The Role of Governance, Risk and Compliance in a Firm

Size: px
Start display at page:

Download "The Role of Governance, Risk and Compliance in a Firm"

Transcription

1 Technology Investment: Achieving Balance Between Business Requirements and Regulatory Compliance

2 Over the past decade, IT organizations have endured a historic pendulum swing, from reckless IT development to painstaking entrenchment and control. As businesses operate in 2007, chief information officers (CIOs) face a vital challenge: how to swing that pendulum back without entering a second phase of uncontrolled IT activity. It is an important question. The boomtown era of the late 1990s saw unprecedented IT growth as companies raced to build out information infrastructure with little regard to IT controls or governance. New systems were deployed, new technologies were adopted, and often, unproven practices were implemented before top executive management could integrate them under a coherent framework. By 2002, the post-boom period had turned the information management world on its ear. Organizations faced a host of regulatory requirements, including the Sarbanes-Oxley Act, designed to increase visibility into corporate operations and information structures. And almost overnight, compliance emerged as the top priority for most IT shops. Today, with most enterprises having achieved initial compliance, the effort is shifting toward a critical phase: Companies now strive to maintain ongoing compliance while working to drive down cost and improve overall business performance. The result is a critical three-pronged challenge for the CIO: Achieve and maintain regulatory compliance Implement rapid improvements in technology Maintain and leverage the existing infrastructure In short, the mission for CIOs has shifted, from one focused on governance and control to one built on balance. Today, the effective CIO must strive to balance aspects of IT growth, business alignment, risk mitigation, operational efficiency and compliance. The Imperative for Governance, Risk and Compliance Achieving balance requires a robust management tool kit that integrates technology operations, business management and compliance activities into a coherent whole. Enter Governance, Risk and Compliance (GRC), an umbrella concept that integrates corporate and IT governance, risk management and compliance activities into a single framework. The thrust of GRC is to lift executive management out of the realm of point solutions and one-off processes to adopt a holistic approach toward these three interrelated concepts. GRC is not exclusive to any one level of the organization; instead, it demands complementary activities across the enterprise. Simply deploying IT architecture components is not enough. Deployments must address processes and workflows while respecting the global standards, metrics, goals and activities of the organization. It has been said that experience is the best teacher, and nowhere is this more true than in the area of GRC. Since 2000, business and technology executives have plowed enormous resources into making business processes and IT systems fully compliant. But having seen the difficulty in aligning disparate departments and practices, these executives are looking now for ways to streamline, optimize, automate and unify ongoing GRC management activities. What is more, the goal has evolved from simply meeting regulatory targets, which can put a drag on business performance, to improving and streamlining business processes and activities. The result is a holistic effort in which the IT organization applies GRC at multiple levels of the technology environment. These levels are: Entitywide This is the whole earth view : objectives, standards, metrics and activities that permeate the organization and apply to all of its IT environments and activities. The entitywide level applies generally to each of the specific tools, applications and systems that comprise an organization s technology environment. Process/Workflow These are the specific activities in the IT organization that process the demands of the business and deliver services to it. Examples include user access management, change management and help desk. In many organizations, these activities are defined within policies and procedures, and are enabled by workflow solutions that standardize, automate and monitor the execution of the activities in a consistent manner. These activities also are evaluated for effective and efficient performance. Process and 1

3 workflow comprise the set of activities that enable specific technology devices and applications to meet the needs of the organization. IT Architecture This is the set of technology tools, components and devices that comprise the technical architecture of the business. The IT architecture provides the environment for the process and workflow to operate, and also to monitor and report the process workflow. IT architecture consists of hardware, software, networks and operating systems, and includes both physical and logical devices. The Role of IT in GRC Traditionally, the CIO has been a key factor in the risk mitigation activities of the business entity. Information security, privacy and business continuity have long been important functions within most IT organizations to identify and mitigate risks. As technology increasingly has become involved in a myriad of other critical business activities, the effective CIO has improved the ability of the organization to mitigate risk. Compliance activities have helped position the IT organization as a key player in risk identification. The roles of audit, risk and compliance have increased in importance within the IT organization. In addition, the business has seen the ability of IT to improve the awareness of risks within business activities, as well as identify and validate the operation of controls designed to mitigate business and technology risks. By expanding from a compliance-centric viewpoint to incorporate concepts of governance and risk, the CIO can better leverage IT investments and improve the alignment of business requirements and technology capabilities. The CIO has an important role in the definition of each component of GRC. The entity-level measures are defined across the organization, but they must align with the IT architecture the ability of the organization to monitor, measure and report results. Also, the workflow and processes in the IT organization must align with the entity-level requirements, as defined and supported by the enabling technology environment. It is this linkage of entity goals, risks, performance requirements and enablement with technology that mandates the CIO be an integral member of the GRC program within an organization. Utilizing GRC to Deliver Business Value Using GRC as a framework, the CIO can evaluate investment decisions that enable alignment of the IT organization with the expanding requirements of the business while leveraging compliance-related focus and IT investment. For instance, during Sarbanes-Oxley compliance efforts, the organization normally focuses on the financial reporting risks and related processes and activities. In addition, the business enhances its awareness of the process activities. The result: significantly improved validation and mitigation of critical financial reporting risks. In the evolution to GRC, the organization must enhance the compliance activities and then relate them to the pervasive business risks and activities. In this manner, and enabled by the CIO, the organization achieves the following: Understands and documents additional risks of the business Documents processes that impact those risks Defines IT enablers of the business processes Improves both business and IT effectiveness and efficiency Confirms process effectiveness and efficiency Monitors alignment with enterprise requirements One of the most important aspects of GRC evolution revolves around improving business processes and the ability to confirm the real impact of these improvements. A virtuous cycle, which enhances the efficiency of IT activities, quickly develops. 2

4 Three Legs of GRC The Open Compliance and Ethics Group (OCEG), a not-for-profit organization that provides a framework for integrating governance, compliance, risk management and integrity into business practices, offers a succinct analogy for GRC. To wit: The fastest cars have the best brakes. To understand how GRC can improve business performance and ensure compliance, it is important to comprehend the underlying concepts. While IT governance, IT risk management and IT compliance are each unique disciplines in their own right, the three activities must be carefully orchestrated to enable a corporate environment that balances productivity and IT progress with effective control and management. Governance, Risk and Compliance (GRC) (Graphic courtesy of the Open Compliance and Ethics Group) Inside IT Governance Effective IT governance, at its heart, is about business alignment. CIOs must have visibility into operations and the tools to manage them. From defining requirements, return, value and quality to driving guidance and development of key policies and procedures, IT governance ensures that the technology serves the business. It sets the tone for the day-to-day management of constantly changing business requirements and resource allocations, and drives the measurement of processes against expected outcomes. IT governance includes: A definition of the acceptable risks within the IT environment Cost guidelines and expectations Key measures and metrics that monitor IT effectiveness Periodic reporting and measurement against expectations and agreements A framework for decision-making and changes to the operational plan Key policies and procedures Regarding IT Risk Management IT risk management is a program that identifies, sources and mitigates the many aspects of business operation that may cause objectives not to be achieved. Notably, the arena of risk management has widened, from gauging hazard and credit risks to a more global view that examines and assesses operational risks within and beyond the organization. Contemplating IT Compliance Management IT compliance management addresses all the regulatory requirements of business operation. From well-known and far-reaching compliance targets like Sarbanes- Oxley to a host of industry- and location-specific rules, laws and regulations, companies must ensure that they monitor and achieve shifting compliance targets. Compliance activities run the gamut, from IT infrastructure and business processes to human factors impacted by training and management. 3

5 For example, as the IT organization improves the rollout of business requirements and executes the activities efficiently, the business can operate with reduced risk of failure and increased confidence. This enables new business requirements that further drive down risk and drive up confidence. As these improvement activities are evaluated and measured in the GRC framework, the CIO can identify areas for investment, which can demonstrate returns that extend beyond the traditional view of ROI. Prioritization of IT Initiatives As the GRC framework is established, the next challenge is to determine the priority of new initiatives required to support and enable the business. Each new initiative creates potential changes to the existing GRC framework, establishes new requirements for services, and impacts existing resource capabilities and services. And again, the benefits of these initiatives can extend well beyond traditional ROI. New measures for determining the business value of these initiatives must be formulated this activity demands the involvement of stakeholders within the business. Is There a Single Solution to GRC Evolution? In the world of technology hardware and software, there is a constant stream of new services, capabilities and solutions. As technical capability improves, companies are faced with investment decisions. CIOs will be tempted to purchase tools to improve the IT architecture aspect, but these investments also must consider the entitywide and process aspects. It is critical for CIOs to see the entire picture before making investment decisions. Data storage offers an interesting case in point. Falling costs and improving architectures and software have compelled many businesses to invest in storage solutions. However, companies that expand the storage infrastructure without updating IT activities and processes to leverage it are asking for trouble. Not only can the new build-out impact existing network performance and complicate procedures like backup, but also the value of the updated infrastructure remains locked up until better information management capabilities can be deployed. In addition, companies have purchased additional storage as a means to address ongoing compliance issues related to records management. Despite the need for additional storage to house the electronic records to comply with regulatory issues, the storage must be a component of a broader initiative that includes identification of the risk and the processes related to governance that enable the storage to address the regulatory needs. One mechanism CIOs can use to gain insight into technology needs is compliance technology. GRC software that enhances and enables compliance processes has made dramatic strides in functionality and stability, and is able to automate the manual processes developed for Sarbanes-Oxley and other compliance initiatives. Also improved over the past few years are the tools used to automate IT processes, such as change management and user administration. These tool sets can dramatically reduce cycle times and increase adherence to stated policies and procedures. The Impact of IT Processes on Quality, Cost and Compliance As we consider the three aspects of GRC entitywide, process and IT architecture the focus remains firmly on process. Experience remains the best teacher, and early experience with Sarbanes-Oxley revealed the critical importance of quality IT processes. Many IT shops struggled with initial Sarbanes-Oxley compliance because their IT processes were immature, lacked standardization and were loosely implemented. What s more, many businesses lacked the ability to monitor the performance of these processes. As a result, IT leaders often learned that employees were handling IT processes more as suggested approaches, rather than as repeatable methods for performing activities. There is growing evidence that mature IT processes can produce impressive returns to the business. And within these processes, evidence mounts that investments in IT governance and internal controls can turn average IT shops into highly successful ones. For example, the IT Process Institute recently released the IT Controls Performance Study, which details a number of compelling findings, including: The best practices outlined by the Information Technology Infrastructure Library (ITIL) and CobiT do broadly improve performance. 4

6 Twenty-one Foundational Controls have been identified with the largest impact on operations, security and audit performance. In comparing organizations, high performers enjoy the following compelling benefits: - Report 12 percent to 37 percent lower rates of unplanned work - Support 2.5 to 5 times the number of servers per administrator - Experience losses from security events 29 percent to 84 percent less frequently - Authorize and support 5 to 14 times the number of IT changes An August 2006 Baseline magazine article commenting on the IT Process Institute study stated: The verdict is in: the greater the adherence to controls, the better-run the information-technology shop. In other words, careful compliance controls can be good for your company. Balancing the Pendulum of IT Focus IT leaders should consider the following key actions to address this balancing act: 1. Increase the understanding of business requirements for the IT organization. 2. Use IT governance as a platform to leverage the investment in compliance. 3. Incorporate risk identification into the decision-making process for IT investment (e.g., include risk impact in the ROI model). 4. Take a comprehensive view of GRC to strengthen the efforts to prioritize the demands of the business on IT. IT stands at a critical crossroads. Many IT leaders seek a state of balance that allows IT to align with the business without losing sight of the investments poured into compliance. Effective IT leaders recognize that failing to address both IT business alignment and ongoing compliance threatens to produce another swing of the pendulum. The good news is IT leaders have an opportunity to regain control of their project portfolio. Projects delayed by the crush of Sarbanes-Oxley activities can be addressed now. The task at hand is to identify how exactly to move forward in a balanced fashion that improves business performance while maintaining focus on compliance. In short, CIOs must weigh investment decisions while respecting all three critical aspects of the technology environment entitywide, process and IT architecture. We recommend implementing GRC as a framework for permeating the decision-making process in an organization. The implementation of an integrated environment to improve governance, manage risk and enable compliance will provide the CIO with the tools to drive improved business alignment, and ultimately, business value. In the end, IT leaders who take advantage of the investments in compliance, while balancing the governance and risk processes, will be able to make future decisions that better enable alignment with the business requirements of technology. About Protiviti Protiviti ( is a leading provider of independent risk consulting and internal audit services. We provide consulting and advisory services to help clients identify, assess, measure and manage financial, operational and technology-related risks encountered in their industries, and assist in the implementation of the processes and controls to enable their continued monitoring. We also offer a full spectrum of internal audit services to assist management and directors with their internal audit functions, including full outsourcing, co-sourcing, technology and tool implementation, and quality assessment and readiness reviews. Protiviti, which has 60 locations in the Americas, Asia-Pacific and Europe, is a wholly owned subsidiary of Robert Half International Inc. (NYSE symbol: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index. This white paper is sponsored by: 5

7 Protiviti ( is a leading provider of independent risk consulting and internal audit services. We provide consulting and advisory services to help clients identify, assess, measure and manage financial, operational and technology-related risks encountered in their industries, and assist in the implementation of the processes and controls to enable their continued monitoring. We also offer a full spectrum of internal audit services to assist management and directors with their internal audit functions, including full outsourcing, co-sourcing, technology and tool implementation, and quality assessment and readiness reviews. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. protiviti.com Protiviti Inc. All rights reserved. An Equal Opportunity Employer. PRO

Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations

Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations Overview In late 2006 and 2007, Protiviti commissioned a study to gauge the fraud risk management (FRM)

More information

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role

More information

Process Control Optimisation with SAP

Process Control Optimisation with SAP Process Control Optimisation with SAP The procure-to-pay cycle, which includes all activities from the procurement of goods and services to receiving invoices and paying vendors, is a basic business process.

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

INFORMATION TECHNOLOGY FLASH REPORT

INFORMATION TECHNOLOGY FLASH REPORT INFORMATION TECHNOLOGY FLASH REPORT ISACA Releases COBIT 5: Updated Framework for the Governance and Management of IT May 18, 2012 In April, ISACA released COBIT 5 as a replacement for its current globally

More information

SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned

SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned Executive Summary Organizations evaluating technology solutions to enhance their governance, risk and compliance

More information

A Practical Guide to Information Governance in Microsoft SharePoint 2013

A Practical Guide to Information Governance in Microsoft SharePoint 2013 A Practical Guide to Information Governance in Microsoft SharePoint 2013 Antonio Maio Protiviti, Senior SharePoint Architect & Senior Manager Microsoft SharePoint Server MVP Email: Antonio.maio@protiviti.com

More information

White Paper. An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management

White Paper. An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management White Paper An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management Managing Data as an Enterprise Asset By setting up a structure of

More information

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition

1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition 1. FPO Guide to the Sarbanes-Oxley Act: IT Risks and Controls Second Edition Table of Contents Introduction... 1 Overall IT Risk and Control Approach and Considerations When Complying with Sarbanes-Oxley...

More information

Continuous Monitoring and Auditing: What is the difference? By John Verver, ACL Services Ltd.

Continuous Monitoring and Auditing: What is the difference? By John Verver, ACL Services Ltd. Continuous Monitoring and Auditing: What is the difference? By John Verver, ACL Services Ltd. Call them the twin peaks of continuity continuous auditing and continuous monitoring. There are certainly similarities

More information

Managing Supply Disruptions

Managing Supply Disruptions Managing Supply Disruptions Building fundamentals to manage supply risk and improve supply chain performance All organizations have internal and external supply chains that deliver goods or services to

More information

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall

More information

Pulling it all together: Integrated Solutions for Governance, Risk and Compliance

Pulling it all together: Integrated Solutions for Governance, Risk and Compliance Customer Practice Profile Pulling it all together: Integrated Solutions for Governance, Risk and Compliance The business case for a new enterprise approach to GRC Integrated solutions for Governance, Risk

More information

Applying ITIL v3 Best Practices

Applying ITIL v3 Best Practices white paper Applying ITIL v3 Best Practices to improve IT processes Rocket bluezone.rocketsoftware.com Applying ITIL v. 3 Best Practices to Improve IT Processes A White Paper by Rocket Software Version

More information

Key Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing

Key Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing Contents Introduction Why GRC Assessment Benefits of Cloud computing and Problem Statement Key Speculations & Problems faced by Cloud service user s in Today s time Threats, Vulnerabilities and related

More information

IT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma

IT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma IT Governance, Risk and Compliance (GRC) : A Strategic Priority Joerg Asma Agenda Introductions An Overview of IT Governance Risk & Compliance (IT-GRC) The Value Proposition Implementing an IT-GRC Program

More information

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015 Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...

More information

How To Improve Your Business

How To Improve Your Business IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends

More information

Fortune 500 Medical Devices Company Addresses Unique Device Identification

Fortune 500 Medical Devices Company Addresses Unique Device Identification Fortune 500 Medical Devices Company Addresses Unique Device Identification New FDA regulation was driver for new data governance and technology strategies that could be leveraged for enterprise-wide benefit

More information

Comply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan

Comply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan Comply, Improve, Transform: Regulatory Compliance Management for Software Development Jim Duggan You Can Offset the Costs of Compliance! Complexity Drives Cost UP Sarbanes-Oxley HIPAA EPA Basel II M&A

More information

SARBANES- OXLEYPlaybook. A comprehensive guide for managing compliance by CIOs for CIOs

SARBANES- OXLEYPlaybook. A comprehensive guide for managing compliance by CIOs for CIOs SARBANES- OXLEYPlaybook A comprehensive guide for managing compliance by CIOs for CIOs TABLE OF CONTENTS EXECUTIVE SUMMARY............................................1-3 THE ROLE OF THE CIO............................................4-8

More information

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013 Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities

More information

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT Cybersecurity Framework: Where Do We Go From Here? February 25, 2014 Just over a year ago, President Barack Obama signed an Executive Order (EO) calling for increased cybersecurity

More information

Internal Auditing is an Asset for Small Companies as well as Large Ones

Internal Auditing is an Asset for Small Companies as well as Large Ones Internal Auditing is an Asset for Small Companies as well as Large Ones The term internal audit usually inspires two immediate responses. The first is fear: Is something wrong in our organization? Have

More information

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive

More information

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com W H I T E P A P E R C I O S t r a t e g i e s f o r A l i g n i n g G R C w i t h B u s i n e s s

More information

executive white paper

executive white paper EXECUTIVE WHITE PAPER executive white paper Governing IT to Maximise Value IT Governance for Compliance, Risk Management and Cost Reduction Contents Introduction...2 APM Technology...3 Governance...4 Compliance...6

More information

Combine ITIL and COBIT to Meet Business Challenges

Combine ITIL and COBIT to Meet Business Challenges Combine ITIL and COBIT to Meet Business Challenges By Peter Hill, Director, IT Governance Network, and Ken Turbitt, Best Practices Director, BMC Software BEST PRACTICES WHITE PAPER Table of Contents ABSTRACT...

More information

Capital Projects and Construction: Building in Risk Management and Project Controls

Capital Projects and Construction: Building in Risk Management and Project Controls Capital Projects and Construction: Building in Risk Management and Project Controls Making Every Dollar Count The global economic crisis sparked by the subprime mortgage debacle, the collapse of the securitized

More information

BPM IN F&A THE DIGITAL CFO PARTNERING THE BUSINESS IN GROWTH. xchanging.com BUSINESS PROCESS MANAGEMENT 1

BPM IN F&A THE DIGITAL CFO PARTNERING THE BUSINESS IN GROWTH. xchanging.com BUSINESS PROCESS MANAGEMENT 1 THE DIGITAL CFO PARTNERING THE BUSINESS IN GROWTH xchanging.com BUSINESS MANAGEMENT 1 The changing economic landscape has transformed the role of a Chief Financial Officer (CFO). No longer a financial

More information

Blending Corporate Governance with. Information Security

Blending Corporate Governance with. Information Security Blending Corporate Governance with Information Security WHAT IS CORPORATE GOVERNANCE? Governance has proved an issue since people began to organise themselves for a common purpose. How to ensure the power

More information

Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER

Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER Regulatory compliance. Server virtualization. IT Service Management. Business Service Management. Business Continuity planning.

More information

IT Transformation. Moving Beyond Service Management to a Strategic Business Role. August 2013. kpmg.com

IT Transformation. Moving Beyond Service Management to a Strategic Business Role. August 2013. kpmg.com IT Transformation Moving Beyond Service Management to a Strategic Business Role August 2013 kpmg.com KPMG surveyed over 275 attendees at ServiceNow s Knowledge13 conference, here is what we learned. Key

More information

Telecommunications Is Strategic: Executive Sponsors Secure Competitive Advantage for Enterprises

Telecommunications Is Strategic: Executive Sponsors Secure Competitive Advantage for Enterprises Telecommunications Is Strategic: Executive Sponsors Secure Competitive Advantage for Enterprises Table of Contents Executive Summary... 1 The Case for Executive Involvement... 2 Critical Steps to Gain

More information

Avanade Point of View. Getting it right with a project and portfolio management solution

Avanade Point of View. Getting it right with a project and portfolio management solution Avanade Point of View Getting it right with a project and portfolio management solution Better control, higher value Orchestrating a portfolio of projects, and the resources for execution, challenges leaders

More information

ITIL's IT Service Lifecycle - The Five New Silos of IT

ITIL's IT Service Lifecycle - The Five New Silos of IT The workable, practical guide to Do IT Yourself Vol. 4.01 January 1, 2008 ITIL's IT Service Lifecycle - The Five New Silos of IT By Rick Lemieux In my last article I spoke about IT s evolution from its

More information

Certified Identity and Access Manager (CIAM) Overview & Curriculum

Certified Identity and Access Manager (CIAM) Overview & Curriculum Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management

More information

How Perforce Can Help with Sarbanes-Oxley Compliance

How Perforce Can Help with Sarbanes-Oxley Compliance How Perforce Can Help with Sarbanes-Oxley Compliance C. Thomas Tyler Chief Technology Officer, The Go To Group, Inc. In collaboration with Perforce Software Perforce and Sarbanes-Oxley The Sarbanes-Oxley

More information

Making Compliance Work for You

Making Compliance Work for You white paper Making Compliance Work for You with application lifecycle management Rocket bluezone.rocketsoftware.com Making Compliance Work for You with Application Lifecycle Management A White Paper by

More information

Compared to other industries, banks do quite

Compared to other industries, banks do quite A Framework for Governance, Risk Management and Compliance By Tom Grubb and Tom Burke Compliance and operational improvements are complementary and should happen in tandem. Compared to other industries,

More information

10 Best-Selling Modules For Home Information Technology Professionals

10 Best-Selling Modules For Home Information Technology Professionals Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich

More information

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial

More information

Implement a unified approach to service quality management.

Implement a unified approach to service quality management. Service quality management solutions To support your business objectives Implement a unified approach to service quality management. Highlights Deliver high-quality software applications that meet functional

More information

How IT Can Help Companies Make Better, Faster Decisions

How IT Can Help Companies Make Better, Faster Decisions How IT Can Help Companies Make Better, Faster Decisions How It Can Help Companies Make Better Faster Decisions Of the many different groups that make up a business organization sales, finance, human resources

More information

Address IT costs and streamline operations with IBM service desk and asset management.

Address IT costs and streamline operations with IBM service desk and asset management. Asset management and service desk solutions To support your IT objectives Address IT costs and streamline operations with IBM service desk and asset management. Highlights Help improve the value of IT

More information

How To Standardize Itil V3.3.5

How To Standardize Itil V3.3.5 Business white paper Standardize your ITSM An HP approach based on best practices Table of contents 3 Introduction 3 Benefits and challenges 5 The HP approach to standardizing ITSM 6 Establish an IT operations

More information

How To Understand And Understand The Concept Of Business Architecture

How To Understand And Understand The Concept Of Business Architecture WHITE PAPER Business Architecture: Dispelling Ten Common Myths William Ulrich, TSG, Inc. Whynde Kuehn, S2E Consulting Inc. Business Architecture: An Evolving Discipline B usiness architecture is a maturing

More information

How To Improve Your Career At Csu, Chico

How To Improve Your Career At Csu, Chico Aligning with the future T h e IT Strat e g i c P l a n INFORMATION RESOURCES Academic Technologies 2005 2010 Introduction We have witnessed a tremendous growth in the use of information technology across

More information

Office of the Chief Information Officer

Office of the Chief Information Officer Office of the Chief Information Officer Business Plan: 2012 2015 Department / Ministère: Executive Council Date: November 15, 2012 1 P a g e This Page Left Intentionally Blank 2 P a g e Contents The Business

More information

Table of contents. Standardizing IT Service Management. Best practices based on HP experience in ITSM consolidation. White paper

Table of contents. Standardizing IT Service Management. Best practices based on HP experience in ITSM consolidation. White paper Standardizing IT Service Management Best practices based on HP experience in ITSM consolidation White paper Table of contents Go!... 2 Benefits and challenges... 2 The HP approach to standardizing ITSM...

More information

Improving Service Asset and Configuration Management with CA Process Maps

Improving Service Asset and Configuration Management with CA Process Maps TECHNOLOGY BRIEF: SERVICE ASSET AND CONFIGURATION MANAGEMENT MAPS Improving Service Asset and Configuration with CA Process Maps Peter Doherty CA TECHNICAL SALES Table of Contents Executive Summary SECTION

More information

Software-as-a-Service: Managing Key Concerns and Considerations

Software-as-a-Service: Managing Key Concerns and Considerations Software-as-a-Service: Managing Key Concerns and Considerations A research report Publication sponsored by: TABLE OF CONTENTS Introduction: Cloud IT, including SaaS, is Real IT Managing The Key Concerns

More information

GLOBAL STANDARD FOR INFORMATION MANAGEMENT

GLOBAL STANDARD FOR INFORMATION MANAGEMENT GLOBAL STANDARD FOR INFORMATION MANAGEMENT Manohar Ganshani Businesses have today expanded beyond local geographies. Global presence demands uniformity within the processes across disparate locations of

More information

Public Cloud and Managed Communications Services: Right Time, Right Place?

Public Cloud and Managed Communications Services: Right Time, Right Place? : Right Time, Right Place? Market Advisory Report Ashok Kumar Director, Custom Research December, 2013 Current Analysis (www.currentanalysis.com) Washington, D.C. Paris, France Phone: +1 703 404 9200;

More information

Business Service Management Cyril Gobrecht Business Solutions Manager Halim Belkhatir Regional Manager. 17 December 2008

Business Service Management Cyril Gobrecht Business Solutions Manager Halim Belkhatir Regional Manager. 17 December 2008 Business Service Management Cyril Gobrecht Business Solutions Manager Halim Belkhatir Regional Manager 17 December 2008 1/12/2009 A unique offering to achieve BSM BSM from BMC is a comprehensive approach

More information

Proactive Risk Management with SAP BusinessObjects

Proactive Risk Management with SAP BusinessObjects Proactive Risk Management with SAP BusinessObjects Leveraging Technology to Gain Enterprise Transparency and Rapid Insight into Changing Business Conditions INTRODUCTION What is the totality of our enterprise

More information

Whitepaper: 7 Steps to Developing a Cloud Security Plan

Whitepaper: 7 Steps to Developing a Cloud Security Plan Whitepaper: 7 Steps to Developing a Cloud Security Plan Executive Summary: 7 Steps to Developing a Cloud Security Plan Designing and implementing an enterprise security plan can be a daunting task for

More information

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first

More information

The Government Cloud Protection Program: Disaster Recovery Services Transformed for the Perfect Storm

The Government Cloud Protection Program: Disaster Recovery Services Transformed for the Perfect Storm 2010 NASCIO RECOGNITION AWARD NOMINATION The Government Cloud Protection Program: Disaster Recovery Services Transformed for the Perfect Storm Nomination Category: Risk Management Initiatives Name of State

More information

Framework for Enterprise Risk Management

Framework for Enterprise Risk Management Framework for Enterprise Risk Management 2013 Johnson & Johnson Contents Introduction.... 4 J&J Strategic Framework... 5 What is Risk?.......................................................... 7 J&J Approach

More information

How To Consolidate A Data Center

How To Consolidate A Data Center Data Center Consolidation is fundamental to being prepared for the dramatic evolution in ICT technology, as well as fluctuating and unpredictable business demands. Avoiding the potential pitfalls is of

More information

FINANCIAL SERVICES FLASH REPORT

FINANCIAL SERVICES FLASH REPORT FINANCIAL SERVICES FLASH REPORT OCC Updates Guidance on Third-Party Relationships December 2, 2013 Introduction On November 4, 2013, the Office of the Comptroller of the Currency (OCC) released Bulletin

More information

BSM Transformation through CMDB Deployment. Streamlining the Integration of Change and Release Management

BSM Transformation through CMDB Deployment. Streamlining the Integration of Change and Release Management BSM Transformation through CMDB Deployment Streamlining the Integration of Change and Release Management Gordon Owens, Managing Consultant generatione Technologies Agenda Brief Introduction Building Blocks

More information

Adopting Quality Management for Business Success

Adopting Quality Management for Business Success Adopting Quality Management for Business Success Abstract Many organizations are taking advantage of Quality Management methodologies (such as Six Sigma ) to improve productivity, efficiency, and customer

More information

Why Change Your Job Scheduler? Today s business environments demand event-driven, enterprise-wide job scheduling unsupportable by legacy tools.

Why Change Your Job Scheduler? Today s business environments demand event-driven, enterprise-wide job scheduling unsupportable by legacy tools. Why Change Your Job Scheduler? Today s business environments demand event-driven, enterprise-wide job scheduling unsupportable by legacy tools. Job scheduling tools are automation workhorses that enable

More information

Addressing Internal Controls in Your ERP Implementation - Working with Your System Integrator to Engineer Compliance By John Folk, Protiviti Inc.

Addressing Internal Controls in Your ERP Implementation - Working with Your System Integrator to Engineer Compliance By John Folk, Protiviti Inc. Addressing Internal Controls in Your ERP Implementation - Working with Your System Integrator to Engineer Compliance By John Folk, Protiviti Inc. Despite the already heavy penetration of ERP software in

More information

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for

More information

The future of application outsourcing: making the move from tactical to strategic

The future of application outsourcing: making the move from tactical to strategic IBM Global Business Services White Paper The future of application outsourcing: making the move from tactical to strategic Application Services Page 2 Contents 2 Introduction 2 Success brings new challenges

More information

Optimizing the Data Center for Today s Federal Government

Optimizing the Data Center for Today s Federal Government WHITE PAPER: OPTIMIZING THE DATA CENTER FOR TODAY S FEDERAL......... GOVERNMENT............................... Optimizing the Data Center for Today s Federal Government Who should read this paper CIOs,

More information

10 Steps to a Successful Digital Asset Management Implementation by SrIkAnth raghavan, DIrector, ProDuct MAnAgeMent

10 Steps to a Successful Digital Asset Management Implementation by SrIkAnth raghavan, DIrector, ProDuct MAnAgeMent m a y 2 0 1 2 10 Steps to a Successful Digital Asset Management Implementation Strategies and Best Practices Implementing and deploying enterprise solutions across the organization can be complex, involving

More information

IT Governance: framework and case study. 22 September 2010

IT Governance: framework and case study. 22 September 2010 IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT

More information

Sarbanes-Oxley: Beyond. Using compliance requirements to boost business performance. An RIS White Paper Sponsored by:

Sarbanes-Oxley: Beyond. Using compliance requirements to boost business performance. An RIS White Paper Sponsored by: Beyond Sarbanes-Oxley: Using compliance requirements to boost business performance The business regulatory environment in the United States has changed. Public companies have new obligations to report

More information

Customer Data and Reputational Risk in the Pharmaceutical Industry

Customer Data and Reputational Risk in the Pharmaceutical Industry 1 Customer Data and Reputational Risk in the Pharmaceutical Industry Sensitive Data: A Chain of Trust Organizations of all types, from banks to government agencies to healthcare providers, are taking steps

More information

Data Governance. Unlocking Value and Controlling Risk. Data Governance. www.mindyourprivacy.com

Data Governance. Unlocking Value and Controlling Risk. Data Governance. www.mindyourprivacy.com Data Governance Unlocking Value and Controlling Risk 1 White Paper Data Governance Table of contents Introduction... 3 Data Governance Program Goals in light of Privacy... 4 Data Governance Program Pillars...

More information

Module 6 Essentials of Enterprise Architecture Tools

Module 6 Essentials of Enterprise Architecture Tools Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade

More information

How To Understand The Role Of Enterprise Architecture In The Context Of Organizational Strategy

How To Understand The Role Of Enterprise Architecture In The Context Of Organizational Strategy Enterprise Architecture in the Context of Organizational Strategy Sundararajan Vaidyanathan Senior Enterprise Architect, Unisys Introduction The Presidential Management Agenda (PMA) 1 is geared towards

More information

Optimizing the Data Center for Today s State & Local Government

Optimizing the Data Center for Today s State & Local Government WHITE PAPER: OPTIMIZING THE DATA CENTER FOR TODAY S STATE...... &.. LOCAL...... GOVERNMENT.......................... Optimizing the Data Center for Today s State & Local Government Who should read this

More information

Release Management: Effective practices for IT delivery

Release Management: Effective practices for IT delivery Release Management: Effective practices for IT delivery Introduction Today s health plans face a unique combination of technology challenges due to their complex IT environments. These environments serve

More information

White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard

White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard Abstract: This white paper outlines the ITIL industry best practices methodology and discusses the methods in

More information

Helping Enterprises Succeed: Responsible Corporate Strategy and Intelligent Business Insights

Helping Enterprises Succeed: Responsible Corporate Strategy and Intelligent Business Insights I D C E X E C U T I V E I N S I G H T S Helping Enterprises Succeed: Responsible Corporate Strategy and Intelligent Business Insights May 2009 By Albert Pang, Research Director, Enterprise Applications

More information

The Shift to Behavioral Monitoring: A New Paradigm for Exception-Based Reporting

The Shift to Behavioral Monitoring: A New Paradigm for Exception-Based Reporting The Shift to Behavioral Monitoring: A New Paradigm for Exception-Based Reporting Introduction In the past 10 years, exception-based reporting (EBR) has become a widespread tool for loss prevention in retail

More information

ITSM 101. Patrick Connelly and Sandeep Narang. Gartner. www.it.ufl.edu

ITSM 101. Patrick Connelly and Sandeep Narang. Gartner. www.it.ufl.edu ITSM 101 Patrick Connelly and Sandeep Narang Gartner 1 IT Service Management 101 Agenda What is IT Service Management? Why is IT Service Management Important? Speaking a Common Language: Overview of Key

More information

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT Solution in Detail NetWeaver BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING NetWeaver IDENTITY MANAGEMENT Identity management today presents organizations with a host of challenges. System landscapes

More information

Agile enterprise content management and the IBM Information Agenda.

Agile enterprise content management and the IBM Information Agenda. Transforming your content into a trusted, strategic asset Agile enterprise content management and the IBM Information Agenda. Delivering a common information framework for uncommon business agility Highlights

More information

Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy

Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy www.netforensics.com NETFORENSICS WHITE PAPER Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy Contents Executive Summary The Information Security Landscape Security

More information

IT Governance Overview

IT Governance Overview IT Governance Overview Contents Executive Summary... 3 What is IT Governance?... 4 Strategic Vision and IT Guiding Principles... 4 Campus-Wide IT Strategic Vision... 4 IT Guiding Principles... 4 The Scope

More information

Delivering peace of mind in outsourcing

Delivering peace of mind in outsourcing > Delivering peace of mind in outsourcing How to increase enterprise performance when outsourcing mission critical systems www.thalesgroup.com/security-services AND >> PERFORMANCE OUTSOURCING OF MISSION

More information

WHITE PAPER. Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements

WHITE PAPER. Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements WHITE PAPER Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements TABLE OF CONTENTS Executive Summary 2 Sarbanes-Oxley Section 404 Internal Controls 3 IT Involvement

More information

Harness Enterprise Risks With Oracle Governance, Risk and Compliance

Harness Enterprise Risks With Oracle Governance, Risk and Compliance Hardware and Software Engineered to Work Together Harness Enterprise Risks With Oracle Governance, Risk and Compliance Is the plethora of financial, operational and regulatory policies and mandates overwhelming

More information

Business Architecture Scenarios

Business Architecture Scenarios The OMG, Business Architecture Special Interest Group Business Architecture Scenarios Principal Authors William Ulrich, President, TSG, Inc. Co chair, OMG BASIG wmmulrich@baymoon.com Neal McWhorter, Principal,

More information

Cloud Computing in a Regulated Environment

Cloud Computing in a Regulated Environment Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2

More information

Introduction. What is ITIL? Automation Centre. Tracker Suite and ITIL

Introduction. What is ITIL? Automation Centre. Tracker Suite and ITIL 1 Introduction The Information Technology Infrastructure Library (ITIL) aims to improve the management of IT services within the organization, for lowered costs, improved efficiency and productivity. But

More information

Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management

Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management Brochure More information from http://www.researchandmarkets.com/reports/585854/ Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management Description: In recent years, the

More information

High-Shrink Store Programs: Why Focusing Your Resources on the Worst Performing Stores Will Reap the Most Benefits

High-Shrink Store Programs: Why Focusing Your Resources on the Worst Performing Stores Will Reap the Most Benefits High-Shrink Store Programs: Why Focusing Your Resources on the Worst Performing Stores Will Reap the Most Benefits Introduction: Why shrink matters Retailers are used to managing a certain amount of shrink

More information

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information

More information

How Technology Supports Project, Program and Portfolio Management

How Technology Supports Project, Program and Portfolio Management WHITE PAPER: HOW TECHNOLOGY SUPPORTS PROJECT, PROGRAM AND PORTFOLIO MANAGEMENT SERIES 4 OF 4 How Technology Supports Project, Program and Portfolio Management SEPTEMBER 2007 Enrico Boverino CA CLARITY

More information

The IBM Solution Architecture for Energy and Utilities Framework

The IBM Solution Architecture for Energy and Utilities Framework IBM Solution Architecture for Energy and Utilities Framework Accelerating Solutions for Smarter Utilities The IBM Solution Architecture for Energy and Utilities Framework Providing a foundation for solutions

More information

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP IT Audit Perspective on Continuous Auditing/Continuous Monitoring INTRODUCTION New demands from the board, senior organizational

More information