Friday, March 6, 2009

Why IT Professionals Should Not Hate Auditors, and Should Not Become Sick With Compliance Guidelines

Which is one of the most common characteristics of Information Technology (IT) professionals? They hate documentation and auditors, and become sick with compliance guidelines.

Some IT professionals are different. They have realized that when persons that understand systems and the technical issues, understand also compliance and risk management, are really valuable for organizations. IT professionals with a risk or compliance certification stand out from the crowd.

There is a legal duty to comply with laws and regulations. Compliance is of paramount importance to all organizations that have to demonstrate to the society in general and to their shareholders, auditors, supervisors and employees in particular their strong commitment to excellence, profitability and international standards.

A good compliance program provides assurance that the firm is able to prevent illegal and unethical conduct encourages employees to report problems and to help resolve issues, minimizes loss and reduces the exposure to civil damages, penalties and criminal sanctions.

Compliance starts from a set of clear policies. A policy is not something employees have (a document), but something they know, they understand, they do. Compliance is always taken into account in evaluating all managers and employees.

Compliance awareness and training for all employees is important, but a different compliance training program is needed for different employees. IT professionals need to understand the legal and regulatory problems organizations face after errors or omissions in the IT departments.

IT persons are very nice and friendly. They are willing to share videos and songs, sometimes creating shared folders to do that. They usually underestimate the importance and the consequences of Intellectual Property and Copyright law. They don't believe that is such an important problem if they download some pictures, videos or documents that do not belong to their organization and share them with their colleagues using the corporate network and structure.

Become a Certified Information Systems Risk and Compliance Professional (CISRCP). Instead of just training, you have much more:

1. Training
2. Certification
3. Membership in our Association
4. Monthly newsletter with news, alerts and opportunities
5. Networking and exposure to the best headhunters

To learn more:
http://www.risk-compliance-association.com/Distance_Learning_and_Certification.htm.

No comments: