ABSTRACT
American Industry finally figured out that the only way to improve quality was to integrate it into the manufacturing process, not try to inspect it in at the end. That integration of quality was incredibly successful and gradually made its way into other industries. Unfortunately, in technology risk management areas, we have not totally made the transition. Tom is the CIO of a large medical record processing firm. The auditing firm used by the company has suggested that a formal group be formed to monitor the risk metrics of the company related to technology. Holly, the manager of the computer operations department, just got hit with a finding from the external auditors. She carefully reviewed the finding—it seems that during the audit, the examiner found several dozen powerful system accounts existed that had not been used for over a year. Risk Management, Legal, Human Resources, and Compliance sometimes have similar functions.
