The Temporary Death of Processes: Page 2

Something for all organizations to be aware of is that the current political climate makes it seem clear that there will be additional regulations to come. They may involve corporate governance, national security or something new, but rest assured, they will come. What groups need to do today is to proactively move towards a normalized set of requirements that are then translated into formalized IT controls and are then applied across the organization following a well thought-out plan that balances costs, benefits and risks.

On the other hand, what organizations must actively guard against is implementing controls on an ad hoc basis due to various regulatory requirements. This approach will cause costs to skyrocket and ultimately may create an unsustainable control environment. It is possible to put controls in place that add value, but it is virtually impossible to do so without proper planning and oversight.

For organizations embarking on controls and that don't know where to start, I recommend using COBIT for the governance framework, identifying what is important from the framework and then leveraging best practices from the Information Technology Infrastructure Library (ITIL) to accomplish those goals. If there is one control area to focus on heavily to start, I'd recommend that organizations begin with change management.

Summary

We witnessed the temporary death of processes as the delusion of speed swept through organizations in the past 15 years. Now, the winds of change have shifted. The need to meet regulatory requirements, not to mention implement sound business practices, are pushing IT governance and controls to the forefront of board discussions once again. IT must work with the various stakeholders to ensure that proper planning is performed to create a positive control environment that adds value to the organization.

Gaining real benefits from controls are absolutely possible and something all organizations must strive for.