Automation as a Component of IT Risk Management

1 comment | 1I like it!
June 2, 2009, 02:44 PM —  UC4 Software — 

As enterprise software is increasingly used to automate complex business processes, IT is becoming an increasingly important factor for enterprise-wide risk management. Unfortunately, as process chains become more and more complex and cross multiple business silos, it is often unclear how various processes link together-- until a business function breaks down. If a business function (e.g. Month-End-Close) breaks down this is clearly a risk for the company. One method for companies to mitigate risk is to implement an automation solution to reduce the risk of errors and failures in IT-based business processes.

Any company which uses software solutions and wishes to control corresponding processes using external tools must be aware that not only the software needs to be audit-proof, but also all tools in the data center which are used for automation. Under current law, no auditor will certify annual financial statements if a retrospective manipulation of data records is possible.

There are many ways to look at automation as a key component of an organization's risk management strategy. Automation increases reliability and thus significantly reduces various forms of risks. Used properly, it always serves to save on costs. Optimized processes make better use of hardware resources, so that new acquisitions can be avoided, or at least deferred. Companies can get by for longer with the existing resources because idle time, e.g. when waiting for user entries, does not occur.

Better use of resources and optimized processes reduce overall processing time. This significantly reduces the risk of delays. As a rule, the results are available sooner. The management can respond more quickly to developments, and invoices can be sent off earlier – a direct financial advantage resulting from automation.

Surveys repeatedly show that more than half of the IT budget is spent on current operation; high operating costs act as a brake on innovation for IT, and thus for the entire company. Automation reduces operating costs, since fewer personnel are required for routine activities and better use is made of the existing infrastructure. The costs saved through automation are available for innovative projects. The risk for the company as a whole of missing out on current market developments due to outdated IT systems is reduced.

If the controls are automated, the workload involved in documentation is saved. Automation solutions automatically keep any records of the processes (e.g. controls, performance, user, and the result). An archiving tool which is included can be used to archive this data automatically for long-term storage, which complies with the requirements of the Sarbanes-Oxley Act.

» posted by UC4

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

I like it!
Close

On Twitter now

risk management

Powered by Twitter
You are logged in | Sign out
Sign in and post to Twitter

What are you thinking?

Cancel Tweet sent

On Twitter now

Comments

Automation is good, but it can give a false sense of security

My firm focuses specifically on software license compliance and technology auditing.

With technology, and specifically software inventories, there are a host of tools that can be used to automate and scan networks for inventory counts and related asset listings.

What I have personally seen over the years is a growing dependency on "networks scans" and automation... exclusively. What I mean by that is, some managers let automated numbers dictate policy, with very little oversight and review.

As I do believe that automation is paramount in today's commercial world (our systems and protocols are simply to big to do things "the old fashioned way."), nothing can replace the human-element when it relates to ANY type of auditing.

Computers are fast. But they don't form opinions. They can't construct strategic operational plans. And they can't interpret contacts.

My firm has seen many, many companies expose themselves to tremendous liability by relying strictly on data compilations from automated system protocols, exclusively. Sadien's strategy is to help clients use technology to "harvest" the data, and allow human beings interpret it. (A rudimentary concept I know... but a conceptual practice that seems to be fading with time.)

Again, our arena of internal auditing is a bit different, but closely related, nonetheless.

We have a view short videos that anyone is welcome to view that covers similar topics. http://www.sadien.com/video.html

G.C. Hutson
Chief Executive and Partner
Sadien Intellectual Property, Inc.
http://www.sadien.com
| reply
peer-to-peer

Esther Schindler
If the comments are ugly, the code is ugly

claird
SVG a graphics format for 21st century

pasmith
Take Chrome OS for a test spin

Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?

sjvn
64-bits of protection?

jfruh
Android fragments vs. the iPhone monolith

mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive

 

Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325

Join the conversation here

The Daily Tip

The Daily TipQuick, practical advice for IT pros. Made fresh daily.

Hot tips:

Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

I would like to receive offers via email from ITworld partners.
By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.
Featured Sponsor

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Marketplace