 |
|
|
Manage IT Regulatory Compliance and Increase IT Effectiveness
 |
ITM Governance and Compliance Management |
Today's CIOs are directly impacted by a wave of new governance and compliance requirements on the corporate enterprise. Only recently has the daunting scope of these requirements become apparent to IT, and a majority of IT organizations are struggling to cope with these overwhelming compliance demands. These new responsibilities add significant effort to the IT business management challenge - an already imposing challenge given the ever-constant pressures on IT to drive more business value, lower costs, and maintain high service levels.
The primary compliance challenge today is driven by the Sarbanes-Oxley Act of 2002. Sarbanes-Oxley is exerting massive pressure on IT organizations to attest to the control of IT processes related to financial reporting. According to Gartner, by 2005 70% of publicly traded companies will require CIOs to sign attestations on the reliability of financial IT systems, as well as CIO compliance with Sarbanes-Oxley and other regulations (0.7 probability). Compliance pressures will only increase as the ongoing quarterly and annual requirements must continually be met. CIOs must be in a position to regularly attest on the maturity of IT processes in order to allow executive management to sign with confidence.
The challenges to IT resulting from Sarbanes-Oxley and other regulatory requirements such as Basel II and HIPAA, are new and unique from those faced by the rest of the enterprise. IT touches every business process in today's enterprise in some form. This combined with the sheer number of the moving parts within IT makes tackling the initial compliance objectives quite a substantial task. Meeting the requirements on a regular, ongoing basis requires the adoption of solid IT governance frameworks and adequate automation in order to stay on top of it all.
The ITM Software Governance and Compliance Management application module allows IT organizations to create or adopt IT governance frameworks and structure, manage, and maintain the processes and activities required for meeting any governance and compliance objective. GCM allows IT to leverage industry standard governance frameworks, such as CobiT and ITIL, in conjunction with in-house best practices to create the governance framework that best meets the needs of any IT organization. Frameworks can be easily applied to support any part of the compliance lifecycle, as defined by AMR Research:
- Control Documentation
- Monitor and Evaluate
- Attestation
- Manage and Enforce
ITM GCM provides the CIO with a unique and comprehensive governance solution. GCM is seamlessly integrated into a suite of business applications built specifically for IT. In contrast to point solutions that focus on corporate compliance, project portfolio management, or document management, GCM allows the IT organization to manage governance and compliance objectives across all the critical functions of IT. Integration with the ITM Foundation, as well as ITM Financial Resource Management, ITM Project Portfolio Management, ITM Vendor Relationship Management, and ITM Human Capital Management application modules, means that for the first time, IT can assess compliance impact in the most comprehensive manner possible.
Integration Enables Confidence
- Integration with ITM Foundation - Visibility and impact of every IT process that supports corporate business processes and every application material to SOX compliance
- Integration with ITM Project Portfolio Management - Visibility and impact of every project that puts SOX compliance at risk
- Integration with ITM Vendor Relationship Management - Visibility and impact of every vendor that impacts a business process or application associated with SOX compliance
The combination of GCM with the ITM Foundation and ITM Business Suite application modules provides a fundamental architecture for addressing the governance and compliance challenge. The ultimate goal is to create the visibility required to instill confidence that the processes and controls put in place by IT are correct and effective.
|
