• Today
    May 26

  • 05:35 PM

KRYSTLE CLEAR: Change and Standards

KRYSTLE HOWELL,

Added 14 October 2019

krystle-clear-bloc-new

October 14 is celebrated as World Standards Day under the theme ‘Video Standards Create a Global Stage’. This theme places an emphasis on the importance of video technology.

Indeed, Barbados is in need of a digital transformation, particularly in the way that we conduct business. However, for this transformation to take place, we should establish standards to ensure that critical information and processes are not exposed to vulnerabilities, downtime or infiltration, given the risks associated with technological knowledge gaps.

The International Organisation for Standardisation (ISO) and the Committee of Sponsoring Organisations of the Treadway Commission (COSO) both provide frameworks that offers guidance on establishing standards, frameworks and best practices. A critical component of establishing standards also involves recognising when the current standards and practices require revision.

Many times, we hear the crippling saying: “This is the way it has always been done.” This mindset follows hard and fast to established standards and eliminates the potential for improvements. With the world constantly changing around us, playing it safe and sticking to what we are comfortable with will result in us being left behind.

That being said, reckless adoption of new protocols could also result in breaches or otherwise avoidable missteps with potentially severe consequences. Research and brainstorming become critical to minimising the risks associated with identifying new standards and processes that would best transport an entity into the digital age. Some of the key areas that should be considered when establishing standards includes:

  1. Establishing a Strategic Plan

Without a vision for the direction of the entity, efforts will likely be made in an incohesive vacuum. A strategic plan will establish the responsibilities and accountabilities of personnel and assist in the development of strategies, systems, as well as the current and required capabilities to meet the entity’s needs.

Documenting this information helps to ensure that the current standards is made available to those that require this information and removes ambiguity from the current and expected practices.

  

  1. Develop the Enterprise Architecture

The Enterprise Architecture is the blueprint which shows the relationships between the entity and the required infrastructure and supporting applications. The Enterprise Architecture should be revised as necessary to ensure that it continues to meet the entity’s needs and goals. It provides a detailed guide as to what would be required to meet the established objectives.

  

  1. Identify the Investment Budget

Once the requirements have been identified, a budget should be developed to identify whether the requirements are affordable. Differentiations should be made between critical requirements and useful but non-essential items so that spending is appropriately directed.

It should also be understood whether the identified features can be added at a later date and whether the delayed implementation would incur additional costs.

 

  1. Establish the Information Security Protocols

When establishing new standards, a critical component includes analysing the risks and developing a plan to manage these risks. With technology, information security becomes necessary, not only for the physical equipment but also the protection and security of data.

Entities should conduct security awareness training, test and evaluate the effectiveness of security policies, procedures and practices, including those of contracted third parties and establish procedures for detecting, reporting, and responding to security incidents.

Extensive testing of any new infrastructure should always be performed before it is incorporated into the entity, even if that means running concurrently with the old system until all necessary fixes have been implemented.

Change management is never an easy process. It requires a mindset that embraces continuous improvement, researching best practices and standards that would improve the functioning of the entity and the ability to educate those within the organisation on the new practices.

 *Krystle Howell, CPA, CIA, COSO, ALMI, ACS, aka Mavis, is an Internal Auditor by profession, avid artist and a lover of dance.

 

 

 

JOIN THE DISCUSSION

Dos and Donts


Welcome to our discussion forum here on nationnews.com. We encourage lively debate, but we also urge you to take note of the following:

  • Stay on topic – This helps keep the thread focused on the discussion at hand. If you would like to discuss another topic, look for a relevant article.
  • Be respectful – Meeting differences of opinion with civil discussion encourages multiple perspectives and a positive commenting environment.
  • Do not type in capitals – In addition to being considered “shouting” it is also difficult to read.
  • All comments will be moderated – Given the volume of comments each day, this may take some time. So please be patient.
  • We reserve the right to remove comments – Comments that we find to be abusive, spam, libellous, hateful, off-topic or harassing may be removed.
  • Reproduction of comments – Some of your comments may be reproduced on the website or in our daily newspapers. We will use the handle, not your email address.
  • Do not advertise – Please contact our Advertising Department.
  • Contact our Online Editor if you have questions or concerns.
  • Read our full Commenting Policy and Terms of Use.
comments powered by Disqus

POLL

Do you fear a second wave of the coronavirus in Barbados now that lockdown restrictions have eased?

Yes
No

FRONT COVER OF TODAY'S NEWSPAPER

CARTOON

INSTAGRAM