Tag Archives: process

4Q for quality assurance

To go beyond the usual, downtrodden ‘quality in assurance’ epitome of dullness, herewith something worth considering. Which is about the assessment of controls, to establish their quality (‘qualifications’) on four, subsequent, characteristics [taking some liberties, and applying interpretation and stretching]: … Continue reading

Posted in ERM, GRC, Information Risk Management, Information Security, Innovation (technologicallly driven) | Tagged , , , , , , , , , , , , , | Leave a comment

“Compliance auditing”

Is two distinct things, or a contradictio if taken as one. The ‘compliance’ thing is just rote checking of the implementation of all petty rules. The Certificate certification type. If I’d even need to say more…Some even claim that by … Continue reading

Posted in ERM, GRC, Information Risk Management, Sociological, psychological notes | Tagged , , , , , | Leave a comment

Two’s a Charming Bureaucratic Voilence

First, two (yes) quotes: To put it crudely: it is not so much that bureaucratic procedures are inherently stupid, or even that they tend to produce behaviour that they themselves define as stupid — though they do do that — … Continue reading

Posted in Books by Quote, ERM, GRC, Information Risk Management, Sociological, psychological notes | Tagged , , , , , , , | Leave a comment

The year of IT is no more Department

Or, once upon a long, long time ago in a land far, far away, there was IT, the hero department that ruled over all of information processing. Because information processing was a strange and dangerous thing and if you chopped … Continue reading

Posted in ERM, GRC, Information Risk Management, Information Security, Innovation (technologicallly driven) | Tagged , , , , , | Leave a comment

Low standards

The compliance check-box approach is an atrocious thing for and to many things and reasons, but has been induced by the very growth of the industry. Since all margin calls at all controls and controls objectives achievement have been whipped … Continue reading

Posted in ERM, GRC, Information Risk Management, Information Security, Sociological, psychological notes | Tagged , , , , , , , | 1 Comment

Some quick notes on Audit / service development

An invitation for co-development or I go it alone… [This also being a copyright / idea claim] Undecided what name will stick; either Ethics Test Services, or Autonomous Judgement/Decision Analysis Services; Because it is about checking the morality baked into, … Continue reading

Posted in ERM, GRC, Information Risk Management, Information Security, Innovation (technologicallly driven) | Tagged , , , , , , , , , , , | 2 Comments

Misquote: No Problem, or are you?

Don’t come to me with problems, only with solutions Is wrong in so many ways… When not if a manager would say such a thing, he denies his (her, not often enough) very job. Yes, the job of a manager … Continue reading

Posted in Books by Quote, ERM, GRC, Information Risk Management, Sociological, psychological notes | Tagged , , , , , , | Leave a comment