IT Compliance Management

Are your managing IT risks and controls for better performance?

The IT Compliance Management decision area consolidates information from different compliance initiatives. It commonly requires three sources of information:

• Compliance program management software, such as that used for Sarbanes-Oxley. This allows IT to ensure that compliance tasks take place and are meeting program milestones.
• Information from the controls themselves. Of the 34 IT processes across four domains used in COBIT, a subset is required for Sarbanes-Oxley, notably around security and access controls, change and release management, and incident and problem management. These controls involve reviewing large volumes of data and flagging exceptions to established procedures.
• Metadata. Companies have mostly manual internal controls. About two-thirds are “detective” controls, versus the more reliable “preventive” ones. Detective controls mean reviewing transaction records in both detailed and summary form. You need a clear audit trail linking the source of information with the definitions and business rules that apply. Monitoring and analyzing which metadata governs which reports and who has access to it creates a more reliable control environment.

To help with this analysis, the IT Compliance Management decision area lets you set planning goals and scorecarding metrics for performance management elements such as:

• Compliance completion (%)
• Compliance costs ($)
• Material deficiencies (#)
• Regulatory compliance (%)
• Controls & Exceptions (#)
• External audit fees & Outsourced internal audit costs ($)

With a performance management system in this decision area, you can analyze these goals and metrics by a number of dimensions, including:

• Application software type
• Infrastructure environment
• Control owner & frequency
• Financial account
• IT control processes (COBIT)
• Transaction status

Using the IT Vendor Management decision area

As an IT professional, the IT Compliance Management decision area let you ask questions such as:

• Controls: Are we decreasing the number of manual controls for a particular application, or are they growing and increasing the demand for resources?
• Compliance completion: Is there a consistent trend by control owner for meeting compliance demands?
• External audit fees: Do we see an increase in external fees for a particular account when we decrease our internal resource commitment? What is the total cost?

Additional Resources:

The Performance Manager Book

Book

This book, Proven Strategies for Turning Information into Higher Business Performance uncovers 42 information sweet spots. Understand these areas, and you can drive performance excellence.

Cognos Performance Manager

Online Demo

See how plans, financial reports, and scorecards can help you manage performance across all data sources.

Performance Manager Book Abstract

Abstract

The Performance Manager, Proven Strategies for Turning Information into Higher Business Performance Book.

I'm interested in better performance— my next steps

Home | Legal Notices | Privacy Statement | Site Map
Performance Management | Business Intelligence | RSS Feeds

Copyright © 2008 Cognos ULC (formerly Cognos Inc.), an IBM Company. All rights reserved.

Cognos is a world leader in business intelligence, performance management, data integration, enterprise risk management, olap reporting, analytics software, bank branch profitability, retail performance management, supply chain visibility, customer profitability, Oracle business intelligence, and balanced scorecarding for the enterprise.