International Edition

Preface
Welcome to the first international edition of KPMG Information Risk Management's Compact journal for Business, ICT (Information and Communication Technology) and Audit executives and staff. Over the past 25 years, this journal has only been available in Dutch, in the Netherlands and Belgium. Now we, in particular the editors Dries Neisingh and Ronald Koorn, have brought together a truly international team of Information Risk Management (IRM) professionals to produce this first English language edition. For those of you who are not familiar with Compact, it is designed to provide Executives, ICT and Audit professionals with practical information on a number [lees verder]

Use of the Balanced Scorecard for ICT Performance Management
Drs. J.C. de Boer RE, Joachim Vandecasteele en Ken Rau
The need for adequate ICT control and management is growing rapidly as organisations relentlessly step up the pace and increase the size of investments in ICT. Dependence on reliable, continuous and competitive ICT systems is growing accordingly. As a result, organisations, and hence ICT departments, are under increasing pressure to achieve an above-average performance using ICT. This article looks at how performance management can be set up for ICT on the basis of the balanced scorecard.

Project Reviews
Nick Duke, Ir. J.A.M. Donkers RE en Drs. R. Oudega RE
The control of ICT projects proves to be difficult in practice. The success of expensive ICT projects, however, is of increasing importance to the overall success of organisations. The question, therefore, is how project control can be improved. Project reviews are performed as part of the control of an ICT project. This article describes the Project Review framework, an international methodology developed by KPMG for the review of ICT projects.

e-Procurement and Online Marketplaces
Drs. ing. R.F. Koorn RE, David Smith en Carsten Müller
e-Procurement, especially in the shape of online marketplaces, is currently one of the key e-Business applications, as it generates a positive return on investment. Because development of the relevant technology, standards and controls is still limited, and because relevant expertise and experience are scarce, organisations face serious challenges in their effective application of e-Procurement. This article summarises e-Procurement developments and pays attention to the potential benefits and risks involved in its application.

Real-world Application of Public Key Infrastructures Deployment Methodology
Noel Nazario en Martijn van Oosten
With the rise of transaction-based e-Commerce, especially in the business-to-business segment, Public Key Infrastructures (PKI) have become one of the fastest growing security solutions. PKIs are complex systems with multiple components, that require policies, and practices which need to be coordinated and integrated into an organisation's business models. The level of effort required for the successful implementation, integration and maintenance of a PKI should not be underestimated. This article discusses a structured PKI implementation methodology and provides a practical example of its application in two case studies.

Corporate Information Security
No half measures
Prof. dr. E.E.O. Roos Lindgreen RE, Frank Rizzo, Allen Zuk en Francois Beaudoin
Information security has developed from a specialist issue into a fixed item on the management agenda. Due to the growing integration of information technology in operating processes, security is now increasingly embedded in the tasks and responsibilities of existing organisations. This article explains how organisations can adopt a structural approach to information security, from assessment and policy formulation to planning and implementation. Three case studies highlight specific aspects of information security.

System Integration Controls Lessons Learned from ERP Projects Applied to e-Business Systems
Colin Bezant en Drs. P.P.M.G.G Brouwers RE RA
E-Business systems are being developed within many organisations. As a result of competition and time pressure, e-Business systems are confronted with the same kind of project and control issues that Enterprise Resource Planning (ERP) systems faced before them. In 1999, Gartner estimated that 75% of all e-Business projects fail. This article deals with the complexity of e-Business systems and explains to what extent key elements such as change management, training and controls need to be designed and implemented in order to increase the chance of success.

e-Business and Trust
From Management Assurance tot Web Assurance?
M. de Haas RE RA
Trust is the grease in the wheels of commerce. Without it everything would grind to a halt. Fortunately, most people – buyers and sellers – are both trusting and trustworthy. But it is the few that spoil it for everyone else. This article looks at various kinds of trust mechanisms and the role that an auditor can play by offering e-assurance services.

Alliances and ICT Audits
Drs. P.C.J. van Toledo RE RA
An alliance is a strategic management tool. It helps one organisation to cooperate with others in order to achieve specific product development, sales or distribution goals. The relationship between the allied organisations is a loose one, but the investments are substantial. Controls may play a critical role in the success of the alliance. This article describes the phases in which an alliance is established and deals with the corresponding risks and controls. It also addresses the relationship between the financial audit and alliances.