alfabetConnect

IT GRC in the Finance Industry

With the introduction of the Dodd-Frank Act, the heat is being turned on financial intuitions to become compliant with governmental regulations. Such regulations tend to cause a great deal of confusion and uncertainty in the marketplace.

alfabet enables financial services organizations to strategically plan for and effectively adapt to current and future regulatory challenges. alfabet's software not only offers transparency for reporting purposes, but also for the layout and implementation of an IT landscape to comply with future regulatory requirements leading to compliance by design.

When it comes to regulatory compliance there are three steps of maturity all organizations go through irrespective of their industry:

Risk analysis and compliance audit
Risk mitigation and compliance actions
Compliance by design

Business IT Management is an approach that covers all steps from risk analysis to compliance by design.

Risk analysis and compliance audit

In order to analyze risks and to audit compliance, organizations need to collect, aggregate and contextualize a myriad of data. If this is done ad-hoc and for each single risk or compliance request separately, the effort of gathering the right information is likely to explode while the quality of the information might still be poor.

planningIT serves as a single source of the truth with a proven positive impact on the data quality regarding up-to-dateness, consistency and completeness. It is thus the right platform to consolidate and provide the data needed to run risk analyses and compliance audits.

Risk mitigation and compliance actions

Once risk is analyzed and compliance gaps are evaluated it is important to take the right actions to mitigate risks. Ideally, these actions are planned and tracked within the same system that holds all the information for analysis for a complete feedback loop.

planningIT provides the necessary IT planning and portfolio management capabilities to ensure that the actions planned have the desired impact and that their execution has led to the expected result.

Compliance by design

For most organizations it is a recurring task to evaluate risk and to audit their compliance, simply because the result of any change within the IT landscape can only be analyzed after its implementation – whereas knowing and considering the implications at design time might change the decisions considerably.

planningIT helps to define and implement a complete new way of IT management processes where a 360° view on the IT landscape is available at design time and compliance as well as risk measures can be taken into account while planning the portfolio.

Conclusion

CIOs basically face two challenges: a) to manage an increasingly complex application landscape to keep the systems going and b) to plan and evolve the landscape in a way that it aligns with the changes in business. This alone is a heavy-duty job. It is like keeping the operations going in a modern, full-service hospital with all the supplies to be ordered, shifts to be planned and machines to be maintained while the management decides that a new section for heart surgery needs to be planned and equipped and plastic surgery might be shut down – of course without impacting neither the quality of service nor the numbers of patients served.

Therefore, Business IT Management eases the pain for CIOs in three ways:

Audits and analysis on the current state of the system with regards to requirements are easier to produce, more reliable, and available on demand. They prove whether or not the current landscape is compliant and whether or not the risk level is within given margins.
Any gaps that are identified through the analysis must be closed, which again impacts the landscape and will have to be checked the following year. Doing all this within a single system helps to relate actions to the affected assets as well as tracing the success, thus reducing the upcoming effort of audit.
While it is good to check if no emergency room is painted in yellow and all heads of sections have their certificate, it would be much better to take these restrictions into account when planning the room interior and going through the interview process. This shifts the intelligence upstream to design time which avoids extra effort downstream.

Business IT Management ensures that IT powers business success – and complies with the rules.

Please click here to read the interview “We've greatly improved our flexibility” with Klaus Wolf, Generali Deutschland by Eva Hildebrand and Ina Schlücker.

Please click here to download the Business Solutions Guide "Compliance by Design - Five Rules To Reduce Risk For Application Landscapes".