210 likes | 402 Views
3. Enabling Decision Support and Analytics. The need exists to analyze large volumes of data in short times in a cost effective manner. Engaging a team of specialists to conduct an exhaustive study is likely not the answer; the opportunity will be lost before the study is complete.
E N D
3. Enabling Decision Support and Analytics The need exists to analyze large volumes of data in short times in a cost effective manner. Engaging a team of specialists to conduct an exhaustive study is likely not the answer; the opportunity will be lost before the study is complete Risks - Issues Issues Loss or mis-handling of sensitive confidential information Inability to operate (DOS) Customer hostility, law suits over data compromises Customer expectations may be unmet or compromised Implementing Effective Analytics Software Monitoring Data Sources Ensuring Data Accuracy Authentication and Integrity Creating Utility From Multi-Sourced Data Designing Effective Reports
3. Enabling Decision Support and Analytics Trends Visualization- Reporting Using Graphical Presentations Active DSS - Decision Support Systems that Provide Interactive Software-based Solutions DSS Tools - Compile useful information from a combination of raw data, documents, and personal knowledge, or business models to identify and solve problems and make decisions. Decision Management Tools - Software that can analyze multi sourced data, determine possible solution, assess those solutions against predetermined criteria, including legislative, regulatory, policy or other constraints and determine a course of action
Where to Start Know what you want to accomplish Know what decisions have to be made Identify the information needed to make those decisions Identify the source of the information (Internal, external, etc.) Obtain the required data Before You Start Know what data you have Know where it is stored Know how it is stored Know when and how it can be used Know how to access it Know the tools to analyze the data You also want to know its source, how reliable it is and can I replicate it.
3. Enabling Decision Support and Analytics DSS Tools Classification • DSS and Analytics tools may also be classified by their key drivers; data, documents, knowledge, model and communications: • Data - emphasize access to and manipulation of internal company data and external data usually in a time series analysis • Documents – software that manages, retrieves, and manipulates unstructured information in a variety of electronic formats. • Knowledge – software that provides specialized analysis and problem solving expertise stored as facts, rules, procedures, or in similar structures • Models – software that provides access to and manipulation of a statistical and financial information through optimization or simulation modeling • Communications – software that supports more than one person working on a shared task
3. Enabling Decision Support and Analytics Decision Management Tools
3. Enabling Decision Support and Analytics Issues • DSS solutions subjected to a “reality check” to ensure proposed solutions : • Meet entity standards • Are feasible and achievable • Can be undertaken within the entity’s risk profile and financial imperatives • Subject the DM software to a rigorous review and testing to ensure the criteria have been correctly programmed; usually through tables or questionnaire choices and that it operates correctly While ranking 3rdin importance, only 33% of the respondents felt confident in their ability to adequately address the adoption of decision support and analytics tools
4. Managing IT Risk and Compliance The GRC – Governance, Risk and Compliance Community has Gained Prominence Due to an Onslaught of legislation and Regulatory Requirements Governanceis the overall approach that the board and management take to guiding the organization. Managingriskinvolves the processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization's business objectives. Legal and regulatory compliance risks are key issues in GRC. Complianceinvolves the processes which identify requirements such as laws, regulations, contracts, strategies and policies and the risks of non-compliance. It also involves assessing the state of compliance and the risk of non-compliance.
4. Managing IT Risk and Compliance “The complexities of IT and its interconnectedness to so many areas of the business leave organizations more vulnerable than ever to inherent risks” Source:IBM white paper on aligning information technology strategy with business goals. Reliance on IT is pervasive IT must Align their Risk and Compliance Strategy with That of the Enterprise Risk Mitigation Alternatives Risk Occurrence Likelihood Risk Identification Risk Impact Risk Mitigation Strategy
4. Managing IT Risk and Compliance New Technologies (Mobile devices) and New Uses of Technologies (BYOD) Bring Increased Risks IT is Continually Evolving The IT Risk and Compliance Program Must Continually Evolve Stainable Compliance Will Only be Achieved if Risk and Compliance Activities Become Integral Components of Standard Operating Procedures
4. Managing IT Risk and Compliance The 2013 survey indicated an overall confidence level of 57%, tied in first place with Managing and Retaining Data. The Respondents Were Not as Confident with their Risk and Compliance Initiatives: • 39% agreed or strongly agreed - “adequately monitor the effectiveness of their IT-related internal controls” • 41% agreed or strongly agreed - “adequately deploy automated controls to achieve separation of duties and avoid any potential for management override within systems”
4. Managing IT Risk and Compliance Survey Results Effectively monitoring the effectiveness of its IT-related internal controls 39% Able to adequately deploy automated controls to achieve separation of duties and avoid any potential for management override within systems 41% Conducted an IT risk assessment appropriate to the level of complexity of the IT environment 53% Good understanding of the appropriate regulatory and compliance requirements related to IT for its size of organization and industry 57%
4. Managing IT Risk and Compliance Survey Results 59% 67% Appropriately designed its policies and internal controls to reduce its IT-related risks to an appropriate level With Only 57% Indicating the business had a good understanding of the appropriate regulatory and compliance requirements related to IT for its size of organization and industry And Only 53% have conducted an IT risk assessment appropriate to the level of complexity of the IT environment Understands the risks associated with Information Technology (IT) “Risk and Compliance” Requires Additional Attention
4. Managing IT Risk and Compliance NIST 800-66 Security Oriented Guide to Obtain Compliance with HIPAA Requirements Good Source of Reviewing a Compliance Methodology Provides Sample Forms 117 Pages http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf
5. Governing and Managing IT Investment and Spending IT Governance is: “the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.” ITGI, Board Briefing on IT Governance Source: IT Governance Institute www.isaca.org
5. Governing and Managing IT Investment and Spending Corporate financial failures and the financial crisis in 2008 have highlighted enterprise governance issues Enterprise-wide or corporate governance is the systems by which organizations are directed and controlled – Source OECD • Corporate governance: • provides structure, allocates roles and responsibilities amongst stakeholders (board, management, etc.) • sets the tone by which the organization is directed and managed • establishes objectives, goals, values and culture • establishes rules and procedures • establishes metrics and monitoring processes
5. Governing and Managing IT Investment and Spending The IT Governance Model Encompasses • Strategic Alignment • Value Delivery • Risk Management • Resource Management • Performance Measurement Source: IT Governance Institute
IT Governance Control Cycle Source: IT Governance Institute
5. Governing and Managing IT Investment and Spending Executive (CISO) Responsibilities For IT Security Governance 83.2% Information Security, Strategy and Planning 82.1% Information Security Policies, Procedures and Standards 75.6% Information Security Compliance and Monitoring 71.4% Information Security Incident Management 71.0% Information Security Risk Assessments Chief Information Security Officers Source: Deloitte 2013 Financial Services Security Survey – P15
5. Governing and Managing IT Investment and Spending Appropriately analyzing the value (e.g. ROI, EVA) of our IT investment portfolio 29% Strong alignment between the IT strategy and the organization’s mission/strategic plan 38% Overall Confidence 41.8% Clearly management and the board should assess their role in governing and managing the IT function to drive greater value from their IT investments
5. Governing and Managing IT Investment and Spending IT Governance is designed to ensure that IT resources are effectively employed in a manner that enhances value and supports the enterprise in achieving its vision and mission (IT Governance Institute) The CICA/CPA Canada has published a number of IT Governance books in their 20 Questions series • An effective IT Governance program ensures that the enterprise: • benefits from IT expenditures, • provides enhanced customer experiences, • remains competitive within their industry and • challenges business practices to create new business models