“Rebuilding Corporate Trust: The Essential Role Of IT Governance


Published on

Talk on topic “REBUILDING CORPORATE TRUST: THE ESSENTIAL ROLE OF IT GOVERNANCE” at the ISACA Singapore Chapter Annual Conference “TACS 2010” which was held on 11-12 November 2010 at the Hotel Novotel Singapore Clarke Quay with conference theme a "Creating Value in a Regulated World".

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

“Rebuilding Corporate Trust: The Essential Role Of IT Governance

  1. 1. 1
  2. 2. 2 SUNIL KOHLI Indian Defence Accounts Service Joint Secretary And Financial Adviser National Disaster Management Authority, Ministry Of Home Affairs, India “Rebuilding Corporate Trust:The Essential Role Of IT Governance 11th November 2010
  3. 3. 3 Broad Outline: Context• Government, Public Sector Organizations andCorporate are the biggest entities which affects thelives of the citizens and the consumers.• Transparency, Risk and Compliance are the mainattributes to ensure Accountability and CorporateSocial Responsibility.• Leveraging Technology by these entities willensure Rebuilding Public Trust in theseorganizations.
  4. 4. 4 Broad Outline: Role of IT• IT can play an important role in Information Management,Risk Management, Better Pricing and Accessibility ofProducts and Services and bringing about greaterTransparency and ensuring performance.• In this environment of recession and slow down of economyand fast rate of Technological Obsolescence companies candrive strategic advantage and overcome competition byproactive deployment of technology.
  5. 5. 5Issues for Discussion• CRISIS OF CORPORATE TRUST• The Essential Role Of IT Governance• Proactive Management of IT Governance to ensure Corporate Trust & profitability.• Integrated Governance, Risk management, and Compliance (GRC) solutions help improve relations with stakeholders and, ultimately, facilitate trust
  6. 6. 6 CEOs “cashed out” prior to economic crisisCEOs at major US financial and realestate firms converted tens ofmillions of dollars of overvaluedstock into cash prior to the eruptionof the current financial crisis.•Shocking Reality Check•Collapse of Financial Systems•Breed Culture of MachoManagement and Self interest•Block Information and Transparency.
  7. 7. 7 Crisis Of Corporate Trust• Critical Areas For A More Proactive Approach – Greater transparency about business practices. – Less risk associated with products and services. – Better pricing and accessibility of products and services. – More emphasis on the development of socially and environmentally responsible products and services. • Based on McKinsey Research
  8. 8. 8Building Corporate Trust isExpensive but Makes Business Sense1. Corporations Need to Rebuild and Strengthen Stakeholder Trust2. Pervasive Fragmentation Complicates the Pursuit of Stakeholder Trust3. Beyond a “License to Operate”: Trust Contributes to Competitive Advantage4. An Integrated Approach to Transparency is Essential
  9. 9. 9 1.Corporations Need to Rebuildand Strengthen Stakeholder Trust
  10. 10. 102. Pervasive Fragmentation Complicatesthe Pursuit of Stakeholder Trust• Combating the fragmentation1. Think and act globally. •Geographical, Organizational, and Systems fragmentation complicates the problem2. Bridge corporate silos. •In the absence of integration, interactions are at best suboptimal3. Use technology to improve information flows. • Disconnects multiply with the volume and complexity of the information
  11. 11. 113. Beyond a “License to Operate”: Trust Contributesto Competitive Advantage• Strategic investment in compliance to competitive advantage• Better information management has improved business intelligence and optimized decision making.• The essential ingredient of trust: Transparency—and specifically; Information Liquidity, can have a significant business impact.
  12. 12. 12 4. An Integrated Approach to Transparency is Essential• Need to embed the appropriate behaviors into the organization’s culture, processes, and systems.• An integrated GRC strategy becomes in itself a differentiator.• Governance and Compliance ensures Conformance; Risk to mitigate losses.
  13. 13. 13 4. An Integrated Approach to Transparency is Essential• Honesty: Access to a “true” data.• Accountability: Accountability ensures that commitments are captured and acted upon. Clear lines of responsibility make it harder to pass the buck.• Transparency: The organization can’t be transparent unless it has systems that enable the communication of pertinent information to stakeholders in an accessible format.• Integrated GRC leverages your existing information technology investments; Makes your efforts scalable and Enables new types of collaboration.
  14. 14. 145. Conclusion• An integrated approach to governance, risk management, and compliance has several benefits: – Lower costs; Better leverage of existing investments; – New scale for information sharing initiatives; – Support for new innovations; and – Unprecedented levels of collaboration and coordination. – Holistic approach that marries business considerations with stakeholder interests is the right “manrta”.• Implement an Executive Cross Functional Governance Structure
  15. 15. 15 Distinctive Features Of IT• Trusted Interface• Critical Business Enabler• Competitive and Strategic Differentiator• Reduces Costs by Optimizing Resources• Managing risks associated with data security and regulatory compliance.• Integrate different departments and disparate internal controls systems
  16. 16. 16 Distinctive Features Of IT• Ubiquitous Application• Dramatic Rate of Cost Decline• Universal Ownership• Exponential Growth• Flexibility and scalability• Shrinkage of Geographical Distance through Networks.• Revenue Generator• Cost Cutting Engine
  17. 17. 17WHY INFORMATION TECHNOLOGY?• Capable of comprehensive holistic IT Governance approach: Bridge Functional Silos.• Easy to adapt C3I Approach – Coordination; Communication; Collaboration; and Integration – Process of “Mutualism” Collaborative Decision Making and implementation to optimize Performance• Eliminate Ad Hoc Setup and Human Errors.• Overcome DRIP Syndrome• Align IT controls to corporate policies, and corporate policies to regulations.
  18. 18. 18 IT GOVERNANCE• Definitions• “Effective IT governance helps ensure that IT supports business goals, optimizes business investment in IT, and appropriately manages IT- related risk and opportunities.” • IT Governance Institute• Framework with Structures, Processes & Policies that governs how a business make IT Decisions & who within the organization makes them.
  19. 19. 19 IT GOVERNANCE APPROACH• A holistic approach to IT governance – That encompasses all dimensions of their IT-related activities. – Spanning all layers of a company’s IT infrastructure – Addresses an organization’s entire compliance, risk and security requirements using the same toolset.• Reduce complexity arising from Globalization and Proliferation of off-shoring and outsourcing arrangements.
  20. 20. 20 HOLISTIC APPROACH TO IT GOVERNANCE• Enables companies to dynamically manage and monitor key IT enabled GRC activities such as: - – Information Protection and Privacy; – Configuration and Change Management; and – IT GRC management across multiple business units, geographies and IT systems.• The result is IT governance that is sustainable, cost- effective, and better aligned to the strategic and operational demands of the business.
  21. 21. 21 GRC• AN INTEGRATED APPROACH TO MANAGING GOVERNANCE, RISK, AND COMPLIANCE• Drive Business Predictability and Stakeholder Confidence
  22. 22. 22 VULNERABILITY OF CORPORATE• Businesses face unprecedented numbers of legal, regulatory, and business partner mandates, as well as value chain requirements.• How can you control risk, manage effectively, drive performance, and ultimately inspire greater stakeholder confidence?
  23. 23. 23 Why An Integrated Approach To Managing GRC• Adopt an integrated strategy and a comprehensive GRC solution.• To Address all regulatory and business related risks and achieve compliance at a lower cost.• To differentiate itself and achieve greater agility by optimizing your business processes and using risk intelligence for better decision making.
  24. 24. 24 GRC Discipline• A Definition of Governance, Risk, and Compliance• Governance manages the strategic directives a company wants to follow.• Risk management assesses the areas of exposure and potential impacts.• Compliance is the tactical action to mitigate risk.
  25. 25. 25 THE FOUR DEGREES OF FRAGMENTATION• GRC activities are typically fragmented across four dimensions:• Organization• Systems• Regions• Internal GRC disciplines
  26. 26. 26Organizational Fragmentation
  27. 27. 27System Fragmentation
  28. 28. 28 System Fragmentation• Most businesses lack GRC information integrity because governing principles and policies, risk measurement, and compliance with regulatory mandates are typically supported by departmental IT systems.• Without centralized governance, systems may use different metrics, standards, and methodologies for analyzing risk and compliance information, making the aggregation of data a complex and time-consuming task.
  29. 29. 29 System Fragmentation• Local process optimization and point solutions implemented across the enterprise can further isolate information within systems, resulting in a limited view of enterprise risk.• Without an aligned and integrated perspective on governance to guide risk profiling and mitigation, you can’t effectively monitor compliance and risk and adjust business processes to meet changing requirements, market trends, and regulatory mandates.
  30. 30. 30 Regional FragmentationFragmentation by Geography and Jurisdiction
  31. 31. 31 Regional Fragmentation• Policies and risks are generally defined and measured at the local level, without proper consideration for their impact on the global, multinational, national, or regional mandates.• Multitude of jurisdictions can result in tangible (financial) and intangible (brand and reputation) consequences.
  32. 32. 32 Internal GRC Discipline FragmentationInterrelationship Between Governance, Risk, and Compliance Management
  33. 33. 33The High Cost Of A FragmentedApproach• From a pure cost perspective, the status quo is simply too expensive to sustain.• Only with an organizational view of GRC information and a comprehensive solution for managing GRC across the enterprise can you manage with confidence, improve business predictability, and drive higher performance.• A GRC strategy can also be a critical driver of revenue and competitive advantage because you can accurately assess the risk of various business decisions.
  34. 34. 34Leverage GRC as a Proactive BusinessOptimization Instrument• The real business value comes from leveraging GRC as a proactive management instrument – not just in terms of avoiding the costs of noncompliance, but in terms of driving revenue and competitive advantage.• Ultimately, GRC is about seeing the opportunities associated with a given business change and placing your organization in the best position to capitalize on those opportunities.• This requires moving toward tightly integrated business and IT functions – the key to improving enterprise risk awareness and response capabilities, as well as recognizing opportunities.
  35. 35. 35 How GRC Software Can Help• To Address Fragmentation:• Systems Fragmentation: Seamless within a heterogeneous IT landscape, integrating with existing legacy systems and for real-time monitoring of key risk indicators and compliance activities.• Organizational Fragmentation: Standardization• Regional Fragmentation: Scalable and balanced, objective, real-time view of governance (strategy).• Discipline Fragmentation: Providing real-time information to business decision makers.
  36. 36. 36 How GRC Software Can Help• The software should also help you plan compliance and governance activities so that they become an extension of risk management, mitigating risks one task at a time.• This integrated approach, which is driven by risk information, also ensures accurate resource allocation so that you do not inadvertently focus compliance efforts on areas that are already strong and overlook hidden areas of weakness.
  37. 37. 37TURNING REGULATORY REQUIREMENTSINTO STRATEGIC ADVANTAGE• With a GRC framework and software solution, organization can benefit from the following:• Increased shareholder value – Good governance is reflected in many intangibles, including brand and reputation, and it translates directly into share price premiums.• Optimized risk-return portfolios – The GRC framework and software solutions provide the transparency and insight business decision makers need to select (and reject) projects based on risk impact and probability relative to potential return.
  38. 38. 38TURNING REGULATORY REQUIREMENTSINTO STRATEGIC ADVANTAGE• Reduced GRC costs – Transitioning to an integrated GRC approach significantly reduces the number of people – and the amount of time required to control and address risk. For compliance in particular, you can trust accurate compliance processes, which are enabled by the GRC software solutions.• Improved business performance and predictability – The GRC framework enables transparency across your enterprise and beyond. It gives management a systematic process for anticipating and controlling risks, and the tools to proactively determine proper actions and critical tasks, reducing unacceptable performance variability.
  39. 39. 39TURNING REGULATORY REQUIREMENTSINTO STRATEGIC ADVANTAGE• Business sustainability – GRC provides a clear path to sustainable compliance and risk management, even as mandates increase and business models and processes become more complex.• Greater Business Agility – GRC leads to greater business agility and promotes competitive differentiation.
  40. 40. 40 Last word• IT governance system is no substitute for real leadership.• Processes can’t command attention that executive give to trusted peer.• Systems alone don’t forge common vision or inspire action.• Lead IT Governance- Don’t lead by it.• Strong IT leadership needed to bring coherence to the companys fragmented systems.• Executive teams with a strong IT leader make better, faster decisions about technology than do companies that rely solely on a governance system—no matter how effective it is.
  41. 41. 41REFERENCE
  42. 42. 42 42 Optimize IT performance through optimized decision- making Effective IT governance helps organizations cope with—and leverage— changeREFERENCE:http://www-01.ibm.com/software/tivoli/governance/action/10022008.html
  43. 43. 43 43 IBM IT Governance Approach Business Performance through IT ExecutionREFERENCE:http://www.redbooks.ibm.com/redbooks/pdfs/sg247517.pdf
  44. 44. 44 44 Trust and Competitive Advantage: An Integrated Approach Dan Tapscott, CEO New Paradigm Learning CorporationREFERENCE:http://www.newparadigm.com
  45. 45. 45 45Theemergingrole of ITgovernanceLynn M. Mueller, SeniorConsultant, Software Group, IBM,Software GroupAndrew Phillipson, IT Specialist,Software Group, IBM, SoftwareGroupREFERENCE:http://www.ibm.com/developerworks/rational/library/dec07/mueller_phillipson/index.html#N10293
  46. 46. 46 46 Rebuilding Corporate Trust: The emerging Role of IT GovernanceREFERENCE: Oracle GRC White paperhttp://www.oracle.com March 2008
  47. 47. 47SUNIL KOHLIIndian Defence Accounts ServiceJoint Secretary And Financial AdviserNational Disaster Management Authority (NDMA),and National Disaster Response Force(NDRF),Government of India, Ministry of Home Affairs, India # A-1, Safdar Jung Enclave, Opposite AIIMS Trauma Centre,New Delhi 110 029Tel: +91 11 26701709 Office +91 11 26180503 Direct +91 11 26701715 Fax, +91 11 26133298 Residence +91 9868151472 MobileE Mail: kohlisk@gmail.com kohlifandma@gmail.com skkohli@ndma.gov.inWebsite: www.ndma.gov.inFACEBOOK: http://www.facebook.com/sunilkumarkohli
  48. 48. 48