Transcript Document

TOP 10 TECHNOLOGY INITIATIVES
3. Enabling Decision Support and Analytics
The need exists to analyze large volumes of data in short times in a
cost effective manner.
Engaging a team of specialists to conduct an exhaustive study is
likely not the answer; the opportunity will be lost before the study is
complete
Issues
Implementing Effective Analytics Software
Monitoring Data Sources
Inability to operate (DOS)
Ensuring Data Accuracy
Authentication and Integrity
Creating Utility From Multi-Sourced Data
Designing Effective Reports
S-1
Risks - Issues
Loss or mis-handling of sensitive
confidential information
© 2013 - Robert G. Parker
Customer hostility, law suits over
data compromises
Customer expectations may be
unmet or compromised
TOP 10 TECHNOLOGY INITIATIVES
3. Enabling Decision Support and Analytics
Trends
Visualization - Reporting Using Graphical Presentations
Active DSS - Decision Support Systems that Provide Interactive
Software-based Solutions
DSS Tools - Compile useful information from a combination of raw data,
documents, and personal knowledge, or business models to identify and
solve problems and make decisions.
Decision Management Tools - Software that can analyze multi sourced
data, determine possible solution, assess those solutions against
predetermined criteria, including legislative, regulatory, policy or other
constraints and determine a course of action
S-2
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
Where to Start
Know what you want to accomplish
Know what decisions have to be made
Identify the information needed to make those decisions
Identify the source of the information (Internal, external, etc.)
Obtain the required data
Before You Start
S-3
Know what data you have
Know where it is stored
Know how it is stored
Know when and how it can be used
Know how to access it
Know the tools to analyze the data
© 2013 - Robert G. Parker
You also want to
know its source,
how reliable it is
and can I
replicate it.
TOP 10 TECHNOLOGY INITIATIVES
3. Enabling Decision Support and Analytics
DSS Tools Classification
DSS and Analytics tools may also be classified by their key drivers; data,
documents, knowledge, model and communications:
• Data - emphasize access to and manipulation of internal company data and
external data usually in a time series analysis
• Documents – software that manages, retrieves, and manipulates
unstructured information in a variety of electronic formats.
• Knowledge – software that provides specialized analysis and problem
solving expertise stored as facts, rules, procedures, or in similar structures
• Models – software that provides access to and manipulation of a statistical
and financial information through optimization or simulation modeling
• Communications – software that supports more than one person working
on a shared task
S-4
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
3. Enabling Decision Support and Analytics
Decision
Management
Tools
S-5
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
3. Enabling Decision Support and Analytics
S-6
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
3. Enabling Decision Support and Analytics
Issues
DSS solutions subjected to a “reality check” to ensure proposed solutions :
• Meet entity standards
• Are feasible and achievable
• Can be undertaken within the entity’s risk profile and financial imperatives
Subject the DM software to a rigorous review and testing to ensure the criteria
have been correctly programmed; usually through tables or questionnaire
choices and that it operates correctly
While ranking 3rd in importance, only 33% of the respondents felt
confident in their ability to adequately address the adoption of
decision support and analytics tools
S-7
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
4. Managing IT Risk and Compliance
The GRC – Governance, Risk and Compliance Community has Gained
Prominence Due to an Onslaught of legislation and Regulatory Requirements
Governance is the overall approach that the board and management take to
guiding the organization.
Managing risk involves the processes through which management
identifies, analyzes, and, where necessary, responds appropriately to risks
that might adversely affect realization of the organization's business
objectives. Legal and regulatory compliance risks are key issues in GRC.
Compliance involves the processes which identify requirements such as
laws, regulations, contracts, strategies and policies and the risks of noncompliance. It also involves assessing the state of compliance and the risk
of non-compliance.
S-8
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
4. Managing IT Risk and Compliance
“The complexities of IT and its interconnectedness to so many areas
of the business leave organizations more vulnerable than ever to
inherent risks”
Source: IBM white paper on aligning information technology strategy with business goals.
Reliance on IT is pervasive
IT must Align their Risk and Compliance Strategy with That of the
Enterprise
Risk
Identification
Risk
Occurrence
Likelihood
Risk
Impact
Risk Mitigation Strategy
S-9
© 2013 - Robert G. Parker
Risk
Mitigation
Alternatives
TOP 10 TECHNOLOGY INITIATIVES
4. Managing IT Risk and Compliance
New Technologies (Mobile devices) and New Uses of Technologies
(BYOD) Bring Increased Risks
IT is Continually Evolving
The IT Risk and Compliance Program Must Continually Evolve
Stainable Compliance Will Only be Achieved if Risk and Compliance
Activities Become Integral Components of Standard Operating Procedures
S-10
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
4. Managing IT Risk and Compliance
The 2013 survey indicated an overall confidence level of 57%, tied
in first place with Managing and Retaining Data.
The Respondents Were Not as Confident with their Risk and Compliance
Initiatives:
• 39% agreed or strongly agreed - “adequately monitor the effectiveness
of their IT-related internal controls”
• 41% agreed or strongly agreed - “adequately deploy automated
controls to achieve separation of duties and avoid any potential for
management override within systems”
S-11
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
4. Managing IT Risk and Compliance
Survey Results
Effectively monitoring the effectiveness of
its IT-related internal controls
39%
Able to adequately deploy automated controls to
achieve separation of duties and avoid any potential
for management override within systems
41%
Conducted an IT risk assessment appropriate to the level of
complexity of the IT environment
Good understanding of the appropriate regulatory and compliance
requirements related to IT for its size of organization and industry
S-12
© 2013 - Robert G. Parker
53%
57%
TOP 10 TECHNOLOGY INITIATIVES
4. Managing IT Risk and Compliance
Survey Results
Appropriately designed its policies and internal controls to
reduce its IT-related risks to an appropriate level
59%
Understands the risks associated with Information Technology (IT)
67%
With Only 57% Indicating the business had a good understanding of the
appropriate regulatory and compliance requirements related to IT for its
size of organization and industry
And
Only 53% have conducted an IT risk assessment appropriate to the level
of complexity of the IT environment
“Risk and Compliance” Requires Additional Attention
S-13
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
4. Managing IT Risk and Compliance
NIST 800-66
Security Oriented Guide to Obtain
Compliance with HIPAA Requirements
Good Source of Reviewing a
Compliance Methodology
Provides Sample Forms
117 Pages
S-14
http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
5. Governing and Managing IT Investment and Spending
IT Governance is:
ITGI, Board Briefing on IT Governance
“the responsibility of the board of
directors and executive management.
It is an integral part of enterprise
governance and consists of the
leadership and organizational
structures and processes that ensure
that the organization’s IT sustains and
extends the organization’s strategies
and objectives.”
Source: IT Governance Institute
www.isaca.org
S-15
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
5. Governing and Managing IT Investment and Spending
Corporate financial failures and the financial crisis in 2008 have
highlighted enterprise governance issues
Enterprise-wide or corporate governance is the systems by which
organizations are directed and controlled – Source OECD
Corporate governance:
• provides structure, allocates roles and responsibilities amongst
stakeholders (board, management, etc.)
• sets the tone by which the organization is directed and managed
• establishes objectives, goals, values and culture
• establishes rules and procedures
• establishes metrics and monitoring processes
S-16
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
5. Governing and Managing IT Investment and Spending
The IT Governance Model Encompasses
• Strategic Alignment
ance t
orm
n
Perf ureme
s
Mea
• Risk Management
• Resource Management
• Performance Measurement
Governance
Domains
Resource
Management
R
Man isk
a ge m
• Value Delivery
ent
V
ic t D alu
g
eli e
te en
a
ve
r
ry
St ignm
l
A
IT
Source: IT Governance Institute
S-17
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
IT Governance Control Cycle
S-18
Source: IT Governance Institute
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
5. Governing and Managing IT Investment and Spending
Executive (CISO) Responsibilities For IT Security Governance
83.2%
Information Security, Strategy and Planning
82.1%
Information Security Policies, Procedures and Standards
Information Security Compliance and Monitoring
Information Security Incident Management
S-19
71.4%
71.0%
Information Security Risk Assessments
Chief Information Security Officers
75.6%
Source: Deloitte 2013 Financial Services Security Survey – P15
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
5. Governing and Managing IT Investment and Spending
Appropriately analyzing the value (e.g.
ROI, EVA) of our IT investment portfolio
29%
Strong alignment between the IT strategy and the
organization’s mission/strategic plan
38%
Overall Confidence 41.8%
Clearly management and the board should assess their
role in governing and managing the IT function to drive
greater value from their IT investments
S-20
© 2013 - Robert G. Parker
TOP 10 TECHNOLOGY INITIATIVES
5. Governing and Managing IT Investment and Spending
IT Governance is designed to ensure that IT resources are
effectively employed in a manner that enhances value and
supports the enterprise in achieving its vision and mission (IT
Governance Institute)
The CICA/CPA Canada has published a number of IT Governance
books in their 20 Questions series
An effective IT Governance program ensures that the enterprise:
• benefits from IT expenditures,
• provides enhanced customer experiences,
• remains competitive within their industry and
• challenges business practices to create new business models
S-21
© 2013 - Robert G. Parker