Dr. Robert E Davis | Walden University (original) (raw)

Books by Dr. Robert E Davis

CRC Press, 2021

A comprehensive entity security program deploys information asset protection through stratified t... more A comprehensive entity security program deploys information asset protection through stratified technological and non-technological controls. Controls are necessary for counteracting threats, opportunities, and vulnerabilities risks in a manner that reduces potential adverse effects to defined, acceptable levels. This book presents a methodological approach in the context of normative decision theory constructs and concepts with appropriate reference to standards and the respective guidelines. Normative decision theory attempts to establish a rational framework for choosing between alternative courses of action when the outcomes resulting from the selection are uncertain. Through the methodological application, decision theory techniques can provide objectives determination, interaction assessments, performance estimates, and organizational analysis. A normative model prescribes what should exist according to an assumption or rule.

IGI Global, 2020

As the power of computing continues to advance, companies have become increasingly dependent on t... more As the power of computing continues to advance, companies have become increasingly dependent on technology to perform their operational requirements and to collect, process, and maintain vital data. This increasing reliance has caused information technology (IT) auditors to examine the adequacy of managerial control in information systems and related operations to assure necessary levels of effectiveness and efficiency in business processes. In order to perform a successful assessment of a business’s IT operations, auditors need to keep pace with the continued advancements being made in this field.

IT Auditing Using a System Perspective is an essential reference source that discusses advancing approaches within the IT auditing process, as well as the necessary tasks in sufficiently initiating, inscribing, and completing IT audit engagement. Applying the recommended practices contained in this book will help IT leaders improve IT audit practice areas to safeguard information assets more effectively with a concomitant reduction in engagement area risks. Featuring research on topics such as statistical testing, management response, and risk assessment, this book is ideally designed for managers, researchers, auditors, practitioners, analysts, IT professionals, security officers, educators, policymakers, and students seeking coverage on modern auditing approaches within information systems and technology.

IT audit area testing mastery reflects professional experience and training. Regarding subject ma... more IT audit area testing mastery reflects professional experience and training. Regarding subject mastery, this booklet presents methods and techniques available for testing computer programs, files, and information systems; which can be translated, if practiced, into professional experience. Chronologically, this monograph describes required audit steps performed during an audit area assignment. Specifically, statistical and non-statistical testing is described from an information systems audit perspective, while simultaneously presenting other equivalent audit standards and guidelines. Furthermore, audit risk reassessment is discussed at this monograph’s conclusion.

IT audit area planning mastery reflects professional experience and training. Regarding subject m... more IT audit area planning mastery reflects professional experience and training. Regarding subject mastery, this booklet contains detail plan preparation, documentation, and presentation material that enables value delivery from IT audit activities and tasks which can be translated, if practiced, into exceptional professional experience. Chronologically, this monograph describes required audit steps performed during an audit area assignment. Specifically, audit objectives, risk, and materiality, are described from an information systems audit perspective, while simultaneously presenting other equivalent audit standards and guidelines. Furthermore, auditor opening conference communication is discussed at this monograph’s conclusion.

Information and associated technologies continue to advance toward diverse distributed configurat... more Information and associated technologies continue to advance toward diverse distributed configuration environments for entering, processing, storing, and retrieving data. The magnitude of changes occurring can be clearly seen in the explosion of linked IT infrastructures connected to cloud computing service providers and mobile computing devices. Consequently, the impact of such decentralization has increased the need for effective safeguarding of information assets.

Foundationally paraphrasing from Title 44, Chapter 35, Subchapter III, Section 3542(b)(1) of the United States Code; the term “information security” is defined as the protecting of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Correspondingly, as suggested in Chapter 1 of IT Auditing: Assuring Information Assets Protection, information security is typically a complex and dynamic safeguarding subject. Given the descriptive attributes normally associated with information security, IT auditors usually have a vast array of sub-topics to contemplate when performing information assets protection (IAP) related audits, reviews, or agreed-upon procedures.

“Assuring Information Security” was written with the intent to create quality quick reference material for assurance service practitioners to enable addressing protection mandates. Therefore, this pocket guide is appropriate for entity employees interested in ensuring, or verifying, the design and deployment of effective information security controls. As for content; Audit Managers, Chief Security Officers, Chief Compliance Officers, Chief Information Officers, Chief Information Security Officers, Auditors, Information Technology professionals, and Control Self-Assessment personnel will find this pocket guide an informative, and authoritative, information security document.

Effective Auditing for Corporates: Key Developments in Practice and Procedures (Key Concepts), 2012

"In the wake of the recent financial crisis, increasing the effectiveness of auditing has weighed... more "In the wake of the recent financial crisis, increasing the effectiveness of auditing has weighed heavily on the minds of those responsible for governance. When a business is profitable and paying healthy dividends to its stockholders, fraudulent activities and accounting irregularities can go unnoticed. However, when revenue and cash flow decline, internal costs and operations may be scrutinized more diligently, and discrepancies can emerge as a result.

Effective Auditing for Corporates provides you with proactive advice-to help you safeguard core value within a corporation and to ensure that auditing processes and key personnel meet the expectations of management, compliance, and stockholders alike.

Aimed primarily at auditors (both external and internal), risk managers, accountants, CFOs, and consultants, Effective Auditing for Corporates covers:

* Compliance and the corporate audit
* Fraud detection
* Risk-based auditing
* The development of Sarbanes-Oxley
* Cultural changes in external auditing
* Auditing management information systems"

Depending on the abstraction level, IT governance can be viewed as a framework, methodology, or t... more Depending on the abstraction level, IT governance can be viewed as a framework, methodology, or technique. As a framework, IT governance enables a “system of controls” assisting in assuring organizational goals and objectives are achieved effectively and efficiently. As a methodology, IT governance furnishes a description of the role entity direction and controls play in achieving information systems objectives. Lastly, as a technique, IT governance provides processes and steps that can generate superior financial and/or reputational returns for stakeholders.

Whatever your perspective may be, the importance of effective and efficient IT governance cannot be overlooked in the current global high technology environment. Considering what is at stake politically, economically and technically for most organizations; usually justifying IT governance deployment based on one viewpoint narrows suitability and expected benefits. In the final analysis, combining the potential individual abstraction levels may be the most appropriate support for implementing IT governance.

“Assuring IT Governance” was written with the intent to create quality quick reference material for assurance service practitioners. Therefore, this pocket guide is appropriate for entity employees interested in ensuring, or verifying, the design and deployment of IT Governance. As for content; Audit Managers, Chief Compliance Officers, Chief Information Officers, Auditors, Information Technology professionals, and Control Self Assessment personnel will find this pocket guide an informative, and authoritative, IT Governance document.

As computing power has advanced, entities have become increasingly dependent on technology to car... more As computing power has advanced, entities have become increasingly dependent on technology to carry out their operational requirements and to collect, process, maintain, and report essential data. This reliance on electronically encoded data and on the systems that affect managerial decisions are a major concern of audit professionals. Consequently, Information Technology (IT) auditors examine the adequacy of controls in information systems and related operations to assure effectiveness and efficiency in business processes. In addition, among other assurance services, IT auditors evaluate the reliability of computer generated data supporting financial statements and analyze specific programs and their processing results. To ensure maximum value delivery from audit area assessments, IT auditors need a practice methodology that enables confidence in the work performed.

The migration from manual to IT generated information has resulted in verdicts and judgments wher... more The migration from manual to IT generated information has resulted in verdicts and judgments where liability, guilt, or innocence are based solely or largely on electronically encoded evidence. Reliance on IT generated information as evidence raises issues and challenges from a management perspective that must be addressed through effective governance and audit.

"Assuring IT Legal Compliance" was written with the intent to create quality quick reference material for assurance service practitioners. Therefore, this pocket guide is appropriate for entity employees interested in ensuring, or verifying, IT legal compliance in any industry or geographic location. As for content; Audit Managers, Chief Compliance Officers, Chief Information Officers, Chief Information Security Officers, Auditors, Information Security professionals, and Control Self Assessment personnel will find this pocket guide an informative, and authoritative, IT legal compliance document.

Organizationally, governance is the system by which entities are directed and controlled. "Potent... more Organizationally, governance is the system by which entities are directed and controlled. "Potential stakeholders usually rely upon governance elements prior to investing their time, talent, and/or money." Leadership, stewardship, ethics, security, vision, direction, influence, and values are prominent components within entity-level governance enabling the flow of stakeholder expectations to construct an effective ISG framework. Descriptively; ISG development echoes how an entity's information security management team intends to accomplish the organizational safeguarding mission. Properly framed, ISG supports stakeholder expectations related to management's explicit or implicit fiduciary responsibilities.

"IT Auditing: Assuring Information Assets Protection" provides a proven approach to assessing IT security frameworks, architectures, methods, and techniques. In terms of content, this publication converts selected audit standards and guidelines into practical applications using detailed examples and conceptual graphics. This publication also allows auditors and security professionals to understand various steps and processes required to adequately initiate, document, and compile information assets protection audit or review phases. Through this publication, auditors and security professionals will acquire an appreciation for the complexities associated with assuring information security programs.

Papers by Dr. Robert E Davis

Business manager-leaders face constant pressure to achieve and sustain a competitive advantage. T... more Business manager-leaders face constant pressure to achieve and sustain a competitive advantage. Therefore, manager-leaders need to address the pros and cons of innovation strategies in their markets. Using strengths, weaknesses, opportunities, and threats analysis enable the creation and defining of objectives tailored to the firm’s environment, after assessing current capabilities. Subsequently, an enterprise’s innovation strategy converges on managing the envisioned destiny and achieving the articulated objectives. My Journal article integrates business, and IT platform strategies as a means to generate appropriate innovation governance then relate various competitive strategies to IT platforms for achieving the selected business objectives.

The Certified Information Systems Auditor (CISA) examination is designed to test a candidate’s kn... more The Certified Information Systems Auditor (CISA) examination is designed to test a candidate’s knowledge, evaluation and application of information systems (IS) audit principles, as well as practices and technical content areas. Test domains are defined through a job function practice analysis conducted at regular intervals. Certification can enhance an audit career and provide added credibility. Accordingly, exams consist of tasks that are routinely performed by a CISA and the required knowledge to perform these tasks.

QFINANCE: The Ultimate Resource, 4th edition, 2013

ABSTRACT: In the wake of the recent financial crisis, increasing the effectiveness of auditing ha... more ABSTRACT: In the wake of the recent financial crisis, increasing the effectiveness of auditing has weighed heavily on the minds of those responsible for governance. When a business is profitable and paying healthy dividends to its stockholders, fraudulent activities and accounting irregularities can go unnoticed. However, when revenue and cash flow decline, internal costs and operations may be scrutinized more diligently, and discrepancies can emerge as a result. Effective Auditing for Corporates provides you with proactive advice to ...

Seeking to preserve electronically encoded evidence implies that an incident or event has occurre... more Seeking to preserve electronically encoded evidence implies that an incident or event has occurred requiring fact extrapolation for presentation, as proof of an irregularity or illegal act. Whether target data are in transit or at rest, it is critical that measures be in place to prevent the sought information from being destroyed, corrupted or becoming unavailable for forensic investigation.

Anticipating this potential scenario requires information security management to proactively construct incident response and forensic investigation capabilities, considering legal imperatives. Evidence at rest or in transit requires adequate security procedures to ensure evidential nonrepudiation. Consequently, procedures addressing the infrastructure and processes for incident handling should exist within the security response documentation inventory.

ITAudit, Apr 15, 2005

FCPA control measures for an adequate system of internal accounting controls include employing qu... more FCPA control measures for an adequate system of internal accounting controls include employing quality personnel, appropriately documenting transactions, maintaining appropriate segregation of duties, allowing only authorized transaction execution, controlling access to assets, and reconciling documented assets to actual assets regularly. These control measures most often interact with — or are deployed through — IT financial applications, thus justifying IT auditor involvement in evaluating internal accounting controls compliance with the FCPA.

Talks by Dr. Robert E Davis

Online Compliance Panel, 2019

An audit program should be thought of and managed as if it were an independent business, includin... more An audit program should be thought of and managed as if it were an independent business, including stakeholder analysis and feedback, setting objectives, developing necessary processes for managing resources and risks, measuring and improving performance, and even marketing the organization to potential customers and other stakeholders. This webinar will cover these topics as well as others more specifically related to the audit process, such as how professional judgment & intent need to be considered, auditing risks & opportunities, and how life-cycle considerations can impact the focus of audits.

Instituting and sustaining information security governance (ISG) requires comprehensive planning ... more Instituting and sustaining information security governance (ISG) requires comprehensive planning and organizing; robust acquisitions and implementations; effective delivery and support; as well as continuous monitoring and evaluation to address the myriad of managerial, operational, and technical issues that can thwart satisfying an enterprise's declared mission. Consequently, information security requires an adaptive balance between sound management and applied technology. Sound management enables assuring adequate asset safeguarding while applied technology can introduce efficiencies for addressing potential external or internal threats.

CRC Press, 2021

A comprehensive entity security program deploys information asset protection through stratified t... more A comprehensive entity security program deploys information asset protection through stratified technological and non-technological controls. Controls are necessary for counteracting threats, opportunities, and vulnerabilities risks in a manner that reduces potential adverse effects to defined, acceptable levels. This book presents a methodological approach in the context of normative decision theory constructs and concepts with appropriate reference to standards and the respective guidelines. Normative decision theory attempts to establish a rational framework for choosing between alternative courses of action when the outcomes resulting from the selection are uncertain. Through the methodological application, decision theory techniques can provide objectives determination, interaction assessments, performance estimates, and organizational analysis. A normative model prescribes what should exist according to an assumption or rule.

IGI Global, 2020

As the power of computing continues to advance, companies have become increasingly dependent on t... more As the power of computing continues to advance, companies have become increasingly dependent on technology to perform their operational requirements and to collect, process, and maintain vital data. This increasing reliance has caused information technology (IT) auditors to examine the adequacy of managerial control in information systems and related operations to assure necessary levels of effectiveness and efficiency in business processes. In order to perform a successful assessment of a business’s IT operations, auditors need to keep pace with the continued advancements being made in this field.

IT Auditing Using a System Perspective is an essential reference source that discusses advancing approaches within the IT auditing process, as well as the necessary tasks in sufficiently initiating, inscribing, and completing IT audit engagement. Applying the recommended practices contained in this book will help IT leaders improve IT audit practice areas to safeguard information assets more effectively with a concomitant reduction in engagement area risks. Featuring research on topics such as statistical testing, management response, and risk assessment, this book is ideally designed for managers, researchers, auditors, practitioners, analysts, IT professionals, security officers, educators, policymakers, and students seeking coverage on modern auditing approaches within information systems and technology.

IT audit area testing mastery reflects professional experience and training. Regarding subject ma... more IT audit area testing mastery reflects professional experience and training. Regarding subject mastery, this booklet presents methods and techniques available for testing computer programs, files, and information systems; which can be translated, if practiced, into professional experience. Chronologically, this monograph describes required audit steps performed during an audit area assignment. Specifically, statistical and non-statistical testing is described from an information systems audit perspective, while simultaneously presenting other equivalent audit standards and guidelines. Furthermore, audit risk reassessment is discussed at this monograph’s conclusion.

IT audit area planning mastery reflects professional experience and training. Regarding subject m... more IT audit area planning mastery reflects professional experience and training. Regarding subject mastery, this booklet contains detail plan preparation, documentation, and presentation material that enables value delivery from IT audit activities and tasks which can be translated, if practiced, into exceptional professional experience. Chronologically, this monograph describes required audit steps performed during an audit area assignment. Specifically, audit objectives, risk, and materiality, are described from an information systems audit perspective, while simultaneously presenting other equivalent audit standards and guidelines. Furthermore, auditor opening conference communication is discussed at this monograph’s conclusion.

Information and associated technologies continue to advance toward diverse distributed configurat... more Information and associated technologies continue to advance toward diverse distributed configuration environments for entering, processing, storing, and retrieving data. The magnitude of changes occurring can be clearly seen in the explosion of linked IT infrastructures connected to cloud computing service providers and mobile computing devices. Consequently, the impact of such decentralization has increased the need for effective safeguarding of information assets.

Foundationally paraphrasing from Title 44, Chapter 35, Subchapter III, Section 3542(b)(1) of the United States Code; the term “information security” is defined as the protecting of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Correspondingly, as suggested in Chapter 1 of IT Auditing: Assuring Information Assets Protection, information security is typically a complex and dynamic safeguarding subject. Given the descriptive attributes normally associated with information security, IT auditors usually have a vast array of sub-topics to contemplate when performing information assets protection (IAP) related audits, reviews, or agreed-upon procedures.

“Assuring Information Security” was written with the intent to create quality quick reference material for assurance service practitioners to enable addressing protection mandates. Therefore, this pocket guide is appropriate for entity employees interested in ensuring, or verifying, the design and deployment of effective information security controls. As for content; Audit Managers, Chief Security Officers, Chief Compliance Officers, Chief Information Officers, Chief Information Security Officers, Auditors, Information Technology professionals, and Control Self-Assessment personnel will find this pocket guide an informative, and authoritative, information security document.

Effective Auditing for Corporates: Key Developments in Practice and Procedures (Key Concepts), 2012

"In the wake of the recent financial crisis, increasing the effectiveness of auditing has weighed... more "In the wake of the recent financial crisis, increasing the effectiveness of auditing has weighed heavily on the minds of those responsible for governance. When a business is profitable and paying healthy dividends to its stockholders, fraudulent activities and accounting irregularities can go unnoticed. However, when revenue and cash flow decline, internal costs and operations may be scrutinized more diligently, and discrepancies can emerge as a result.

Effective Auditing for Corporates provides you with proactive advice-to help you safeguard core value within a corporation and to ensure that auditing processes and key personnel meet the expectations of management, compliance, and stockholders alike.

Aimed primarily at auditors (both external and internal), risk managers, accountants, CFOs, and consultants, Effective Auditing for Corporates covers:

* Compliance and the corporate audit
* Fraud detection
* Risk-based auditing
* The development of Sarbanes-Oxley
* Cultural changes in external auditing
* Auditing management information systems"

Depending on the abstraction level, IT governance can be viewed as a framework, methodology, or t... more Depending on the abstraction level, IT governance can be viewed as a framework, methodology, or technique. As a framework, IT governance enables a “system of controls” assisting in assuring organizational goals and objectives are achieved effectively and efficiently. As a methodology, IT governance furnishes a description of the role entity direction and controls play in achieving information systems objectives. Lastly, as a technique, IT governance provides processes and steps that can generate superior financial and/or reputational returns for stakeholders.

Whatever your perspective may be, the importance of effective and efficient IT governance cannot be overlooked in the current global high technology environment. Considering what is at stake politically, economically and technically for most organizations; usually justifying IT governance deployment based on one viewpoint narrows suitability and expected benefits. In the final analysis, combining the potential individual abstraction levels may be the most appropriate support for implementing IT governance.

“Assuring IT Governance” was written with the intent to create quality quick reference material for assurance service practitioners. Therefore, this pocket guide is appropriate for entity employees interested in ensuring, or verifying, the design and deployment of IT Governance. As for content; Audit Managers, Chief Compliance Officers, Chief Information Officers, Auditors, Information Technology professionals, and Control Self Assessment personnel will find this pocket guide an informative, and authoritative, IT Governance document.

As computing power has advanced, entities have become increasingly dependent on technology to car... more As computing power has advanced, entities have become increasingly dependent on technology to carry out their operational requirements and to collect, process, maintain, and report essential data. This reliance on electronically encoded data and on the systems that affect managerial decisions are a major concern of audit professionals. Consequently, Information Technology (IT) auditors examine the adequacy of controls in information systems and related operations to assure effectiveness and efficiency in business processes. In addition, among other assurance services, IT auditors evaluate the reliability of computer generated data supporting financial statements and analyze specific programs and their processing results. To ensure maximum value delivery from audit area assessments, IT auditors need a practice methodology that enables confidence in the work performed.

The migration from manual to IT generated information has resulted in verdicts and judgments wher... more The migration from manual to IT generated information has resulted in verdicts and judgments where liability, guilt, or innocence are based solely or largely on electronically encoded evidence. Reliance on IT generated information as evidence raises issues and challenges from a management perspective that must be addressed through effective governance and audit.

"Assuring IT Legal Compliance" was written with the intent to create quality quick reference material for assurance service practitioners. Therefore, this pocket guide is appropriate for entity employees interested in ensuring, or verifying, IT legal compliance in any industry or geographic location. As for content; Audit Managers, Chief Compliance Officers, Chief Information Officers, Chief Information Security Officers, Auditors, Information Security professionals, and Control Self Assessment personnel will find this pocket guide an informative, and authoritative, IT legal compliance document.

Organizationally, governance is the system by which entities are directed and controlled. "Potent... more Organizationally, governance is the system by which entities are directed and controlled. "Potential stakeholders usually rely upon governance elements prior to investing their time, talent, and/or money." Leadership, stewardship, ethics, security, vision, direction, influence, and values are prominent components within entity-level governance enabling the flow of stakeholder expectations to construct an effective ISG framework. Descriptively; ISG development echoes how an entity's information security management team intends to accomplish the organizational safeguarding mission. Properly framed, ISG supports stakeholder expectations related to management's explicit or implicit fiduciary responsibilities.

"IT Auditing: Assuring Information Assets Protection" provides a proven approach to assessing IT security frameworks, architectures, methods, and techniques. In terms of content, this publication converts selected audit standards and guidelines into practical applications using detailed examples and conceptual graphics. This publication also allows auditors and security professionals to understand various steps and processes required to adequately initiate, document, and compile information assets protection audit or review phases. Through this publication, auditors and security professionals will acquire an appreciation for the complexities associated with assuring information security programs.

Business manager-leaders face constant pressure to achieve and sustain a competitive advantage. T... more Business manager-leaders face constant pressure to achieve and sustain a competitive advantage. Therefore, manager-leaders need to address the pros and cons of innovation strategies in their markets. Using strengths, weaknesses, opportunities, and threats analysis enable the creation and defining of objectives tailored to the firm’s environment, after assessing current capabilities. Subsequently, an enterprise’s innovation strategy converges on managing the envisioned destiny and achieving the articulated objectives. My Journal article integrates business, and IT platform strategies as a means to generate appropriate innovation governance then relate various competitive strategies to IT platforms for achieving the selected business objectives.

The Certified Information Systems Auditor (CISA) examination is designed to test a candidate’s kn... more The Certified Information Systems Auditor (CISA) examination is designed to test a candidate’s knowledge, evaluation and application of information systems (IS) audit principles, as well as practices and technical content areas. Test domains are defined through a job function practice analysis conducted at regular intervals. Certification can enhance an audit career and provide added credibility. Accordingly, exams consist of tasks that are routinely performed by a CISA and the required knowledge to perform these tasks.

QFINANCE: The Ultimate Resource, 4th edition, 2013

ABSTRACT: In the wake of the recent financial crisis, increasing the effectiveness of auditing ha... more ABSTRACT: In the wake of the recent financial crisis, increasing the effectiveness of auditing has weighed heavily on the minds of those responsible for governance. When a business is profitable and paying healthy dividends to its stockholders, fraudulent activities and accounting irregularities can go unnoticed. However, when revenue and cash flow decline, internal costs and operations may be scrutinized more diligently, and discrepancies can emerge as a result. Effective Auditing for Corporates provides you with proactive advice to ...

Seeking to preserve electronically encoded evidence implies that an incident or event has occurre... more Seeking to preserve electronically encoded evidence implies that an incident or event has occurred requiring fact extrapolation for presentation, as proof of an irregularity or illegal act. Whether target data are in transit or at rest, it is critical that measures be in place to prevent the sought information from being destroyed, corrupted or becoming unavailable for forensic investigation.

Anticipating this potential scenario requires information security management to proactively construct incident response and forensic investigation capabilities, considering legal imperatives. Evidence at rest or in transit requires adequate security procedures to ensure evidential nonrepudiation. Consequently, procedures addressing the infrastructure and processes for incident handling should exist within the security response documentation inventory.

ITAudit, Apr 15, 2005

FCPA control measures for an adequate system of internal accounting controls include employing qu... more FCPA control measures for an adequate system of internal accounting controls include employing quality personnel, appropriately documenting transactions, maintaining appropriate segregation of duties, allowing only authorized transaction execution, controlling access to assets, and reconciling documented assets to actual assets regularly. These control measures most often interact with — or are deployed through — IT financial applications, thus justifying IT auditor involvement in evaluating internal accounting controls compliance with the FCPA.

Online Compliance Panel, 2019

An audit program should be thought of and managed as if it were an independent business, includin... more An audit program should be thought of and managed as if it were an independent business, including stakeholder analysis and feedback, setting objectives, developing necessary processes for managing resources and risks, measuring and improving performance, and even marketing the organization to potential customers and other stakeholders. This webinar will cover these topics as well as others more specifically related to the audit process, such as how professional judgment & intent need to be considered, auditing risks & opportunities, and how life-cycle considerations can impact the focus of audits.

Instituting and sustaining information security governance (ISG) requires comprehensive planning ... more Instituting and sustaining information security governance (ISG) requires comprehensive planning and organizing; robust acquisitions and implementations; effective delivery and support; as well as continuous monitoring and evaluation to address the myriad of managerial, operational, and technical issues that can thwart satisfying an enterprise's declared mission. Consequently, information security requires an adaptive balance between sound management and applied technology. Sound management enables assuring adequate asset safeguarding while applied technology can introduce efficiencies for addressing potential external or internal threats.

As a framework, enterprise governance of IT enables a 'system of controls' assisting in assuring ... more As a framework, enterprise governance of IT enables a 'system of controls' assisting in assuring organizational goals and objectives realization. 'Integrating COBIT with COSO and other frameworks' highlights IT governance alignment considerations for information and related technology. Didactically, this webinar covers five focus areas for merging COBIT with the entity's adopted frameworks to enable effective and efficient design and operation of an organizational system of controls. Regarding managerial design content, this webinar will convey the necessary ingredients for establishing appropriate governance, risk management and compliance. Furthermore, in this webinar, I discuss operational control system deployments using COBIT and COSO domains as the foundational frameworks for ensuring entity-wide adaptability.

This final DBA doctoral study oral defense of the Relationship between Corporate Governance and I... more This final DBA doctoral study oral defense of the Relationship between Corporate Governance and Information Security Governance Effectiveness in United States Corporations focused on the:
Purpose of the Study,
Presentation of Findings,
Data relationship to professional practice,
Implications of data for social change,
Recommendations for action, and the
Study Abstract

This DBA doctoral study proposal oral defense of the Relationship between Corporate Governance an... more This DBA doctoral study proposal oral defense of the Relationship between Corporate Governance and Information Security Governance Effectiveness in United States Corporations focused on the:
Background,
Problem Statement,
Purpose Statement,
Research Question,
Central Hypotheses,
Theoretical Framework,
Research Method and Design,
Participants and sample size,
Data Collection Instruments, and
Data Analysis

Seeking to preserve electronically encoded evidence implies an incident or event has occurred tha... more Seeking to preserve electronically encoded evidence implies an incident or event has occurred that will require facts extrapolation for presentation as proof of an irregular, if not illegal act. Anticipating this potential scenario requires information security management proactively construct incident response and forensic investigation capabilities considering legal imperatives. Consequently, procedures addressing the infrastructure and processes for incident handling should exist within the security response documentation inventory.

Compliance Key, 2020

He is an Advisory Board Member of The Institute for Internal Controls, the first and inaugural Te... more He is an Advisory Board Member of The Institute for Internal Controls, the first and inaugural Temple University CISA in Residence, and a founding Temple University Master of Science in IT Auditing and Cyber-Security Advisory Councilmen. He accepted invitations to join Delta Mu Delta International Honor Society, the Golden Key International Honour Society, the Thomson Reuters' Expert Witness List, the IT Governance LTD expert panel, as well as the International Association of IT Governance Standards honorary membership group.

PenTest Auditing & Standards, Nov 30, 2012

How and when I started my career as an information systems auditor was both circumstantial and pr... more How and when I started my career as an information systems auditor was both circumstantial and predestined…

Relationship between Corporate Governance and Information Security Governance Effectiveness in United States Corporations, 2017

Cyber attackers targeting large corporations achieved a high perimeter penetration success rate r... more Cyber attackers targeting large corporations achieved a high perimeter penetration success rate resulting in many corporations incurring financial losses. Corporate information technology leaders have a fiduciary responsibility to implement information security domain processes that effectually address the challenges for preventing and deterring information security breaches. Grounded in corporate governance theory, the purpose of this correlational study was to examine the relationship between strategic alignment, resource management, risk management, value delivery, performance measurement implementations, and information security governance (ISG) effectiveness in United States-based corporations. Surveys were used to collect data were from 95 strategic and tactical leaders of the 500 largest for-profit United States headquartered corporations. The results of the multiple linear regression indicated the model was able to significantly predict ISG effectiveness, F(5, 89) = 3.08, p = 0.01, R² = 0.15. Strategic alignment was the only statistically significant (t = 2.401, p <= 0.018) predictor. The implications for positive social change include the potential to constructively understand the correlates of ISG effectiveness, thus increasing the propensity for consumer trust and reducing consumers’ costs.

Business organizations face constant pressure to achieve and sustain a competitive advantage. Us... more Business organizations face constant pressure to achieve and sustain a competitive advantage. Using a strengths, weaknesses, opportunities, and threats analysis enable the creation and defining of objectives tailored to the firm’s environment, after assessing current capabilities. Subsequently, an enterprise’s technology strategy converges on managing the envisioned destiny and achieving the articulated objectives. Almost every organizational formation aspires to use technology for integrating information, achieving process efficiencies, and transforming service delivery into a paragon of effectiveness. Based on a limited meta-analysis, this paper integrates business and IT platform strategies as a means to generate a competitive advantage.

Cost, quality, and delivery typically dominate supplier relationship deliberations. However, fir... more Cost, quality, and delivery typically dominate supplier relationship deliberations. However, firms may adopt broader logistic objectives than just ensuring the supply of materials for manufacturing products, which in turn affect the selected strategies. The purpose of this paper is to explore emerging supply chain management strategies associated with new product developments considering trends and innovations. As such, the literature review analyzes global supply chain emerging strategies. The research identified and decomposed supply chain management strategies into trends and innovations summarized based on the analysis of acquired literature. Accordingly, the research contribution includes presenting how manager-leaders can cope with some of the emerging issues associated with supply chain management.

The purpose of this quantitative data analysis was to examine the relationship between industry t... more The purpose of this quantitative data analysis was to examine the relationship between industry type and information security risk-level among businesses in the United States. This paper took into account collected business related data from 36 industry types. Pattern recognition, bivariate linear regression analysis, and a one-sample t-test were performed to test the industry type and information security risk-level relationship of the selected business. Test results indicated that there is a significant predictive relationship between industry type and risk-level rates among United States businesses. Moreover, the one-sample t-test results indicated that United States businesses classified as a particular industry type are more likely to have a higher information security risk-level than the midpoint level of United States businesses.

Information assets protection (IAP) qualitative research enables exploring and understanding the ... more Information assets protection (IAP) qualitative research enables exploring and understanding the meaning information security manager-leaders ascribe to when addressing information security risks. In this qualitative case study, the interview questions address the case description and the issues that arise from researching IAP. The targeted population was information security manager-leaders responsible or accountable for strategic and tactical organizational decisions. After obtaining ethics clearance from the Institutional Review Board at Walden University, and informed consent from participants; the interviews commenced. In this study, two study participants were interviewed by the researcher.

National Cash Register (NCR) Corporation supports idea generation through a defined work at a pac... more National Cash Register (NCR) Corporation supports idea generation through a defined work at a pace expectation. Whereby, NCR currently holds approximately 2,500 patents and continues to work on the leading edge of technology. From a technological perspective, NCR has a first mover history spanning over 100 years. Specifically, NCR produced the first cash register, the first fully transistorized business computer, and the first self-service check-in. NCR also pioneered satellite transmission for data, signature capture, and self-checkout. Moreover, NCR invented microencapsulation technology and the liquid-crystal display screen.

Christopher and Towill in the article "Developing Market Specific Supply Chain Strategies" theori... more Christopher and Towill in the article "Developing Market Specific Supply Chain Strategies" theorizes that there are three feasible pipeline designs for supply chains. In this paper, the author applies these ideas, together with related concepts regarding supply management. Based on an assigned and selected literature review; the author explains which pipeline design for supply management fits the Hewlett-Packard Company strategy for optimizing materials and product flows. Moreover, the author synthesizes relevant operational methods and issues at the Hewlett-Packard Company as well as extrapolates outcomes and opinions collected from practitioner as well as scholarly global supply chain study.

Bank of America Corporation (BAC) is a registered publicly traded financial services institution.... more Bank of America Corporation (BAC) is a registered publicly traded financial services institution. Headquartered in Charlotte, North Carolina, BAC is categorically a bank and financial holding company as presented within their United States Securities and Exchange Commission (2012) 10K filings. BAC’s banking and nonbanking subsidiaries furnish a diverse collection of financial products and services through five primary business segments: Global Banking, Global Markets, Global Wealth & Investment Management, Consumer & Business Banking, and Consumer Real Estate Services (Bank of America Corporation, 2014a). Since the organization’s inception, retail banking operations have grown to encompass approximately 5,100 business centers, 16,300 automated teller machines (ATMs), as well as regional call centers and technologically savvy banking platforms (Bank of America Corporation, 2014a). Furthermore, BAC sustains over 53 million consumer and small business relationships (Bank of America Corporation, 2014a).

Robust marketing is not coincidental. Academia has scrutinized marketing within homogeneous and ... more Robust marketing is not coincidental. Academia has scrutinized marketing within homogeneous and heterogeneous environments. Moreover, practitioners have found innovative strategies to resolve complex issues that permit dynamic homeostasis achievement through the science and art of marketing. The approaches garnered from researchers and the creative applications developed by marketers have furnished insights regarding how to offer products and services effectively and efficiently under various conditions. In this paper, the author integrates studious analysis and offers opinions regarding marketing in the 21st century. Based on the chosen literature review; the author discusses marketing domains encompassing personalization, advertising, innovation, technology, development, integration and competitive advantage.

Information technologies that link information systems have made intra-organizational communicati... more Information technologies that link information systems have made intra-organizational communication almost seamless. Resultingly, this capability has inescapably influenced organizational formation structures. In this paper, the author synthesizes case study research regarding information systems and organizational structures. Based on an assigned and selected literature review; the author summarizes referenced content, compares and contrasts issues, and extrapolates results and conclusions garnered from scholarly study of a records management initiative.

Making ethical decisions often requires a trade-off for an organizational formation or individual... more Making ethical decisions often requires a trade-off for an organizational formation or individual. After a scandal results from perceived ethical misconduct, the proper course of action appears obvious. Nevertheless, organizations continue to struggle with moral decision-making on a daily basis as they consider the cost of making such decisions. In this paper, the author discusses how Barclays’ manager-leaders responded when confronted with a moral dilemma affecting their reputation, provides a taxonomy of the ethical framework applied by Barclays in making its ethics decision, and presents the positive and negative consequences of the decision.

Product-harm crisis is an important organizational management topic due to the potential detrimen... more Product-harm crisis is an important organizational management topic due to the potential detrimental business impact. Organizations are more vulnerable than ever to the possibility of product related incidents disrupting business at any point in the supply chain. To counteract this implicit threat to an organizations reputation and financial wellbeing, if properly deployed, continuity management fosters the ability to run in the face of a crisis event; whereby business continuity management induces the means for appropriate product-harm crisis responses. In this study, the author synthesizes selected published research presenting product-harm crisis management considerations. Based on an assigned literature review; the author summarizes article content, compares and contrasts methods and extrapolates results and conclusions garnered from the selected scholarly research; then provides an actionable recommendation for enabling effective product-harm crisis management.

Cyber attackers targeting large corporations achieved a high perimeter penetration success rate d... more Cyber attackers targeting large corporations achieved a high perimeter penetration success rate during 2013, resulting in many corporations incurring financial losses. Corporate information technology leaders have a fiduciary responsibility to implement information security domain processes that effectually address the challenges for preventing and deterring information security breaches. Grounded in corporate governance theory, the purpose of this correlational study was to examine the relationship between strategic alignment, resource management, risk management, value delivery, performance measurement implementations, and information security governance (ISG) effectiveness in United States-based corporations. Surveys were used to collect data from 95 strategic and tactical leaders of the 500 largest for-profit United States headquartered corporations. The results of the multiple linear regression indicated the model was able to significantly predict ISG effectiveness, F(5, 89) = 3.08, p = 0.01, R² = 0.15. Strategic alignment was the only statistically significant (t = 2.401, p <= 0.018) predictor. The implications for positive social change include the potential to constructively understand the correlates of ISG effectiveness, thus increasing the propensity for consumer trust and reducing consumers’ costs.