TOP 10 TECHNOLOGY INITIATIVES © 2013 - Robert G. Parker S-1 3. Enabling Decision Support and...

TOP 10 TECHNOLOGY INITIATIVES

© 2013 - Robert G. ParkerS-1

3. Enabling Decision Support and Analytics

Issues

Implementing Effective Analytics Software

Monitoring Data Sources

Ensuring Data Accuracy

Authentication and Integrity

Creating Utility From Multi-Sourced Data

Designing Effective Reports

Risks - IssuesLoss or mis-handling of sensitive confidential information

Inability to operate (DOS)

Customer hostility, law suits over data compromises

Customer expectations may be unmet or compromised

The need exists to analyze large volumes of data in short times in a cost effective manner.

Engaging a team of specialists to conduct an exhaustive study is likely not the answer; the opportunity will be lost before the study is complete




Trends

Visualization - Reporting Using Graphical Presentations

Active DSS - Decision Support Systems that Provide Interactive Software-based Solutions

DSS Tools - Compile useful information from a combination of raw data, documents, and personal knowledge, or business models to identify and solve problems and make decisions.

Decision Management Tools - Software that can analyze multi sourced data, determine possible solution, assess those solutions against predetermined criteria, including legislative, regulatory, policy or other constraints and determine a course of action



Where to Start

Know what data you haveKnow where it is storedKnow how it is storedKnow when and how it can be usedKnow how to access itKnow the tools to analyze the data

You also want to know its source, how reliable it is

and can I replicate it.

Know what you want to accomplish

Identify the information needed to make those decisions

Know what decisions have to be made

Identify the source of the information (Internal, external, etc.)

Obtain the required data

Before You Start




DSS and Analytics tools may also be classified by their key drivers; data, documents, knowledge, model and communications:

• Data - emphasize access to and manipulation of internal company data and external data usually in a time series analysis

• Documents – software that manages, retrieves, and manipulates unstructured information in a variety of electronic formats.

• Knowledge – software that provides specialized analysis and problem solving expertise stored as facts, rules, procedures, or in similar structures

• Models – software that provides access to and manipulation of a statistical and financial information through optimization or simulation modeling

• Communications – software that supports more than one person working on a shared task

DSS Tools Classification




Decision Management Tools







While ranking 3rd in importance, only 33% of the respondents felt confident in their ability to adequately address the adoption of decision support and analytics tools

Issues

DSS solutions subjected to a “reality check” to ensure proposed solutions :

• Meet entity standards

• Are feasible and achievable

• Can be undertaken within the entity’s risk profile and financial imperatives

Subject the DM software to a rigorous review and testing to ensure the criteria have been correctly programmed; usually through tables or questionnaire choices and that it operates correctly



4. Managing IT Risk and Compliance

The GRC – Governance, Risk and Compliance Community has Gained Prominence Due to an Onslaught of legislation and Regulatory Requirements

Governance is the overall approach that the board and management take to guiding the organization.

Managing risk involves the processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization's business objectives. Legal and regulatory compliance risks are key issues in GRC.

Compliance involves the processes which identify requirements such as laws, regulations, contracts, strategies and policies and the risks of non-compliance. It also involves assessing the state of compliance and the risk of non-compliance.



“The complexities of IT and its interconnectedness to so many areas of the business leave organizations more vulnerable than ever to inherent risks”

Source: IBM white paper on aligning information technology strategy with business goals.

Reliance on IT is pervasive

IT must Align their Risk and Compliance Strategy with That of the Enterprise

Risk Identification

Risk Occurrence Likelihood

Risk Impact

Risk Mitigation

Alternatives

Risk Mitigation Strategy





New Technologies (Mobile devices) and New Uses of Technologies (BYOD) Bring Increased Risks

IT is Continually Evolving

The IT Risk and Compliance Program Must Continually Evolve

Stainable Compliance Will Only be Achieved if Risk and Compliance Activities Become Integral Components of Standard Operating Procedures




The 2013 survey indicated an overall confidence level of 57%, tied in first place with Managing and Retaining Data.

The Respondents Were Not as Confident with their Risk and Compliance Initiatives:

• 41% agreed or strongly agreed - “adequately deploy automated controls to achieve separation of duties and avoid any potential for management override within systems”

• 39% agreed or strongly agreed - “adequately monitor the effectiveness of their IT-related internal controls”



Survey Results


Effectively monitoring the effectiveness of its IT-related internal controls

Able to adequately deploy automated controls to achieve separation of duties and avoid any potential for management override within systems

Conducted an IT risk assessment appropriate to the level of complexity of the IT environment

39%

41%

53%

Good understanding of the appropriate regulatory and compliance requirements related to IT for its size of organization and industry 57%



Survey Results


59%Appropriately designed its policies and internal controls to reduce its IT-related risks to an appropriate level

67%Understands the risks associated with Information Technology (IT)

With Only 57% Indicating the business had a good understanding of the appropriate regulatory and compliance requirements related to IT for its size of organization and industry AndOnly 53% have conducted an IT risk assessment appropriate to the level of complexity of the IT environment

“Risk and Compliance” Requires Additional Attention



Security Oriented Guide to Obtain Compliance with HIPAA Requirements


NIST 800-66

Good Source of Reviewing a Compliance Methodology

http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf

Provides Sample Forms

117 Pages

http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf



5. Governing and Managing IT Investment and Spending

“the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.”

IT Governance is:

Source: IT Governance Institute

ITGI, Board Briefing on IT Governance

www.isaca.org




Corporate financial failures and the financial crisis in 2008 have highlighted enterprise governance issues

Enterprise-wide or corporate governance is the systems by which organizations are directed and controlled – Source OECD

Corporate governance:• provides structure, allocates roles and responsibilities amongst

stakeholders (board, management, etc.)

• sets the tone by which the organization is directed and managed

• establishes objectives, goals, values and culture

• establishes rules and procedures

• establishes metrics and monitoring processes




The IT Governance Model Encompasses

• Strategic Alignment

• Value Delivery

• Risk Management

• Resource Management

• Performance Measurement

Strate

gic

Alignm

ent

Value Delivery

Ris

k M

anag

emen

t

Resource Management

Performance

Measurem

entIT IT

GovernanceGovernanceDomainsDomains

Strate

gic

Alignm

ent

Value Delivery

Ris

k M

anag

emen

t

Resource Management

Performance

Measurem

entIT IT

GovernanceGovernanceDomainsDomains




IT Governance Control Cycle




Executive (CISO) Responsibilities For IT Security Governance


Source: Deloitte 2013 Financial Services Security Survey – P15

Information Security, Strategy and Planning

Information Security Policies, Procedures and Standards

83.2%

82.1%

Information Security Compliance and Monitoring 75.6%

Information Security Incident Management 71.4%

Information Security Risk Assessments 71.0%

Chief Information Security Officers




Overall Confidence 41.8%

Appropriately analyzing the value (e.g. ROI, EVA) of our IT investment portfolio

Strong alignment between the IT strategy and the organization’s mission/strategic plan

29%

38%

Clearly management and the board should assess their role in governing and managing the IT function to drive

greater value from their IT investments




IT Governance is designed to ensure that IT resources are effectively employed in a manner that enhances value and supports the enterprise in achieving its vision and mission (IT Governance Institute)

The CICA/CPA Canada has published a number of IT Governance books in their 20 Questions series

An effective IT Governance program ensures that the enterprise: • benefits from IT expenditures, • provides enhanced customer experiences, • remains competitive within their industry and • challenges business practices to create new business models

Date post:	28-Dec-2015
Category:	Documents
Upload:	luke-james
View:	213 times
Download:	0 times