Automation as a Component of IT Risk Management
As enterprise software is increasingly used to automate complex business processes, IT is becoming an increasingly important factor for enterprise-wide risk management. Unfortunately, as process chains become more and more complex and cross multiple business silos, it is often unclear how various processes link together-- until a business function breaks down. If a business function (e.g. Month-End-Close) breaks down this is clearly a risk for the company. One method for companies to mitigate risk is to implement an automation solution to reduce the risk of errors and failures in IT-based business processes.
Any company which uses software solutions and wishes to control corresponding processes using external tools must be aware that not only the software needs to be audit-proof, but also all tools in the data center which are used for automation. Under current law, no auditor will certify annual financial statements if a retrospective manipulation of data records is possible.
There are many ways to look at automation as a key component of an organization's risk management strategy. Automation increases reliability and thus significantly reduces various forms of risks. Used properly, it always serves to save on costs. Optimized processes make better use of hardware resources, so that new acquisitions can be avoided, or at least deferred. Companies can get by for longer with the existing resources because idle time, e.g. when waiting for user entries, does not occur.
Better use of resources and optimized processes reduce overall processing time. This significantly reduces the risk of delays. As a rule, the results are available sooner. The management can respond more quickly to developments, and invoices can be sent off earlier – a direct financial advantage resulting from automation.
Surveys repeatedly show that more than half of the IT budget is spent on current operation; high operating costs act as a brake on innovation for IT, and thus for the entire company. Automation reduces operating costs, since fewer personnel are required for routine activities and better use is made of the existing infrastructure. The costs saved through automation are available for innovative projects. The risk for the company as a whole of missing out on current market developments due to outdated IT systems is reduced.
If the controls are automated, the workload involved in documentation is saved. Automation solutions automatically keep any records of the processes (e.g. controls, performance, user, and the result). An archiving tool which is included can be used to archive this data automatically for long-term storage, which complies with the requirements of the Sarbanes-Oxley Act.
» posted by UC4
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
risk management
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Automation is good, but it can give a false sense of security
My firm focuses specifically on software license compliance and technology auditing.With technology, and specifically software inventories, there are a host of tools that can be used to automate and scan networks for inventory counts and related asset listings.
What I have personally seen over the years is a growing dependency on "networks scans" and automation... exclusively. What I mean by that is, some managers let automated numbers dictate policy, with very little oversight and review.
As I do believe that automation is paramount in today's commercial world (our systems and protocols are simply to big to do things "the old fashioned way."), nothing can replace the human-element when it relates to ANY type of auditing.
Computers are fast. But they don't form opinions. They can't construct strategic operational plans. And they can't interpret contacts.
My firm has seen many, many companies expose themselves to tremendous liability by relying strictly on data compilations from automated system protocols, exclusively. Sadien's strategy is to help clients use technology to "harvest" the data, and allow human beings interpret it. (A rudimentary concept I know... but a conceptual practice that seems to be fading with time.)
Again, our arena of internal auditing is a bit different, but closely related, nonetheless.
We have a view short videos that anyone is welcome to view that covers similar topics. http://www.sadien.com/video.html
G.C. Hutson
Chief Executive and Partner
Sadien Intellectual Property, Inc.
http://www.sadien.com