Compliance Webcast and Video
IT Governance, Risk and Compliance: What the best performing firms do in IT to deliver better business results and lower risk
Benchmarking IT Risk & Compliance
IT GRC among the most mature
Marked by a focus on operational excellence, firms with the most mature IT GRC profiles have established an integrated approach to managing risk and reward within the IT function and across the entire organization. Among these firms, senior managers in IT are employing the balanced scorecard to:
1 .Regulate reward and risk decisions impacting the organization
2 .Establish policies and objectives for IT
3 . Institute a learning and growth culture that includes continuous quality improvement within the IT function
Within the IT function, and across legal, audit, internal controls, and business lines, the management of objectives for business reward and risk are being achieved with continuous quality improvement, control objectives, frequent measurement and reporting, common procedures, and high levels of automation, all complemented by IT service level objectives and contracts with IT vendors . Within the IT operations function, the focus is on common IT procedures, more automated controls, continuous measurement, and diligent IT change management and prevention procedures. Marked by the use of Six Sigma among some firms and simpler Continuous Quality Improvement cycles among many others, the most mature organizations establish a focus on operational excellence within IT that reflects results back into the objectives established and improved through the use of a balanced scorecard. Among these firms, the hallmark of the approach is: Make it easy to understand, easy to implement, and continuously improved.
Improving business results and mitigating financial risk
The Continuous Quality Improvement effort for the governance of IT and the balancing of reward and risk associated with the use of IT takes place at all levels within IT, and across the organization, among the most mature organizations An empirical IT GRC capability maturity model Primary benchmark research conducted by the IT Policy Compliance Group during the past two years has resulted in a GRC Capability Maturity Model (GRC CMM) with specific practices, competencies, and capabilities associated with each maturity level . This fact-based GRC Capability Maturity Model can be used to assess current maturity levels and quantify the business outcomes associated with each maturity level, as well as identify desired business outcomes and the capabilities, practices, and competencies needed to improve results. The scale employed for the GRC CMM borrows from prior research, including significant contributions made by ISACA and the IT Governance Institute. Against this scale, the business results, financial losses, financial risks, business disruptions, and regulatory compliance experience of more than 2,600 firms have been mapped, from worst (level 1) to best (level 5) results.
The competencies, capabilities, and practices associated with each maturity level in the GRC CMM are those of the firms with specific business results at each level. This basis for the practices, capabilities, and competencies in the GRC CCM delivers empirical insight into what is working and not working, based upon primary research and facts, not hypothesis .
Implications and analysis
The way to improve business results and to reduce risk, loss, and expense is to increase or enhance the IT GRC competencies, practices, and capabilities governing the business rewards and risks associated with the use and disposition of IT . While most organizations will need to improve results, operating at the highest maturity level may be inappropriate for some firms . For some, the desired objective may be to operate at level 4 .5 or 4 .0 on the GRC CMM maturity scale . As a result, improving the balance between business reward and risk for a specific organization is going to be a journey that must be taken relative to the industry within which it competes.
Organizational competencies The organizational competencies implemented by the most mature firms include leadership by IT, legal, audit and finance functions; employee training and a culture of compliance; improvements to specific practices and capabilities within IT operations; IT assurance and audit; and a continuous quality improvement effort . Organizational competencies • IT, legal, internal audit, and finance leadership
• Employee training and a culture of compliance
• Improvements to IT risk assessments, data protection, IT audit, risk, and compliance practices and capabilities
• Adjustments to spending in IT to support needed capabilities
• A continuous quality improvement program for IT GRC
• An integrated IT GRC program
These are the hallmarks of an integrated IT GRC program being implemented by the most mature firms .
To know more details click here
2008 Annual Report: IT Governance, Risk and Compliance - Improving Business Results and Mitigating Financial Risk
- Related Videos
- Related Articles
- Ask / Related Q&A
- 2008 Annual Report: it Governance, Risk and Compliance - Improving Business Results and Mitigating Financial Risk
- Regulatory Compliance Training Kit - Download
- Ethics & Code of Conduct Training: your Critical Role in Compliance
- Hear From the Author of Ca's Harassment Training Law (ab 1825): the New June 2006 Regulations
- Sumtotal Systems Announces Fourth Quarter and Year End 2006 Earnings Release Date and Conference Call
- Sumtotal's Learning Management System - Free 30-day Trial
- Free 30-day Trial of Learning Management System
- Addressing Fraud Risk Management in the Energy Industry
How To Get Your Credit Report For Free
By: Marc Groom | 30/12/2009What’s the truth about free fico report offers. To begin with, your credit bureau files can be viewed for free annually from the 3 credit agencies. What to do? To obtain your scores more than once, you’ll have to pay a fee to each of the 3 credit bureaus. Not to mention is the lengthy time and headaches it took working through each of their application process.
Home Based Business Ideas From Selling Merchandise To Having A Website! Time For YOU To Do Something!
By: Father Time | 30/12/2009It is time for YOU to have your own home based business!
Virtual Office NYC: The Office You Have, When You Don’t Have an Office
By: VH International Business Solutions | 30/12/2009Would you like to have a 212 New York phone number and a NYC corporate mailing address for your business? A virtual NYC office is the serviced executive office that you can have without the hassle of having to employ staff or rent office space.
Global Inventory Management Software Market in Retail industry
By: Bharat Book Bureau | 29/12/2009Bharatbook.com added a new report on "Global Inventory Management Software Market in Retail industry 2008-2012" which is used to improve efficiency of their customer services and operations in the retail market.
The Online Cashflow Machine Making Over $20,000 Per Month on Affiliate Marketing on Auto Income
By: Dale Dupree | 29/12/2009The Big money will not pour into your bank account like magic and you can't spend every dollar you make on bills. You need to grow your business by re-investing what you make. That is the reason many people fail on the internet, they think about the internet as an
The Internet Automatic Cash Machine Creating Over $15,000 Per Month on Internet Marketing on Auto Income
By: Dale Dupree | 29/12/2009I'm making because some of them are not making enough cashflow to cover their monthly expenses. In fact I'm making over $20,000 /month. A lot of money can be made on the internet but the newbie's shouldn't take it the way many of them take it; they should take it like a business. Here's how it
The Online MAC Machine Creating Over $15,000 Per Month on Online Marketing on Automatic Cash flow
By: Dale Dupree | 29/12/2009ATM machine and if they don't see money flowing in the first few weeks they give up.If you, as a beginner, are bringing $200 a week with one niche only, and you know how to do it, then you rinse and repeat, make another one, and then 2 more and so on. Yes, it is that easy. Then you start selling your websites, one site making $1,000 a month is worth $12,000 to $15,000, which is 12 to 15 times your monthly revenue.What I do is this; I sell my
A complete guide for Commercial label printers
By: richard | 29/12/2009The industrial label printer is a first-class selection for big scale business. Factory, delivery centers, and other larger businesses come across that the worth they receive from their industrial label printer is as good as to using interchangeable printers.
2008 Annual Report: it Governance, Risk and Compliance - Improving Business Results and Mitigating Financial Risk
By: compliance | 12/07/2008 | TrainingManaging the value delivered by IT is traditionally associated with managing change to business procedures and applications that directly impact customer retention, sales, revenues, profits, and expenses.