Joshua Tarlow posted a new activity comment 7 years, 11 months ago
You raise a good point about the large amount of controls and codes in SAP. I would imagine that it would be very easy for a code to be entered incorrectly, maybe only one digit difference. Which could then allow an employee to access data or processes that are restricted. No one is immune to human error and this would an error that anyone could…[Read more]
- Load More