Envisioning the “walls” early on is always fun

Posted by Don Casson
on April 11, 2006
Category: ITIL Implementation

Howdy-

I recently had the opportunity to brief the IT Compliance Committee for a large company in the financial services space. My topic was “IT Governance Frameworks–Overhead or Strategic Weapon?”

A mentor told me once, “After we begin to understand what a brick is, a number of us begin to envision walls.” These guys are beginning to see walls!

They are no longer satisfied reacting to a wide variety of compliance actions.
They are tired of compliance fire drills.
They are fed up with the duplication.

They see compliance demand continuing to rise.
They are tired of the regulators not knowing what they want, and making contradictory demands.
They want to shape what happens, not just be shaped by it.
They see the chance to drive compliance AND improve IT execution.

They see the need to create a proactive compliance management approach, leveraging process standards like ITIL and CMMI, and compliance standards like ISO 17799(Security), SOX, FFIEC & GLB under an umbrella of COBIT. They see the potential to eliminate duplication of controls, and unify them into a more manageable set.

We presented a simple, direct approach for going from reactive to proactive, from inefficient to efficient. In essence–

Define Policy for IT Governance Working Group

Identify and agree on critical framework components ? key standards
-Process & compliance
-Internal & external

Create a logical controls framework
-Built on top business needs first
-Reduce controls though combination

Build policy compliance into IT work when its created?leverage enterprise change management
-Drive efficiency through a risk calculator–determining the risk level,
and then applying the right amount of “compliance”

Audit for exceptions

Be proactive with auditors and oversight committees - giving them what they need so they don’t have to look for it.

Of course, the devil is in the details. Everyone there understood this would not be easy, and it would take some time. But they also believe it’s worth it.

It was great, because envisioning the “walls” early on is always fun. If you have an interest in a copy of the general presentation, just drop me a line.

Cheers,

Don

Technorati Tags:

—–

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

© 2005 - 2008 Evergreen Systems, Inc, a provider of ITIL consulting and other IT process improvement services for Fortune 500 clientele. All rights reserved.