Volume 4, 2012 

The ISACA Journal is dedicated to the publication of managerial and technical guidance from experienced global authors to enhance the proficiency and competitive advantage of its international readership. With volume 4, 2012, the Journal focuses on the theme Data Analytics/Mining, with articles on documentation and audit risk assessment among others.

Book Reviews
Book Review: The IBM Data Governance Unified Process 
Sunil Soares | Reviewed by Bright Munongwa, CISA, CGEIT, CRISC, CIA
The book is mainly targeted at data governance practitioners and draws on real-life experiences of enterprises that have implemented data governance programs.
Cloud Computing
Securing Hybrid Cloud Applications 
Carson Sweet
It is critical that companies understand their responsibility when it comes to securing their public or hybrid cloud environments.
CPE Quiz
Quiz 143 
Based on Volume 2, 2012
Features
Applications of Business Process Analytics and Mining for Internal Control 
Filip Caron and Jan Vanthienen, Ph.D.
This article aims to introduce business process analytics and mining to the information systems (IS) audit and control community.
Everybody Loves Documentation 
Adrienne Bellehumeur, CISA, CA, PMP
Documentation is essential for IT departments to achieve their objectives: protecting their intellectual capital and business continuity, and improving clarity and momentum in projects and operations.
How to Maximize Evidential Weight of Electronically Stored Information 
Haris Hamidovic, CIA, ISMS IA, ITIL, IT Project+
Deterring cybercrime is an integral component of a national cybersecurity and critical information infrastructure protection strategy.
SAP Password Vulnerabilities and Access to Sensitive Business Data 
Jose Espin, CISA, CISSP, MCP, SAP
This article focuses on the application-level risk that arises from inappropriate implementation of access controls.
Seven Myths of Information Governance 
Vasant Raval, DBA, CISA, and Greg Dyche
In this article, the term “governance” is used in the sense of information governance to discuss certain myths or misunderstandings of governance.
The Importance of the ARA 
Danny M. Goldberg, CISA, CGEIT, CCSA, CIA, CPA
Internal audit (IA) departments should not lose sight of the importance of the ARA and its tangible and intangible benefits to the company and the department.
Five Questions
Five Questions With... 
Gregory T. Grocholski, CISA
Greg Grocholski is the chief audit executive for The Dow Chemical Company, based at the company’s global headquarters in Midland, Michigan, USA.
Guest Editorial
From Continuous Auditing to Continuous Monitoring—You Should Be the Champion 
Michael P. Cangemi, CPA
While CM has some of its roots in continuous assurance monitoring, it is expanding at a rapid pace in many organizations.
HelpSource Q&A
HelpSource Q&A 
Gan Subramaniam, CISA, CISM, CCNA, CCSA, CIA, CISSP, ISO 27001 LA, SSCP
What kind of security controls must be in place to tackle BYOD?
Information Security Matters
Keynes, Shelley, Taleb and Watts 
Steven J. Ross, CISA, CISSP, MBCP
Assessing the risk of information security failures is an exercise in prediction, one that is ultimately either futile or self-defeating.
IT Audit Basics
Auditing Applications, Part 2
Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CPA
This is the second part of a two-part article on a process-oriented framework for auditing applications.
Online Exclusive
JOnline: 10 Key Rules for Using the ITIL Framework Effectively 
Debasis Bandyopadhyay, CISA, CISM, CGEIT, PMP, TOGAF9, ITIL v3 (F)
This article shares some of the practical challenges in IT service management (ITSM) and how the ITIL framework can be used to overcome those challenges.
JOnline: El Negocio de la Seguridad de la Información: Revelando la Potencialidad de un Concepto 
Jeimy J. Cano M., Ph.D., CFE, CMAS
Tener claridad sobre el modelo de negocio que se desarrolla en una organización es encontrar la fuente de la sabiduría empresarial.
JOnline: To Click or Not to Click? That Is the Question 
Carlo Rossi, CISA, CISM, CGEIT, ISO 27001 LA
Information security awareness training courses are delivered every day in many companies, yet the results are often not as good as expected.
Standards, Guidelines, Tools and Techniques
Standards, Guidelines, Tools and Techniques 
ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques
Translated Articles
ARA (감사위험평가) 의 중요성 
Danny M. Goldberg CISA, CGEIT, CCSA, CIA, CPA
내부 감사(IA) 부서는 ARA 와 유무형의 편익이 회사 및 부서에 영향을 미친다는 중요성을 간과해서는 안됩니다.
문서화가 가져다주는 이점 
Adrienne Bellehumeur, CISA, CA, PMP
문서화는 IT 부서에 필수적인 요소로 지적 자산을 보호하고 비즈니스 연속성을 보장하며 프로젝트 및 작업 수행 시 명확성과 탄력성을 개선시킴으로써 기업의 목표를 달성할 수 있게 해줍니다.