{"product_id":"9798868830525","title":"Control Decay Why Organizations Pass Audits and Still Fail to Manage Risk","description":"\u003ch1\u003eControl Decay\u003c\/h1\u003e\u003ch2\u003eWhy Organizations Pass Audits and Still Fail to Manage Risk\u003c\/h2\u003e\u003ch3\u003eRavi Sharma\u003c\/h3\u003e\u003cdiv\u003e\u003cb\u003eComputers \/ Business \u0026amp; Productivity Software \/ Business Intelligence\u003c\/b\u003e\u003c\/div\u003e\u003cbr\u003e\u003cdiv\u003e\n\u003cp\u003eYour last audit was clean. So was the one before that. And then something happened anyway. In modern enterprises, controls rarely fail outright. They continue to operate, pass their tests, and produce their evidence. What changes is the world the controls were designed to govern — and that world is now governed by engineering, security, and operations teams moving faster than any assurance cycle was built to follow. This book introduces the concept of control decay: the gradual erosion of control effectiveness as the operating environment around a control evolves while the control itself does not.\u003c\/p\u003e\r\n\u003cp\u003eDeveloped through analysis of consequential cases, including the Silicon Valley Bank collapse, the CrowdStrike outage of July 2024, and the Boeing 737 MAX MCAS case, the book presents C-DRAFT, a diagnostic framework that names six structural forces producing decay: Change Velocity, Dependency Drift, Role Dilution, Automation Opacity, Framework Lag, and Testing Illusion.\u003c\/p\u003e\r\n\u003cp\u003eEstablished standards enforce and verify controls. They were not designed to detect when a control's design assumptions have drifted from the environment the control was meant to govern. C-DRAFT addresses that specific gap. Rather than replacing established standards such as COSO, COBIT, NIST, or ISO, or the security, engineering, and risk management frameworks organizations rely on day to day, C-DRAFT provides a shared lens through which audit, security, technology, engineering, and risk can read the same control environment. The focus is relevance, not compliance expansion. Control decay is everywhere. What it has lacked, until now, is a unified framework that can diagnose and respond to it.\u003c\/p\u003e\r\n\u003cp\u003eWhat You Will Learn\u003c\/p\u003e\r\n\u003cul\u003e\r\n\u003cli\u003eHow to detect control decay before it produces a failure, using a diagnostic the existing frameworks were not built to provide\u003c\/li\u003e\r\n\u003cli\u003eHow cloud, AI, automation, and third-party dependencies accelerate decay, and how to govern each one without expanding compliance\u003c\/li\u003e\r\n\u003cli\u003eHow audit, security, technology, and risk can read the same control environment through a shared lens and stop duplicating each other\u003c\/li\u003e\r\n\u003c\/ul\u003e\r\n\u003cp\u003eWho This Book is For\u003c\/p\u003e\r\n\u003cp\u003eThis book is written for professionals responsible for evaluating, designing, or relying on control effectiveness in modern enterprises. Internal auditors, technology auditors, cybersecurity professionals, risk managers, GRC leaders, and assurance advisors will find practical guidance, as will technology and security leaders who rely on audit and risk outcomes to understand why their controls behave as they do.\u003c\/p\u003e\n\u003c\/div\u003e\u003cdiv\u003e\n\u003cp\u003eRavi Sharma is a senior technology audit and risk practitioner, certified in CPA, CISA, CISSP, CRISC, CMA, AAIA, and ACMA, who has worked across the seams the book examines: between internal audit and external assurance, between security operations and audit evidence, between technology change and governance review. His work has included extensive engagement with cloud transformations, automation pipelines, identity governance platforms, SOX and regulatory assurance, and post-incident review work in complex regulated environments.\u003c\/p\u003e\r\n\u003cp\u003eAcross those engagements, he has repeatedly observed the pattern the book names: controls that pass audits while the conditions the audits were designed to verify quietly diverge from current operating reality. He has worked with internal audit teams, external auditors, security functions, technology leaders, and regulators, and has approached the same control environment through each of those lenses in turn. He has written for industry journals, contributed to professional institutes, and served in leadership roles within professional associations and university advisory councils.\u003c\/p\u003e\n\u003c\/div\u003e\u003cbr\u003e\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd\u003ePublication Date: \u003c\/td\u003e\n\u003ctd\u003e26 January 2027\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003ePublisher: \u003c\/td\u003e\n\u003ctd\u003eApress\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eImprint: \u003c\/td\u003e\n\u003ctd\u003eApress\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eISBN-13: \u003c\/td\u003e\n\u003ctd\u003e9798868830525\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003eFormat: \u003c\/td\u003e\n\u003ctd\u003ePaperback \/ softback\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/table\u003e","brand":"Apress","offers":[{"title":"Default Title","offer_id":50806364012684,"sku":"9798868830525","price":35.99,"currency_code":"USD","in_stock":true}],"url":"https:\/\/fh90cf-fv.myshopify.com\/products\/9798868830525","provider":"Late Knight Books and Services, LLC","version":"1.0","type":"link"}