1. MENA IT Governance, Risk & Compliance 2010
IT GRC in the Middle East: Are we there yet?
Sudhakar Siddegowda, CISA
Chief Information Officer
M.H. Group of Companies
5/6/2010 Confidential 1
2. IT GRC in the Middle East: Are we there yet?
Questions
1. Where are we today in comparison with
the rest of the world?
2. Regional initiatives in promoting IT
Governance, Risk and Compliance
3. Innovation in IT Governance, Risk and
Compliance: Key issues and challenges
5/6/2010 Confidential 2
3. IT GRC in the Middle East: Are we there yet?
What is IT GRC?
Part of overall Corporate Governance having set of integrated processes
to ensure the effective and efficient use of IT in enabling an organization
to achieve its goals and attain Full Value Life Cycle Management
maturity
Full Value Life Cycle Business-IT Alignment
Management Value
Improve Focus
on Core Centralize &
IT
Activities Standardize
GRC
Risk Cost
Share Operational Risks Reduce/Control Operating Cost
5/6/2010 Confidential 3
4. IT GRC in the Middle East: Are we there yet?
Where are we today?
1. Governance - Setting the Agenda
Business IT Strategy (Demand - Doing the Right Things)
Policies and Principles
Authority and Accountabilities
Business Case and Investments
IT Steering (Supply - Doing Things Right)
2. Risk - Expecting the Unexpected (Risk Register)
Identify
Analyse
Respond – Management (Line, Senior & Executive)
Likelihood – Uncertain to Certain
Impact – Insignificant to Extreme
3. Compliance - Adhering to Frameworks
Business Model for Information Security
Control Objectives for Information and related Technology
IT Assurance Framework
Risk IT
Val IT
Information Technology Infrastructure Library
Payment Card Industry Data Security Standard
5/6/2010 Confidential 4
5. IT GRC in the Middle East: Are we there yet?
How do we achieve?
1. Strategize and Plan
Establish
Develop
Scope
2. Architect Solution
Define
Recommend
Communicate
3. Build
Processes
Charge back
Risk monitoring and management
5/6/2010 Confidential 5
6. IT GRC in the Middle East: Are we there yet?
Initiatives
1. Public Sector
2. Private Sector?
5/6/2010 Confidential 6
7. IT GRC in the Middle East: Are we there yet?
Key Issues & Challenges
1. Focus
2. Commitment
3. Integrating Frameworks and Standards
4. Cost Effective
5. Practical
6. Viable
7. Sustainable
8. People
5/6/2010 Confidential 7
8. IT GRC in the Middle East: Are we there yet?
5/6/2010 Confidential 8