Online Expert Day - HPE Data Storage - Live Now
April 24/25 - Online Expert Day - HPE Data Storage - Live Now
Read more
Digital Transformation
Showing results for 
Search instead for 
Did you mean: 

3 ways IT leaders can strengthen compliance and control


keithmacbeath.jpgBy Keith Macbeath


(Keith Macbeath is a senior principal consultant with HP Software Professional Services)


These days as I talk to customers and industry experts, I’m seeing a lot to suggest that compliance is becoming a bigger issue for IT.


Just a few months ago, the SEC announced that it was going to ask companies to report on cybersecurity and information risk in their filings. While there’s some discussion of how this will be received, I think it’s clear that we’re seeing the temperature rise on compliance.


Compliance puts the focus on IT as an audit issue. We saw this with Sarbanes-Oxley, and it just keeps growing. Since many controls are dependent on IT systems, if the control in IT is weak, the whole system is compromised.


So how do you strengthen your compliance and control?


Standardize and automate the processes managing IT

Control is all about process. But if you look at IT relative to other functions in the organization, IT is out of control. In many ways, IT is still a cottage industry. By that I mean that when something needs to get done in IT it often starts with a manual process and an order sheet. A lot of what is done in IT is artisanal, handmade work.


And this makes auditors very uncomfortable.


We’re reaching a point at which artisanal IT is giving way to the Industrial Revolution. Organizations are standardizing and automating IT because that delivers lower cost and faster time to market. The other benefit of these trends is increased control. With standardization and automation you’re now at a point where you can look at the quality of the processes managing your IT.


Get to know COBIT

As compliance becomes more of an issue for IT, we’ll see more of COBIT – a standard that has come out of the audit community.


COBIT previously used to define maturity levels in a way similar to other standards like CMMI. But with COBIT 5, which is now in pre-release for feedback, the organization responsible for COBIT is defining levels in a way that is much more compliance oriented. With COBIT 5 you’ll go through strict binary audits, process by process, and something will either be in control or not. Preliminary testing suggests that it’s quite difficult to get to a process that would satisfy an auditor as being in control.


What’s going to happen, I believe is that a lot of organizations will have to take a hard look at the state of their compliance.


Now many industries, such as banking, are already familiar with COBIT. I know one bank that runs everything in IT against COBIT controls and has a rolling audit process internally. But for others, it’s going to be a journey to a control mentality.


Change your mindset to include control

Beyond embracing COBIT, there are other things organizations can do to improve control and compliance in their organization.


For instance, HP’s Executive Scorecard is all about better visibility and control. It provides executive-level metrics that actually track whether a process is within established tolerances or outside. It features exception-based management, which is also very much a control notion.


You’ll want to use business service management tools and software like HP Quality Center to get metrics around your IT performance. And you’ll want to strengthen your IT governance.


Making these changes now will go a long way toward positioning your organization for the new shifts in compliance.


Related links:



0 Kudos
About the Author


This account is for guest bloggers. The blog post will identify the blogger.

Apr 24 - 25, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
June 19 - 21
Las Vegas, NV
HPE Discover 2018 Las Vegas
Visit this forum and learn about all things Discover 2018 in Las Vegas, Nevada, June 19 - 21, 2018.
Read more
View all