By JohnWeathington (User) on
Thursday, September 25, 2008
In this article, we talk about policies – an important area of your companies governance, risk, and compliance program. We discuss what a good policy looks like, and how you can evolve a policy data management system in 3 stages.
|
By JohnWeathington (User) on
Thursday, September 18, 2008
Human beings, by their very nature, make mistakes. Even seasoned professionals make simple errors on occasion. In this article we explore the “mistake database”, an architecture to help your company minimize errors.
|
By JohnWeathington (User) on
Thursday, September 11, 2008
On this 7th anniversary of the September 11th catastrophe, we’ll take a close look at how to characterize disaster, and more importantly how to learn and move on.
|
By JohnWeathington (User) on
Thursday, September 04, 2008
Inaccurate risk probabilities can wreak havoc on the applicability of your risk database. Why go through the trouble of setting it up, if bad probability entries render your database unusable? In this article, we explore the importance of getting the risk probability correct, and ways to improve your accuracy.
|
By JohnWeathington (User) on
Thursday, August 28, 2008
Compliance usually starts with a fire drill, however intelligent companies take the time to step back and put their compliance into perspective. Risk is the key to understanding and optimizing your compliance program. In this article, we discuss risk as an evolution from compliance, and look at some ways to model it in the enterprise.
|
By JohnWeathington (User) on
Thursday, August 14, 2008
A consistent pattern that emerges in compliance best practices, is the notion of accountability. Demonstrating accountability is a key component of building a solid compliance program. In this article, we explore the motivation, requirement, model, and architecture to make accountability a reality in your company.
|
By JohnWeathington (User) on
Thursday, August 07, 2008
A death march is a project that is doomed to fail. If you are in IT, and you are dragged onto a compliance project, chances are you will find yourself stuck here. In this article, I'll give you my tips for identifying a death march, and more importantly surviving one.
|
By JohnWeathington (User) on
Thursday, July 31, 2008
The new SEC standards for SOX compliance have made it clear that your company should spend more time focused on financial risk. In this article, we’ll explore what’s driving this, how you as a database professional can help out, and some design considerations for a Financial Risk Compliance Data Mart.
|
By JohnWeathington (User) on
Thursday, July 24, 2008
This article wraps up the series on the types of controls and our discussion of architectures, by taking a look at the adaptive control. We’ll explore how you can support your business deal with the impact of risks, when there is no contingency plan.
|
By JohnWeathington (User) on
Thursday, July 17, 2008
Nobody likes a firefighting effort, but unfortunately it’s a fact of life that we need to deal with as database professionals. In this article I share my 3 favorite tips for getting through without getting burned.
|
By JohnWeathington (User) on
Thursday, July 10, 2008
This is a continuation of a skip series that I’m doing on the architecture of different control types. In this article, we discuss Corrective Controls; why we need them, and how to design for them.
|
By JohnWeathington (User) on
Thursday, July 03, 2008
Is IT centralization a good thing for your company, or is decentralization the answer? In this article we look at the advantages and disadvantages from a compliance point of view, and my conclusion to this age-old debate.
|
By JohnWeathington (User) on
Thursday, June 26, 2008
Okay, we’ve already learned the prevention is the best medicine. But what do we do when we cannot put preventive controls in place? This article answers that question and more, with more examples and data architecture considerations.
|
By JohnWeathington (User) on
Thursday, June 19, 2008
In this article, we discuss the importance of understanding your “Really As-Is” process, and the big mistake companies make when building process documents. Then, we explore a data architecture for continuously auditing your process in an automated fashion.
|
By JohnWeathington (User) on
Thursday, June 12, 2008
In today’s article, we discuss the different types of controls, the best type of control, and considerations for how these controls can be worked into the data architecture of your company.
|
By JohnWeathington (User) on
Thursday, June 05, 2008
In this article, I scratch the surface on the growing concern of data privacy. We’ll discuss how the industry has reacted to the concern, and how you might start to solution for it.
|
By JohnWeathington (User) on
Tuesday, June 03, 2008
What do you do when your company consistently has compliance weak points that don’t seem to go away? This article explores this condition, and provides the steps that your company will need to go through – and how you will support it.
|
By JohnWeathington (User) on
Thursday, May 22, 2008
For years now, agile development has been an extremely efficient way to get results while keeping the customer happy. However there are perils, especially for the database people. This article gives you a primer for what to expect, and how to succeed.
|
By JohnWeathington (User) on
Thursday, May 15, 2008
If dead people are accessing your database, data breach is right around the corner. In this week’s blog, we discuss database access management concerns, and how to architect a compliance system to handle them.
|
By JohnWeathington (User) on
Thursday, May 08, 2008
Here we take a look at end users sending data back to the database. Is it a good idea? What are some of the reasons why your end users would want to do this? And, four key tips to consider when designing in this functionality.
|
By JohnWeathington (User) on
Thursday, May 01, 2008
For the last couple of weeks we’ve been talking about controls. Here we round out our series by talking about Segregation of Duties ( SOD ) as a way to keep things in control. Here are some key tips for designing systems that demonstrate control with SOD.
|
By JohnWeathington (User) on
Thursday, April 24, 2008
As a follow on to last week’s blog about controlling with reconciliation, in this blog we look at another common control – approvals. Here are some key tips for designing systems that demonstrate control with approvals.
|
By JohnWeathington (User) on
Thursday, April 17, 2008
In the compliance world, reconciliation is more than just making sure your data loaded properly. Here are some key tips to using reconciliation as a control in your compliance data system.
|
By JohnWeathington (User) on
Thursday, April 10, 2008
When audits are involved, you are guilty until proven innocent. Here are 4 key strategies to employ in the design of your compliance data system, that will prove your company’s innocence.
|
By JohnWeathington (User) on
Thursday, April 03, 2008
An introduction to Compliance Data Systems – a data system for the auditors. Here we explore the need, and see where it fits into the technical architecture.
|
By JohnWeathington (User) on
Thursday, March 27, 2008
Inaugural entry for John Weathington’s Quest for Compliance. Here we get introduced to John, get clear on some compliance related definitions, and get acquainted with the impact compliance has on DBAs, database developers, and IT managers.
|