ISACA Journal Blog

 ‭(Hidden)‬ Admin Links

ISACA > Journal > Practically Speaking Blog

How to Prepare for Taxation in a Digitalized Economy

Helena Strauss, CISA, CA(SA) Posted: 9/9/2019 3:02:00 PM | Category: Audit-Assurance | Permalink | Email this post

Helena Strauss
While IT professionals and auditors are not required to be tax experts, they do need to have a certain level of mindfulness with regard to taxation within the digitalized economy going forward as tax collection is slowly but surely becoming part of the natural business ecosystem where taxation happens by default.

IT professionals and auditors should consider the following to better address taxes within the digitalized economy:

  • Regarding the client’s business structure, does it deliver highly digitalized services and does it have an international economic presence?
  • Does the client have sufficient IT controls in place to identify the origin of its users of digitalized services provided? Controls such as bank account details, IP addresses, customer addresses might suffice, although they can be changed or anonymized. This information should be used to bill the client and apply the correct Value Added Tax (VAT)/Goods and Services Tax (GST) rates, which is a fully digitized process.
  • Does the client make use of freelance or contract workers within the gig economy? If so, payments to them should be made after withholding taxes (dependent on the jurisdiction in which the worker resides). This is also a digitalized process in most instances.

The following IT internal controls questions should also be answered:


Digital Transformation Oversight Extends Beyond Technology

Guy Pearce, CGEIT
Posted: 9/3/2019 3:01:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Digital transformation. Digitalization. Digitization. Three business terms in common use today that describe the differences in scope of the organizational digital effort, in this case in order of decreasing scope. Unfortunately, the first word of the term “digital transformation” seems to receive all the attention, with the second word left to scrabble for the scraps. This could be because digital technology efforts are already difficult enough if they are considered in a corporate context rather than as a silo, while the associated transformation efforts—largely involving people and business transformation—are even more difficult. For technology efforts however, forgoing the people component readily results in the expectations of the investment not being met.


Auditing Green IT

J. David Patón-Romero, CISA, PMP, Maria Teresa Baldassarre, PMP, Moisés Rodríguez, CISA and Mario Piattini, CISA, CRISC, CISM, CGEIT, PMP Posted: 8/29/2019 2:56:00 PM | Category: Audit-Assurance | Permalink | Email this post

Sustainability has become a key focus in the 21st century. Both society and organizations recognize the importance of sustainability in their day-to-day functions and demand guidelines that help them implement, control and improve practices in this regard. Many IT organizations have begun to implement green IT practices. Based on our experience applying an extension of COBIT in different organizations to audit green IT, we believe that the following steps should be considered:

  1. Understand the scope—Due to the novelty of green IT, many organizations do not fully understand the scope of green IT practices. Thus, it is important to differentiate between green-by-IT practices (in which IT is used to reduce the negative impact that other areas have on the environment) and green-in-IT practices (in which sustainable practices are applied in IT itself to reduce its negative environmental impact).
  2. Conduct a systematic and progressive green IT assessment—Assessing all the processes established by COBIT (adapting them to green IT) is unfeasible. So, it is advisable to group COBIT processes using a maturity model. This allows auditors to conduct a more organized and progressive audit, assessing first and ensuring compliance with the most basic and necessary processes of the first maturity levels before assessing more complex processes of higher levels.
  3. Implement improvement actions—We have also guided organizations toward the improvement of the practices they carry out. Organizations should develop improvement plans and progressively implement the processes level by level of maturity.

We believe that these 3 steps can help you not only when properly assessing green IT, but also when establishing a strategy to implement and improve the processes and practices that are carried out. This will benefit your work as auditors, making the entire audit process simpler and more complete, and it will help organizations achieve better results in green IT.


Ethics in IT: An Emerging Frontier in the Enterprise Governance of IT

Guy Pearce, CGEIT Posted: 8/26/2019 2:57:00 PM | Category: COBIT-Governance of Enterprise IT | Permalink | Email this post

Trust. Privacy. Transparency. Three words that have invaded our technology lexicon. In an age of fashionable falsehoods, it is probably not surprising that these words permeate almost any aspect of our lives in technology, in government and even in our organizations. People are concerned that a loss of privacy is touted as the cost of security or better service, and their trust is shaken, driven by the fact that some organizations are not always forthcoming with the truth about their deployment of technology.

Should we care? The European Union (EU) seems to think so, given rigorous legislation such as the General Data Protection Regulation (GDPR), which demands data privacy and security by design for citizens of the EU by organizations that collect and use any data about those citizens.


Learning to Secure AI

Adam Kohnke, CISA, CISSP Posted: 8/22/2019 3:00:00 PM | Category: Security | Permalink | Email this post

The trends appear to be presenting themselves all over the place; TV commercials, online ads, corporate product announcements, etc., are all saying the same thing: Artificial intelligence (AI) adoption and use are exploding. As an information security and assurance professional, I admit that I did not really know much about this emerging technology, so I decided to begin the process of becoming educated on the subject, even if only at an introductory level. I started performing online research to understand the current market size, future growth projections, how to achieve certification and education and, most important, approaches to governing and securing use of AI solutions.

My company presently allocates each employee a modest annual training budget, so I leveraged those funds to select a training provider and begin taking AI classes as I performed my research for my recent Journal article. I gravitated towards edX as their curriculum was 100% free, but also provided certificates after completing courses and quizzes, which is also useful for IT certification continuing professional education (CPE). As I completed my AI edX courses and online research, I wanted to structure my ISACA Journal article in a conversational and informative matter starting with defining AI and addressing some common misconceptions. From there, I wanted to address market size, projected growth trends and who the players are in the market. I believe this is always important because this information provides important context on what to expect in the near term and long term and which organizations to keep your eye on.

<< First   < Previous     Page: 1 of 91     Next >   Last >>