IT DRILLDOWN
SOA
Virtualization
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion
 CIO Consumer IT
 CIO Leader
 CIO Enterprise
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Portfolio Management Maturity Model at Chevron - Presentation & Discussion

November 13, 11:30 AM - 12:30 PM ET (GMT-4)

The fundamental goal of the model is to help IT become a business partner and earn a seat at the table. Core to the model is to establish a five year IT strategic road map that is owned by the business. Presenter Janinne Franke is manager of strategy, planning & optimization at Chevron's corporate department & services. She will share processes and lessons learned from developing and implementing the model.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 
 
Expert View
 

Compliance, Convergence and How IT Fits

There are more government rules for companies to follow, more departments required to follow them, and more legal risks for not doing so. Proactive executives can use IT to design and implement an effective compliance program to coordinate an organization's various compliance processes.

 

By Matt Podowitz and Brian Tretick, Risk Advisory Services, Ernst & Young

January 08, 2008CIO — With compliance emerging as one of today's most prevalent business issues, multiple corporate functions are beginning to converge in a federated approach to addressing quality, risk and overall compliance management. This convergence, though arguably a more efficient approach, may not be an intuitive state for policies and processes traditionally created in silos. Nor is convergence always a logical process for the people who operate, manage, and implement those policies and processes.

MORE Predictions
10 Virtualization Vendors to Watch in 2008
Five Key Technology Trends for 2008
Six Enterprise Application Trends to Watch in 2008

As the visibility of compliance continues to rise, there is a concurrent increase in the importance placed on information technology and the role of the CIO. Like other parts of the enterprise responsible for risk and compliance, IT's mandate has expanded in the post-Sarbanes-Oxley (SOX) environment. Beyond the traditional charge that comprises the fundamentals of keeping the lights on and the company out of trouble, IT and the CIO now share responsibility for making the business better. Ironically enough, one of the most "siloed" of functions has become one of the most well-positioned to do just that.

A Look at the Compliance Landscape

Understanding how IT's role is evolving comes best with an understanding of the compliance landscape. Every company operates with rules and regulations, which may vary by industry, geography, size or other factors or may even have been self-imposed in a proactive effort to improve operational efficiency. Historically, the majority of compliance criteria have centered on financial or environmental issues. Many were created and implemented in response to a particular issue; likewise, they may have been executed and monitored at the business-unit or departmental level via spreadsheets or other manual means.

As the regulatory environment continues to change with marked frequency and measurable complexity, so do the requirements for automated, repeatable controls and processes around the classic information compliance drivers—internal controls over financial reporting, controls to protect and govern the use of personal information, protection of intellectual property, records management and e-discovery rules. What's more, the "shrinking earth" is giving rise to a set of standards that are global in scope, with SOX in the U.S. spawning similar legislation in Japan, Canada, Australia, France, Italy and the Netherlands. The U.K.'s Financial Services Authority's foray into outcomes-based regulation has also sparked interest in a similar approach in other countries.

Legal risk and the implications of noncompliance are also expanding, with the potential for what could be called catastrophic consequences ranging from significant fines and irrevocable damage of company brand and reputation to jail time for executives. Information itself has become a regulated asset, with specific criteria for its protection, privacy, use and retention. Changes to the Rules of Civil Procedure regarding document retention are making it harder for companies to mount effective litigation defense. Where noncompliance with a given regulation is a cause of harm, the settlements may be even larger.

Inefficient processes, the increasingly complex regulatory and business environment, and shortage of talent are placing unprecedented demand on current systems and procedures. The "typical" organization has core compliance accountabilities for multiple functions and business units, with HR, security, finance, legal, risk, internal audit and others, each addressing compliance differently. Against the backdrop of this ever-expanding compliance environment and the increasing number of business functions and operational areas it encompasses come the growing expectations of stakeholders. They want not only effective compliance risk management and transparency in their strategies but also a reasonable return on the significant investments made in information technology, plus measurable means for improving the business overall.

Loading...
 
 
ABCs
 

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

7 Requirements of Data Loss Prevention

A Guide to Understanding Hosted and Managed Messaging

Google Apps Premier Edition Helps Indoff Manage E-mail More Effectively

CapGemini Cut Call Center Costs with Google Apps Premier Edition

Comprehensive Review of Security and Vulnerability Protections for Google Apps

Web 2.0 The New Face of the Web

Universal Search in Healthcare Organizations

Google Case Study: Agile Software

Universal Search in High Tech Organizations

Providing Universal Search for Business

Google Case Study: Kimberly-Clark

Put Enterprise Communications on Autopilot

Portfolio Management for Effective IT Governance

Making Enterprise Architecture Work within the Organization

Telepresence - A Realistic Solution Connecting a Global Workforce

Enabling Enterprise 2.0

Customer Hubs Deliver on the Failed Promises of CRM

Live Webcast - Ensuring Business Services Delivery

IT Cost Transparency & Performance Management for Optimizing IT

Solving Online Credit Fraud Using Device Reputation

Stimulating Innovation: Meeting IT's New Mission

Strategic IT Financial Management - Achieve Higher Organizational Performance

New research validates telepresence solutions.

HP Puts Its Disaster-tolerant Capabilities to the Test

Keep proven data center technology. Evolve with Brocade

Best Practices in Choosing and Consuming Managed Security Services

A Guide to Messaging Archiving

2008 Google Communications Intelligence Report

The Impact of Messaging and Web Threats

Comparing Google and Other Leading Messaging Security Solutions

Deploying a Google Search Appliance is Not your Typical IT Implementation

Google Case Study: Pioneer Investments

The Case for Universal Search

Universal Search in Financial Services Organizations

Google Case Study: Sunnybrook Health Sciences

Learn About the Features of the Google Universal Search Solution.

Mission Impossible: Building the Right Project Metrics

Project Portfolio Management - Boost the Value of IT

Embedding Architecture into the Organization

Data Center Asset Planning - Regaining Control of the Data Center

Develop new insights that deliver better business results

"Enterprise-Proven" is the Prerequisite for Enterprise SaaS Portal Solutions

Top 10 Ways to Protect Against Web Threats

The Case for Business Software Assurance ~ Securing Your Applications

The Benefits of Data Deduplication for Data Protection in the Enterprise

Reap the Benefits of Unified Communications

Unified Communications: "More Than Just Talk"

Extending the Enterprise Network Through Mobility

Rolling the dice with your security? Take the Self-Assessment Test now

Industry Analyst Report: Top Hosted Exchange Vendors in 2008