This document discusses the essential role of IT governance in rebuilding corporate trust. It notes that transparency, risk management, and compliance are key to ensuring accountability and social responsibility for governments, public sector organizations, and corporations. An integrated approach to governance, risk management, and compliance can help address fragmentation, lower costs, and improve business performance and predictability through better information management and decision making. Leveraging IT is seen as important for greater transparency, risk management, and accessibility of products and services.
PrivacyOps is a new organizational model that automates and unifies privacy and access operations across functional areas, such as marketing, sales, service, finance, and HR. PrivacyOps utilizes the Privacy by Design framework in order to align an organization’s resources and processes, and to deliver privacy compliance while freeing up resources to focus on their key business objectives and increasing customer trust.
When applied effectively, PrivacyOps can lead to dramatically improved critical business metrics, including conversion rates, referrals, customer retention, and revenues.
PrivacyOps
Framework
Privacy and Access: operations are an increasingly important functional area in organizations and businesses that process personal data governed by privacy laws, such as GDPR, HIPAA, PIPEDA, and DPA.
Data protection: Steps Organisations can take to ensure complianceEquiGov Institute
This presentation highlights the major principles and rights enshrined in the General Data Protection Regulations (GDPR) as well as 10 steps organisations (whether large or small) can take to ensure compliance.
Understanding IT Governance and Risk Managementjiricejka
Describes IT Governance Holistic Framework for establishing transparent relation between Business and IT environment.
Describes Governance services and Risk Management Methods
Stewardship is extending to IT as Boards question the depth of their enterprise’s reliance on IT.
Some thoughts on how IT risk, control, audit and assurance is evolving toward the broader concept of IT governance.
Why IT governance should be on the Board of Directors’ agenda wherever IT is strategic to the business.
How it fits in the broader concepts of enterprise governance and how management and boards can address it.
Developing Metrics for Information Security Governancedigitallibrary
Information security has become a critical issue within organizations, and a key success factor for businesses. To effectively maintain the integrity and security of an organization's information infrastructure effective security metrics and measures must be developed, implemented and monitored. Learn about enterprise security metrics and the concepts that must be considered when developing, implementing, and monitoring them. Understand how to identify measurable points and activities, develop meaningful metrics and measures and monitor concepts. Case studies and scenarios demonstrate operational scenarios for the benefits and challenges of securing information.
PrivacyOps is a new organizational model that automates and unifies privacy and access operations across functional areas, such as marketing, sales, service, finance, and HR. PrivacyOps utilizes the Privacy by Design framework in order to align an organization’s resources and processes, and to deliver privacy compliance while freeing up resources to focus on their key business objectives and increasing customer trust.
When applied effectively, PrivacyOps can lead to dramatically improved critical business metrics, including conversion rates, referrals, customer retention, and revenues.
PrivacyOps
Framework
Privacy and Access: operations are an increasingly important functional area in organizations and businesses that process personal data governed by privacy laws, such as GDPR, HIPAA, PIPEDA, and DPA.
Data protection: Steps Organisations can take to ensure complianceEquiGov Institute
This presentation highlights the major principles and rights enshrined in the General Data Protection Regulations (GDPR) as well as 10 steps organisations (whether large or small) can take to ensure compliance.
Understanding IT Governance and Risk Managementjiricejka
Describes IT Governance Holistic Framework for establishing transparent relation between Business and IT environment.
Describes Governance services and Risk Management Methods
Stewardship is extending to IT as Boards question the depth of their enterprise’s reliance on IT.
Some thoughts on how IT risk, control, audit and assurance is evolving toward the broader concept of IT governance.
Why IT governance should be on the Board of Directors’ agenda wherever IT is strategic to the business.
How it fits in the broader concepts of enterprise governance and how management and boards can address it.
Developing Metrics for Information Security Governancedigitallibrary
Information security has become a critical issue within organizations, and a key success factor for businesses. To effectively maintain the integrity and security of an organization's information infrastructure effective security metrics and measures must be developed, implemented and monitored. Learn about enterprise security metrics and the concepts that must be considered when developing, implementing, and monitoring them. Understand how to identify measurable points and activities, develop meaningful metrics and measures and monitor concepts. Case studies and scenarios demonstrate operational scenarios for the benefits and challenges of securing information.
Security Leaders: Manage the Forest, Not the TreesAdam Stone
Many of today's information security leaders face a credibility problem. Despite remarkable professional and organizational gains in firms large and small, information security leaders still struggle with their "message" to executive stakeholders. This presentation offers some practical guidance on how to improve credibility and truly change the perception of the information security function.
With the rapid evolution of Information Technology (IT) applications, and practices across the organization, appropriate IT Governance (ITG) has become essential to an organization’s success. The use of IT has become pervasive in every facet of the organisations’ endeavours in supporting and evolving each aspect of the business. As IT is associated with risk and value opportunities, a comprehensive, high-level system is required in each organization to minimise the associated risks and optimize value. The fact that the IT value to be achieved due to effective IT governance is related to efficient and cost effective IT delivery, innovation and business impact. This presentation highlights the Critical Success Factors (CSFs) needed for the successful and effective implementation of ITG.
SUNIL K KOHLI, IDAS AT "GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE SUMMIT" MUMBAI 28-29 APRIL, 2011 GIVING INAUGURAL ADDRESS ON "MAINSTREAMING GRC INTO BUSINESS PROCESS"
Executing on Information Governance (Learning From Law Firms)Nick Inglis
Law firms are innovating some amazing Information Governance techniques. Learn how you can execute Information Governance at your organization.
How do Law Firms meet the obligations of their clients, their firm, and compliance requirements to achieve Information Governance? What are the lessons that any company can take away from the achievements of Law Firms?
Learn how Law Firms achieve Information Governance success in this innovative webinar with representatives from AmLaw 200 firm, Robinson+Cole and Optismo.
Join Jim Merrifield, Head of Information Governance for Robinson+Cole; Nick Inglis, CEO of Optismo / igKit; and Rich Mesquita, CTO of Optismo / igKit (and our host for this session). Each bring a unique perspective to the Information Governance discussion around Law Firms. You'll learn how to achieve Information Governance success at your Law Firm or how to enact similar policies and procedures at your company.
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...DATUM LLC
This presentation was delivered on June 12, 2018 at the DGIQ Conference. The purpose of data analytics is not generating data sets but providing proprietary insights into your company and your industry for a competitive advantage. The true value of the data depends on the context and can be different for each business unit. In today’s big data world, CDOs and CIOs are part of the customer-facing revenue generation equation – bringing new roles with new challenges that require a greater understanding of both legal constraints and business requirements. Effective implementation requires a multi-disciplinary approach that integrates the triad of IT, marketing and legal. A multi-disciplinary approach drives value to the organization’s different business objectives, and controls regulatory compliance risk and optimizes operations. This session will discuss the perspectives of business, legal and IT, and propose steps to building out the integrated approach.
Making Executives Accountable for IT SecuritySeccuris Inc.
How do we make executives accountable for IT Security?
Michael outlines the general challenges, details key items of concern and discusses the focus areas that can be taken to improve the daily governance of IT security in your organization.
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .jadams6
he purpose of data analytics is not generating data sets but providing proprietary insights into your company and your industry for a competitive advantage. The true value of the data depends on the context and can be different for each business unit. In today’s big data world, CDOs and CIOs are part of the customer-facing revenue generation equation – bringing new roles with new challenges that require a greater understanding of both legal constraints and business requirements. Effective implementation requires a multi-disciplinary approach that integrates the triad of IT, marketing and legal. A multi-disciplinary approach drives value to the organization’s different business objectives, and controls regulatory compliance risk and optimizes operations.
Architecting the Framework for Compliance & Risk Managementjadams6
Privacy and protection of personal information is a hot topic in data governance. However, the compliance challenge is in creating audit defensibility that ensures practices are compliant and performed in a way that is scalable, transparent, and defensible; thus creating “Audit Resilience.” Data practitioners often struggle with viewing the world from the auditor’s perspective. This presentation focuses on how to create the foundational governance framework supporting a data control model required to produce clean audit findings. These capabilities are critical in a world where due diligence and compliance with best practices are critical in addressing the impacts of security and privacy breaches. The companies in the news recently drive home these points.
DGIQ 2018 Presentation: How to be successful in the post GDPR landscape – bui...DATUM LLC
This was presented on June 13, 2018 at the DGIQ Conference. May 25th isn’t the end of a journey, it’s really just the beginning. GDPR is one piece of the compliance puzzle. One of the most important things to remember about GDPR is that it’s not a one off compliance effort. It is a continuous process that will need to be continually evaluated and evolved over time. In order to be successful long term, a strategy must be built across all functions in the organization. Join us to learn how to build a strategy that will help you identify and link GDPR related processes, rules, standards and metrics to your organization's compliance goals and objectives to meet the new regulatory landscape. In this session, Jonathan will highlight how to develop processes and controls to build a strategy that ensure that the information being utilized is compliant, accessible, and manageable.
IT Governance – The missing compass in a technology changing worldPECB
The webinar covers:
• Overview of IT Governance
• Benefits of IT Governance
• IT Governance implementation : Approach and Methodology
• Key critical success factors
Presenter:
This webinar was presented by Mr. Oladapo Ogundeji, from Digital Jewels and PECB partner.
Link of the recorded session published on YouTube: https://youtu.be/Ux_Yk4JLy0M
Building a Strategy customers and Auditors Lovejadams6
How to be Successful in the Post GDPR Landscape – Building a Strategy Customers & Auditors Love
May 25th isn’t the end of a journey, it’s really just the beginning. GDPR is one piece of the compliance puzzle. One of the most important things to remember about GDPR is that it’s not a one off compliance effort. It is a continuous process that will need to be continually evaluated and evolved over time. In order to be successful long term, a strategy must be built across all functions in the organization. Join us to learn how to build a strategy that will help you identify and link GDPR related processes, rules, standards and metrics to your organization's compliance goals and objectives to meet the new regulatory landscape. In this session, Jonathan will highlight how to develop processes and controls to build a strategy that ensure that the information being utilized is compliant, accessible, and manageable. He will conclude with a brief demo of DATUM’s Information Value Management® and share best practices and actionable takeaways to help inspire you to build a strategy both your customers and auditors will love.
Testing for a Great App and Web Experience | QualiTest GroupQualitest
While Functionality, Security and Performance Testing are important elements to ensure web and mobile quality, another key element is User Experience Testing. An app must solve a problem for the user easily, and positive user experience and accessibility distinguish an outstanding app from a good one.
But how do you guarantee a great user experience? QualiTest and the Racing Post to addressed User Focused Testing best practices in the web and mobile domains. Discover how Ux Testing and Crowd Testing helped the Racing Post improve their digital experience, and learn how to leverage Managed Crowd Testing to guarantee predictable Ux, mitigate device fragmentation and achieve app quality through Ux Feedback.
Visit www.QualiTestGroup.com for more information.
How to Break your App - Workshop - Testbash 2015Daniel Knott
Mobile phones are available since the middle of the 1980s. Since then, the devices changed savagely but the biggest change happened in 2007, when the first iPhone was presented by Apple. Since then, the mobile smartphone market knows only one direction – UP! Since 8 years touch devices are everywhere, from smartphones to tablets.
More than 2 millions apps are available for download in the stores of the biggest vendors and this number is still increasing. There are apps for photos, music, games, office and many more categories just to name some of them.
But what about the quality of those apps? Are those apps reliable, trust worthy, easy to use, well developed and tested? The latest world quality report from Sogeti shows that almost half (45 percent) of mobile apps are not well tested in terms of functionality, performance and security.
This workshop includes insights into the challenging job of mobile testing from native to web apps. Best practices will be provided to become a better mobile tester. Besides that, this workshop will show different test techniques from functional to non functional mobile testing, test automation tools and how to handle the device fragmentation.
The workshop will not include practical mobile test automation. However, the participants will be able to test different mobile apps manually based on the content of the workshop.
Security Leaders: Manage the Forest, Not the TreesAdam Stone
Many of today's information security leaders face a credibility problem. Despite remarkable professional and organizational gains in firms large and small, information security leaders still struggle with their "message" to executive stakeholders. This presentation offers some practical guidance on how to improve credibility and truly change the perception of the information security function.
With the rapid evolution of Information Technology (IT) applications, and practices across the organization, appropriate IT Governance (ITG) has become essential to an organization’s success. The use of IT has become pervasive in every facet of the organisations’ endeavours in supporting and evolving each aspect of the business. As IT is associated with risk and value opportunities, a comprehensive, high-level system is required in each organization to minimise the associated risks and optimize value. The fact that the IT value to be achieved due to effective IT governance is related to efficient and cost effective IT delivery, innovation and business impact. This presentation highlights the Critical Success Factors (CSFs) needed for the successful and effective implementation of ITG.
SUNIL K KOHLI, IDAS AT "GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE SUMMIT" MUMBAI 28-29 APRIL, 2011 GIVING INAUGURAL ADDRESS ON "MAINSTREAMING GRC INTO BUSINESS PROCESS"
Executing on Information Governance (Learning From Law Firms)Nick Inglis
Law firms are innovating some amazing Information Governance techniques. Learn how you can execute Information Governance at your organization.
How do Law Firms meet the obligations of their clients, their firm, and compliance requirements to achieve Information Governance? What are the lessons that any company can take away from the achievements of Law Firms?
Learn how Law Firms achieve Information Governance success in this innovative webinar with representatives from AmLaw 200 firm, Robinson+Cole and Optismo.
Join Jim Merrifield, Head of Information Governance for Robinson+Cole; Nick Inglis, CEO of Optismo / igKit; and Rich Mesquita, CTO of Optismo / igKit (and our host for this session). Each bring a unique perspective to the Information Governance discussion around Law Firms. You'll learn how to achieve Information Governance success at your Law Firm or how to enact similar policies and procedures at your company.
DGIQ 2018 Presentation: A Lawyer, a Salesperson and the Operations Guy Walk ...DATUM LLC
This presentation was delivered on June 12, 2018 at the DGIQ Conference. The purpose of data analytics is not generating data sets but providing proprietary insights into your company and your industry for a competitive advantage. The true value of the data depends on the context and can be different for each business unit. In today’s big data world, CDOs and CIOs are part of the customer-facing revenue generation equation – bringing new roles with new challenges that require a greater understanding of both legal constraints and business requirements. Effective implementation requires a multi-disciplinary approach that integrates the triad of IT, marketing and legal. A multi-disciplinary approach drives value to the organization’s different business objectives, and controls regulatory compliance risk and optimizes operations. This session will discuss the perspectives of business, legal and IT, and propose steps to building out the integrated approach.
Making Executives Accountable for IT SecuritySeccuris Inc.
How do we make executives accountable for IT Security?
Michael outlines the general challenges, details key items of concern and discusses the focus areas that can be taken to improve the daily governance of IT security in your organization.
A Lawyer, a Salesperson and the Operations Guy Walk into a Bar . . .jadams6
he purpose of data analytics is not generating data sets but providing proprietary insights into your company and your industry for a competitive advantage. The true value of the data depends on the context and can be different for each business unit. In today’s big data world, CDOs and CIOs are part of the customer-facing revenue generation equation – bringing new roles with new challenges that require a greater understanding of both legal constraints and business requirements. Effective implementation requires a multi-disciplinary approach that integrates the triad of IT, marketing and legal. A multi-disciplinary approach drives value to the organization’s different business objectives, and controls regulatory compliance risk and optimizes operations.
Architecting the Framework for Compliance & Risk Managementjadams6
Privacy and protection of personal information is a hot topic in data governance. However, the compliance challenge is in creating audit defensibility that ensures practices are compliant and performed in a way that is scalable, transparent, and defensible; thus creating “Audit Resilience.” Data practitioners often struggle with viewing the world from the auditor’s perspective. This presentation focuses on how to create the foundational governance framework supporting a data control model required to produce clean audit findings. These capabilities are critical in a world where due diligence and compliance with best practices are critical in addressing the impacts of security and privacy breaches. The companies in the news recently drive home these points.
DGIQ 2018 Presentation: How to be successful in the post GDPR landscape – bui...DATUM LLC
This was presented on June 13, 2018 at the DGIQ Conference. May 25th isn’t the end of a journey, it’s really just the beginning. GDPR is one piece of the compliance puzzle. One of the most important things to remember about GDPR is that it’s not a one off compliance effort. It is a continuous process that will need to be continually evaluated and evolved over time. In order to be successful long term, a strategy must be built across all functions in the organization. Join us to learn how to build a strategy that will help you identify and link GDPR related processes, rules, standards and metrics to your organization's compliance goals and objectives to meet the new regulatory landscape. In this session, Jonathan will highlight how to develop processes and controls to build a strategy that ensure that the information being utilized is compliant, accessible, and manageable.
IT Governance – The missing compass in a technology changing worldPECB
The webinar covers:
• Overview of IT Governance
• Benefits of IT Governance
• IT Governance implementation : Approach and Methodology
• Key critical success factors
Presenter:
This webinar was presented by Mr. Oladapo Ogundeji, from Digital Jewels and PECB partner.
Link of the recorded session published on YouTube: https://youtu.be/Ux_Yk4JLy0M
Building a Strategy customers and Auditors Lovejadams6
How to be Successful in the Post GDPR Landscape – Building a Strategy Customers & Auditors Love
May 25th isn’t the end of a journey, it’s really just the beginning. GDPR is one piece of the compliance puzzle. One of the most important things to remember about GDPR is that it’s not a one off compliance effort. It is a continuous process that will need to be continually evaluated and evolved over time. In order to be successful long term, a strategy must be built across all functions in the organization. Join us to learn how to build a strategy that will help you identify and link GDPR related processes, rules, standards and metrics to your organization's compliance goals and objectives to meet the new regulatory landscape. In this session, Jonathan will highlight how to develop processes and controls to build a strategy that ensure that the information being utilized is compliant, accessible, and manageable. He will conclude with a brief demo of DATUM’s Information Value Management® and share best practices and actionable takeaways to help inspire you to build a strategy both your customers and auditors will love.
Testing for a Great App and Web Experience | QualiTest GroupQualitest
While Functionality, Security and Performance Testing are important elements to ensure web and mobile quality, another key element is User Experience Testing. An app must solve a problem for the user easily, and positive user experience and accessibility distinguish an outstanding app from a good one.
But how do you guarantee a great user experience? QualiTest and the Racing Post to addressed User Focused Testing best practices in the web and mobile domains. Discover how Ux Testing and Crowd Testing helped the Racing Post improve their digital experience, and learn how to leverage Managed Crowd Testing to guarantee predictable Ux, mitigate device fragmentation and achieve app quality through Ux Feedback.
Visit www.QualiTestGroup.com for more information.
How to Break your App - Workshop - Testbash 2015Daniel Knott
Mobile phones are available since the middle of the 1980s. Since then, the devices changed savagely but the biggest change happened in 2007, when the first iPhone was presented by Apple. Since then, the mobile smartphone market knows only one direction – UP! Since 8 years touch devices are everywhere, from smartphones to tablets.
More than 2 millions apps are available for download in the stores of the biggest vendors and this number is still increasing. There are apps for photos, music, games, office and many more categories just to name some of them.
But what about the quality of those apps? Are those apps reliable, trust worthy, easy to use, well developed and tested? The latest world quality report from Sogeti shows that almost half (45 percent) of mobile apps are not well tested in terms of functionality, performance and security.
This workshop includes insights into the challenging job of mobile testing from native to web apps. Best practices will be provided to become a better mobile tester. Besides that, this workshop will show different test techniques from functional to non functional mobile testing, test automation tools and how to handle the device fragmentation.
The workshop will not include practical mobile test automation. However, the participants will be able to test different mobile apps manually based on the content of the workshop.
7 Steps Needed to Get Lenders to Fund Your Real Estate DealsJoshua Dorkin
Need funding for your real estate deals? Join x-banker, real estate investor, and co-host of the BiggerPockets Podcast Brandon Turner as he shares the truth about getting a bank to say "YES." Don't miss this powerful, and free, live training! You'll learn:
- Why the bank says "NO"
- How to put together a perfect loan proposal
- The 7 Steps to getting a bank to say YES
- LIVE Q & A with Brandon - ask anything!
Seventy-four percent of Americans believe CEOs are not paid the
correct amount relative to the average worker. Only 16 percent
believe they are. While responses vary across demographic
groups (e.g., political affiliation and household income), overall
sentiment regarding CEO pay remains highly negative.
Recently, the Rock Center for Corporate Governance at Stanford
University conducted a nationwide survey of 1,202 individuals—
representative by gender, race, age, political affiliation,
household income, and state residence—to understand public
perception of CEO pay levels among the 500 largest publicly
traded corporations....
In 2016, forward-thinking workplaces want to make it easier for employees to balance office live with personal life, with health and wellbeing set to become a major focus
Business optimization | building your first million is easySurjeet Singh
Making your first million is easier with the help of these a few steps. you'll find that making millions in a few short years is not that much difficult as you think before.
=>Concept of Governance
=>Risk and Control (GRC) as applicable to IT operational risk
=>Importance of documentation
=>DATA FLOW DIAGRAM for every application
=>Review of changes in the Data flow, reporting, etc.
=>Parameters for review
=>Importance of review on SLA compliance
=>Reporting to IT Strategy committee, Board etc.
Developing End State Vision
Advice and Planning Strategy
Driving a Business Architecture
Provisioning a Portfolio of Projects
eGRC Operation Control
Minimizing Financial Risk
Aggregating Financial Risk
Managing Mainframe Entitlements
Implementing Data Governance
Understanding Data Lineage
Defining Global Customer Strategy
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear LLC
Maclear specializes in enterprise governance, risk and compliance (eGRC) solutions. The IT GRC Solution integrates various business functions such as IT governance, policy management, risk management, compliance management, audit management, and incident management. Enables an automated and workflow driven approach to managing, communicating and implementing IT policies and procedures across the enterprise
Read More at: http://www.maclear-grc.com/
How to Centre your PCI Programme Around your Business Objective - SureCloud SureCloud
SureCloud will explore the challenges that organisations face when achieving and maintaining compliance with PCI DSS, with a particular focus on how organisations can design and deploy a programme that aligns with wider business objectives and embeds compliance activities into business operations.
The session will be structured around our case study organisation, Bananas to help bring this use case to life.
Presentation to introduce information governance. This should be used in conjunction with the paper I published on my website. A full information governance methodology, with research included from the foremost authorities on data governance.
“An ably led, well defined, pragmatic, measured, and adequately funded enterprise-wide Data Risk Management (DRM) program is not an executive prerogative; it is a tacit mandate from the shareholders for the very survival of a business in today’s data-driven economy.
Similar to “Rebuilding Corporate Trust: The Essential Role Of IT Governance (20)
The Guidelines on the Incident Response System (IRS) are issued by the
National Disaster Management Authority (NDMA) under Section 6 of the
DM Act, 2005 for effective, efficient and comprehensive management of
disasters in India. The vision is to minimize loss of life and property by
strengthening and standardising the disaster response mechanism in the
country.
Though India has been successfully managing disasters in the past,
there are still a number of shortcomings which need to be addressed. The
response today has to be far more comprehensive, effective, swift and well
planned based on a well conceived response mechanism.
Realisation of certain shortcomings in our response system and a desire
to address the critical gaps led the Government of India (GoI) to look at
the world’s best practices. The GoI found that the system evolved for firefighting
in California is very comprehensive and thus decided to adopt
Incident Command System (ICS).
In view of the provisions of the DM Act, 2005, NDMA felt that authoritative
Guidelines on the subject, with necessary modifications to suit the Indian
administrative setup, were essential. To meet this need, a core group of
experts was constituted and four regional consultation workshops were
conducted. It was ensured that representatives of the State Governments
and MHA participate and their views given due consideration. Training
Institutes like the LBSNAA, NIDM and various RTIs / ATIs along with National
core trainers also participated. The adaptation of ICS by other countries
was also examined. The draft prepared was again sent to all States, UTs and
their final comments were obtained and incorporated. A comprehensive set
of Guidelines has thus been prepared and is called the Incident Response
System (IRS)
India’s unique geoclimatic
conditions make it vulnerable to natural disasters
like flood, drought, cyclone, earthquake, and epidemics/pandemics (latest being
Influenza ‘A’ or H1N1) leading to sizable number of human casualties. To elucidate
the mass casualty potential of natural disasters in the last one decade, the Orissa
Super Cyclone (October 1999) caused more than 9,000 deaths; the Bhuj earthquake
(January 2001) resulted in 14,000 deaths while the Tsunami (December 2004)
accounted for the death of nearly 15,000 victims. The dimensions of modernization
and industrialization’s are manmade
disasters such as road/rail/air accidents, fire,
and stampede having also mass casualty potential; new dimension being Chemical,
Biological, Radiological and Nuclear (CBRN) disaster occurring accidentally or
caused by terrorism activities. The deaths due to manmade
disasters during the
period 2001–03 were nearly 12 times higher than those caused by natural calamities.
Consequently, disasters result in large number of deaths, both human and animal, in
a short span of time that place overwhelming stress on individuals, society and the
administration with an uncommon challenge of handling large numbers of survivors
seeking medical attention due to the effects of the hazard(s).
The preparation of national guidelines for various types of disasters, both natural and man-made
constitutes an important component of the mandate entrusted to the National Disaster Management Authority under the Disaster Management Act, 2005. In recent years, biological disasters including bio terrorism have assumed serious dimensions as they pose a greater threat to health, environment and national security. The risks and vulnerabilities of our food chain and agricultural sector to agroterrorism,
which involves the deliberate introduction of plant or animal pathogens with the intent of undermining
socio-economic stability, are increasingly being viewed as a potential economic threat. The spectre of
pandemics engulfing our subcontinent and beyond poses new challenges to the skills and capacities of the
government and society. Consequently, the formulation of the national guidelines on the entire gamut of
biological disasters has been one of our key thrust areas with a view to build our resilience to respond
effectively to such emerging threats.
The intent of these guidelines is to develop a holistic, coordinated, proactive and technology driven
strategy for management of biological disasters through a culture of prevention, mitigation and preparedness
to generate a prompt and effective response in the event of an emergency. The document contains
comprehensive guidelines for preparedness activities, biosafety and biosecurity measures, capacity
development, specialised health care and laboratory facilities, strengthening of the existing legislative/
regulatory framework, mental health support, response, rehabilitation and recovery, etc. It specifically
lays down the approach for implementation of the guidelines by the central ministries/departments, states,
districts and other stakeholders, in a time bound manner.
Sunil Kumar Kohli, Joint Secretary & Financial Adviser, National Disaster Management Authority (NDMA), & National Disaster Response Force (NDRF), Ministry of Home Affairs, New Delhi, India
SPECIAL ADDRESS: Examining the role supply chain best practices can play in disaster management
My talk at 2nd Annual LogiChem Asia 2011 conference was held on 18th, 19th and 20th May in Singapore.
This year there were 120 delegates and over 65 attendees from chemical manufacturers.
http://www.wbresearch.com/logichemasia/Presentations.aspx
Sunil Kumar Kohli, Joint Secretary & Financial Adviser, National Disaster Management Authority (NDMA), & National Disaster Response Force (NDRF), Ministry of Home Affairs, New Delhi, India
SPECIAL ADDRESS: Examining the role supply chain best practices can play in disaster management
My talk at Our 2nd Annual LogiChem Asia 2011 conference was held on 18th, 19th and 20th May in Singapore.
This year there were 120 delegates and over 65 attendees from chemical manufacturers.
http://www.wbresearch.com/logichemasia/Presentations.aspx
Indo-Global Summit 2011
Date of Event: Nov 04 2011 - Nov 12 2011
INDO GLOBAL EDUCATION SUMMIT 2011 CURTAIN RAISER APRIL 26TH 2011
INDO GLOBAL EDUCATION SUMMIT 2011
CURTAIN RAISER
APRIL 26TH 2011
AT
GULMOHAR, INDIA HABITAT CENTRE NEW DELHI
Indo-Global Summit 2011
Date of Event: Nov 04 2011 - Nov 12 2011
INDO GLOBAL EDUCATION SUMMIT 2011 CURTAIN RAISER APRIL 26TH 2011
INDO GLOBAL EDUCATION SUMMIT 2011
CURTAIN RAISER
APRIL 26TH 2011
AT
GULMOHAR, INDIA HABITAT CENTRE NEW DELHI
"India's National Disaster Management Authority's (NDMA) initiatives on safety and preparedness to combat CBRN emergencies"
By SUNIL KOHLI,IDAS,
JS& FA,
NDMA/NDRF
AT
CBRN-E Asia-Pacific International Conference
"Preparing for the Modern Threat"
11th & 12th April 2011 at
Grand Copthorne Waterfront Hotel, Singapore
Optimising performance through C3I (coordination, collaboration, communication and integration) to ensure high financial performance levels
* Looking at the current situation - How do stakeholders work with each other?
* Can the collaboration be improved and how does it affect the process in driving high financial performance levels
* Exploring strategies on communicating KPIs to all levels; starting from below
2. 2
SUNIL KOHLI
Indian Defence Accounts Service
Joint Secretary And Financial Adviser
National Disaster Management Authority,
Ministry Of Home Affairs,
India
“Rebuilding Corporate Trust:
The Essential Role Of IT Governance
11th November 2010
3. 3
Broad Outline: Context
• Government, Public Sector Organizations and
Corporate are the biggest entities which affects the
lives of the citizens and the consumers.
• Transparency, Risk and Compliance are the main
attributes to ensure Accountability and Corporate
Social Responsibility.
• Leveraging Technology by these entities will
ensure Rebuilding Public Trust in these
organizations.
4. 4
Broad Outline: Role of IT
• IT can play an important role in Information Management,
Risk Management, Better Pricing and Accessibility of
Products and Services and bringing about greater
Transparency and ensuring performance.
• In this environment of recession and slow down of economy
and fast rate of Technological Obsolescence companies can
drive strategic advantage and overcome competition by
proactive deployment of technology.
5. 5
Issues for Discussion
• CRISIS OF CORPORATE TRUST
• The Essential Role Of IT Governance
• Proactive Management of IT Governance
to ensure Corporate Trust & profitability.
• Integrated Governance, Risk
management, and Compliance (GRC)
solutions help improve relations with
stakeholders and, ultimately, facilitate trust
6. 6
CEOs “cashed out” prior to
economic crisis
CEOs at major US financial and real
estate firms converted tens of
millions of dollars of overvalued
stock into cash prior to the eruption
of the current financial crisis.
•Shocking Reality Check
•Collapse of Financial Systems
•Breed Culture of Macho
Management and Self interest
•Block Information and Transparency.
7. 7
Crisis Of Corporate Trust
• Critical Areas For A More Proactive Approach
– Greater transparency about business practices.
– Less risk associated with products and services.
– Better pricing and accessibility of products and
services.
– More emphasis on the development of socially and
environmentally responsible products and services.
• Based on McKinsey Research
8. 8
Building Corporate Trust is
Expensive but Makes Business Sense
1. Corporations Need to Rebuild and
Strengthen Stakeholder Trust
2. Pervasive Fragmentation Complicates the
Pursuit of Stakeholder Trust
3. Beyond a “License to Operate”: Trust
Contributes to Competitive Advantage
4. An Integrated Approach to
Transparency is Essential
10. 10
2. Pervasive Fragmentation Complicates
the Pursuit of Stakeholder Trust
• Combating the fragmentation
1. Think and act globally.
•Geographical, Organizational, and Systems fragmentation complicates the
problem
2. Bridge corporate silos.
•In the absence of integration, interactions are at best suboptimal
3. Use technology to improve information flows.
• Disconnects multiply with the volume and complexity of the information
11. 11
3. Beyond a “License to Operate”: Trust Contributes
to Competitive Advantage
• Strategic investment in compliance to
competitive advantage
• Better information management has
improved business intelligence and
optimized decision making.
• The essential ingredient of trust:
Transparency—and specifically; Information
Liquidity, can have a significant business
impact.
12. 12
4. An Integrated Approach to
Transparency is Essential
• Need to embed the appropriate behaviors
into the organization’s culture, processes,
and systems.
• An integrated GRC strategy becomes in
itself a differentiator.
• Governance and Compliance ensures
Conformance; Risk to mitigate losses.
13. 13
4. An Integrated Approach to
Transparency is Essential
• Honesty: Access to a “true” data.
• Accountability: Accountability ensures that commitments are
captured and acted upon. Clear lines of responsibility make it
harder to pass the buck.
• Transparency: The organization can’t be transparent unless it
has systems that enable the communication of pertinent
information to stakeholders in an accessible format.
• Integrated GRC leverages your existing information technology
investments; Makes your efforts scalable and Enables new types
of collaboration.
14. 14
5. Conclusion
• An integrated approach to governance, risk
management, and compliance has several benefits:
– Lower costs; Better leverage of existing investments;
– New scale for information sharing initiatives;
– Support for new innovations; and
– Unprecedented levels of collaboration and coordination.
– Holistic approach that marries business considerations with
stakeholder interests is the right “manrta”.
• Implement an Executive Cross Functional
Governance Structure
15. 15
Distinctive Features Of IT
• Trusted Interface
• Critical Business Enabler
• Competitive and Strategic Differentiator
• Reduces Costs by Optimizing Resources
• Managing risks associated with data security and
regulatory compliance.
• Integrate different departments and disparate
internal controls systems
16. 16
Distinctive Features Of IT
• Ubiquitous Application
• Dramatic Rate of Cost Decline
• Universal Ownership
• Exponential Growth
• Flexibility and scalability
• Shrinkage of Geographical Distance through
Networks.
• Revenue Generator
• Cost Cutting Engine
17. 17
WHY INFORMATION TECHNOLOGY?
• Capable of comprehensive holistic IT Governance approach:
Bridge Functional Silos.
• Easy to adapt C3I Approach
– Coordination; Communication; Collaboration; and
Integration
– Process of “Mutualism” Collaborative Decision Making and
implementation to optimize Performance
• Eliminate Ad Hoc Setup and Human Errors.
• Overcome DRIP Syndrome
• Align IT controls to corporate policies, and corporate policies to
regulations.
18. 18
IT GOVERNANCE
• Definitions
• “Effective IT governance helps ensure that IT
supports business goals, optimizes business
investment in IT, and appropriately manages IT-
related risk and opportunities.”
• IT Governance Institute
• Framework with Structures, Processes & Policies that
governs how a business make IT Decisions & who within
the organization makes them.
19. 19
IT GOVERNANCE APPROACH
• A holistic approach to IT governance
– That encompasses all dimensions of their IT-related
activities.
– Spanning all layers of a company’s IT infrastructure
– Addresses an organization’s entire compliance, risk
and security requirements using the same toolset.
• Reduce complexity arising from Globalization and
Proliferation of off-shoring and outsourcing
arrangements.
20. 20
HOLISTIC APPROACH TO
IT GOVERNANCE
• Enables companies to dynamically manage and monitor
key IT enabled GRC activities such as: -
– Information Protection and Privacy;
– Configuration and Change Management; and
– IT GRC management across multiple business units, geographies
and IT systems.
• The result is IT governance that is sustainable, cost-
effective, and better aligned to the strategic and
operational demands of the business.
21. 21
GRC
• AN INTEGRATED APPROACH TO
MANAGING GOVERNANCE, RISK, AND
COMPLIANCE
• Drive Business Predictability and
Stakeholder Confidence
22. 22
VULNERABILITY OF
CORPORATE
• Businesses face unprecedented numbers of
legal, regulatory, and business partner
mandates, as well as value chain
requirements.
• How can you control risk, manage
effectively, drive performance, and
ultimately inspire greater stakeholder
confidence?
23. 23
Why An Integrated Approach To
Managing GRC
• Adopt an integrated strategy and a comprehensive
GRC solution.
• To Address all regulatory and business related risks and
achieve compliance at a lower cost.
• To differentiate itself and achieve greater agility by
optimizing your business processes and using risk
intelligence for better decision making.
24. 24
GRC Discipline
• A Definition of Governance, Risk, and
Compliance
• Governance manages the strategic directives a
company wants to follow.
• Risk management assesses the areas of exposure
and potential impacts.
• Compliance is the tactical action to mitigate risk.
25. 25
THE FOUR DEGREES
OF FRAGMENTATION
• GRC activities are typically fragmented across
four dimensions:
• Organization
• Systems
• Regions
• Internal GRC disciplines
28. 28
System Fragmentation
• Most businesses lack GRC information integrity
because governing principles and policies, risk
measurement, and compliance with regulatory
mandates are typically supported by departmental IT
systems.
• Without centralized governance, systems may use
different metrics, standards, and methodologies for
analyzing risk and compliance information, making the
aggregation of data a complex and time-consuming
task.
29. 29
System Fragmentation
• Local process optimization and point solutions
implemented across the enterprise can further isolate
information within systems, resulting in a limited
view of enterprise risk.
• Without an aligned and integrated perspective on
governance to guide risk profiling and mitigation, you
can’t effectively monitor compliance and risk and adjust
business processes to meet changing requirements,
market trends, and regulatory mandates.
31. 31
Regional Fragmentation
• Policies and risks are generally defined and
measured at the local level, without proper
consideration for their impact on the global,
multinational, national, or regional mandates.
• Multitude of jurisdictions can result in tangible
(financial) and intangible (brand and reputation)
consequences.
32. 32
Internal GRC Discipline
Fragmentation
Interrelationship
Between
Governance,
Risk, and
Compliance
Management
33. 33
The High Cost Of A Fragmented
Approach
• From a pure cost perspective, the status quo is simply
too expensive to sustain.
• Only with an organizational view of GRC information
and a comprehensive solution for managing GRC
across the enterprise can you manage with confidence,
improve business predictability, and drive higher
performance.
• A GRC strategy can also be a critical driver of revenue
and competitive advantage because you can accurately
assess the risk of various business decisions.
34. 34
Leverage GRC as a Proactive Business
Optimization Instrument
• The real business value comes from leveraging GRC as a
proactive management instrument – not just in terms of
avoiding the costs of noncompliance, but in terms of driving
revenue and competitive advantage.
• Ultimately, GRC is about seeing the opportunities associated
with a given business change and placing your organization in
the best position to capitalize on those opportunities.
• This requires moving toward tightly integrated business
and IT functions – the key to improving enterprise risk
awareness and response capabilities, as well as recognizing
opportunities.
35. 35
How GRC Software Can Help
• To Address Fragmentation:
• Systems Fragmentation: Seamless within a
heterogeneous IT landscape, integrating with existing
legacy systems and for real-time monitoring of key risk
indicators and compliance activities.
• Organizational Fragmentation: Standardization
• Regional Fragmentation: Scalable and balanced,
objective, real-time view of governance (strategy).
• Discipline Fragmentation: Providing real-time
information to business decision makers.
36. 36
How GRC Software Can Help
• The software should also help you plan
compliance and governance activities so that
they become an extension of risk management,
mitigating risks one task at a time.
• This integrated approach, which is driven by risk
information, also ensures accurate resource
allocation so that you do not inadvertently
focus compliance efforts on areas that are
already strong and overlook hidden areas of
weakness.
37. 37
TURNING REGULATORY REQUIREMENTS
INTO STRATEGIC ADVANTAGE
• With a GRC framework and software solution,
organization can benefit from the following:
• Increased shareholder value
– Good governance is reflected in many intangibles,
including brand and reputation, and it translates directly into
share price premiums.
• Optimized risk-return portfolios
– The GRC framework and software solutions provide the
transparency and insight business decision makers need to
select (and reject) projects based on risk impact and
probability relative to potential return.
38. 38
TURNING REGULATORY REQUIREMENTS
INTO STRATEGIC ADVANTAGE
• Reduced GRC costs
– Transitioning to an integrated GRC approach significantly
reduces the number of people – and the amount of time
required to control and address risk. For compliance in
particular, you can trust accurate compliance processes, which
are enabled by the GRC software solutions.
• Improved business performance and predictability
– The GRC framework enables transparency across your
enterprise and beyond. It gives management a systematic
process for anticipating and controlling risks, and the
tools to proactively determine proper actions and critical
tasks, reducing unacceptable performance variability.
39. 39
TURNING REGULATORY REQUIREMENTS
INTO STRATEGIC ADVANTAGE
• Business sustainability
– GRC provides a clear path to sustainable
compliance and risk management, even as
mandates increase and business models and
processes become more complex.
• Greater Business Agility
– GRC leads to greater business agility and
promotes competitive differentiation.
40. 40
Last word
• IT governance system is no substitute for real leadership.
• Processes can’t command attention that executive give to trusted
peer.
• Systems alone don’t forge common vision or inspire action.
• Lead IT Governance- Don’t lead by it.
• Strong IT leadership needed to bring coherence to the
company's fragmented systems.
• Executive teams with a strong IT leader make better,
faster decisions about technology than do companies
that rely solely on a governance system—no matter
how effective it is.
42. 42
42
Optimize IT
performance through
optimized decision-
making
Effective IT governance
helps organizations cope
with—and leverage—
change
REFERENCE:
http://www-
01.ibm.com/software/tivoli/governanc
e/action/10022008.html
43. 43
43
IBM
IT Governance
Approach
Business
Performance
through IT
Execution
REFERENCE:
http://www.redbooks.ibm.com/redbook
s/pdfs/sg247517.pdf
44. 44
44
Trust and
Competitive
Advantage: An
Integrated
Approach
Dan Tapscott, CEO
New Paradigm Learning
Corporation
REFERENCE:
http://www.newparadigm.com
45. 45
45
The
emerging
role of IT
governance
Lynn M. Mueller, Senior
Consultant, Software Group, IBM,
Software Group
Andrew Phillipson, IT Specialist,
Software Group, IBM, Software
Group
REFERENCE:
http://www.ibm.com/developerworks/rational/library/dec07/mueller_phillipson/index.html#N10293
46. 46
46
Rebuilding
Corporate
Trust: The
emerging
Role of IT
Governance
REFERENCE: Oracle GRC White paper
http://www.oracle.com March 2008
47. 47
SUNIL KOHLI
Indian Defence Accounts Service
Joint Secretary And Financial Adviser
National Disaster Management Authority (NDMA),
and National Disaster Response Force(NDRF),
Government of India, Ministry of Home Affairs, India
# A-1, Safdar Jung Enclave, Opposite AIIMS Trauma Centre,
New Delhi 110 029
Tel: +91 11 26701709 Office
+91 11 26180503 Direct
+91 11 26701715 Fax,
+91 11 26133298 Residence
+91 9868151472 Mobile
E Mail: kohlisk@gmail.com
kohlifandma@gmail.com
skkohli@ndma.gov.in
Website: www.ndma.gov.in
FACEBOOK: http://www.facebook.com/sunilkumarkohli