Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

Exceptions to Controls

Exceptions to our defined IT controls are managed in what we call an 'exception library'. 

  • This library lists the specific exceptions associated with specific work requests that have been requested, their status in the approval process and the effective dates of these approvals and lastly which specific IT controls they apply to. 
  • Exceptions are individually identified and these identificaitons are referenced within the various work requests where the exceptions are utilized for traceability purposes.
  • The exception library is available for 'read access' to all associates that they may check the status of requests as well as which are valid or not. 

Recently a risk manager questioned whether these exceptions should be made public (even if only to company associates).  The rationale was that since the individual exceptions are made public, that anyone could access a valid excption and reference it on any work requests.

I've not found anything in the public domain specific to similar exception libraries or what others think with respect to whether these should be made available to all applicable associates, a subset of associates involved with the specific work activities exceptions have been granted to, or only to those associates involved with IT Governance.

I'm looking for your thoughts and/or experiences with control exceptions and the awareness/communication of these exceptions.  Thanks!

You must sign in to rate content.
(1 ratings)

Comments

RE: Exceptions to Controls

there is nothing wrong in making the "Exception Library" public, as, you can get different perspectives on the validity of the exception, after filtering out the noise. 
Shruti KulkarniEnergizer at 11/10/2014 8:21:07 AM Quote
You must sign in to rate content.
(Unrated)

RE: Exceptions to Controls

Transparency of the exceptions register - along with the risk register - I've found to be a good thing.
Phil GreenInfluential at 1/1/2016 12:37:32 PM Quote
You must sign in to rate content.
(Unrated)

RE: Exceptions to Controls

Transparency of the exceptions register - along with the risk register - I've found to be a good thing.
Phil GreenInfluential at 1/1/2016 12:37:32 PM Quote
You must sign in to rate content.
(Unrated)

RE: Exceptions to Controls

there is nothing wrong in making the "Exception Library" public, as, you can get different perspectives on the validity of the exception, after filtering out the noise. 
Shruti KulkarniEnergizer at 11/10/2014 8:21:07 AM Quote
You must sign in to rate content.
(Unrated)

RE: Exceptions to Controls

there is nothing wrong in making the "Exception Library" public, as, you can get different perspectives on the validity of the exception, after filtering out the noise. 
Shruti KulkarniEnergizer at 11/10/2014 8:21:07 AM Quote
You must sign in to rate content.
(Unrated)

RE: Exceptions to Controls

Transparency of the exceptions register - along with the risk register - I've found to be a good thing.
Phil GreenInfluential at 1/1/2016 12:37:32 PM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.