3 August 2018
Risk management in the use of Information and Communication Technologies
For a decade now, the use of Information and Communication Technologies (ICT) tools in the daily work of organizations has increased exponentially in our country, and companies of all levels have experienced a notable increase in the use of new technological tools. An example of the above is that the use of electronic invoices for all companies has already been mandatory for a couple of years, and the tax administration, using this technology, has eliminated many of the accounting records that were administered by taxpayers and that are now available on the web of the supervising body, making companies be forced to use more computer tools.
Countless operations can be carried out in an automated way using the new ICT tools, this dependence on information systems, the increase of connectivity with other institutions, the volume of transactions and changes in regulations, among others, make the "information "Is considered one of the most critical assets in organizations.
This has brought as a consequence that many companies that previously saw the possibility of incorporating these new ICT tools, today face off against this reality that often surprises them without resources to control all these changes that have been made in very short time
In this context, is that companies are demanding new services focused on allowing the strengthening of internal control and security management of ICT in organizations. These consultancies should be focused on the evaluation, diagnosis, review and possible detection of findings of deficiencies in the management of ICT, for this, modern methodologies can be used, including reviews of general IT controls (CobiT), evaluation of technological risks in the security management (ISO27002), diagnosis of IT internal control (COSO), logical security reviews (of databases and operating systems) and revisions of user profiles, among others.
Pedro Fecci Gallardo, Auren Chile - Punta Arenas