Impact of Big Data, Cloud, Mobile
and Regulatory Pressure on your IT Risk and Governance Model.
In the recent IBM CIO survey, the earlier released Reputational Risk and IT Study and Global IT Risk Study, topics such as Big Data,
and Regulatory pressure are top of mind for many CIOs.
How can we understand the impact of all this on the business processes that the
CIO must support these days? Why are so many organizations struggling with
implementing IT GRC programs?
Simply, the impact of all these topics is huge and cannot be handled in silos
any more. Not because of the high cost it will bring and not because you cannot
consolidate the risk impact over these silos. I have clients that spent over
140 hours per week on manual control testing in different systems. This can be
automated and reduced near to zero. The effect of having it in one system will
give you a consolidated view on your IT risk landscape at any time.
Many organizations struggle to implement IT GRC programs because:
- there is no centralized repository to hold all the standards, policies and
- it is impossible to prioritize risks across the IT organization and to report
- there are many redundant controls, and a complex risk and control infrastructure
- there is no relation / correlation between standards, policies, procedures,
laws and regulations
- there is a lot of manual data collection, and impossible to cosolidate
- there is no mapping and no understanding of IT resources, threats &
vulnerabilities and incidents
To give you an idea of some of the benefits of the breaking down these silos:
1. IBM decreased its own IT risk cycle by 30% by implementing an integrated IT
This 30% decrease was established by optimizing and
automating the risk process, end users are now able to complete the whole risk
cycle in one platform with risk identification, risk assessment, risk
management, risk reporting (real time!) and risk monitoring.
2. Customer decreased their manual IT control test
effort with 140 hours per week only for Segregation of Duties and access
management. This was done by automating control tests.
The regulatory pressure (Cobit, ISO27k, ITIL) on information security forces
organizations to perform hundreds of IT controls in different IT systems. IBM
has developed a set of 100 controls in user management, access management,
segregation of duties and change management and has automated these controls
which reduce the manual work near to zero and gives instant overview of compliance
status and the issues that were found. The controls can reside in disparate
systems but are all reported back into one platform.
As you see there is a lot to win if you take an integrated approach to IT
Governance, Risk and Compliance.
IBM has always set the standard in IT Goverance by supplying its customers with
solutions in (cyber)security, identity management, access management,
scalability, failover, disaster recovery, business continuity management, IT
process optimization, and IT Governance. All this is now being complemented
with IT Goverance, Risk and Compliance documentation, monitoring and reporting
in Business Analytics (through IBM OpenPages).
What can we bring to the table?
IBM can deliver one integrated platform for
- IT GRC operations management and
- Data governance
- IT GRC execution
- IT GRC management
- IT GRC analytics
post by Erwin Boeren
Senior Governance, Risk & Compliance specialist IBM
Twitter : https://twitter.com/#!/erwinboeren
LinkedIn : http://nl.linkedin.com/pub/erwin-boeren/0/a24/79b