What are some of the principles that are involved for good compliance monitoring and evaluation?
What will be an ideal response?
There are several principles that are involved for good compliance monitoring and evaluation:
* Clear definition of the controls-A proper understanding of exactly what the controls are, why they are in place, and how they are to properly function is important. Without this understanding, it will not be possible to determine the validity of the controls.
* Continual oversight-Compliance monitoring is a continual process and not just an occasional check on the status of equipment. A process of ongoing risk and control assessment is necessary to see the continued operation of controls. This often involves continual cooperation among different business units within the organization.
* Validation by an external unit-Determining if compliance is being achieved should not be performed by the individuals or business units that designed, installed, or manage the controls. There will be too much temptation to approve the controls and not rigorously test the controls if the persons responsible for the controls are also evaluating them. In a large organization, the internal audit department should perform this function.
* Use of scanning tools - Whenever possible, tools should be used to scan systems for control implementation. If this is not possible, the controls can be evaluated through manually tracking the workflow.
You might also like to view...
WordArt uses some predefined styles to enhance a long paragraph in a document
Indicate whether the statement is true or false
The Welcome to Alice! dialog box has five tabs: ____.
A. Tutorials, Example Worlds, About Alice, Text Output, and Recent Worlds B. World window, Object tree, Details area, Editor area, and Events area C. Tutorial, Recent Worlds, Templates, Examples, and Open a world D. Text Output, Error Console, World Statistics, Editor area, and Events area