Upload
sunil-kohli
View
219
Download
0
Embed Size (px)
Citation preview
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
1/48
1
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
2/48
SUNIL KOHLIIndian Defence Accounts Service
Joint Secretary And Financial Adviser
2
at ona saster anagement ut or ty,Ministry Of Home Affairs,India
Rebuilding Corporate Trust:The Essential Role Of IT Governance
11th November 2010
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
3/48
3
Broad Outline: Context
Government, Public Sector Organizations andCorporate are the biggest entitieswhich affects thelives of the citizens and the consumers.
Transparency, Risk and Compliance are the mainattributes to ensureAccountability and Corporate
Social Responsibility. Leveraging Technology by these entities willensure Rebuilding Public Trust in these
organizations.
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
4/48
4
Broad Outline: Role of IT
IT can play an important role in Information Management,
Risk Management, Better Pricing and Accessibility ofProducts and Services and bringing about greater
Trans arenc and ensurin erformance.
In this environment of recession and slow down of economyand fast rate of Technological Obsolescence companies can
drive strategic advantage and overcome competition by
proactive deployment of technology.
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
5/48
5
Issues for Discussion
CRISIS OF CORPORATE TRUST The Essential Role Of IT Governance
Proactive Mana ement of IT Governance
5
to ensure Corporate Trust & profitability.
Integrated Governance, Risk
management, and Compliance (GRC)solutions help improve relations withstakeholders and, ultimately, facilitate trust
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
6/48
CEOs cashed out prior toeconomic crisis
6
CEOs at major US financial and realestate firms converted tens ofmillions of dollars of overvaluedstock into cash prior to the eruptionof the current financial crisis.
Shocking Reality CheckCollapse of Financial Systems
Breed Culture of MachoManagement and Self interestBlock Information and Transparency.
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
7/48
Crisis Of Corporate Trust
Critical Areas For A More Proactive Approach Greater transparency about business practices.
Less risk associated with roducts and services.
7
Better pricing and accessibility of products andservices.
More emphasis on the development of socially andenvironmentally responsible products and services.
Based on McKinsey Research
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
8/48
8
Building Corporate Trust isExpensive but Makes Business Sense
1. Corporations Need to Rebuild andStrengthen Stakeholder Trust
8
. Pursuit of Stakeholder Trust
3. Beyond a License to Operate: Trust
Contributes to Competitive Advantage4. An Integrated Approach to
Transparency is Essential
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
9/48
1.Corporations Need to Rebuildand Strengthen Stakeholder Trust
9
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
10/48
2. Pervasive Fragmentation Complicatesthe Pursuit of Stakeholder Trust
Combating the fragmentation1. Think and act globally.
Geographical, Organizational, and Systems fragmentation complicates the
10
problem
2. Bridge corporate silos.In the absence of integration, interactions are at best suboptimal
3. Use technology to improve information flows. Disconnects multiply with the volume and complexity of the information
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
11/48
3. Beyond a License to Operate: Trust Contributesto Competitive Advantage
Strategic investment in compliance tocompetitive advantage
11
improved business intelligence and
optimized decision making.
The essential ingredient of trust:Transparencyand specifically; InformationLiquidity, can have a significant business
impact.
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
12/48
4. An Integrated Approach toTransparency is Essential
Need to embed the appropriate behaviorsinto the organizations culture, processes,
12
.
An integrated GRC strategy becomes initself a differentiator.
Governance and Compliance ensures
Conformance; Risk to mitigate losses.
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
13/48
4. An Integrated Approach toTransparency is Essential
Honesty:Access to a true data.
Accountability:Accountability ensures that commitments arecaptured and acted upon. Clear lines of responsibility make it
13
ar er o pass e uc .
Transparency:The organization cant be transparent unless it
has systems that enable the communication of pertinentinformation to stakeholders in an accessible format.
Integrated GRC leverages your existing information technologyinvestments; Makes your efforts scalable and Enables new typesof collaboration.
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
14/48
5. Conclusion
An integrated approach to governance, riskmanagement, and compliance has several benefits:
Lower costs; Better leverage of existing investments;
14
New scale for information sharing initiatives; Support for new innovations; and
Unprecedented levels of collaboration and coordination.
Holistic approach that marries business considerations withstakeholder interests is the right manrta.
Implement an Executive Cross Functional
Governance Structure
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
15/48
Distinctive Features Of IT
Trusted Interface
Critical Business Enabler
15
Reduces Costs by Optimizing Resources
Managing risks associated with data security and
regulatory compliance.
Integrate different departments and disparate
internal controls systems
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
16/48
Distinctive Features Of IT
Ubiquitous Application Dramatic Rate of Cost Decline
Universal Ownership
16
Exponential Growth
Flexibility and scalability
Shrinkage of Geographical Distance through
Networks. Revenue Generator
Cost Cutting Engine
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
17/48
WHY INFORMATION TECHNOLOGY?
Capable of comprehensive holistic IT Governance approach:Bridge Functional Silos.
Easy to adapt C3I Approach
17
Coordination; Communication; Collaboration; andIntegration
Process of Mutualism Collaborative Decision Making andimplementation to optimize Performance
Eliminate Ad Hoc Setup and Human Errors.
Overcome DRIP Syndrome
Align IT controls to corporate policies, and corporate policies to
regulations.
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
18/48
IT GOVERNANCE
Definitions
Effective IT governance helps ensure that IT
18
,investment in IT, and appropriately manages IT-related risk and opportunities.
IT Governance Institute
Framework with Structures, Processes & Policies that
governs how a business make IT Decisions & who within
the organization makes them.
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
19/48
IT GOVERNANCE APPROACH
A holistic approach to IT governanceThat encompasses all dimensions of their IT-related
activities.
19
Spanning all layers of a companys IT infrastructure
Addresses an organizations entire compliance, riskand security requirements using the same toolset.
Reduce complexity arising from Globalization andProliferation of off-shoring and outsourcingarrangements.
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
20/48
HOLISTIC APPROACH TOIT GOVERNANCE
Enables companies to dynamically manage and monitorkey IT enabled GRC activities such as: -
Information Protection and Privacy;
20
Configuration and Change Management; and IT GRC management across multiple business units, geographies
and IT systems.
The result is IT governance that is sustainable, cost-effective, and better aligned to the strategic andoperational demands of the business.
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
21/48
GRC
AN INTEGRATED APPROACH TOMANAGING GOVERNANCE, RISK, AND
COMPLIANCE
21
Drive Business Predictability andStakeholder Confidence
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
22/48
VULNERABILITY OFCORPORATE
Businesses face unprecedented numbers oflegal, regulatory, and business partner
22
,
requirements.
How can you control risk, manage
effectively, drive performance, andultimately inspire greater stakeholder
confidence?
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
23/48
Why An Integrated Approach ToManaging GRC
Adopt an integrated strategy and a comprehensiveGRC solution.
To Address all regulatory and business related risks and
23
achieve compliance at a lower cost. To differentiate itself and achieve greater agility by
optimizing your business processes and using risk
intelligence for better decision making.
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
24/48
GRC Discipline
A Definition of Governance, Risk, andCompliance
24
company wants to follow.
Risk management assesses the areas of exposure
and potential impacts. Compliance is the tactical action to mitigate risk.
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
25/48
THE FOUR DEGREESOF FRAGMENTATION
GRC activities are typically fragmented acrossfour dimensions:
25
Systems
Regions
Internal GRC disciplines
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
26/48
Organizational Fragmentation
26
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
27/48
System Fragmentation
27
28
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
28/48
System Fragmentation
Most businesses lack GRC information integritybecause governing principles and policies, risk
measurement, and compliance with regulatory
28
man ates are typ ca y supporte y epartmentasystems.
Without centralized governance, systems may use
different metrics, standards, and methodologies foranalyzing risk and compliance information, making the
aggregation of data a complex and time-consuming
task.
29
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
29/48
System Fragmentation
Local process optimization andpoint solutionsimplemented across the enterprise can further isolate
information within systems, resulting in a limited
29
v ew o enterpr se r s . Without an aligned and integrated perspective on
governance to guide risk profiling and mitigation, you
cant effectively monitor compliance and risk and adjustbusiness processes to meet changing requirements,
market trends, and regulatory mandates.
30
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
30/48
Regional Fragmentation
30
Fragmentation by Geography and Jurisdiction
31
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
31/48
Regional Fragmentation
Policies and risks are generallydefined andmeasured at the local level,without properconsideration for their im act on the lobal
31
multinational, national, or regional mandates. Multitude of jurisdictions can result in tangible
(financial) and intangible (brand and reputation)consequences.
32
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
32/48
Internal GRC DisciplineFragmentation
InterrelationshipBetween
Governance,
32
Risk, andCompliance
Management
33
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
33/48
The High Cost Of A FragmentedApproach
From a pure cost perspective, the status quo is simplytoo expensive to sustain.
Only with an organizational view of GRC information
and a comprehensive solution for managing GRCacross the enterprise can you manage with confidence,
improve business predictability, and drive higher
performance. A GRC strategy can also be a critical driver of revenue
and competitive advantage because you can accurately
assess the risk of various business decisions.
34
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
34/48
Leverage GRC as a Proactive BusinessOptimization Instrument
The real business value comes from leveraging GRC as a
proactive management instrument not just in terms ofavoiding the costs of noncompliance, but in terms of drivingrevenue and com etitive advanta e.
Ultimately, GRC is about seeing the opportunities associatedwith a given business change and placing your organization in
the best position to capitalize on those opportunities.
This requires moving toward tightly integrated businessand IT functions the key to improving enterprise risk
awareness and response capabilities, as well as recognizing
opportunities.
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
35/48
36
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
36/48
How GRC Software Can Help
The software should also help you plancompliance and governance activities so thatthey become an extension of risk management,
mitigating risks one task at a time. This integrated approach, which is driven by risk
information, also ensures accurate resource
allocation so that you do not inadvertentlyfocus compliance efforts on areas that are
already strong and overlook hidden areas ofweakness.
37
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
37/48
TURNING REGULATORY REQUIREMENTSINTO STRATEGIC ADVANTAGE
With a GRC framework and software solution,organization can benefit from the following:
Increased shareholder value
Good governance is reflected in many intangibles,including brand and reputation, and it translates directly intoshare price premiums.
Optimized risk-return portfolios
The GRC framework and software solutions provide thetransparency and insight business decision makers need to
select (and reject) projects based on risk impact and
probability relative to potential return.
38
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
38/48
TURNING REGULATORY REQUIREMENTSINTO STRATEGIC ADVANTAGE
Reduced GRC costs
Transitioning to an integrated GRC approach significantlyreduces the number of people and the amount of time
.
particular, you can trust accurate compliance processes, whichare enabled by the GRC software solutions.
Improved business performance and predictability
The GRC framework enables transparency across yourenterprise and beyond. It gives management a systematic
process for anticipating and controlling risks, and thetools to proactively determine proper actions and critical
tasks, reducing unacceptable performance variability.
39
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
39/48
TURNING REGULATORY REQUIREMENTSINTO STRATEGIC ADVANTAGE
Business sustainability GRC provides a clear path to sustainable
com liance and risk mana ement, even as
mandates increase and business models andprocesses become more complex.
Greater Business Agility
GRC leads to greater business agility andpromotes competitive differentiation.
40
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
40/48
Last word
IT governance system is no substitute for real leadership.
Processes cant command attention that executive give to trustedpeer.
ys ems a one on orge common v s on or nsp re ac on.
Lead IT Governance- Dont lead by it.
Strong IT leadership needed to bring coherence to the
company's fragmented systems.
Executive teams with a strong IT leader make better,faster decisions about technology than do companies
that rely solely on a governance systemno matter
how effective it is.
41
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
41/48
REFERENCE
424242
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
42/48
Optimize IT
performance through
optimized decision-making
Effective IT governance
helps organizations copewithand leverage
change
REFERENCE:http://www-01.ibm.com/software/tivoli/governanc
e/action/10022008.html
4343
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
43/48
IBMIT Governance
ApproachBusiness
er ormance
through IT
Execution
REFERENCE:http://www.redbooks.ibm.com/redbooks/pdfs/sg247517.pdf
4444
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
44/48
Trust andCompetitive
Advantage: AnIntegrated
pproacDan Tapscott, CEONew Paradigm Learning
Corporation
REFERENCE:http://www.newparadigm.com
45
4545
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
45/48
The
emerging
governanceLynn M. Mueller, Senior
Consultant, Software Group, IBM,
Software GroupAndrew Phillipson, IT Specialist,
Software Group, IBM, Software
Group
REFERENCE:http://www.ibm.com/developerworks/rational/library/dec07/mueller_phillipson/index.html#N10293
464646
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
46/48
RebuildingCorporate
Trust: The
Role of IT
GovernanceOracle GRC White paperMarch 2008
REFERENCE:http://www.oracle.com
47
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
47/48
SUNIL KOHLIIndian Defence Accounts ServiceJoint Secretary And Financial Adviser
National Disaster Management Authority (NDMA),and National Disaster Response Force(NDRF),Government of India, Ministry of Home Affairs, India# A-1, Safdar Jung Enclave, Opposite AIIMS Trauma Centre,
New Delhi 110 029
Tel: +91 11 26701709 Office
+91 11 26180503 Direct+91 11 26701715 Fax,+91 11 26133298 Residence+91 9868151472 Mobile
E Mail: [email protected]
[email protected]@ndma.gov.inWebsite:www.ndma.gov.inFACEBOOK: http://www.facebook.com/sunilkumarkohli
48
8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance
48/48