Agencies

Anti-Money Laundering

Business Continuity & Disaster Recovery

Compliance

Emerging Technology

Governance and Standards

Identity Theft

Leadership Management

Physical Security

Risk Management

Training & Education

Webinar Calendar

Vendor Directory

Content Library

Products

Events

About Us

Resources

Transcript of Mark Bernard on Risk Management and ISO Certification

Education and Certifications
Risk Management

Swart: Well, speaking of accounting, a lot of executives are quite concerned that achieving ISO compliance, or excuse me, IS certification, will significantly increase their costs, and lead to the adoption of significantly more controls. Is that perception accurate?

Bernard: Actually it's not. ISO is a big thing to take on, and there has been a lot of reluctance, as you know. We are going to be likely the first on-line banking system in North America, perhaps even the globe, to become ISO certified. And I think the reluctance is because they just haven't found the right person or the right group who can deliver that package in a way that they can accept. In fact, the ISO framework, once it's properly implemented, will actually help reduce controls, which is usually a big selling point with senior managers.

As we have external consultants and monitors coming in and telling us to implement more and more controls, the concern is that we have layers and layers, and all of the sudden productivity slows down within the organization. We have to hire new people to manage the controls because there are so many of them. And ISO is not about that at all. There are 133 controls within ISO. And they can be basically applied in a number of different ways.

> Read entire article (log in required - registration is free)