Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 Industry Direct Ltd. All Rights Reserved. 1 This entire 21 screen presentation is copyright IDL 2006 all rights reserved & no reproduction or presentation.

Published byAlice Mason Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2006 Industry Direct Ltd. All Rights Reserved. 1 This entire 21 screen presentation is copyright IDL 2006 all rights reserved & no reproduction or presentation."— Presentation transcript:

1 © 2006 Industry Direct Ltd. All Rights Reserved. 1 This entire 21 screen presentation is copyright IDL 2006 all rights reserved & no reproduction or presentation is permitted without written permission from IDL. Repeatable Solution Sales & Compliance On Demand are IDL trademarks in the USA, UK and other countries. Monetary values quoted may be £ equivalent of another currency. Neither ITEX nor IDL guarantee making companies compliant. Enabling Efficient Risk Management Policy Execution “Curing CEO Insomnia With A Proactive & Sustainable IT Strategy For Risk Management” Presented by: Neil MacArthur IDL Director of Strategy www.idlworldwide.com

2 © 2006 Industry Direct Ltd. All Rights Reserved. 2 Contents 1.The Business Case 2.The Standards Based Solution Strategy 3.The Engagement Model 4.Next Steps

3 © 2006 Industry Direct Ltd. All Rights Reserved. 3 1. The Business Case Risk & Compliance Quotation “An inability to source & format data with sufficient integrity can cost an organisation both financially & legally” Butler Group

4 © 2006 Industry Direct Ltd. All Rights Reserved. 4 In Legal The Law Society is about to publish “Information Security Guidelines For Solicitors” One of the significant problems this will pose is the guideline execution without a framework or standards based approach as the foundation for an integrated Information Security Management System. “The Law Society Information Security Guidelines are intended to assist solicitors achieve good practice in relation to information security” Law Society October 2006

5 © 2006 Industry Direct Ltd. All Rights Reserved. 5 The adoption of Gershon Report and the Technology Transformation policy by the public sector is having a significant impact on ISO standards adoption in key areas: NHS Trusts Police Forces [CJIT] Local & Metropolitan Councils IDL Analysis Autumn 2006 In Public Sector As the new ISO standards only appeared in Q4 2005, it is not until the FY06/07 public sector ICT plans that the early implementation of the ISO standards based approach was detected, with the most significant phase anticipated in FY07/08.

6 © 2006 Industry Direct Ltd. All Rights Reserved. 6 This year, financial services institutions (FSIs) are investing an estimated £35 billion globally in IT solutions for risk & compliance. However, TowerGroup finds that 30 percent of these IT investments may be considered wasteful. Given their tactical compliance purpose, many risk & compliance solutions are duplicated over multiple functional silos or are applied to inefficient legacy technology systems. TowerGroup In Financial Services Financial Services organizations, for example, have a major problem with the cost of regulatory compliance, as they have to meet multiple regulations including Sarbanes Oxley, Basel II, Solvency II, Anti-Money Laundering, Data Privacy, SEPA & other regulations.

7 © 2006 Industry Direct Ltd. All Rights Reserved. 7 2. The Standards Based Solution Strategy Risk & Compliance Quotation “Many of the necessary IT components [for compliance] may already be in place, but they must be integrated & standardized across the business.” Gartner

8 © 2006 Industry Direct Ltd. All Rights Reserved. 8 Corporate Governance & IT Governance Corporate Governance relies upon IT Governance to support efficient & sustainable risk & compliance, using an integrated not fragmented IT solution – this is Phase #2!. Copyright IDL 2006 all rights reserved Processes Applications Infrastructure Content Corporate Governance IT Governance

9 © 2006 Industry Direct Ltd. All Rights Reserved. 9 Risk & Compliance Phase #2 Overview IT solutions for risk & compliance has evolved from “point solutions” & use of manual or legacy systems to the adoption of best practice frameworks such as COSO Enterprise Risk Management Integrated Framework, CoBIT or ITIL. And, today there is the availability of ISO certification to ensure robust, efficient & effective best practice implementation of risk & compliance policies at the lowest cost. Copyright IDL 2006 all rights reserved 2004200520062007 Manual, legacy or point solutions for risk & compliance Best practice COSO integrated policy framework for risk & compliance ISO standards for risk & compliance subjects Risk management & compliance evolution Phase #1Phase #2

10 © 2006 Industry Direct Ltd. All Rights Reserved. 10 Best Practice Evolution Integrated IT risk management & compliance best practice evolution. Copyright IDL 2006 all rights reserved Enterprise SMB COSO Internal Control - Integrated Framework [SEC endorsed] IT Control Objectives for Sarbanes Oxley - ITGI COSO Enterprise Risk Management – Integrated Framework Institute of Internal Auditors Endorsement Of COSO ERM Framework Guidance For Smaller Public Companies Reporting On Internal Control Financial Control ------------------- Integrated Management & Control ISO 20000 IT Service Management ISO 27000 series information security 2002 2004 2004 2005 2006

11 © 2006 Industry Direct Ltd. All Rights Reserved. 11 Best Practice Implementation Risk management covers multiple areas of risk that a corporation needs to formally monitor and manage to stay efficient and compliant. Best practice is COSO Enterprise Risk Management – Integrated Framework [www.coso.org] for policy used by auditors, setting the corporate governance agenda, supported by ISO-standards based IT. Copyright IDL 2006 all rights reserved CreditMarketLiquidityHazardTradingSystems Risk assess >>> risk policy >>> implementation >>> report >>> update risk policy COBIT & ITIL ISO 20000 IT Service Management ISO 27000 Information Security COSO Enterprise Risk Management Integrated Policy Framework Legal

12 © 2006 Industry Direct Ltd. All Rights Reserved. 12 "78% of businesses that adopt standards feel prepared to handle catastrophic IT failure - only 28% of business without standards adoption feel prepared for IT catastrophe. Furthermore, 71% of businesses that adopt standards feel prepared to deal with failure in the supply chain, whereas only 43% of those without standards feel prepared". Compelling Value Automating the adoption of standards will further reduce risk and cost! Business Standards Magazine reporting on BSI Research

13 © 2006 Industry Direct Ltd. All Rights Reserved. 13 Framework & Standards Adoption New IDL analysis in Q3 2006 demonstrates the adoption of standards and framework strategy in risk management across 50 major European financial service institutions. Frameworks & Standards Adoption Autumn 2006 COSO Enterprise Risk Management45% ISO 27001 Information Security30% IT Infrastructure Library [ITIL]41% ISO 20000 IT Service Management29% Control Objectives for Information & Related Technology [COBIT]37% Copyright IDL 2006 all rights reserved

14 © 2006 Industry Direct Ltd. All Rights Reserved. 14 3. The Engagement Model Risk & Compliance Quotation “The IIA advocates for an Enterprise Risk Management process that takes into account all aspects of a company” The Institute of Internal Auditors

15 © 2006 Industry Direct Ltd. All Rights Reserved. 15 Integrated IT Risk & Compliance Solutions Corporate Governance relies upon IT Governance support for efficient & sustainable risk & compliance, which is an integrated not fragmented IT infrastructure solution. The IT solution set requires an integrated and scalable implementation, probably using a blended on-site and off-site model for delivery. Copyright IDL 2006 all rights reserved Processes Applications Infrastructure Content Integrated Corporate Governance Integrated IT Governance

16 © 2006 Industry Direct Ltd. All Rights Reserved. 16 Engagement The US IT Governance Institute [ITGI] has developed a “best practice” engagement process to align a corporation’s risk & compliance policy to an integrated IT solution. #1Plan & Scope : Driven by policy #2IT Risk Assessment #3Identify Accounts & Controls #4 Document IT Controls #5 Evaluate Control #6 Evaluate Operations #7 Scope & Remediate #8 Updated Documentation & Approval #9 Build Sustainability & Scale To ERM ITGI best practice scoping model [www.itgi.org]

17 © 2006 Industry Direct Ltd. All Rights Reserved. 17 ISO Standards Based IT Governance The expanding range of internationally accepted standards has generated substantial interest is a common, independent and certifiable strategy for sustainable IT governance. Service Delivery Capacity Mgmt. Service Level Mgmt. Info. Security Mgmt. Service Continuity & Service Reporting IT Services Budget & Availability Mgmt. Accounting Control Configuration Mgmt. Change Mgmt. Release Release Mgmt. Resolution Incident Mgmt. Problem Mgmt. Relationship Business Relationship Mgmt. Supplier Mgmt. Service Delivery Service Support Including Service Desk ISO 27001 ISO 22000 BS PAS 77: ITSCM

18 © 2006 Industry Direct Ltd. All Rights Reserved. 18 Thank You Neil MacArthur IDL Director of Strategy nmacarthur@idlmail.com

Download ppt "© 2006 Industry Direct Ltd. All Rights Reserved. 1 This entire 21 screen presentation is copyright IDL 2006 all rights reserved & no reproduction or presentation."

Similar presentations

IT governance: What library boards need to know now

IT governance: What library boards need to know now
1 K P M G L L P A D V I S O R Y Changes in the IT Audit Profession Stephen G. Hasty, Jr. National Partner in Charge IT Advisory Savannah, GA January 4,

1 K P M G L L P A D V I S O R Y Changes in the IT Audit Profession Stephen G. Hasty, Jr. National Partner in Charge IT Advisory Savannah, GA January 4,
Agenda What is Compliance? Risk and Compliance Management

Agenda What is Compliance? Risk and Compliance Management
Professional Services Overview

Professional Services Overview
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Bill McClanahan – Principal Business Consultant LPS Integration.

Bill McClanahan – Principal Business Consultant LPS Integration.
Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.

Copyright 2005 CMMI and ITIL Alison Adams & Kieran Doyle.
Carbon Footprint Ltd www.carbonfootprint.com © Carbon Footprint Ltd 2014 Environmental Management Systems (EMS) What they are, how to get one and how to.

Carbon Footprint Ltd © Carbon Footprint Ltd 2014 Environmental Management Systems (EMS) What they are, how to get one and how to.
TI BISNIS ITG using COBIT &

TI BISNIS ITG using COBIT &
COBIT - II.

COBIT - II.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
Sarbanes-Oxley Compliance Process Automation

Sarbanes-Oxley Compliance Process Automation
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

Euseden INTERNAL AUDIT & ASSURANCE SERVICES.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Similar presentations

Ads by Google