Need Improved Financial and Resource Management

Transcription

1 Why Reducing Professional Risk Exposure Services Organizations Need Improved Financial and Resource Management Compliments of Published by

2 2 Reducing Risk Exposure IT infrastructure needs to support overall business objectives, but in doing so it shouldn t open security loopholes that expose the organization to unnecessary risk. Connecting business processes with IT controls has always been a challenge, particularly because corporate goals, regulatory requirements and market conditions are constantly changing. But in this age of visibility and transparency, the cost of misaligning the two has come to the attention of stakeholders making the need for such collaboration more important than ever. Some 40 percent of U.S. CIOs say their organization recently ended or canceled an IT-related project before it was fully implemented, according to a 2009 survey 1 by ISACA, an independent group focused on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Companies canceled these IT projects primarily because business needs changed (36 percent), the solution did not deliver as promised (20 percent) or the project no longer supported the business strategy (10 percent). What s more, business compliance challenges have grown, yet technology is not widely used for internal control and compliance management purposes, writes Lee Dittmar, principal, Deloitte Consulting LLP 2 and national leader of the Enterprise Governance practice and the global leader of the Governance, Risk and Compliance (GRC) practice. Initially the compliance focus was squarely aimed at the challenges of Sarbanes-Oxley, HIPAA, and Basel II. But an increasing number of companies are beginning to look beyond those regulations and are starting to embrace the bigger picture about how this alignment can streamline business processes, minimize risk exposure and eliminate unnecessary costs. But collaboration is easier said than done, and complexity inevitably ensues. Business units and their supporting technology are often siloed, and companies must not open up security holes in an effort to increase visibility and transparency across the company. A strategically planned governance, risk and compliance solution can help bridge the gap between business processes and IT controls, ease compliance requirements and save money while improving security and enhancing business insight. Companies must assess whether they have the right business processes in place, determine if current IT investments support those business processes, find where unnecessary risks are located, and assess how can they contain costs while still driving revenue growth, according

3 3 to Rick Killpack, senior product manager, identity and security, at Novell. Once processes are in place, technology is required to keep them well-tuned. Technology should not only streamline business processes, but also minimize risk exposure and eliminate unnecessary costs, Killpack says. Compliance, Access Control and Security Here is just one example of the complexities associated with collaboration. To meet compliance requirements, companies must provide access controls to manage which employees have access to sensitive company or customer information. But in the IT department s efforts to comply they often disrupt business processes by creating too many security roadblocks. What s more, myriad hardware and software solutions often have different access control requirements, which create a maze of access control hurdles to clear. Managing access and segregation of duties requirements is a time-consuming and cost intensive process that requires constant attention and is often overlooked or avoided, according to an article published by Deloitte AG 3. Many organizations do not even have a clear understanding of the extent of their access management issues, beyond those their internal and external auditors tell them about. The results: either the organization ends up with silos of information and employees are unable to access required business information, or IT loosens controls to unclog business process, but in turn opens up security loopholes that lead to unnecessary risk. Forward-thinking organizations have found a way not only to better secure sensitive data, but also to create operational efficiencies and ultimately greater business insight. To solve access control issues, companies should utilize a governance, risk and compliance solution, in addition to a compliance management platform, to integrate access controls across the entire infrastructure and to achieve maximum security and enforcement.

4 4 Conclusion Well-managed information technology is a business enabler. Every deployment of information technology brings with it immediate risks to the organization and, therefore, every director or executive who deploys, or manager who makes any use of, information technology needs to understand these risks and the steps that should be taken to counter them, says Alan Calder 4, an international authority on IT governance and information security management. With careful alignment between business process with IT and a mindful eye on security loopholes companies can reduce risk exposure, meet compliance requirements, and ultimately gain better business insight. Sources: consulting_ti_itroleingrc_031407(1).pdf 3 controlsassuranceadvisory/article/766d1f vgnvcm200000bb42f00arcrd.htm 4

5 5 About Novell Novell, Inc. (Nasdaq: NOVL) delivers the best engineered, most interoperable Linux platform and a portfolio of integrated IT management software that helps customers around the world reduce cost, complexity and risk. With our infrastructure software and ecosystem of partnerships, Novell harmoniously integrates mixed IT environments, allowing people and technology to work as one. For more information, visit