| How do we IT professionals bring in statutory stamp from governmet |
| Posted by Nikhil, Mafatlal Industries Limited on
6/20/2008 |
Reply |
Friends we all know now that a CEO and CFO has to certify balance sheet on the content as well as the risks associated to an organisation.
Dont you think it is high time that atleast on Information security issues a CIO should certify the balance sheet, where a CEO/CFO is not competent to certify this ?
If yes, how do we get together to make this happen.
Interested professionals may contact me and lets make a start.
Nikhil Gujar |
| Re: How do we IT professionals bring in statutory stamp from governmet |
|
Replied by Krishnan Kutty, Infomedia India Ltd
on 7/11/2008
| Reply to this message
|
Traditionally, in corporates, the balance sheet is derived after audit conducted by agencies appointed by the board. IS is a relatively new area in financial reports of a company. Here too the reports are given by the same agency(most of the time) after the certified consultants of the agency submit their report. The language is not really technical in nature because prior to reporting, they take a management response from the IT/IS Head against their technical report. In this scenario, is there any relevance to the signing authority of CIO ?
Regards,
|
| Re: How do we IT professionals bring in statutory stamp from governmet |
|
Replied by vivek dharia, knp sec. pvt. ltd.
on 7/11/2008
| Reply to this message
|
| I think as a CIO we must take each & every step to complete the formalities regarding compliance to avoid any legal issues in future from any legal authorities. I think govt. is finalizing & comming with a rules & regulation to avoid the frauds in e-business |
| Re: How do we IT professionals bring in statutory stamp from governmet |
|
Replied by Sunil Gupta, Ministry of Steel, ERU/JPC
on 7/11/2008
| Reply to this message
|
| Basically, the primary job of certification lies with the CFO and not CIO. It's better that the CIO should concentrate on technology issues linking it with overall business plans. He/She should be a member of the certifying group headed by a CFO certainly, but not as an independent authority. With so much to do in IT and Business Process, I find it hard to imagine as to how a CIO can get time for othe things |
| Re: How do we IT professionals bring in statutory stamp from governmet |
|
Replied by RD Malav, Jindal Poly Films Ltd.
on 7/18/2008
| Reply to this message
|
| I thing compliance of Information Security is business and industry specific. Different industries need different compliance of regulations varies from local to national and international levels i.e. compliance of factory Act, Labor Law, Income tax, Excise and customs, Environment and Safety to the level of IT Act, SOX and so on so forth. Signing Balance sheet by all concern is not practical. And there for a Govt. approved agency similar to C.A. and ICWA is required to conduct and certify Information security compliance of an organization. This may be applicable to different domain and size of company from the point of affordability. For example an industry has information costing a million dollar will not deploy a information security measures costing more than a some million dollars. |
| Re: Re: How do we IT professionals bring in statutory stamp from governmet |
|
Replied by Sona Saha Das, Infostar Business Solution
on 8/16/2008
| Reply to this message
|
Today the acceptance of international agencies like ISACA & ISC2 is wide and across industries & statutory bodies.The relevance of IT security today comes from the way we use technology.We today take technology for granted.This leads to the other reaspon in the chain, we have moved from the main frame glasshouse to distributed computing with users having access.Its a matter of debate as to whether most times we tend to give too much access to users, but essentially this is what leads to the need for security of information all the more.Since most information of critical nature is in electronic form & entrusted to the technologists of the organization, the signing off the security aspect by the CIO appeals in principal.
Having said that, its necessary to understand that there is a clear school of thought that the CSO shoulfd be the owner of the IT security of an organization.The scale & status of the CSO may vary from organization to organization depending primarily on size,monetary strength,spread & criticality of information, the CSO cant be the CIO or report into him.
The responsibility of the IT security is the CIO's but the undertaking of the same has to lie with the CSO. The CSO could be the CFO/CEO, any IT literate mature user, specified outside agency,dedicated certified person. |
| Re: How do we IT professionals bring in statutory stamp from governmet |
|
Replied by vivek dharia, knp sec. pvt. ltd.
on 8/13/2008
| Reply to this message
|
| yes as a commerce graduate,CIO and 25 years exprience in IT, I will fully agree with this. |
| Re: How do we IT professionals bring in statutory stamp from governmet |
|
Replied by Atul Bansal, SMIFS Securities Limited
on 9/25/2008
| Reply to this message
|
| As a CIO of organization he/she is resposible that data avaialble to users is clean i.e limited to quality of data. But if CIOs think that their stamp should be necessory along with CFO will create a friction & some way drift of responsibility that carries when CFO signed the balance sheet. Because all through the year his team is working on financial transactions and go for internal audits & reconsiliation before finalisation of balance sheet. So it is CFO's domain clearly which CIO can not hijack just because his team is instrumental in providing the clean data (content) to accounts and finance people |
