Hardening by Auditing

About the Book

Developing an internal auditing capability within an organization is as important to the continued success of that organization as any other initiative or process. An “audit” is a systematic, independent, and documented process for obtaining evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled. “Internal audits” are audits conducted by on behalf of the organization itself for internal purposes, and can form the basis of the organizations self-declaration of conformity or compliance. A well-planned, effective, internal auditing program should consider the relative importance of the processes and areas to be audited. Don’t waste time on the unimportant. The success of an organization is the sum of the effectiveness of Management authority, responsibility, and accountability. They are, in turn, the sum of the manner in which Management deals with the findings of the internal audits. The premise of this book and my reason for creating it is simple: 1. Our organizations (large and small – public and private) and, in fact, our lives are in danger from both physical and cyber-attacks, because we remain incredibly uneducated, unstructured, and vulnerable, when it comes to threats to their security. 2. Organizational Security can be upgraded profoundly through a well-developed program of internal and outside audits. 3. Similar or co-located organizations can combine resources synergistically. That is, the whole of the effort will be greater than the sum of its parts. I have kept this work as compact as possible, so as to minimize reading time and maximize productivity. I write for no-nonsense managers with big responsibilities and limited resources. I refer often to four excellent ISO International Standards. They offer guidance for structuring effective management programs rapidly, regardless of whether or not organizations desire certification by accreditation bodies. I invite you to use my approach to Risk Management, as explained in the pages that follow. You will find it an effective and uncomplicated method for developing and monitoring your strategic plans. Developing a security “mindset”, using the checklists provided, and taking action on your findings will improve your security posture – immediately and continuously. Good luck, and now let’s get to work.

About the Author

Eugene A. (Gene) Razzetti retired from the US Navy as a captain in 1992, a Vietnam veteran and having had two at-sea and two major shore commands. Since then, he has been an independent management consultant, project manager, and ISO auditor. He became an adjunct military analyst with the Center for Naval Analyses after September 11, 2001. He has authored three management books and coauthored MVO 8000, a Corporate Responsibility Management Standard. He has served on boards and committees, dealing with ethics and professionalism in the practice of management consulting. He is a senior member of the American Society for Quality (ASQ) and assisted the Government of Guatemala with markedly heightening the security posture of its two principal commercial port facilities. He can be reached at www.corprespmgmt.com or generazz@aol.com. Other books by Gene Razzetti: 1. The Executive’s Guide to Corporate Responsibility Management and MVO 8000 (2nd Ed) 2. Fixes That Last: The Executive’s Guide to Fix It or Lose It Management (2nd Ed) 3. The Executive’s Guide to Internal Auditing