Date post: | 28-Dec-2015 |
Category: |
Documents |
Upload: | luke-james |
View: | 213 times |
Download: | 0 times |
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-1
3. Enabling Decision Support and Analytics
Issues
Implementing Effective Analytics Software
Monitoring Data Sources
Ensuring Data Accuracy
Authentication and Integrity
Creating Utility From Multi-Sourced Data
Designing Effective Reports
Risks - IssuesLoss or mis-handling of sensitive confidential information
Inability to operate (DOS)
Customer hostility, law suits over data compromises
Customer expectations may be unmet or compromised
The need exists to analyze large volumes of data in short times in a cost effective manner.
Engaging a team of specialists to conduct an exhaustive study is likely not the answer; the opportunity will be lost before the study is complete
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-2
3. Enabling Decision Support and Analytics
Trends
Visualization - Reporting Using Graphical Presentations
Active DSS - Decision Support Systems that Provide Interactive Software-based Solutions
DSS Tools - Compile useful information from a combination of raw data, documents, and personal knowledge, or business models to identify and solve problems and make decisions.
Decision Management Tools - Software that can analyze multi sourced data, determine possible solution, assess those solutions against predetermined criteria, including legislative, regulatory, policy or other constraints and determine a course of action
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-3
Where to Start
Know what data you haveKnow where it is storedKnow how it is storedKnow when and how it can be usedKnow how to access itKnow the tools to analyze the data
You also want to know its source, how reliable it is
and can I replicate it.
Know what you want to accomplish
Identify the information needed to make those decisions
Know what decisions have to be made
Identify the source of the information (Internal, external, etc.)
Obtain the required data
Before You Start
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-4
3. Enabling Decision Support and Analytics
DSS and Analytics tools may also be classified by their key drivers; data, documents, knowledge, model and communications:
• Data - emphasize access to and manipulation of internal company data and external data usually in a time series analysis
• Documents – software that manages, retrieves, and manipulates unstructured information in a variety of electronic formats.
• Knowledge – software that provides specialized analysis and problem solving expertise stored as facts, rules, procedures, or in similar structures
• Models – software that provides access to and manipulation of a statistical and financial information through optimization or simulation modeling
• Communications – software that supports more than one person working on a shared task
DSS Tools Classification
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-5
3. Enabling Decision Support and Analytics
Decision Management Tools
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-6
3. Enabling Decision Support and Analytics
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-7
3. Enabling Decision Support and Analytics
While ranking 3rd in importance, only 33% of the respondents felt confident in their ability to adequately address the adoption of decision support and analytics tools
Issues
DSS solutions subjected to a “reality check” to ensure proposed solutions :
• Meet entity standards
• Are feasible and achievable
• Can be undertaken within the entity’s risk profile and financial imperatives
Subject the DM software to a rigorous review and testing to ensure the criteria have been correctly programmed; usually through tables or questionnaire choices and that it operates correctly
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-8
4. Managing IT Risk and Compliance
The GRC – Governance, Risk and Compliance Community has Gained Prominence Due to an Onslaught of legislation and Regulatory Requirements
Governance is the overall approach that the board and management take to guiding the organization.
Managing risk involves the processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization's business objectives. Legal and regulatory compliance risks are key issues in GRC.
Compliance involves the processes which identify requirements such as laws, regulations, contracts, strategies and policies and the risks of non-compliance. It also involves assessing the state of compliance and the risk of non-compliance.
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-9
“The complexities of IT and its interconnectedness to so many areas of the business leave organizations more vulnerable than ever to inherent risks”
Source: IBM white paper on aligning information technology strategy with business goals.
Reliance on IT is pervasive
IT must Align their Risk and Compliance Strategy with That of the Enterprise
Risk Identification
Risk Occurrence Likelihood
Risk Impact
Risk Mitigation
Alternatives
Risk Mitigation Strategy
4. Managing IT Risk and Compliance
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-10
4. Managing IT Risk and Compliance
New Technologies (Mobile devices) and New Uses of Technologies (BYOD) Bring Increased Risks
IT is Continually Evolving
The IT Risk and Compliance Program Must Continually Evolve
Stainable Compliance Will Only be Achieved if Risk and Compliance Activities Become Integral Components of Standard Operating Procedures
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-11
4. Managing IT Risk and Compliance
The 2013 survey indicated an overall confidence level of 57%, tied in first place with Managing and Retaining Data.
The Respondents Were Not as Confident with their Risk and Compliance Initiatives:
• 41% agreed or strongly agreed - “adequately deploy automated controls to achieve separation of duties and avoid any potential for management override within systems”
• 39% agreed or strongly agreed - “adequately monitor the effectiveness of their IT-related internal controls”
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-12
Survey Results
4. Managing IT Risk and Compliance
Effectively monitoring the effectiveness of its IT-related internal controls
Able to adequately deploy automated controls to achieve separation of duties and avoid any potential for management override within systems
Conducted an IT risk assessment appropriate to the level of complexity of the IT environment
39%
41%
53%
Good understanding of the appropriate regulatory and compliance requirements related to IT for its size of organization and industry 57%
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-13
Survey Results
4. Managing IT Risk and Compliance
59%Appropriately designed its policies and internal controls to reduce its IT-related risks to an appropriate level
67%Understands the risks associated with Information Technology (IT)
With Only 57% Indicating the business had a good understanding of the appropriate regulatory and compliance requirements related to IT for its size of organization and industry AndOnly 53% have conducted an IT risk assessment appropriate to the level of complexity of the IT environment
“Risk and Compliance” Requires Additional Attention
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-14
Security Oriented Guide to Obtain Compliance with HIPAA Requirements
4. Managing IT Risk and Compliance
NIST 800-66
Good Source of Reviewing a Compliance Methodology
http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf
Provides Sample Forms
117 Pages
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-15
5. Governing and Managing IT Investment and Spending
“the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.”
IT Governance is:
Source: IT Governance Institute
ITGI, Board Briefing on IT Governance
www.isaca.org
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-16
5. Governing and Managing IT Investment and Spending
Corporate financial failures and the financial crisis in 2008 have highlighted enterprise governance issues
Enterprise-wide or corporate governance is the systems by which organizations are directed and controlled – Source OECD
Corporate governance:• provides structure, allocates roles and responsibilities amongst
stakeholders (board, management, etc.)
• sets the tone by which the organization is directed and managed
• establishes objectives, goals, values and culture
• establishes rules and procedures
• establishes metrics and monitoring processes
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-17
5. Governing and Managing IT Investment and Spending
The IT Governance Model Encompasses
• Strategic Alignment
• Value Delivery
• Risk Management
• Resource Management
• Performance Measurement
Strate
gic
Alignm
ent
Value Delivery
Ris
k M
anag
emen
t
Resource Management
Performance
Measurem
entIT IT
GovernanceGovernanceDomainsDomains
Strate
gic
Alignm
ent
Value Delivery
Ris
k M
anag
emen
t
Resource Management
Performance
Measurem
entIT IT
GovernanceGovernanceDomainsDomains
Source: IT Governance Institute
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-18
IT Governance Control Cycle
Source: IT Governance Institute
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-19
Executive (CISO) Responsibilities For IT Security Governance
5. Governing and Managing IT Investment and Spending
Source: Deloitte 2013 Financial Services Security Survey – P15
Information Security, Strategy and Planning
Information Security Policies, Procedures and Standards
83.2%
82.1%
Information Security Compliance and Monitoring 75.6%
Information Security Incident Management 71.4%
Information Security Risk Assessments 71.0%
Chief Information Security Officers
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-20
5. Governing and Managing IT Investment and Spending
Overall Confidence 41.8%
Appropriately analyzing the value (e.g. ROI, EVA) of our IT investment portfolio
Strong alignment between the IT strategy and the organization’s mission/strategic plan
29%
38%
Clearly management and the board should assess their role in governing and managing the IT function to drive
greater value from their IT investments
TOP 10 TECHNOLOGY INITIATIVES
© 2013 - Robert G. ParkerS-21
5. Governing and Managing IT Investment and Spending
IT Governance is designed to ensure that IT resources are effectively employed in a manner that enhances value and supports the enterprise in achieving its vision and mission (IT Governance Institute)
The CICA/CPA Canada has published a number of IT Governance books in their 20 Questions series
An effective IT Governance program ensures that the enterprise: • benefits from IT expenditures, • provides enhanced customer experiences, • remains competitive within their industry and • challenges business practices to create new business models