IT Governance, Risk &
Compliance
2009
Your Text here Your Text here
Galit Fein
VP & Senior Analyst
Office of the CIO Strategies
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 1

Agenda
1
IT Trends 2009
2
Regulations implications on IT
Your Text here Your Text here
3
Best Practices
4
Conclusion
Enterprise Risk Mngt
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 2

IT Trends 2009
Reduced IT spending
Higher standards dictated by new regulations
Maintenance mode:
Your Text here Your Text here
• No new project/technology
• Extracting value from existing investments
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 3

Taking Advantage of a Downturn
Financial crisis has increased the attention to the
management of IT costs
Increased budget for regulation & security in 2009
Top Pressers Driving ERM
Your Text here Your Text here
46%
New/ changing regulations
38%
Better risk mngt
31%
Protect the organization
24%
Improve operational efficiencies
Source: Aberdeen Group 2008
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 4

Current Situation:
Compliance, Risk & What?
one-time regulation projects
 Quick fix
 “SOX is the must have - it will not have strategic impact on
the organization”
Your Text here Your Text here
inefficient & becoming a
 Fragmented approach to GRC is
huge cost driver
 “Existing tools handle only documentation of SOX compliance
procedures -they don’t check the level of enforcement!”
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 5

Enterprise Risk Management
CEO must know what are the risks associated with IT
investments just as he aware of risks associated with
Doubtful Debt / or other important risks
finance -
IT investment / project:
Your Text here Your Text here
ROI
Budget
Schedule
? Risk factors
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 6

Prepare to the Unpredictable
Satyam,
Who Can? Madoff Admits Wipro,
50 Billion $ Fraud IBM,
Oracle,
Amdocs,
Infosys,
Cognizant,
firing
HP 9/11
Your Text here Your Text here
Banking crisis:
Wall Street crisis
Lehman Brothers bankruptcy
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 7

Governance, Risk & Compliance!
ongoing effort
Need for to comply with
regulation
compliance from a tactical reaction here
Your Text to
Move Your Text here
strategic imperative
Firms can no longer afford to approach compliance
as tactical project like meeting the SOX deadline
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 8

Regulations bring improvements into IT
The role of CIO & ITOs will evolve under SOX
Resources & recognition of vulnerabilities in the IT area
SOX brings improvements into the following areas:
• information system security
Your Text here Your Text here
• segregation of duties
• access controls & access monitoring
• test procedures & program change mngt
• processes to document policies,
& controls
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 9

Enterprise Risk Management
Common Frameworks:
Process: Process
ITIL

Developing process to improve
Maturity models

efficiency & IT service delivery – CMMI , PMM
Quality control
Quality control:
Your Text here Your Text here
ISO 9001

Build metrics to follow up
 Total Quality Mngt
performance & improvement (TQM)
 Six Sigma
Governance:
Governance
Establishing oversight measures COBIT

All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 10

Best Practices vs. Innovation
 STRATEGIC IT
 TACTICAL IT
• Tactical functions simply • Strategic functions drive
Best Innovation
keep the business up & the company’s dollar, stock
Practices
running on a day-to-day value, & competitive
Your Text here
advantage Text here
Your
basis:
 COBIT  Office of the CIO
 CMMI  Portfolio mngt…
 ISO
 ITIL
 Six Sigma…
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 11

What’s the Best Practice Framework?
No single process/governance
ITIL
framework will effectively
COBIT
represent every organization
CMMI
No single framework covers the
ISO
complete territory Six
Your Text here Your Text here
Sigma
Leverage & aggregate best practices
The combination of process
methodologies will provide a more
complete view of IT’s operational/
support processes
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 12

Importance of:
Unified Framework Responsibility
Frameworks are tied to each other
Different frameworks handled by various orgs roles:
• Accountants, CIO, CTO, QA managers, CISO, etc.
Responsibility of all frameworks MUST be unified:
Your Text here Your Text here
This translates itself
to greater efficiency &
resource saving
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 13

Risk & Compliance Mngt
Control Objectives for Information
CobiT
& Related Technology
Reference
framework for
Information Technology
ITIL Text here governing IT &
Your Your Text here
Infrastructure Library
compliant with
SOX
Framework for information
ISO
security management
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 14

Summary
Increased budget for regulation 2009
ongoing effort
Need for to comply with
regulation here
Your Text Your Text here
Aggregate best practices
Responsibility of ERM MUST be unified
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 15

Your Text here Your Text here
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 790 7000 www.stki.info 16