Tagged: risk assessment


Should I put my small business records in the cloud?

Keeping data safe and disaster-resistant is a major challenge for the average small business – a challenge some businesses don’t even realise is there. Most small businesses don’t have access to an IT specialist to protect the business’ data against a digital intruder or data loss event. This becomes especially critical where the data is sensitive, such as in medical practices. Often this work can fall to the business owner or a well meaning IT-savvy employee, but rarely is this person equipped to properly navigate the dual minefields that are Information Security and Business Continuity. Using cloud services can provide small business a level of assurance that may not have been possible with in-house or outsourced IT services. The inescapable truth of the matter is a Software-as-a-Service cloud provider is...


The risk within self audit risk assessments

No one knows the risks inherent to an asset better than those who work with the asset. That is why self audit has been around for years. It allows the audit team to get to the hidden details, while distributing the discovery phase of the workload to outside of the audit team. When I first started working with self assessment audits, the sessions were typically moderated by an experienced risk assessor. The moderator would ensure likelihoods and impacts were accurately recorded and (s)he would use an auditor’s experience to help interpret and guide the answers. Since then, Risk and Audit teams have been placed under increasing pressure to do more with less. I have noticed a trend to remove the moderator for the self-assessments, and take the self-assessor’s word...