Topics:
Compliance
Prediction No. 10: Continuous Controls, The Intersection of BPM, ECM And Event Monitoring
Building a continuous controls environment means integrating the monitoring of controls with all the sources of information that could possibly generate a risk event, in other words, every place on your network where information is stored or exchanged. Some companies elect to build continuous controls into their overall business process management system. That's a huge commitment, but front-ended with a business intelligence engine and augmented with enterprise content management (ECM) that implements the COSO framework, a BPM system may be in the best position to achieve continuous controls across a broad range of requirements. Then you have to make sure it can perform real-time auditing, analytics, reporting and mitigation. And then you have to make sure that all the processes are repeatable, an enormous but necessary undertaking. Few compliance requirements are so specific and unchanging that a single packaged tool will get the job done. And the task of continuous controls will call for the tools you choose to work together. In the end, it forces you to examine your entire chain of information, from transaction systems to production systems and communication systems. It would be shame not to leverage such retooling and analysis to improve efficiencies, productivity throughout the organization. Your greatest challenge could be getting management to understand the need for and the benefits of a continuous controls environment. If you were one of the majority of IT managers that were merely given a deadline to become compliant and little or no extra budget to do so, the fact that you were able to patch together controls for your first audit means you get to do it all over again. And that's not a New Year that anyone wants to look forward to. So there you have it. That makes 10 predictions for IT compliance in 2006. If you missed any of the previous nine, you can review them below: Prediction No. 1: The shift to internal threat threat monitoring Prediction No. 2: Manpower Reductions Prediction No. 3: Lockdown On Customer Data Prediction No. 4: Data Centralization Prediction No. 5: New Content To Manage Prediction No. 6: The IT Hand-Off Brings Focus On Cost Prediction No. 7: SOX Still Takes The Blame Prediction No. 8: SMBs Forced To Wear Their Compliance Hats Prediction No. 9: The Watchword in 2006 Will Be Sustainability « Small Victory In Battle Against Kiddie Porn | Main | Priorities Out Of Order » |
| Sign Up Now For InformationWeek News Alerts |
This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
