The Role of Governance, Risk and Compliance in a Firm
|
|
- Wendy McLaughlin
- 3 years ago
- Views:
Transcription
1 Technology Investment: Achieving Balance Between Business Requirements and Regulatory Compliance
2 Over the past decade, IT organizations have endured a historic pendulum swing, from reckless IT development to painstaking entrenchment and control. As businesses operate in 2007, chief information officers (CIOs) face a vital challenge: how to swing that pendulum back without entering a second phase of uncontrolled IT activity. It is an important question. The boomtown era of the late 1990s saw unprecedented IT growth as companies raced to build out information infrastructure with little regard to IT controls or governance. New systems were deployed, new technologies were adopted, and often, unproven practices were implemented before top executive management could integrate them under a coherent framework. By 2002, the post-boom period had turned the information management world on its ear. Organizations faced a host of regulatory requirements, including the Sarbanes-Oxley Act, designed to increase visibility into corporate operations and information structures. And almost overnight, compliance emerged as the top priority for most IT shops. Today, with most enterprises having achieved initial compliance, the effort is shifting toward a critical phase: Companies now strive to maintain ongoing compliance while working to drive down cost and improve overall business performance. The result is a critical three-pronged challenge for the CIO: Achieve and maintain regulatory compliance Implement rapid improvements in technology Maintain and leverage the existing infrastructure In short, the mission for CIOs has shifted, from one focused on governance and control to one built on balance. Today, the effective CIO must strive to balance aspects of IT growth, business alignment, risk mitigation, operational efficiency and compliance. The Imperative for Governance, Risk and Compliance Achieving balance requires a robust management tool kit that integrates technology operations, business management and compliance activities into a coherent whole. Enter Governance, Risk and Compliance (GRC), an umbrella concept that integrates corporate and IT governance, risk management and compliance activities into a single framework. The thrust of GRC is to lift executive management out of the realm of point solutions and one-off processes to adopt a holistic approach toward these three interrelated concepts. GRC is not exclusive to any one level of the organization; instead, it demands complementary activities across the enterprise. Simply deploying IT architecture components is not enough. Deployments must address processes and workflows while respecting the global standards, metrics, goals and activities of the organization. It has been said that experience is the best teacher, and nowhere is this more true than in the area of GRC. Since 2000, business and technology executives have plowed enormous resources into making business processes and IT systems fully compliant. But having seen the difficulty in aligning disparate departments and practices, these executives are looking now for ways to streamline, optimize, automate and unify ongoing GRC management activities. What is more, the goal has evolved from simply meeting regulatory targets, which can put a drag on business performance, to improving and streamlining business processes and activities. The result is a holistic effort in which the IT organization applies GRC at multiple levels of the technology environment. These levels are: Entitywide This is the whole earth view : objectives, standards, metrics and activities that permeate the organization and apply to all of its IT environments and activities. The entitywide level applies generally to each of the specific tools, applications and systems that comprise an organization s technology environment. Process/Workflow These are the specific activities in the IT organization that process the demands of the business and deliver services to it. Examples include user access management, change management and help desk. In many organizations, these activities are defined within policies and procedures, and are enabled by workflow solutions that standardize, automate and monitor the execution of the activities in a consistent manner. These activities also are evaluated for effective and efficient performance. Process and 1
3 workflow comprise the set of activities that enable specific technology devices and applications to meet the needs of the organization. IT Architecture This is the set of technology tools, components and devices that comprise the technical architecture of the business. The IT architecture provides the environment for the process and workflow to operate, and also to monitor and report the process workflow. IT architecture consists of hardware, software, networks and operating systems, and includes both physical and logical devices. The Role of IT in GRC Traditionally, the CIO has been a key factor in the risk mitigation activities of the business entity. Information security, privacy and business continuity have long been important functions within most IT organizations to identify and mitigate risks. As technology increasingly has become involved in a myriad of other critical business activities, the effective CIO has improved the ability of the organization to mitigate risk. Compliance activities have helped position the IT organization as a key player in risk identification. The roles of audit, risk and compliance have increased in importance within the IT organization. In addition, the business has seen the ability of IT to improve the awareness of risks within business activities, as well as identify and validate the operation of controls designed to mitigate business and technology risks. By expanding from a compliance-centric viewpoint to incorporate concepts of governance and risk, the CIO can better leverage IT investments and improve the alignment of business requirements and technology capabilities. The CIO has an important role in the definition of each component of GRC. The entity-level measures are defined across the organization, but they must align with the IT architecture the ability of the organization to monitor, measure and report results. Also, the workflow and processes in the IT organization must align with the entity-level requirements, as defined and supported by the enabling technology environment. It is this linkage of entity goals, risks, performance requirements and enablement with technology that mandates the CIO be an integral member of the GRC program within an organization. Utilizing GRC to Deliver Business Value Using GRC as a framework, the CIO can evaluate investment decisions that enable alignment of the IT organization with the expanding requirements of the business while leveraging compliance-related focus and IT investment. For instance, during Sarbanes-Oxley compliance efforts, the organization normally focuses on the financial reporting risks and related processes and activities. In addition, the business enhances its awareness of the process activities. The result: significantly improved validation and mitigation of critical financial reporting risks. In the evolution to GRC, the organization must enhance the compliance activities and then relate them to the pervasive business risks and activities. In this manner, and enabled by the CIO, the organization achieves the following: Understands and documents additional risks of the business Documents processes that impact those risks Defines IT enablers of the business processes Improves both business and IT effectiveness and efficiency Confirms process effectiveness and efficiency Monitors alignment with enterprise requirements One of the most important aspects of GRC evolution revolves around improving business processes and the ability to confirm the real impact of these improvements. A virtuous cycle, which enhances the efficiency of IT activities, quickly develops. 2
4 Three Legs of GRC The Open Compliance and Ethics Group (OCEG), a not-for-profit organization that provides a framework for integrating governance, compliance, risk management and integrity into business practices, offers a succinct analogy for GRC. To wit: The fastest cars have the best brakes. To understand how GRC can improve business performance and ensure compliance, it is important to comprehend the underlying concepts. While IT governance, IT risk management and IT compliance are each unique disciplines in their own right, the three activities must be carefully orchestrated to enable a corporate environment that balances productivity and IT progress with effective control and management. Governance, Risk and Compliance (GRC) (Graphic courtesy of the Open Compliance and Ethics Group) Inside IT Governance Effective IT governance, at its heart, is about business alignment. CIOs must have visibility into operations and the tools to manage them. From defining requirements, return, value and quality to driving guidance and development of key policies and procedures, IT governance ensures that the technology serves the business. It sets the tone for the day-to-day management of constantly changing business requirements and resource allocations, and drives the measurement of processes against expected outcomes. IT governance includes: A definition of the acceptable risks within the IT environment Cost guidelines and expectations Key measures and metrics that monitor IT effectiveness Periodic reporting and measurement against expectations and agreements A framework for decision-making and changes to the operational plan Key policies and procedures Regarding IT Risk Management IT risk management is a program that identifies, sources and mitigates the many aspects of business operation that may cause objectives not to be achieved. Notably, the arena of risk management has widened, from gauging hazard and credit risks to a more global view that examines and assesses operational risks within and beyond the organization. Contemplating IT Compliance Management IT compliance management addresses all the regulatory requirements of business operation. From well-known and far-reaching compliance targets like Sarbanes- Oxley to a host of industry- and location-specific rules, laws and regulations, companies must ensure that they monitor and achieve shifting compliance targets. Compliance activities run the gamut, from IT infrastructure and business processes to human factors impacted by training and management. 3
5 For example, as the IT organization improves the rollout of business requirements and executes the activities efficiently, the business can operate with reduced risk of failure and increased confidence. This enables new business requirements that further drive down risk and drive up confidence. As these improvement activities are evaluated and measured in the GRC framework, the CIO can identify areas for investment, which can demonstrate returns that extend beyond the traditional view of ROI. Prioritization of IT Initiatives As the GRC framework is established, the next challenge is to determine the priority of new initiatives required to support and enable the business. Each new initiative creates potential changes to the existing GRC framework, establishes new requirements for services, and impacts existing resource capabilities and services. And again, the benefits of these initiatives can extend well beyond traditional ROI. New measures for determining the business value of these initiatives must be formulated this activity demands the involvement of stakeholders within the business. Is There a Single Solution to GRC Evolution? In the world of technology hardware and software, there is a constant stream of new services, capabilities and solutions. As technical capability improves, companies are faced with investment decisions. CIOs will be tempted to purchase tools to improve the IT architecture aspect, but these investments also must consider the entitywide and process aspects. It is critical for CIOs to see the entire picture before making investment decisions. Data storage offers an interesting case in point. Falling costs and improving architectures and software have compelled many businesses to invest in storage solutions. However, companies that expand the storage infrastructure without updating IT activities and processes to leverage it are asking for trouble. Not only can the new build-out impact existing network performance and complicate procedures like backup, but also the value of the updated infrastructure remains locked up until better information management capabilities can be deployed. In addition, companies have purchased additional storage as a means to address ongoing compliance issues related to records management. Despite the need for additional storage to house the electronic records to comply with regulatory issues, the storage must be a component of a broader initiative that includes identification of the risk and the processes related to governance that enable the storage to address the regulatory needs. One mechanism CIOs can use to gain insight into technology needs is compliance technology. GRC software that enhances and enables compliance processes has made dramatic strides in functionality and stability, and is able to automate the manual processes developed for Sarbanes-Oxley and other compliance initiatives. Also improved over the past few years are the tools used to automate IT processes, such as change management and user administration. These tool sets can dramatically reduce cycle times and increase adherence to stated policies and procedures. The Impact of IT Processes on Quality, Cost and Compliance As we consider the three aspects of GRC entitywide, process and IT architecture the focus remains firmly on process. Experience remains the best teacher, and early experience with Sarbanes-Oxley revealed the critical importance of quality IT processes. Many IT shops struggled with initial Sarbanes-Oxley compliance because their IT processes were immature, lacked standardization and were loosely implemented. What s more, many businesses lacked the ability to monitor the performance of these processes. As a result, IT leaders often learned that employees were handling IT processes more as suggested approaches, rather than as repeatable methods for performing activities. There is growing evidence that mature IT processes can produce impressive returns to the business. And within these processes, evidence mounts that investments in IT governance and internal controls can turn average IT shops into highly successful ones. For example, the IT Process Institute recently released the IT Controls Performance Study, which details a number of compelling findings, including: The best practices outlined by the Information Technology Infrastructure Library (ITIL) and CobiT do broadly improve performance. 4
6 Twenty-one Foundational Controls have been identified with the largest impact on operations, security and audit performance. In comparing organizations, high performers enjoy the following compelling benefits: - Report 12 percent to 37 percent lower rates of unplanned work - Support 2.5 to 5 times the number of servers per administrator - Experience losses from security events 29 percent to 84 percent less frequently - Authorize and support 5 to 14 times the number of IT changes An August 2006 Baseline magazine article commenting on the IT Process Institute study stated: The verdict is in: the greater the adherence to controls, the better-run the information-technology shop. In other words, careful compliance controls can be good for your company. Balancing the Pendulum of IT Focus IT leaders should consider the following key actions to address this balancing act: 1. Increase the understanding of business requirements for the IT organization. 2. Use IT governance as a platform to leverage the investment in compliance. 3. Incorporate risk identification into the decision-making process for IT investment (e.g., include risk impact in the ROI model). 4. Take a comprehensive view of GRC to strengthen the efforts to prioritize the demands of the business on IT. IT stands at a critical crossroads. Many IT leaders seek a state of balance that allows IT to align with the business without losing sight of the investments poured into compliance. Effective IT leaders recognize that failing to address both IT business alignment and ongoing compliance threatens to produce another swing of the pendulum. The good news is IT leaders have an opportunity to regain control of their project portfolio. Projects delayed by the crush of Sarbanes-Oxley activities can be addressed now. The task at hand is to identify how exactly to move forward in a balanced fashion that improves business performance while maintaining focus on compliance. In short, CIOs must weigh investment decisions while respecting all three critical aspects of the technology environment entitywide, process and IT architecture. We recommend implementing GRC as a framework for permeating the decision-making process in an organization. The implementation of an integrated environment to improve governance, manage risk and enable compliance will provide the CIO with the tools to drive improved business alignment, and ultimately, business value. In the end, IT leaders who take advantage of the investments in compliance, while balancing the governance and risk processes, will be able to make future decisions that better enable alignment with the business requirements of technology. About Protiviti Protiviti ( is a leading provider of independent risk consulting and internal audit services. We provide consulting and advisory services to help clients identify, assess, measure and manage financial, operational and technology-related risks encountered in their industries, and assist in the implementation of the processes and controls to enable their continued monitoring. We also offer a full spectrum of internal audit services to assist management and directors with their internal audit functions, including full outsourcing, co-sourcing, technology and tool implementation, and quality assessment and readiness reviews. Protiviti, which has 60 locations in the Americas, Asia-Pacific and Europe, is a wholly owned subsidiary of Robert Half International Inc. (NYSE symbol: RHI). Founded in 1948, Robert Half International is a member of the S&P 500 index. This white paper is sponsored by: 5
7 Protiviti ( is a leading provider of independent risk consulting and internal audit services. We provide consulting and advisory services to help clients identify, assess, measure and manage financial, operational and technology-related risks encountered in their industries, and assist in the implementation of the processes and controls to enable their continued monitoring. We also offer a full spectrum of internal audit services to assist management and directors with their internal audit functions, including full outsourcing, co-sourcing, technology and tool implementation, and quality assessment and readiness reviews. Protiviti is not licensed or registered as a public accounting firm and does not issue opinions on financial statements or offer attestation services. protiviti.com Protiviti Inc. All rights reserved. An Equal Opportunity Employer. PRO
Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations
Preventing Fraud: Assessing the Fraud Risk Management Capabilities of Today s Largest Organizations Overview In late 2006 and 2007, Protiviti commissioned a study to gauge the fraud risk management (FRM)
More informationHigh Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director
High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role
More informationProcess Control Optimisation with SAP
Process Control Optimisation with SAP The procure-to-pay cycle, which includes all activities from the procurement of goods and services to receiving invoices and paying vendors, is a basic business process.
More informationMapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA
Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT
More informationINFORMATION TECHNOLOGY FLASH REPORT
INFORMATION TECHNOLOGY FLASH REPORT ISACA Releases COBIT 5: Updated Framework for the Governance and Management of IT May 18, 2012 In April, ISACA released COBIT 5 as a replacement for its current globally
More informationSAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned
SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned Executive Summary Organizations evaluating technology solutions to enhance their governance, risk and compliance
More informationA Practical Guide to Information Governance in Microsoft SharePoint 2013
A Practical Guide to Information Governance in Microsoft SharePoint 2013 Antonio Maio Protiviti, Senior SharePoint Architect & Senior Manager Microsoft SharePoint Server MVP Email: Antonio.maio@protiviti.com
More informationWhite Paper. An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management
White Paper An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management Managing Data as an Enterprise Asset By setting up a structure of
More information1. FPO. Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Second Edition
1. FPO Guide to the Sarbanes-Oxley Act: IT Risks and Controls Second Edition Table of Contents Introduction... 1 Overall IT Risk and Control Approach and Considerations When Complying with Sarbanes-Oxley...
More informationContinuous Monitoring and Auditing: What is the difference? By John Verver, ACL Services Ltd.
Continuous Monitoring and Auditing: What is the difference? By John Verver, ACL Services Ltd. Call them the twin peaks of continuity continuous auditing and continuous monitoring. There are certainly similarities
More informationManaging Supply Disruptions
Managing Supply Disruptions Building fundamentals to manage supply risk and improve supply chain performance All organizations have internal and external supply chains that deliver goods or services to
More informationGuide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions
Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall
More informationPulling it all together: Integrated Solutions for Governance, Risk and Compliance
Customer Practice Profile Pulling it all together: Integrated Solutions for Governance, Risk and Compliance The business case for a new enterprise approach to GRC Integrated solutions for Governance, Risk
More informationApplying ITIL v3 Best Practices
white paper Applying ITIL v3 Best Practices to improve IT processes Rocket bluezone.rocketsoftware.com Applying ITIL v. 3 Best Practices to Improve IT Processes A White Paper by Rocket Software Version
More informationKey Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing
Contents Introduction Why GRC Assessment Benefits of Cloud computing and Problem Statement Key Speculations & Problems faced by Cloud service user s in Today s time Threats, Vulnerabilities and related
More informationIT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma
IT Governance, Risk and Compliance (GRC) : A Strategic Priority Joerg Asma Agenda Introductions An Overview of IT Governance Risk & Compliance (IT-GRC) The Value Proposition Implementing an IT-GRC Program
More informationOffice of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015
Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationFortune 500 Medical Devices Company Addresses Unique Device Identification
Fortune 500 Medical Devices Company Addresses Unique Device Identification New FDA regulation was driver for new data governance and technology strategies that could be leveraged for enterprise-wide benefit
More informationComply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan
Comply, Improve, Transform: Regulatory Compliance Management for Software Development Jim Duggan You Can Offset the Costs of Compliance! Complexity Drives Cost UP Sarbanes-Oxley HIPAA EPA Basel II M&A
More informationSARBANES- OXLEYPlaybook. A comprehensive guide for managing compliance by CIOs for CIOs
SARBANES- OXLEYPlaybook A comprehensive guide for managing compliance by CIOs for CIOs TABLE OF CONTENTS EXECUTIVE SUMMARY............................................1-3 THE ROLE OF THE CIO............................................4-8
More informationEnabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013
Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities
More informationAchieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations
Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................
More informationPROTIVITI FLASH REPORT
PROTIVITI FLASH REPORT Cybersecurity Framework: Where Do We Go From Here? February 25, 2014 Just over a year ago, President Barack Obama signed an Executive Order (EO) calling for increased cybersecurity
More informationInternal Auditing is an Asset for Small Companies as well as Large Ones
Internal Auditing is an Asset for Small Companies as well as Large Ones The term internal audit usually inspires two immediate responses. The first is fear: Is something wrong in our organization? Have
More informationCA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.
TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive
More informationGlobal Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com W H I T E P A P E R C I O S t r a t e g i e s f o r A l i g n i n g G R C w i t h B u s i n e s s
More informationexecutive white paper
EXECUTIVE WHITE PAPER executive white paper Governing IT to Maximise Value IT Governance for Compliance, Risk Management and Cost Reduction Contents Introduction...2 APM Technology...3 Governance...4 Compliance...6
More informationCombine ITIL and COBIT to Meet Business Challenges
Combine ITIL and COBIT to Meet Business Challenges By Peter Hill, Director, IT Governance Network, and Ken Turbitt, Best Practices Director, BMC Software BEST PRACTICES WHITE PAPER Table of Contents ABSTRACT...
More informationCapital Projects and Construction: Building in Risk Management and Project Controls
Capital Projects and Construction: Building in Risk Management and Project Controls Making Every Dollar Count The global economic crisis sparked by the subprime mortgage debacle, the collapse of the securitized
More informationBPM IN F&A THE DIGITAL CFO PARTNERING THE BUSINESS IN GROWTH. xchanging.com BUSINESS PROCESS MANAGEMENT 1
THE DIGITAL CFO PARTNERING THE BUSINESS IN GROWTH xchanging.com BUSINESS MANAGEMENT 1 The changing economic landscape has transformed the role of a Chief Financial Officer (CFO). No longer a financial
More informationBlending Corporate Governance with. Information Security
Blending Corporate Governance with Information Security WHAT IS CORPORATE GOVERNANCE? Governance has proved an issue since people began to organise themselves for a common purpose. How to ensure the power
More informationTop Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER
Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER Regulatory compliance. Server virtualization. IT Service Management. Business Service Management. Business Continuity planning.
More informationIT Transformation. Moving Beyond Service Management to a Strategic Business Role. August 2013. kpmg.com
IT Transformation Moving Beyond Service Management to a Strategic Business Role August 2013 kpmg.com KPMG surveyed over 275 attendees at ServiceNow s Knowledge13 conference, here is what we learned. Key
More informationTelecommunications Is Strategic: Executive Sponsors Secure Competitive Advantage for Enterprises
Telecommunications Is Strategic: Executive Sponsors Secure Competitive Advantage for Enterprises Table of Contents Executive Summary... 1 The Case for Executive Involvement... 2 Critical Steps to Gain
More informationAvanade Point of View. Getting it right with a project and portfolio management solution
Avanade Point of View Getting it right with a project and portfolio management solution Better control, higher value Orchestrating a portfolio of projects, and the resources for execution, challenges leaders
More informationITIL's IT Service Lifecycle - The Five New Silos of IT
The workable, practical guide to Do IT Yourself Vol. 4.01 January 1, 2008 ITIL's IT Service Lifecycle - The Five New Silos of IT By Rick Lemieux In my last article I spoke about IT s evolution from its
More informationCertified Identity and Access Manager (CIAM) Overview & Curriculum
Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management
More informationHow Perforce Can Help with Sarbanes-Oxley Compliance
How Perforce Can Help with Sarbanes-Oxley Compliance C. Thomas Tyler Chief Technology Officer, The Go To Group, Inc. In collaboration with Perforce Software Perforce and Sarbanes-Oxley The Sarbanes-Oxley
More informationMaking Compliance Work for You
white paper Making Compliance Work for You with application lifecycle management Rocket bluezone.rocketsoftware.com Making Compliance Work for You with Application Lifecycle Management A White Paper by
More informationCompared to other industries, banks do quite
A Framework for Governance, Risk Management and Compliance By Tom Grubb and Tom Burke Compliance and operational improvements are complementary and should happen in tandem. Compared to other industries,
More information10 Best-Selling Modules For Home Information Technology Professionals
Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich
More informationWhite Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA
White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial
More informationImplement a unified approach to service quality management.
Service quality management solutions To support your business objectives Implement a unified approach to service quality management. Highlights Deliver high-quality software applications that meet functional
More informationHow IT Can Help Companies Make Better, Faster Decisions
How IT Can Help Companies Make Better, Faster Decisions How It Can Help Companies Make Better Faster Decisions Of the many different groups that make up a business organization sales, finance, human resources
More informationAddress IT costs and streamline operations with IBM service desk and asset management.
Asset management and service desk solutions To support your IT objectives Address IT costs and streamline operations with IBM service desk and asset management. Highlights Help improve the value of IT
More informationHow To Standardize Itil V3.3.5
Business white paper Standardize your ITSM An HP approach based on best practices Table of contents 3 Introduction 3 Benefits and challenges 5 The HP approach to standardizing ITSM 6 Establish an IT operations
More informationHow To Understand And Understand The Concept Of Business Architecture
WHITE PAPER Business Architecture: Dispelling Ten Common Myths William Ulrich, TSG, Inc. Whynde Kuehn, S2E Consulting Inc. Business Architecture: An Evolving Discipline B usiness architecture is a maturing
More informationHow To Improve Your Career At Csu, Chico
Aligning with the future T h e IT Strat e g i c P l a n INFORMATION RESOURCES Academic Technologies 2005 2010 Introduction We have witnessed a tremendous growth in the use of information technology across
More informationOffice of the Chief Information Officer
Office of the Chief Information Officer Business Plan: 2012 2015 Department / Ministère: Executive Council Date: November 15, 2012 1 P a g e This Page Left Intentionally Blank 2 P a g e Contents The Business
More informationTable of contents. Standardizing IT Service Management. Best practices based on HP experience in ITSM consolidation. White paper
Standardizing IT Service Management Best practices based on HP experience in ITSM consolidation White paper Table of contents Go!... 2 Benefits and challenges... 2 The HP approach to standardizing ITSM...
More informationImproving Service Asset and Configuration Management with CA Process Maps
TECHNOLOGY BRIEF: SERVICE ASSET AND CONFIGURATION MANAGEMENT MAPS Improving Service Asset and Configuration with CA Process Maps Peter Doherty CA TECHNICAL SALES Table of Contents Executive Summary SECTION
More informationSoftware-as-a-Service: Managing Key Concerns and Considerations
Software-as-a-Service: Managing Key Concerns and Considerations A research report Publication sponsored by: TABLE OF CONTENTS Introduction: Cloud IT, including SaaS, is Real IT Managing The Key Concerns
More informationGLOBAL STANDARD FOR INFORMATION MANAGEMENT
GLOBAL STANDARD FOR INFORMATION MANAGEMENT Manohar Ganshani Businesses have today expanded beyond local geographies. Global presence demands uniformity within the processes across disparate locations of
More informationPublic Cloud and Managed Communications Services: Right Time, Right Place?
: Right Time, Right Place? Market Advisory Report Ashok Kumar Director, Custom Research December, 2013 Current Analysis (www.currentanalysis.com) Washington, D.C. Paris, France Phone: +1 703 404 9200;
More informationBusiness Service Management Cyril Gobrecht Business Solutions Manager Halim Belkhatir Regional Manager. 17 December 2008
Business Service Management Cyril Gobrecht Business Solutions Manager Halim Belkhatir Regional Manager 17 December 2008 1/12/2009 A unique offering to achieve BSM BSM from BMC is a comprehensive approach
More informationProactive Risk Management with SAP BusinessObjects
Proactive Risk Management with SAP BusinessObjects Leveraging Technology to Gain Enterprise Transparency and Rapid Insight into Changing Business Conditions INTRODUCTION What is the totality of our enterprise
More informationWhitepaper: 7 Steps to Developing a Cloud Security Plan
Whitepaper: 7 Steps to Developing a Cloud Security Plan Executive Summary: 7 Steps to Developing a Cloud Security Plan Designing and implementing an enterprise security plan can be a daunting task for
More informationOperational Risk Management - The Next Frontier The Risk Management Association (RMA)
Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first
More informationThe Government Cloud Protection Program: Disaster Recovery Services Transformed for the Perfect Storm
2010 NASCIO RECOGNITION AWARD NOMINATION The Government Cloud Protection Program: Disaster Recovery Services Transformed for the Perfect Storm Nomination Category: Risk Management Initiatives Name of State
More informationFramework for Enterprise Risk Management
Framework for Enterprise Risk Management 2013 Johnson & Johnson Contents Introduction.... 4 J&J Strategic Framework... 5 What is Risk?.......................................................... 7 J&J Approach
More informationHow To Consolidate A Data Center
Data Center Consolidation is fundamental to being prepared for the dramatic evolution in ICT technology, as well as fluctuating and unpredictable business demands. Avoiding the potential pitfalls is of
More informationFINANCIAL SERVICES FLASH REPORT
FINANCIAL SERVICES FLASH REPORT OCC Updates Guidance on Third-Party Relationships December 2, 2013 Introduction On November 4, 2013, the Office of the Comptroller of the Currency (OCC) released Bulletin
More informationBSM Transformation through CMDB Deployment. Streamlining the Integration of Change and Release Management
BSM Transformation through CMDB Deployment Streamlining the Integration of Change and Release Management Gordon Owens, Managing Consultant generatione Technologies Agenda Brief Introduction Building Blocks
More informationAdopting Quality Management for Business Success
Adopting Quality Management for Business Success Abstract Many organizations are taking advantage of Quality Management methodologies (such as Six Sigma ) to improve productivity, efficiency, and customer
More informationWhy Change Your Job Scheduler? Today s business environments demand event-driven, enterprise-wide job scheduling unsupportable by legacy tools.
Why Change Your Job Scheduler? Today s business environments demand event-driven, enterprise-wide job scheduling unsupportable by legacy tools. Job scheduling tools are automation workhorses that enable
More informationAddressing Internal Controls in Your ERP Implementation - Working with Your System Integrator to Engineer Compliance By John Folk, Protiviti Inc.
Addressing Internal Controls in Your ERP Implementation - Working with Your System Integrator to Engineer Compliance By John Folk, Protiviti Inc. Despite the already heavy penetration of ERP software in
More informationCloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing
Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for
More informationThe future of application outsourcing: making the move from tactical to strategic
IBM Global Business Services White Paper The future of application outsourcing: making the move from tactical to strategic Application Services Page 2 Contents 2 Introduction 2 Success brings new challenges
More informationOptimizing the Data Center for Today s Federal Government
WHITE PAPER: OPTIMIZING THE DATA CENTER FOR TODAY S FEDERAL......... GOVERNMENT............................... Optimizing the Data Center for Today s Federal Government Who should read this paper CIOs,
More information10 Steps to a Successful Digital Asset Management Implementation by SrIkAnth raghavan, DIrector, ProDuct MAnAgeMent
m a y 2 0 1 2 10 Steps to a Successful Digital Asset Management Implementation Strategies and Best Practices Implementing and deploying enterprise solutions across the organization can be complex, involving
More informationIT Governance: framework and case study. 22 September 2010
IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT
More informationSarbanes-Oxley: Beyond. Using compliance requirements to boost business performance. An RIS White Paper Sponsored by:
Beyond Sarbanes-Oxley: Using compliance requirements to boost business performance The business regulatory environment in the United States has changed. Public companies have new obligations to report
More informationCustomer Data and Reputational Risk in the Pharmaceutical Industry
1 Customer Data and Reputational Risk in the Pharmaceutical Industry Sensitive Data: A Chain of Trust Organizations of all types, from banks to government agencies to healthcare providers, are taking steps
More informationData Governance. Unlocking Value and Controlling Risk. Data Governance. www.mindyourprivacy.com
Data Governance Unlocking Value and Controlling Risk 1 White Paper Data Governance Table of contents Introduction... 3 Data Governance Program Goals in light of Privacy... 4 Data Governance Program Pillars...
More informationModule 6 Essentials of Enterprise Architecture Tools
Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade
More informationHow To Understand The Role Of Enterprise Architecture In The Context Of Organizational Strategy
Enterprise Architecture in the Context of Organizational Strategy Sundararajan Vaidyanathan Senior Enterprise Architect, Unisys Introduction The Presidential Management Agenda (PMA) 1 is geared towards
More informationOptimizing the Data Center for Today s State & Local Government
WHITE PAPER: OPTIMIZING THE DATA CENTER FOR TODAY S STATE...... &.. LOCAL...... GOVERNMENT.......................... Optimizing the Data Center for Today s State & Local Government Who should read this
More informationRelease Management: Effective practices for IT delivery
Release Management: Effective practices for IT delivery Introduction Today s health plans face a unique combination of technology challenges due to their complex IT environments. These environments serve
More informationWhite Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard
White Paper Case Study: How Collaboration Platforms Support the ITIL Best Practices Standard Abstract: This white paper outlines the ITIL industry best practices methodology and discusses the methods in
More informationHelping Enterprises Succeed: Responsible Corporate Strategy and Intelligent Business Insights
I D C E X E C U T I V E I N S I G H T S Helping Enterprises Succeed: Responsible Corporate Strategy and Intelligent Business Insights May 2009 By Albert Pang, Research Director, Enterprise Applications
More informationThe Shift to Behavioral Monitoring: A New Paradigm for Exception-Based Reporting
The Shift to Behavioral Monitoring: A New Paradigm for Exception-Based Reporting Introduction In the past 10 years, exception-based reporting (EBR) has become a widespread tool for loss prevention in retail
More informationITSM 101. Patrick Connelly and Sandeep Narang. Gartner. www.it.ufl.edu
ITSM 101 Patrick Connelly and Sandeep Narang Gartner 1 IT Service Management 101 Agenda What is IT Service Management? Why is IT Service Management Important? Speaking a Common Language: Overview of Key
More informationBUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT
Solution in Detail NetWeaver BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING NetWeaver IDENTITY MANAGEMENT Identity management today presents organizations with a host of challenges. System landscapes
More informationAgile enterprise content management and the IBM Information Agenda.
Transforming your content into a trusted, strategic asset Agile enterprise content management and the IBM Information Agenda. Delivering a common information framework for uncommon business agility Highlights
More informationActionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy
www.netforensics.com NETFORENSICS WHITE PAPER Actionable Security Intelligence: Preparing for the Next Threat with a Proactive Strategy Contents Executive Summary The Information Security Landscape Security
More informationIT Governance Overview
IT Governance Overview Contents Executive Summary... 3 What is IT Governance?... 4 Strategic Vision and IT Guiding Principles... 4 Campus-Wide IT Strategic Vision... 4 IT Guiding Principles... 4 The Scope
More informationDelivering peace of mind in outsourcing
> Delivering peace of mind in outsourcing How to increase enterprise performance when outsourcing mission critical systems www.thalesgroup.com/security-services AND >> PERFORMANCE OUTSOURCING OF MISSION
More informationWHITE PAPER. Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements
WHITE PAPER Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements TABLE OF CONTENTS Executive Summary 2 Sarbanes-Oxley Section 404 Internal Controls 3 IT Involvement
More informationHarness Enterprise Risks With Oracle Governance, Risk and Compliance
Hardware and Software Engineered to Work Together Harness Enterprise Risks With Oracle Governance, Risk and Compliance Is the plethora of financial, operational and regulatory policies and mandates overwhelming
More informationBusiness Architecture Scenarios
The OMG, Business Architecture Special Interest Group Business Architecture Scenarios Principal Authors William Ulrich, President, TSG, Inc. Co chair, OMG BASIG wmmulrich@baymoon.com Neal McWhorter, Principal,
More informationCloud Computing in a Regulated Environment
Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2
More informationIntroduction. What is ITIL? Automation Centre. Tracker Suite and ITIL
1 Introduction The Information Technology Infrastructure Library (ITIL) aims to improve the management of IT services within the organization, for lowered costs, improved efficiency and productivity. But
More informationGovernance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management
Brochure More information from http://www.researchandmarkets.com/reports/585854/ Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management Description: In recent years, the
More informationHigh-Shrink Store Programs: Why Focusing Your Resources on the Worst Performing Stores Will Reap the Most Benefits
High-Shrink Store Programs: Why Focusing Your Resources on the Worst Performing Stores Will Reap the Most Benefits Introduction: Why shrink matters Retailers are used to managing a certain amount of shrink
More informationCORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT
CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information
More informationHow Technology Supports Project, Program and Portfolio Management
WHITE PAPER: HOW TECHNOLOGY SUPPORTS PROJECT, PROGRAM AND PORTFOLIO MANAGEMENT SERIES 4 OF 4 How Technology Supports Project, Program and Portfolio Management SEPTEMBER 2007 Enrico Boverino CA CLARITY
More informationThe IBM Solution Architecture for Energy and Utilities Framework
IBM Solution Architecture for Energy and Utilities Framework Accelerating Solutions for Smarter Utilities The IBM Solution Architecture for Energy and Utilities Framework Providing a foundation for solutions
More informationIT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP
IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP IT Audit Perspective on Continuous Auditing/Continuous Monitoring INTRODUCTION New demands from the board, senior organizational
More information