alfabetConnect

ADDRESSING THE real pain

Organizations often try to use standard office tools to manage their compliance topics. But this approach has many disadvantages:

  • Each compliance topic comes with a separate questionnaire (based on Excel or Word)
  • Basic information has to be filled in manually
  • Huge effort for stakeholders: information has to be consolidated from different documents, analysis has to be generated manually. Reports presented to the management team often don’t reflect the current status, because using office tools deadlines for questionaires are not easy to monitor.

Organiztions that use planningIT for IT GRC benefit in

  • Compliance Manager can start with an existing baseline of data. This includes contact people that might have changed from one inquiry to another. They are able to monitor the current status.
  • Stakeholders who complete the questionaire only see the questions that are relevant to them.
  • Management can be sure that the status of the information is up-to-date.

Where alfabet fits into the IT GRC game

alfabet‘s planningIT is THE single system of reference for IT risk management and compliance initiatives that provides comprehensive information and analysis on the IT landscape and allows integrated planning of mitigation actions.

Implementing planningIT automates an organization’s IT management processes which improves both IT governance and process transparency. Additionally, planningIT supports the implementation of question frameworks that need to be applied in order to gather the information needed for a risk or compliance analysis.

Which scenarios we support

We provide a unique platform that helps organizations shape and organize their IT, incorporating GRC aspects as the landscape changes and grows - in short, making the IT landscape compliant by design. In using planningIT as part of their GRC program, organizations can achieve better control of implemented IT processes, increased transparency for business, and more efficient IT controls and audits.

Insight: Risk Analysis And Compliance Audit

In order to analyze risks and to audit compliance, organizations need to collect, aggregate and contextualize a myriad of data. If this is done ad hoc and for each single risk or compliance request separately, the effort of gathering the right information is likely to explode while the quality of the information might still be poor. planningIT serves as a single source of the truth with a proven positive impact on the data quality regarding up-to-dateness, consistency and completeness1. It is thus the right platform to consolidate and provide the data needed to run risk analyses and compliance audits.

Trust the information: planningIT provides full picture of the IT landscape and how it supports the business. It covers different levels, such as processes, applications and information objects, and their relationships. Embedded in daily IT planning processes, planningIT's data is always up-to-date reflecting the current state as well as planned changes to the IT landscape. Alternatively, on special request data can be gathered via compliance or risk surveys.

Clear and defined ownership of data: By establishing IT planning roles, responsibilities and processes both within IT and between IT and business, the IT organization can execute on its charter to sustain enterprise objectives efficiently and effectively. planningIT provides transparency on processes, analyses completeness and gaps, and supports automated assessments.

Reporting on demand: planningIT offers over 1000 standard reports plus the possibility to create customer reports to fit individual needs. Reports can thus be produced on demand based on the information that has already been collected systematically. Compliance audits and risk assessments can be done on the available data with only the one-time minimal effort of initially defining the needed report if necessary.

Planning: Risk Mitigation And Compliance Actions

Once risk is analyzed and compliance gaps are evaluated it is important to take the right actions to mitigate risks. Ideally, these actions are planned and tracked within the same system that holds all the information for analysis for a complete feedback loop.

planningIT provides the necessary IT planning and portfolio management capabilities to ensure that the actions planned have the desired impact and that their execution has led to the expected result.

Action plans and project portfolio: Enabling target architectures and scenarios to be iterated with the business and to be broken down into roll-out plans and project milestones.

Impact analysis of actions: Scenario planning helps to see the impact that an action will have. planningIT provides the integrated management of target architectures which represent the result of an architectural transformation on risk and compliance after its execution. The effectiveness of action plans can be measured at design time.

Implementing controls: Definition of the necessary IT controls to mitigate risk and to fulfill regulatory and corporate compliance obligations. These controls help to track the ongoing progress of execution.

1 See Nucleus Research on THE RISKS OF INACCURATE DATA ON IT APPLICATIONS, May 2011

Please click here to download the Nucleus Research Report on The Risks of Inaccurate Data on IT Applications.

Back to newsletter