Compliance by Design

Chong Ee did not start out being an IT auditor; he became one after donning the hats of an IT management consultant and a business analyst. Over time, Chong worked on both sides: external auditing and in-house compliance. In 2012, he returned to systems implementation for cloud apps after eight years in Sarbanes-Oxley compliance. He has spoken at conferences hosted by the MIS Training Institute (MISTI), Information Systems Audit and Control Association (ISACA), Institute of Internal Auditors (IIA) and Society of Corporate Compliance and Ethics (SCCE), and has had articles published in the Internal Auditor magazine and ISACA and Information Systems Security Association (ISSA) journals. His first book, Compliance by Design: IT Controls that Work, was published by IT Governance Publishing in September 2011. Chong is an active Certified Information Systems Auditor (CISA) and Certified in the Governance of Enterprise IT (CGEIT).

Reconsider how you view compliance - and your business will reap the rewards!What does 'compliance' mean to you? Is it a burden, a box-ticking exercise, or simply a way to avoid the penalties of non-compliance? Or do you see the opportunities it presents for your business?In Compliance by Design, Chong Ee will show you how your organisation can benefit from becoming compliant with the relevant national and international standards. You will discover how integrating controls into your processes will improve your security, increase your productivity, save you time and money, and increase your profits.Drawing on personal experience and using up-to-date, practical examples, the book considers the elements and principles of controls, and offers strategies to put them in place. It will show you how to establish a system of controls that is right for your business and how to integrate them into your everyday processes. You will achieve the synergy that can be gained from interconnected processes, as you assess your priorities, handle conflicting objectives and implement positive changes.Chong Ee is the 2010 recipient of the Michael Cangemi Best Article/Book Award from the Information Systems Audit and Control Association (ISACA). He has a proven track record in the field of IT audit and compliance. Chong is a Certified Information Systems Auditor and is certified in the Governance of Enterprise IT. He is a seasoned writer for IT publications and an experienced presenter at IT conferences.

Introduction Unraveling controls Ways of seeing Unintended consequences Reading this book Control and chaos Part I: Elements Chapter 1: People Cooking broth Hello, is anyone there? Lock picking Seeing the system Chapter 2: Data Line in the sand Leaping off the endpoint The gift that keeps on giving Going social Stone Age Grasping context Chapter 3: Objectives Down the rabbit hole Adjoining rooms Through the looking glass He said, she said Behavioral norms Getting direction Chapter 4: Systems Tug-of-war Going virtual Up and down End to end Not so fast Negotiating tradeoffs Chapter 5: Activities Feeling the elephant Lost in the trail You never know Checks and balances Finding the right frequency Becoming whole Chapter 6: Risks One of them At the water cooler Slipping through the cracks Forging a direct path Stop-gap measures Tracing interdependence Part II: Principles Chapter 7: Proximity Narratives From a distance A question of timing Pulling the trigger On the periphery Far and near Chapter 8: Alignment Common allies Look again On the same page Heavy bombardment Gaining perspective Chapter 9: Coupling Do we have to? Interwoven Pushing through Worked into a frenzy Locked in Give and take Chapter 10: Balance Up in the air Going to the polls Shifting dynamics Proportion Chapter 11: Resilience What lies beneath? Coming in, going out Waves of change Scalability Sustainability Part III: Strategies Chapter 12: Finding the Glue What sticks Culture lens Crossing boundaries Ties that bind Chapter 13: Connecting the Dots Between the poles Back to source Middle ground So what? Two sides to every coin Chapter 14: Laying the Foundation Cloud of dust Inner fissures Dissolving boundaries Patchwork paradise Content rules Going with the flow Heart of the matter Chapter 15: Managing the Interface Scaling an inverted pyramid From ground up Towards the Cloud As the world turns Chapter 16: Embedding into Process Not seeing Compliance through obscurity A string in one hand Eye on the ball Access denied Changing within Chapter 17: Breaking the Cycle Deja vu Modeling behavior The more the merrier In on the action Beyond rinse and repeat Chapter 18: Building Momentum Up, up and away I would like an exception please Role play Seeking value Balancing act Beyond deficiencies Part IV: Action Chapter 19: Bringing it Together Making a case for change Wearing different hats Tailoring the approach Lessons learned Delivering on the audit Head in the clouds Developing mindfulness Chapter 20: What's Next? Back to the beginning Stuck in the middle Welcome to the future ITG Resources