1. COMPLIANCE AS A DRIVER FOR BETTER IT GOVERNANCE
ABSTRACT
Compliance has become a signifiant issue for most organisations. It ranges from guidelines and regulations for internal control over financial reporting to specific requirements for process capabilities or outcomes prescribed by national regulators and contractual obligations.
- The risk of non-compliance is growing all the time.
- The potential for enormous financial and reputational impact is considerable.
- But, companies cannot sustain the current high compliance costs.
- Compliance initiatives can provide the route to value delivery.
THE CHALLENGE
Complex and multiple compliance requirements, as well as the cost of meeting them, necessitate a sustainable and integrated strategy.
- Responding to individual compliance requirements may be effective in the short-term but it will be inefficient and unsustainable in the long-term.
- Many compliance requirements are a result of poor practices that have crept into the business.
- Responding to compliance requirements can enhance operational performance and information quality.
- An approach that will rationalise unnecessary complexity.
HOW WE CAN HELP
Business-driven, risk-focused and technology-based approach that will:
- Address compliance requirements using a sustainable process based approach
- Provide a pre-defined order of improvements to address compliance requirements
- Build a compliance framework sufficient for business requirements
LESSONS LEARNED
- Compliance is a process effected by people.
- Accountability for compliance activities is key.
- Delegated resonsibility for compliance must be matched with suitable authority.
- Often compliance initiatives provide value beyond satisfying regulatory requirements.
2. DIRECT AND CONTROL IT ACTIVITIES FOR BETTER GOVERNANCE
ABSTRACTDelivering value and achieving compliance objectives is hugely dependent on a good IT governance framework that is capable of directing the activities within IT processes, controlling execution and measuring success.
- Few companies have developed the organiational maturity to effectively direct and control IT activities.
- Most organisations find themselves fire-fighting at the operational level.
- Strategic objectives are often out of focus due to heavy dependence on people skills alone for success.
THE CHALLENGE
Leadership, organisation structure, relationships and IT processes that will enable the business to achieve its goals.
- Leadership that is externally focused and respected by the business leaders.
- Organisational structures that establish accountability at the right levels of authority.
- Designated process ownership, definition and goals that are clearly defined and communicated.
- Outcomes from IT that the business expects.
HOW WE HELP
Capability improvement to better direct, control and measure performance that addresses:
- Process knowledge to build capability
- Solutions to effectively manage progress
- Scorecards to monitor process performance
LESSONS LEARNED
- Excessive process documentation destroys value
- Integrated processes require co-operation between process owners.
- Executive sponsorship is critical to success.
3. COBIT AS A FOUNDATION FOR INFORMATION SECURITY MANAGEMENT
ABSTRACT
Information security is now a business driven function involving the entire enterprise population. Most organisations have a large number of inter-enterprise connections and a wide range of technology and operational choices available for exercising (or not) security activities in each processing environment.
- Security and control are now highly dependent on user and application activities.
- Selection, testing and deployment of appropriate mechanisms to supply security functions is complex.
- Few organisations have established the processes necessary for effective information security.
THE CHALLENGE
Buildng information protection programs around:
- confidentiality, stressing "need to know" as the guiding principle for implementing a security program.
- integrity, focusing on the "control of privilege to create, modify, store, copy or delete information or information resources."
- availability, based on the "business' need" to have systems, resources and data available.
HOW WE HELP
Through the use of a process based approach:
- Define the IT activities necessary for effective information security
- Build capability in information security and relatd activities
- Focus on delivering the outcome that business expects from information security
LESSONS LEARNED
- There are a large number of IT processes that will have an impact on the effectiveness of information security.
- The outcome expected from information security should be first obtained from the business.
4. DETERMINING SERVICE PROVIDER CAPABILITY
ABSTRACT
In Dun & Bradstreet’s Barometer of Global Outsourcing, companies reported that between 20% and 25% of all outsourcing relationships fail in any two-year period. Nearly 70% of the respondents noted that the outsourcing supplier didn’t understand what they were supposed to do and that the cost is too high and the service provided too poor.
THE CHALLENGE
Client organisations often report feeling disadvantaged regarding their limited experience in performing many sourcing tasks.
- Inability of clients to adequately express their needs.
- Ambiguity in scope or the definition of services.
- Difficulties in defining service levels.
- Poorly written contracts are a common cause of failure in sourcing.
- Uncertaunty about the service provider's true capability.
HOW WE HELP
Risk management, capability improvement and performance measurement to:
- Assist clients build their capability to outsource.
- Perform due dilligence on the service provider's capability.
- Assist service providers build their capability in line with client expectations.
LESSONS LEARNED
- Buildng capability in the client organiations is essential for successful outsourcing.
- Service provider performance should be measured against the business' expectations.
| |
| 
