You are previewing Compliance by Design: IT Controls that Work.
O'Reilly logo
Compliance by Design: IT Controls that Work

Book Description

Reconsider how you view compliance – and your business will reap the rewards!

A must have book for anyone who is looking to develop awareness and deeper insight into IT controls, strategies and techniques to solve compliance challenges!

What does 'compliance' mean to you? Is it a burden, a box-ticking exercise, or a way to avoid the penalties of non-compliance? Or do you see the opportunities it presents for your business?

In Compliance by Design, Chong Ee will show you how your organisation can benefit from becoming compliant with the relevant national and international standards. You will discover how integrating controls into your processes will improve your security, increase your productivity, save you time and money, and increase your profits.

Drawing on personal experience and using up-to-date, practical examples, the book considers the elements and principles of controls, and offers strategies to put them in place. It will show you how to:

  • implement changes that will improve your processes
  • allay fears and overcome resistance from your stakeholders
  • integrate controls into your everyday processes
  • achieve synergy from interconnected processes
  • assess your priorities and handle conflicting objectives
  • analyse and manage risks
  • establish a system of controls that is right for your business
  • manage your technology to make it work for you.
  • Moving away from traditional efforts

    Traditional efforts in attaining or sustaining IT compliance employ an outside-looking-in approach, characterised by capturing varied compliance requirements and/or frameworks and applying these within the organisation. This book advocates an inside-looking-out approach, emphasising fundamental ideas of good control design as the basis for developing effective and sustainable IT compliance strategies.

    Tools and techniques

    Intended to arm you with the tools and techniques to put in place the right system of internal controls, the focus is on IT controls, but with plenty of references to business and entity controls, too.

    What others are saying about this book ...

    'As the title implies Chong Ee offers the reader a "Journey to unravel the essence of IT Controls." The book moves quickly and raises a lot of thought provoking questions, providing windows into compliance: Elements, Principles and Strategies. Not a classic check list of controls, this book encourages thinking, which I see as very beneficial when designing IT controls. It is well worth the read.'

    Michael P Cangemi CPA,Author of Managing the Audit Function and former long time Editor-in-Chief of the ISACA JournalBuy this book and see how compliance can work for you!

    Table of Contents

    1. Cover
    2. Title
    3. Copyright
    4. Contents
    5. Introduction
      1. Unraveling controls
      2. Ways of seeing
      3. Unintended consequences
      4. Reading this book
      5. Control and chaos
    6. Part I: Elements
      1. Chapter 1: People
        1. Cooking broth
        2. Hello, is anyone there?
        3. Lock picking
        4. Seeing the system
      2. Chapter 2: Data
        1. Line in the sand
        2. Leaping off the endpoint
        3. The gift that keeps on giving
        4. Going social
        5. Stone Age
        6. Grasping context
      3. Chapter 3: Objectives
        1. Down the rabbit hole
        2. Adjoining rooms
        3. Through the looking glass
        4. He said, she said
        5. Behavioral norms
        6. Getting direction
      4. Chapter 4: Systems
        1. Tug-of-war
        2. Going virtual
        3. Up and down
        4. End to end
        5. Not so fast
        6. Negotiating tradeoffs
      5. Chapter 5: Activities
        1. Feeling the elephant
        2. Lost in the trail
        3. You never know
        4. Checks and balances
        5. Finding the right frequency
        6. Becoming whole
      6. Chapter 6: Risks
        1. One of them
        2. At the water cooler
        3. Slipping through the cracks
        4. Forging a direct path
        5. Stop-gap measures
        6. Tracing interdependence
    7. Part II: Principles
      1. Chapter 7: Proximity
        1. Narratives
        2. From a distance
        3. A question of timing
        4. Pulling the trigger
        5. On the periphery
        6. Far and near
      2. Chapter 8: Alignment
        1. Common allies
        2. Look again
        3. On the same page
        4. Heavy bombardment
        5. Gaining perspective
      3. Chapter 9: Coupling
        1. Do we have to?
        2. Interwoven
        3. Pushing through
        4. Worked into a frenzy
        5. Locked in
        6. Give and take
      4. Chapter 10: Balance
        1. Up in the air
        2. Going to the polls
        3. Shifting dynamics
        4. Proportion
      5. Chapter 11: Resilience
        1. What lies beneath?
        2. Coming in, going out
        3. Waves of change
        4. Scalability
        5. Sustainability
    8. Part III: Strategies
      1. Chapter 12: Finding the Glue
        1. What sticks
        2. Culture lens
        3. Crossing boundaries
        4. Ties that bind
      2. Chapter 13: Connecting the Dots
        1. Between the poles
        2. Back to source
        3. Middle ground
        4. So what?
        5. Two sides to every coin
      3. Chapter 14: Laying the Foundation
        1. Cloud of dust
        2. Inner fissures
        3. Dissolving boundaries
        4. Patchwork paradise
        5. Content rules
        6. Going with the flow
        7. Heart of the matter
      4. Chapter 15: Managing the Interface
        1. Scaling an inverted pyramid
        2. From ground up
        3. Towards the Cloud
        4. As the world turns
      5. Chapter 16: Embedding into Process
        1. Not seeing
        2. Compliance through obscurity
        3. A string in one hand
        4. Eye on the ball
        5. Access denied
        6. Changing within
      6. Chapter 17: Breaking the Cycle
        1. Déjà vu
        2. Modeling behavior
        3. The more the merrier
        4. In on the action
        5. Beyond rinse and repeat
      7. Chapter 18: Building Momentum
        1. Up, up and away
        2. I would like an exception please
        3. Role play
        4. Seeking value
        5. Balancing act
        6. Beyond deficiencies
    9. Part IV: Action
      1. Chapter 19: Bringing it Together
        1. Making a case for change
        2. Wearing different hats
        3. Tailoring the approach
        4. Lessons learned
        5. Delivering on the audit
        6. Head in the clouds
        7. Developing mindfulness
      2. Chapter 20: What’s Next?
        1. Back to the beginning
        2. Stuck in the middle
        3. Welcome to the future
    10. ITG Resources