- Germany hands lifeline to Lufthansa airlines Read More
- Pandemic forces change at Marks and Spencer's Read More
- Holyfield willing to fight Tyson for charity Read More
- Davis Cup home tie still on Read More
- Wanted: A more efficient airport Read More
- Low-hanging fruit for all Read More
- Avatar sequel to resume filming in New Zealand Read More
October 14 is celebrated as World Standards Day under the theme ‘Video Standards Create a Global Stage’. This theme places an emphasis on the importance of video technology.
Indeed, Barbados is in need of a digital transformation, particularly in the way that we conduct business. However, for this transformation to take place, we should establish standards to ensure that critical information and processes are not exposed to vulnerabilities, downtime or infiltration, given the risks associated with technological knowledge gaps.
The International Organisation for Standardisation (ISO) and the Committee of Sponsoring Organisations of the Treadway Commission (COSO) both provide frameworks that offers guidance on establishing standards, frameworks and best practices. A critical component of establishing standards also involves recognising when the current standards and practices require revision.
Many times, we hear the crippling saying: “This is the way it has always been done.” This mindset follows hard and fast to established standards and eliminates the potential for improvements. With the world constantly changing around us, playing it safe and sticking to what we are comfortable with will result in us being left behind.
That being said, reckless adoption of new protocols could also result in breaches or otherwise avoidable missteps with potentially severe consequences. Research and brainstorming become critical to minimising the risks associated with identifying new standards and processes that would best transport an entity into the digital age. Some of the key areas that should be considered when establishing standards includes:
- Establishing a Strategic Plan
Without a vision for the direction of the entity, efforts will likely be made in an incohesive vacuum. A strategic plan will establish the responsibilities and accountabilities of personnel and assist in the development of strategies, systems, as well as the current and required capabilities to meet the entity’s needs.
Documenting this information helps to ensure that the current standards is made available to those that require this information and removes ambiguity from the current and expected practices.
- Develop the Enterprise Architecture
The Enterprise Architecture is the blueprint which shows the relationships between the entity and the required infrastructure and supporting applications. The Enterprise Architecture should be revised as necessary to ensure that it continues to meet the entity’s needs and goals. It provides a detailed guide as to what would be required to meet the established objectives.
- Identify the Investment Budget
Once the requirements have been identified, a budget should be developed to identify whether the requirements are affordable. Differentiations should be made between critical requirements and useful but non-essential items so that spending is appropriately directed.
It should also be understood whether the identified features can be added at a later date and whether the delayed implementation would incur additional costs.
- Establish the Information Security Protocols
When establishing new standards, a critical component includes analysing the risks and developing a plan to manage these risks. With technology, information security becomes necessary, not only for the physical equipment but also the protection and security of data.
Entities should conduct security awareness training, test and evaluate the effectiveness of security policies, procedures and practices, including those of contracted third parties and establish procedures for detecting, reporting, and responding to security incidents.
Extensive testing of any new infrastructure should always be performed before it is incorporated into the entity, even if that means running concurrently with the old system until all necessary fixes have been implemented.
Change management is never an easy process. It requires a mindset that embraces continuous improvement, researching best practices and standards that would improve the functioning of the entity and the ability to educate those within the organisation on the new practices.
*Krystle Howell, CPA, CIA, COSO, ALMI, ACS, aka Mavis, is an Internal Auditor by profession, avid artist and a lover of dance.