10 Best-Selling Modules For Home Information Technology Professionals

Transcription

1 Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich GmbH The Core of V3 Service Strategy (Good) Services > follow (good) Strategy > are aligned with the business > are planned > are calculated > are controlled > are managed it the right Service Portfolio Management tool 2 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Copyright 2008 CA Software Österreich GmbH 1

2 Portfolio Management Evolution Project Portfolio Management: Emerged 2002 Comprehensive Portfolio Management: 2004 Service Portfolio Management: 2006 Projects and Significant Work Requests Strategic: BI for the IT Steering Committee Tactical: IT checkbooks for the business Portfolios include assets, apps, projects Scenario planning capabilities Constraint-based optimization and efficient frontiers Governing at the IT Service Level ITIL V3 3 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH IT Services > IT services are a unique combination of people, processes, technology and assets that provide specific business value. > The new CA Clarity IT Portfolio Manager and Clarity IT Business Relationship Manager modules can expand your usage of CA Clarity beyond the project portfolio and help your IT department deliver a portfolio of IT services that the business really values. 4 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Copyright 2008 CA Software Österreich GmbH 2

3 What is Clarity IT Service? > IT Service investment object Department can subscribe to an IT Service so IT know what customers are utilizing their services > Financial and Effort Rollup Configure child items to a service to see a hierarchical bill of investments that dynamically aggregates cost and labor totals to view the TCO of the service Available for most investments not just services > Investment Allocation Configure percentages on how an investment is allocate to its parent investment. Has to add up to 100% always. Computes the cost and labor totals within Financial and Effort Rollup pages based on the investment allocation on the child item 5 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Service Portfolio Management Use Case Idea Demand Analyze Idea Portfolio Service Hierarchy Plan Service - Hierarchy Financial Management Integration Import Asset costs Portfolio Analyze Service Provider Dashboard Metrics and Recovery Statement Customer Dashboard Metrics and Invoice Departments Subscribe to Service 6 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Copyright 2008 CA Software Österreich GmbH 3

4 Services 7 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Service-Hierarchie Investmenttypen %-Zuordnung 8 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Copyright 2008 CA Software Österreich GmbH 4

5 Customer Portal 9 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Provider Portal 10 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Copyright 2008 CA Software Österreich GmbH 5

6 Provider Portal / Incidents 11 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Provider Portal / Workload 12 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Copyright 2008 CA Software Österreich GmbH 6

7 Benefits of the Clarity IT Service IT > View real-time the TCO of their IT Services > More insight on the makeup of IT Services for improved forecast and budget of cost and labor resources > Better justify current budget or increases budget based on utilization of IT Services by the business > Visibility on customers using the IT Services to gauge how to best allocation resources and funds to existing IT Services Customer > Visibility to the services IT provides Subscribe or unsubscribe to services that are needed or not needed by the business > Provides transparency related to charges of IT Services subscriptions Where are funds going? > Provides a common mechanism to view business metrics of IT Services they have subscribed to 13 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH CA GRC Manager Copyright 2008 CA Software Österreich GmbH 7

8 ITG vis-à-vis GRC ITG IT-business alignment Operational Management Targets > CIO > PMO > Business Relationship Managers > IT Finance Systems > IT Portfolio Management > PPM > IT Asset Management > Financial Management > Resource Management > Demand Management GRC Identify, categorize and mitigate compliance risks Compliance & Risk Management Targets > CIO > CCO > CRO > Corporate Counsel Systems > Risk & Controls Management > Information Governance > Identity & Access Management > Security Information Management > Recovery Management > Change & Configuration Management /27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH GRC Market Categories & Definitions 16 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Copyright 2008 CA Software Österreich GmbH 8

9 The Evolution of GRC Optimize Maturity Get Compliant Single regulatory focus Too many controls Manual efforts Reduce Cost Associate controls with multiple regulations Associate controls with Risk Associate project cost to remediation Automate controls and monitor Manage across multiple regulations Risk-based decision making Compliance investment governance Integrated approach to GRC Manual controls As Is Time 17 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Customer Challenge: The Risk & Regulatory Dilemma Board of Directors Shareholders Regulators External Auditors Compliance SOX PMO Privacy CRO CCO Legal Counsel Risk Management Internal Audit Policies CobiT PCI SOX SLAs HIPAA SOX CobiT PCI Policies SLAs Procurement and AP Manufacturing Sales and Marketing Enterprise Security CIO CISO CFO Finance IT Accounting Human Resources Outsourced HR Outsourced IT 18 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Copyright 2008 CA Software Österreich GmbH 9

10 Complex and Costly Business Processes Regulators External Auditors Board of Directors Compliance SOX PMO Shareholders Procurement Privacy and AP Finance Regulatory Reviews Risk Management Risk Assessments Manufacturing Accounting CIO CRO CISO CCO Performance Policies HIPPA CobiT PCI SOX Improvement Sales and CFO Human Internal SLAs Marketing HIPAA Resources SOX Audit CobiT PCI Enterprise Outsourced Legal Policies Security HR IT Counsel SLAs Remediation Outsourced IT 19 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH IT GRC Unified and Simplified Reduce Total Cost Provide Transparency & Visibility Manage & Govern Compliance Provide Enterprise View for Executives Streamline Processes Reduce Complexity Improve Use of Resources Board of Directors Shareholders Regulators External Auditors Compliance SOX PMO Privacy CRO CCO Legal Counsel Risk Management Internal Audit Procurement and AP Manufacturing IT GRC CA GRC Manager Regulatory Sales and Policies HIPPA CobiT SLAs PCI SOXReviews Risk HIPAA Assessments Marketing SOX Performance CobiT Improvement Remediation PCI Policies SLAs Enterprise Security CIO CISO CFO Finance IT Accounting Human Resources Outsourced HR Outsourced IT 20 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Copyright 2008 CA Software Österreich GmbH 10

11 The Reality in the companies How often do we have to provide basically the same information to all these different groups? Business Unit Process Owners Audit Compliance Risk Management Regulators 21 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH A better way Let s document our risks and controls, testing and results once and relate them to all applicable regulations? Business Unit Process Owners Enterprise Risk and Control Repository Audit Compliance Risk Management Regulators 22 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Copyright 2008 CA Software Österreich GmbH 11

12 CA s IT GRC Solution What is it? > CA IT GRC Solution manages IT risk through a holistic portfolio-based approach that incorporates the automation and continuous monitoring of the underlying IT controls > We do this by enabling organizations to: Identify, categorize, analyze, and prioritize risk Automate and continuously monitor critical IT controls related to IT risk Project manage the remediation process 23 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH CA Differentiation in IT GRC Market > A Portfolio view of all IT risks and controls (GRC Manager) Content: Unified Compliance Framework, Deloitte Risk Catalog integration Configurable: Easily User-configured does not require coding for tailoring Connectivity Out-of-box integration with IT systems of record Business systems via XML Open Gateway Costs: Provides visibility into the total cost of compliance > Breadth of IT GRC controls includes: Industry s most comprehensive set of controls across the major areas of IT (security, information and assets) Continuous controls and monitoring to automate the process of monitoring these controls > A complete solution for IT GRC IT Controls have been proven in very large, complex IT environments GRC Manager is the result of extensive feedback from customers and analysts CA has many years of experience helping to deploy successful IT management solutions 24 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Copyright 2008 CA Software Österreich GmbH 12

13 Critical Questions Answered by CA GRC Manager > What are the controls for specific regulations such as SOX, PCI, etc? > What assets are related to a failed control? > What is it costing your Company to remediate controls for SOX? > What is the status of controls testing for a specific business unit? > What are the risks for a specific business unit and what is the status of the mitigating controls? 25 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH IT Governance & Risk Mitigation Clarity GRC Manager includes content that can help organizations identify requirements associated with almost 300 published regulations and industry standards from across the globe. Clarity GRC Manager also provides functionality that will help management identify and document the impact these requirements will have on the organization and manage these requirements effectively. Integration with other CA products will help automate management s risk and control related activities, reducing the burden of what is otherwise a very resource intensive and costly undertaking 26 2/27/2008 Integriertes Risk und Compliance Management - Copyright 2008 CA Software Österreich GmbH Copyright 2008 CA Software Österreich GmbH 13

14 Danke! Fragen? Martin Pscheidl CA Software Österreich GmbH Wienerbergstrasse 42 Euro Plaza Haus E martin.pscheidl@ca.com Copyright 2008 CA Software Österreich GmbH 14