1

SUNIL KOHLI
Indian Defence Accounts Service
Joint Secretary And Financial Adviser
National Disaster Management Authority,
Ministry Of Home Affairs,
India

“Rebuilding Corporate Trust:

The Essential Role Of IT Governance
11th November 2010
 3

Broad Outline: Context

• Government, Public Sector Organizations and
Corporate are the biggest entities which affects the
lives of the citizens and the consumers.
• Transparency, Risk and Compliance are the main
attributes to ensure Accountability and Corporate
Social Responsibility.
• Leveraging Technology by these entities will
ensure Rebuilding Public Trust in these
organizations.
 4

Broad Outline: Role of IT

• IT can play an important role in Information Management,
Risk Management, Better Pricing and Accessibility of
Products and Services and bringing about greater
Transparency and ensuring performance.
• In this environment of recession and slow down of economy
and fast rate of Technological Obsolescence companies can
drive strategic advantage and overcome competition by
proactive deployment of technology.
 5

Issues for Discussion

• CRISIS OF CORPORATE TRUST
• The Essential Role Of IT Governance
• Proactive Management of IT Governance
to ensure Corporate Trust & profitability.
• Integrated Governance, Risk
management, and Compliance (GRC)
solutions help improve relations with
stakeholders and, ultimately, facilitate trust
 6

CEOs “cashed out” prior to

economic crisis
CEOs at major US financial and real
estate firms converted tens of
millions of dollars of overvalued
stock into cash prior to the eruption
of the current financial crisis.

•Shocking Reality Check

•Collapse of Financial Systems
•Breed Culture of Macho
Management and Self interest
•Block Information and Transparency.
 7

Crisis Of Corporate Trust

• Critical Areas For A More Proactive Approach
– Greater transparency about business practices.
– Less risk associated with products and services.
– Better pricing and accessibility of products and
services.
– More emphasis on the development of socially and
environmentally responsible products and services.

• Based on McKinsey Research

 8

Building Corporate Trust is

Expensive but Makes Business Sense
1. Corporations Need to Rebuild and
Strengthen Stakeholder Trust
2. Pervasive Fragmentation Complicates the
Pursuit of Stakeholder Trust
3. Beyond a “License to Operate”: Trust
Contributes to Competitive Advantage
4. An Integrated Approach to
Transparency is Essential
 9

1.Corporations Need to Rebuild

and Strengthen Stakeholder Trust
 10

2. Pervasive Fragmentation Complicates

the Pursuit of Stakeholder Trust
• Combating the fragmentation
1. Think and act globally.
•Geographical, Organizational, and Systems fragmentation complicates the
problem

2. Bridge corporate silos.

•In the absence of integration, interactions are at best suboptimal

3. Use technology to improve information flows.

• Disconnects multiply with the volume and complexity of the information
 11

3. Beyond a “License to Operate”: Trust Contributes

to Competitive Advantage

• Strategic investment in compliance to

competitive advantage
• Better information management has
improved business intelligence and
optimized decision making.
• The essential ingredient of trust:
Transparency—and specifically; Information
Liquidity, can have a significant business
impact.
 12

4. An Integrated Approach to
Transparency is Essential
• Need to embed the appropriate behaviors
into the organization’s culture, processes,
and systems.
• An integrated GRC strategy becomes in
itself a differentiator.
• Governance and Compliance ensures
Conformance; Risk to mitigate losses.
 13

4. An Integrated Approach to
Transparency is Essential
• Honesty: Access to a “true” data.
• Accountability: Accountability ensures that commitments are
captured and acted upon. Clear lines of responsibility make it
harder to pass the buck.
• Transparency: The organization can’t be transparent unless it
has systems that enable the communication of pertinent
information to stakeholders in an accessible format.
• Integrated GRC leverages your existing information technology
investments; Makes your efforts scalable and Enables new types
of collaboration.
 14

5. Conclusion
• An integrated approach to governance, risk
management, and compliance has several benefits:
– Lower costs; Better leverage of existing investments;
– New scale for information sharing initiatives;
– Support for new innovations; and
– Unprecedented levels of collaboration and coordination.
– Holistic approach that marries business considerations with
stakeholder interests is the right “manrta”.
• Implement an Executive Cross Functional
Governance Structure
 15

Distinctive Features Of IT

• Trusted Interface
• Critical Business Enabler
• Competitive and Strategic Differentiator
• Reduces Costs by Optimizing Resources
• Managing risks associated with data security and
regulatory compliance.
• Integrate different departments and disparate
internal controls systems
 16

Distinctive Features Of IT
• Ubiquitous Application
• Dramatic Rate of Cost Decline
• Universal Ownership
• Exponential Growth
• Flexibility and scalability
• Shrinkage of Geographical Distance through
Networks.
• Revenue Generator
• Cost Cutting Engine
 17

WHY INFORMATION TECHNOLOGY?

• Capable of comprehensive holistic IT Governance approach:
Bridge Functional Silos.
• Easy to adapt C3I Approach
– Coordination; Communication; Collaboration; and
Integration
– Process of “Mutualism” Collaborative Decision Making and
implementation to optimize Performance
• Eliminate Ad Hoc Setup and Human Errors.
• Overcome DRIP Syndrome
• Align IT controls to corporate policies, and corporate policies to
regulations.
 18

IT GOVERNANCE

• Definitions
• “Effective IT governance helps ensure that IT
supports business goals, optimizes business
investment in IT, and appropriately manages IT-
related risk and opportunities.”
• IT Governance Institute
• Framework with Structures, Processes & Policies that
governs how a business make IT Decisions & who within
the organization makes them.
 19

IT GOVERNANCE APPROACH
• A holistic approach to IT governance
– That encompasses all dimensions of their IT-related
activities.
– Spanning all layers of a company’s IT infrastructure
– Addresses an organization’s entire compliance, risk
and security requirements using the same toolset.
• Reduce complexity arising from Globalization and
Proliferation of off-shoring and outsourcing
arrangements.
 20

HOLISTIC APPROACH TO
IT GOVERNANCE
• Enables companies to dynamically manage and monitor
key IT enabled GRC activities such as: -
– Information Protection and Privacy;
– Configuration and Change Management; and
– IT GRC management across multiple business units, geographies
and IT systems.
• The result is IT governance that is sustainable, cost-
effective, and better aligned to the strategic and
operational demands of the business.
 21

GRC
• AN INTEGRATED APPROACH TO
MANAGING GOVERNANCE, RISK, AND
COMPLIANCE
• Drive Business Predictability and
Stakeholder Confidence
 22

VULNERABILITY OF
CORPORATE
• Businesses face unprecedented numbers of
legal, regulatory, and business partner
mandates, as well as value chain
requirements.
• How can you control risk, manage
effectively, drive performance, and
ultimately inspire greater stakeholder
confidence?
 23

Why An Integrated Approach To

Managing GRC
• Adopt an integrated strategy and a comprehensive
GRC solution.
• To Address all regulatory and business related risks and
achieve compliance at a lower cost.
• To differentiate itself and achieve greater agility by
optimizing your business processes and using risk
intelligence for better decision making.
 24

GRC Discipline
• A Definition of Governance, Risk, and
Compliance
• Governance manages the strategic directives a
company wants to follow.
• Risk management assesses the areas of exposure
and potential impacts.
• Compliance is the tactical action to mitigate risk.
 25

THE FOUR DEGREES

OF FRAGMENTATION
• GRC activities are typically fragmented across
four dimensions:
• Organization
• Systems
• Regions
• Internal GRC disciplines
 26

Organizational Fragmentation
 27

System Fragmentation
 28

System Fragmentation
• Most businesses lack GRC information integrity
because governing principles and policies, risk
measurement, and compliance with regulatory
mandates are typically supported by departmental IT
systems.
• Without centralized governance, systems may use
different metrics, standards, and methodologies for
analyzing risk and compliance information, making the
aggregation of data a complex and time-consuming
task.
 29

System Fragmentation
• Local process optimization and point solutions
implemented across the enterprise can further isolate
information within systems, resulting in a limited
view of enterprise risk.
• Without an aligned and integrated perspective on
governance to guide risk profiling and mitigation, you
can’t effectively monitor compliance and risk and adjust
business processes to meet changing requirements,
market trends, and regulatory mandates.
 30

Regional Fragmentation
Fragmentation by Geography and Jurisdiction
 31

Regional Fragmentation
• Policies and risks are generally defined and
measured at the local level, without proper
consideration for their impact on the global,
multinational, national, or regional mandates.
• Multitude of jurisdictions can result in tangible
(financial) and intangible (brand and reputation)
consequences.
 32

Internal GRC Discipline

Fragmentation
Interrelationship
Between
Governance,
Risk, and
Compliance
Management
 33

The High Cost Of A Fragmented

Approach
• From a pure cost perspective, the status quo is simply
too expensive to sustain.
• Only with an organizational view of GRC information
and a comprehensive solution for managing GRC
across the enterprise can you manage with confidence,
improve business predictability, and drive higher
performance.
• A GRC strategy can also be a critical driver of revenue
and competitive advantage because you can accurately
assess the risk of various business decisions.
 34

Leverage GRC as a Proactive Business

Optimization Instrument
• The real business value comes from leveraging GRC as a
proactive management instrument – not just in terms of
avoiding the costs of noncompliance, but in terms of driving
revenue and competitive advantage.
• Ultimately, GRC is about seeing the opportunities associated
with a given business change and placing your organization in
the best position to capitalize on those opportunities.
• This requires moving toward tightly integrated business
and IT functions – the key to improving enterprise risk
awareness and response capabilities, as well as recognizing
opportunities.
 35

How GRC Software Can Help

• To Address Fragmentation:
• Systems Fragmentation: Seamless within a
heterogeneous IT landscape, integrating with existing
legacy systems and for real-time monitoring of key risk
indicators and compliance activities.
• Organizational Fragmentation: Standardization
• Regional Fragmentation: Scalable and balanced,
objective, real-time view of governance (strategy).
• Discipline Fragmentation: Providing real-time
information to business decision makers.
 36

How GRC Software Can Help

• The software should also help you plan
compliance and governance activities so that
they become an extension of risk management,
mitigating risks one task at a time.
• This integrated approach, which is driven by risk
information, also ensures accurate resource
allocation so that you do not inadvertently
focus compliance efforts on areas that are
already strong and overlook hidden areas of
weakness.
 37

TURNING REGULATORY REQUIREMENTS

INTO STRATEGIC ADVANTAGE
• With a GRC framework and software solution,
organization can benefit from the following:
• Increased shareholder value
– Good governance is reflected in many intangibles,
including brand and reputation, and it translates directly into
share price premiums.
• Optimized risk-return portfolios
– The GRC framework and software solutions provide the
transparency and insight business decision makers need to
select (and reject) projects based on risk impact and
probability relative to potential return.
 38

TURNING REGULATORY REQUIREMENTS

INTO STRATEGIC ADVANTAGE
• Reduced GRC costs
– Transitioning to an integrated GRC approach significantly
reduces the number of people – and the amount of time
required to control and address risk. For compliance in
particular, you can trust accurate compliance processes, which
are enabled by the GRC software solutions.
• Improved business performance and predictability
– The GRC framework enables transparency across your
enterprise and beyond. It gives management a systematic
process for anticipating and controlling risks, and the
tools to proactively determine proper actions and critical
tasks, reducing unacceptable performance variability.
 39

TURNING REGULATORY REQUIREMENTS

INTO STRATEGIC ADVANTAGE

• Business sustainability
– GRC provides a clear path to sustainable
compliance and risk management, even as
mandates increase and business models and
processes become more complex.
• Greater Business Agility
– GRC leads to greater business agility and
promotes competitive differentiation.
 40

Last word
• IT governance system is no substitute for real leadership.
• Processes can’t command attention that executive give to trusted
peer.
• Systems alone don’t forge common vision or inspire action.
• Lead IT Governance- Don’t lead by it.
• Strong IT leadership needed to bring coherence to the
company's fragmented systems.
• Executive teams with a strong IT leader make better,
faster decisions about technology than do companies
that rely solely on a governance system—no matter
how effective it is.
 41

REFERENCE
 42
42

Optimize IT
performance through
optimized decision-
making
Effective IT governance
helps organizations cope
with—and leverage—
change

REFERENCE:
http://www-
01.ibm.com/software/tivoli/governanc
e/action/10022008.html
 43
43

IBM
IT Governance
Approach
Business
Performance
through IT
Execution
REFERENCE:
http://www.redbooks.ibm.com/redbook
s/pdfs/sg247517.pdf
 44
44

Trust and
Competitive
Advantage: An
Integrated
Approach
Dan Tapscott, CEO
New Paradigm Learning
Corporation

REFERENCE:
http://www.newparadigm.com
 45
45

The
emerging
role of IT
governance
Lynn M. Mueller, Senior
Consultant, Software Group, IBM,
Software Group
Andrew Phillipson, IT Specialist,
Software Group, IBM, Software
Group

REFERENCE:
http://www.ibm.com/developerworks/rational/library/dec07/mueller_phillipson/index.html#N10293
 46
46

Rebuilding
Corporate
Trust: The
emerging
Role of IT
Governance
REFERENCE: Oracle GRC White paper
http://www.oracle.com March 2008
 47

SUNIL KOHLI
Indian Defence Accounts Service
Joint Secretary And Financial Adviser
National Disaster Management Authority (NDMA),
and National Disaster Response Force(NDRF),
Government of India, Ministry of Home Affairs, India
# A-1, Safdar Jung Enclave, Opposite AIIMS Trauma Centre,
New Delhi 110 029
Tel: +91 11 26701709 Office
+91 11 26180503 Direct
+91 11 26701715 Fax,
+91 11 26133298 Residence
+91 9868151472 Mobile
E Mail: kohlisk@gmail.com
kohlifandma@gmail.com
skkohli@ndma.gov.in
Website: www.ndma.gov.in
FACEBOOK: http://www.facebook.com/sunilkumarkohli
48