Rebuilding Corporate Trust: The Essential Role Of IT Governance

8/8/2019 Rebuilding Corporate Trust: The Essential Role Of IT Governance

1/48

1


2/48

SUNIL KOHLIIndian Defence Accounts Service

Joint Secretary And Financial Adviser

2

at ona saster anagement ut or ty,Ministry Of Home Affairs,India

Rebuilding Corporate Trust:The Essential Role Of IT Governance

11th November 2010


3/48

3

Broad Outline: Context

Government, Public Sector Organizations andCorporate are the biggest entitieswhich affects thelives of the citizens and the consumers.

Transparency, Risk and Compliance are the mainattributes to ensureAccountability and Corporate

Social Responsibility. Leveraging Technology by these entities willensure Rebuilding Public Trust in these

organizations.


4/48

4

Broad Outline: Role of IT

IT can play an important role in Information Management,

Risk Management, Better Pricing and Accessibility ofProducts and Services and bringing about greater

Trans arenc and ensurin erformance.

In this environment of recession and slow down of economyand fast rate of Technological Obsolescence companies can

drive strategic advantage and overcome competition by

proactive deployment of technology.


5/48

5

Issues for Discussion

CRISIS OF CORPORATE TRUST The Essential Role Of IT Governance

Proactive Mana ement of IT Governance

5

to ensure Corporate Trust & profitability.

Integrated Governance, Risk

management, and Compliance (GRC)solutions help improve relations withstakeholders and, ultimately, facilitate trust


6/48

CEOs cashed out prior toeconomic crisis

6

CEOs at major US financial and realestate firms converted tens ofmillions of dollars of overvaluedstock into cash prior to the eruptionof the current financial crisis.

Shocking Reality CheckCollapse of Financial Systems

Breed Culture of MachoManagement and Self interestBlock Information and Transparency.


7/48

Crisis Of Corporate Trust

Critical Areas For A More Proactive Approach Greater transparency about business practices.

Less risk associated with roducts and services.

7

Better pricing and accessibility of products andservices.

More emphasis on the development of socially andenvironmentally responsible products and services.

Based on McKinsey Research


8/48

8

Building Corporate Trust isExpensive but Makes Business Sense

1. Corporations Need to Rebuild andStrengthen Stakeholder Trust

8

. Pursuit of Stakeholder Trust

3. Beyond a License to Operate: Trust

Contributes to Competitive Advantage4. An Integrated Approach to

Transparency is Essential


9/48

1.Corporations Need to Rebuildand Strengthen Stakeholder Trust

9


10/48

2. Pervasive Fragmentation Complicatesthe Pursuit of Stakeholder Trust

Combating the fragmentation1. Think and act globally.

Geographical, Organizational, and Systems fragmentation complicates the

10

problem

2. Bridge corporate silos.In the absence of integration, interactions are at best suboptimal

3. Use technology to improve information flows. Disconnects multiply with the volume and complexity of the information


11/48

3. Beyond a License to Operate: Trust Contributesto Competitive Advantage

Strategic investment in compliance tocompetitive advantage

11

improved business intelligence and

optimized decision making.

The essential ingredient of trust:Transparencyand specifically; InformationLiquidity, can have a significant business

impact.


12/48

4. An Integrated Approach toTransparency is Essential

Need to embed the appropriate behaviorsinto the organizations culture, processes,

12

.

An integrated GRC strategy becomes initself a differentiator.

Governance and Compliance ensures

Conformance; Risk to mitigate losses.


13/48

4. An Integrated Approach toTransparency is Essential

Honesty:Access to a true data.

Accountability:Accountability ensures that commitments arecaptured and acted upon. Clear lines of responsibility make it

13

ar er o pass e uc .

Transparency:The organization cant be transparent unless it

has systems that enable the communication of pertinentinformation to stakeholders in an accessible format.

Integrated GRC leverages your existing information technologyinvestments; Makes your efforts scalable and Enables new typesof collaboration.


14/48

5. Conclusion

An integrated approach to governance, riskmanagement, and compliance has several benefits:

Lower costs; Better leverage of existing investments;

14

New scale for information sharing initiatives; Support for new innovations; and

Unprecedented levels of collaboration and coordination.

Holistic approach that marries business considerations withstakeholder interests is the right manrta.

Implement an Executive Cross Functional

Governance Structure


15/48

Distinctive Features Of IT

Trusted Interface

Critical Business Enabler

15

Reduces Costs by Optimizing Resources

Managing risks associated with data security and

regulatory compliance.

Integrate different departments and disparate

internal controls systems


16/48

Distinctive Features Of IT

Ubiquitous Application Dramatic Rate of Cost Decline

Universal Ownership

16

Exponential Growth

Flexibility and scalability

Shrinkage of Geographical Distance through

Networks. Revenue Generator

Cost Cutting Engine


17/48

WHY INFORMATION TECHNOLOGY?

Capable of comprehensive holistic IT Governance approach:Bridge Functional Silos.

Easy to adapt C3I Approach

17

Coordination; Communication; Collaboration; andIntegration

Process of Mutualism Collaborative Decision Making andimplementation to optimize Performance

Eliminate Ad Hoc Setup and Human Errors.

Overcome DRIP Syndrome

Align IT controls to corporate policies, and corporate policies to

regulations.


18/48

IT GOVERNANCE

Definitions

Effective IT governance helps ensure that IT

18

,investment in IT, and appropriately manages IT-related risk and opportunities.

IT Governance Institute

Framework with Structures, Processes & Policies that

governs how a business make IT Decisions & who within

the organization makes them.


19/48

IT GOVERNANCE APPROACH

A holistic approach to IT governanceThat encompasses all dimensions of their IT-related

activities.

19

Spanning all layers of a companys IT infrastructure

Addresses an organizations entire compliance, riskand security requirements using the same toolset.

Reduce complexity arising from Globalization andProliferation of off-shoring and outsourcingarrangements.


20/48

HOLISTIC APPROACH TOIT GOVERNANCE

Enables companies to dynamically manage and monitorkey IT enabled GRC activities such as: -

Information Protection and Privacy;

20

Configuration and Change Management; and IT GRC management across multiple business units, geographies

and IT systems.

The result is IT governance that is sustainable, cost-effective, and better aligned to the strategic andoperational demands of the business.


21/48

GRC

AN INTEGRATED APPROACH TOMANAGING GOVERNANCE, RISK, AND

COMPLIANCE

21

Drive Business Predictability andStakeholder Confidence


22/48

VULNERABILITY OFCORPORATE

Businesses face unprecedented numbers oflegal, regulatory, and business partner

22

,

requirements.

How can you control risk, manage

effectively, drive performance, andultimately inspire greater stakeholder

confidence?


23/48

Why An Integrated Approach ToManaging GRC

Adopt an integrated strategy and a comprehensiveGRC solution.

To Address all regulatory and business related risks and

23

achieve compliance at a lower cost. To differentiate itself and achieve greater agility by

optimizing your business processes and using risk

intelligence for better decision making.


24/48

GRC Discipline

A Definition of Governance, Risk, andCompliance

24

company wants to follow.

Risk management assesses the areas of exposure

and potential impacts. Compliance is the tactical action to mitigate risk.


25/48

THE FOUR DEGREESOF FRAGMENTATION

GRC activities are typically fragmented acrossfour dimensions:

25

Systems

Regions

Internal GRC disciplines


26/48

Organizational Fragmentation

26


27/48

System Fragmentation

27

28


28/48


Most businesses lack GRC information integritybecause governing principles and policies, risk

measurement, and compliance with regulatory

28

man ates are typ ca y supporte y epartmentasystems.

Without centralized governance, systems may use

different metrics, standards, and methodologies foranalyzing risk and compliance information, making the

aggregation of data a complex and time-consuming

task.

29


29/48


Local process optimization andpoint solutionsimplemented across the enterprise can further isolate

information within systems, resulting in a limited

29

v ew o enterpr se r s . Without an aligned and integrated perspective on

governance to guide risk profiling and mitigation, you

cant effectively monitor compliance and risk and adjustbusiness processes to meet changing requirements,

market trends, and regulatory mandates.

30


30/48

Regional Fragmentation

30

Fragmentation by Geography and Jurisdiction

31


31/48

Regional Fragmentation

Policies and risks are generallydefined andmeasured at the local level,without properconsideration for their im act on the lobal

31

multinational, national, or regional mandates. Multitude of jurisdictions can result in tangible

(financial) and intangible (brand and reputation)consequences.

32


32/48

Internal GRC DisciplineFragmentation

InterrelationshipBetween

Governance,

32

Risk, andCompliance

Management

33


33/48

The High Cost Of A FragmentedApproach

From a pure cost perspective, the status quo is simplytoo expensive to sustain.

Only with an organizational view of GRC information

and a comprehensive solution for managing GRCacross the enterprise can you manage with confidence,

improve business predictability, and drive higher

performance. A GRC strategy can also be a critical driver of revenue

and competitive advantage because you can accurately

assess the risk of various business decisions.

34


34/48

Leverage GRC as a Proactive BusinessOptimization Instrument

The real business value comes from leveraging GRC as a

proactive management instrument not just in terms ofavoiding the costs of noncompliance, but in terms of drivingrevenue and com etitive advanta e.

Ultimately, GRC is about seeing the opportunities associatedwith a given business change and placing your organization in

the best position to capitalize on those opportunities.

This requires moving toward tightly integrated businessand IT functions the key to improving enterprise risk

awareness and response capabilities, as well as recognizing

opportunities.


35/48

36


36/48

How GRC Software Can Help

The software should also help you plancompliance and governance activities so thatthey become an extension of risk management,

mitigating risks one task at a time. This integrated approach, which is driven by risk

information, also ensures accurate resource

allocation so that you do not inadvertentlyfocus compliance efforts on areas that are

already strong and overlook hidden areas ofweakness.

37


37/48

TURNING REGULATORY REQUIREMENTSINTO STRATEGIC ADVANTAGE

With a GRC framework and software solution,organization can benefit from the following:

Increased shareholder value

Good governance is reflected in many intangibles,including brand and reputation, and it translates directly intoshare price premiums.

Optimized risk-return portfolios

The GRC framework and software solutions provide thetransparency and insight business decision makers need to

select (and reject) projects based on risk impact and

probability relative to potential return.

38


38/48


Reduced GRC costs

Transitioning to an integrated GRC approach significantlyreduces the number of people and the amount of time

.

particular, you can trust accurate compliance processes, whichare enabled by the GRC software solutions.

Improved business performance and predictability

The GRC framework enables transparency across yourenterprise and beyond. It gives management a systematic

process for anticipating and controlling risks, and thetools to proactively determine proper actions and critical

tasks, reducing unacceptable performance variability.

39


39/48


Business sustainability GRC provides a clear path to sustainable

com liance and risk mana ement, even as

mandates increase and business models andprocesses become more complex.

Greater Business Agility

GRC leads to greater business agility andpromotes competitive differentiation.

40


40/48

Last word

IT governance system is no substitute for real leadership.

Processes cant command attention that executive give to trustedpeer.

ys ems a one on orge common v s on or nsp re ac on.

Lead IT Governance- Dont lead by it.

Strong IT leadership needed to bring coherence to the

company's fragmented systems.

Executive teams with a strong IT leader make better,faster decisions about technology than do companies

that rely solely on a governance systemno matter

how effective it is.

41


41/48

REFERENCE

424242


42/48

Optimize IT

performance through

optimized decision-making

Effective IT governance

helps organizations copewithand leverage

change

REFERENCE:http://www-01.ibm.com/software/tivoli/governanc

e/action/10022008.html

4343


43/48

IBMIT Governance

ApproachBusiness

er ormance

through IT

Execution

REFERENCE:http://www.redbooks.ibm.com/redbooks/pdfs/sg247517.pdf

4444


44/48

Trust andCompetitive

Advantage: AnIntegrated

pproacDan Tapscott, CEONew Paradigm Learning

Corporation

REFERENCE:http://www.newparadigm.com

45

4545


45/48

The

emerging

governanceLynn M. Mueller, Senior

Consultant, Software Group, IBM,

Software GroupAndrew Phillipson, IT Specialist,

Software Group, IBM, Software

Group

REFERENCE:http://www.ibm.com/developerworks/rational/library/dec07/mueller_phillipson/index.html#N10293

464646


46/48

RebuildingCorporate

Trust: The

Role of IT

GovernanceOracle GRC White paperMarch 2008

REFERENCE:http://www.oracle.com

47


47/48

SUNIL KOHLIIndian Defence Accounts ServiceJoint Secretary And Financial Adviser

National Disaster Management Authority (NDMA),and National Disaster Response Force(NDRF),Government of India, Ministry of Home Affairs, India# A-1, Safdar Jung Enclave, Opposite AIIMS Trauma Centre,

New Delhi 110 029

Tel: +91 11 26701709 Office

+91 11 26180503 Direct+91 11 26701715 Fax,+91 11 26133298 Residence+91 9868151472 Mobile

E Mail: [email protected]

[email protected]@ndma.gov.inWebsite:www.ndma.gov.inFACEBOOK: http://www.facebook.com/sunilkumarkohli

48


48/48

Rebuilding Corporate Trust: The Essential Role Of IT Governance

Documents

Transcript of Rebuilding Corporate Trust: The Essential Role Of IT Governance