Documente Academic
Documente Profesional
Documente Cultură
SUNIL KOHLI
Indian Defence Accounts Service
Joint Secretary And Financial Adviser
National Disaster Management Authority,
Ministry Of Home Affairs,
India
4. An Integrated Approach to
Transparency is Essential
• Need to embed the appropriate behaviors
into the organization’s culture, processes,
and systems.
• An integrated GRC strategy becomes in
itself a differentiator.
• Governance and Compliance ensures
Conformance; Risk to mitigate losses.
13
4. An Integrated Approach to
Transparency is Essential
• Honesty: Access to a “true” data.
• Accountability: Accountability ensures that commitments are
captured and acted upon. Clear lines of responsibility make it
harder to pass the buck.
• Transparency: The organization can’t be transparent unless it
has systems that enable the communication of pertinent
information to stakeholders in an accessible format.
• Integrated GRC leverages your existing information technology
investments; Makes your efforts scalable and Enables new types
of collaboration.
14
5. Conclusion
• An integrated approach to governance, risk
management, and compliance has several benefits:
– Lower costs; Better leverage of existing investments;
– New scale for information sharing initiatives;
– Support for new innovations; and
– Unprecedented levels of collaboration and coordination.
– Holistic approach that marries business considerations with
stakeholder interests is the right “manrta”.
• Implement an Executive Cross Functional
Governance Structure
15
Distinctive Features Of IT
• Trusted Interface
• Critical Business Enabler
• Competitive and Strategic Differentiator
• Reduces Costs by Optimizing Resources
• Managing risks associated with data security and
regulatory compliance.
• Integrate different departments and disparate
internal controls systems
16
Distinctive Features Of IT
• Ubiquitous Application
• Dramatic Rate of Cost Decline
• Universal Ownership
• Exponential Growth
• Flexibility and scalability
• Shrinkage of Geographical Distance through
Networks.
• Revenue Generator
• Cost Cutting Engine
17
IT GOVERNANCE
• Definitions
• “Effective IT governance helps ensure that IT
supports business goals, optimizes business
investment in IT, and appropriately manages IT-
related risk and opportunities.”
• IT Governance Institute
• Framework with Structures, Processes & Policies that
governs how a business make IT Decisions & who within
the organization makes them.
19
IT GOVERNANCE APPROACH
• A holistic approach to IT governance
– That encompasses all dimensions of their IT-related
activities.
– Spanning all layers of a company’s IT infrastructure
– Addresses an organization’s entire compliance, risk
and security requirements using the same toolset.
• Reduce complexity arising from Globalization and
Proliferation of off-shoring and outsourcing
arrangements.
20
HOLISTIC APPROACH TO
IT GOVERNANCE
• Enables companies to dynamically manage and monitor
key IT enabled GRC activities such as: -
– Information Protection and Privacy;
– Configuration and Change Management; and
– IT GRC management across multiple business units, geographies
and IT systems.
• The result is IT governance that is sustainable, cost-
effective, and better aligned to the strategic and
operational demands of the business.
21
GRC
• AN INTEGRATED APPROACH TO
MANAGING GOVERNANCE, RISK, AND
COMPLIANCE
• Drive Business Predictability and
Stakeholder Confidence
22
VULNERABILITY OF
CORPORATE
• Businesses face unprecedented numbers of
legal, regulatory, and business partner
mandates, as well as value chain
requirements.
• How can you control risk, manage
effectively, drive performance, and
ultimately inspire greater stakeholder
confidence?
23
GRC Discipline
• A Definition of Governance, Risk, and
Compliance
• Governance manages the strategic directives a
company wants to follow.
• Risk management assesses the areas of exposure
and potential impacts.
• Compliance is the tactical action to mitigate risk.
25
Organizational Fragmentation
27
System Fragmentation
28
System Fragmentation
• Most businesses lack GRC information integrity
because governing principles and policies, risk
measurement, and compliance with regulatory
mandates are typically supported by departmental IT
systems.
• Without centralized governance, systems may use
different metrics, standards, and methodologies for
analyzing risk and compliance information, making the
aggregation of data a complex and time-consuming
task.
29
System Fragmentation
• Local process optimization and point solutions
implemented across the enterprise can further isolate
information within systems, resulting in a limited
view of enterprise risk.
• Without an aligned and integrated perspective on
governance to guide risk profiling and mitigation, you
can’t effectively monitor compliance and risk and adjust
business processes to meet changing requirements,
market trends, and regulatory mandates.
30
Regional Fragmentation
Fragmentation by Geography and Jurisdiction
31
Regional Fragmentation
• Policies and risks are generally defined and
measured at the local level, without proper
consideration for their impact on the global,
multinational, national, or regional mandates.
• Multitude of jurisdictions can result in tangible
(financial) and intangible (brand and reputation)
consequences.
32
• Business sustainability
– GRC provides a clear path to sustainable
compliance and risk management, even as
mandates increase and business models and
processes become more complex.
• Greater Business Agility
– GRC leads to greater business agility and
promotes competitive differentiation.
40
Last word
• IT governance system is no substitute for real leadership.
• Processes can’t command attention that executive give to trusted
peer.
• Systems alone don’t forge common vision or inspire action.
• Lead IT Governance- Don’t lead by it.
• Strong IT leadership needed to bring coherence to the
company's fragmented systems.
• Executive teams with a strong IT leader make better,
faster decisions about technology than do companies
that rely solely on a governance system—no matter
how effective it is.
41
REFERENCE
42
42
Optimize IT
performance through
optimized decision-
making
Effective IT governance
helps organizations cope
with—and leverage—
change
REFERENCE:
http://www-
01.ibm.com/software/tivoli/governanc
e/action/10022008.html
43
43
IBM
IT Governance
Approach
Business
Performance
through IT
Execution
REFERENCE:
http://www.redbooks.ibm.com/redbook
s/pdfs/sg247517.pdf
44
44
Trust and
Competitive
Advantage: An
Integrated
Approach
Dan Tapscott, CEO
New Paradigm Learning
Corporation
REFERENCE:
http://www.newparadigm.com
45
45
The
emerging
role of IT
governance
Lynn M. Mueller, Senior
Consultant, Software Group, IBM,
Software Group
Andrew Phillipson, IT Specialist,
Software Group, IBM, Software
Group
REFERENCE:
http://www.ibm.com/developerworks/rational/library/dec07/mueller_phillipson/index.html#N10293
46
46
Rebuilding
Corporate
Trust: The
emerging
Role of IT
Governance
REFERENCE: Oracle GRC White paper
http://www.oracle.com March 2008
47
SUNIL KOHLI
Indian Defence Accounts Service
Joint Secretary And Financial Adviser
National Disaster Management Authority (NDMA),
and National Disaster Response Force(NDRF),
Government of India, Ministry of Home Affairs, India
# A-1, Safdar Jung Enclave, Opposite AIIMS Trauma Centre,
New Delhi 110 029
Tel: +91 11 26701709 Office
+91 11 26180503 Direct
+91 11 26701715 Fax,
+91 11 26133298 Residence
+91 9868151472 Mobile
E Mail: kohlisk@gmail.com
kohlifandma@gmail.com
skkohli@ndma.gov.in
Website: www.ndma.gov.in
FACEBOOK: http://www.facebook.com/sunilkumarkohli
48