Dan Swanson has been working in internal audit for more than 24 years and provides an excellent free newsletter that some readers of this column will find valuable.
His brief newsletter concentrates on IT governance and often includes security-related topics. For example, his Oct. 17 issue pointed to a good book on project investment governance and reporting; concisely introduced a Web page with ISO 27001 security standards compliance information; alerted readers to a new series of podcasts from the Computer Emergency Response Team Coordination Center; and published abstracts of several interesting articles on corporate governance and risk management (for example, this article).
Readers may go here to join Dan’s mailing list. You must have or create a free Yahoo Groups ID for successful registration.
There’s a collection of Dan’s auditing-related papers in his columns from _Compliance Week_. Although a full subscription will appeal primarily to professional auditors (it costs $999 a year), there is a 30-day free subscription available that includes weekly e-mail newsletters, one issue of the print magazine and free access to the archives.
Dan will be giving a Webinar on Nov. 14 at 11 a.m. PST (2p.m. EST); the $249 registration free provides access to a live lecture and presentation on auditing compliance and ethics programs. Topics include:
* Audit scope
* What is the goal?
* Planning efforts
* The general audit steps
* Audit risk assessment
* Audit objectives
* Audit approach
* What auditors like to see
* Audit testing
* Issues to watch out for
* Other considerations
* The audit report
Full details of the Webinar are available online.
On the same topic, Dan has written an 88-page white paper that is available free and without registration. Entitled “Internal Audit Guide: Evaluating a Compliance and Ethics Program,” the draft report from the Open Compliance and Ethics Group (OCEG) includes an executive overview (PDF file pages 10-12) that summarizes key points:
“The purpose of the Guide is to support more effective implementation of existing compliance and ethics programs, the objectives of which are to:
* Provide assurance to the board and management that compliance and ethics programs are designed effectively and operating as designed.
* Identify opportunities for improvement.
* Reinforce and support self-assessment efforts that have been completed, and promote a continuous improvement philosophy within the organization.
Additionally, the Guide offers an audit methodology which can be used to provide assurance to the board and management on compliance and ethics practices.”
I was interested to note that the PDF file was automatically stamped with a digital rights management indicator: a page footer reading “LICENSED TO <IP address> ON SUNDAY, OCTOBER 29, 2006. SINGLE USER LICENSE GRANTED.” This footer would ensure that rogue copies of the document might be traceable to specific downloads and supports the attempt to provide up-to-date, corrected copies from a single server.
Webinars from Compliance Online are archived; there’s a menu page for live or “On Demand - Access Anytime” Webinars. Topic areas of particular interest to readers of this column include:
* Corporate Governance
* HIPAA Compliance
* IT Controls and Compliance
* SOX Compliance
I hope readers will read Dan’s white paper and try his newsletter. I wish him good luck and a substantial audience in his Webinar!
[Disclaimer: I have no financial or any other involvement in the commercial activities mentioned above other than as a grateful reader of Dan’s writings.]