News & Views

September 16, 2010 from CFO.com – “But it’s not fading from sight as quickly as other material weaknesses are… Most IT-control weaknesses are rooted in poor management rather than the technology itself…” such as 

• Imposing an unrealistic deadline for implementing a new system, leading to inadequate testing
• Not using controls that come packaged with many systems or not reviewing automatically generated control reports
• Providing inadequate training on new systems
• Failing to ensure that system access privileges reflect segregation-of-duties mandates
• Allowing excessive customization of systems, which can damage their integrity…”

180 View – We included this article because their list of IT control weaknesses may not be obvious to some organizations and are worth remembering.

April 19, 2010 from CBS News – “At a warehouse in New Jersey, 6,000 used copy machines sit ready to be sold. CBS News chief investigative correspondent Armen Keteyian reports almost every one of them holds a secret.

Nearly every digital copier built since 2002 contains a hard drive – like the one on your personal computer – storing an image of every document copied, scanned, or emailed by the machine.

In the process, it’s turned an office staple into a digital time-bomb packed with highly-personal or sensitive data.

If you’re in the identity theft business it seems this would be a pot of gold.

“The type of information we see on these machines with the social security numbers, birth certificates, bank records, income tax forms,” John Juntunen said, “that information would be very valuable…”

180 View – Who knew?

2010 from Info-Tech – “Calling a suite of IT project and asset management tools “IT governance software” raises the false promise of out-of-the-box IT/business alignment. Alignment cannot be purchased – it is earned through capable management processes. Focus on the processes first and then look to how these powerful tools can help…”

180 View – The same argument goes for any enterprise software. The article also identifies a number of IT Governance vendors.

February 27, 2010 from The New York Times – “On the Internet, things get old fast. One prime candidate for the digital dustbin, it seems, is the current approach to protecting privacy on the Internet…”

180 View (Written by Graeme Booth) – “The attached article from the New York Times suggests that the rampant proliferation of data harvesting has all but made conventional approaches to privacy ineffectual. The author contends that privacy practices under-pinned by the use of disclosure statements is insufficient and that only governance defined by a combination of “rules and tools” will suffice. However, it is less than certain that increased regulation (which is what the author means by rules) is the most effective approach. Reasonable constraints on employee/individual behavior at the company level are a measured response to corporate sensitivities and external threats. It would seem, then, that a refocus on privacy and security efforts at the company or entity level would provide more immediate assurance to companies, employees, and other stakeholders. Big Brother may go to new lengths to increase his scrutiny but prudent companies should be asking themselves if the security and privacy “rules and tools” at their organizations are enough.

180 View (written by Graeme Booth) – Unfortunately, IT Governance has been made to seem too complicated which, in turn, has led to unnecessary confusion. IT Governance, and corporate governance for that matter, really only consist of three sets of activities all of which cascade into important sub-activities and processes.

Set the direction for IT- this is the basis for business alignment and drives IT investments and decision making toward the achievement of corporate objectives- strategic planning to enforce alignment of business initiatives.

Support the direction for IT- after establishing where you are going, the organization needs to figure out how it is going to get there. Considerations include business and technology architecture, infrastructure, application architecture and portfolio, organization structure, policies et al. Systems management, often referred by the acronym ITIL, enters the fray at this stage- make the decisions and choose the tactics that enhance the chance of strategic success.

and finally,

Sustain the Direction for IT- operating procedures, management and operating controls, internal control and audit, COBIT. Clearly, if your environment is not resilient and cannot be managed, measured and monitored, the value from strategy etc. is significantly diminished. It’s all about establishing accountability for IT processes.

Its like a road trip really- decide where you are going, choose the route, and try not to get lost along the way.