This evening I attended a round table session organized by the Dutch chapter of ISACA. Antal, the presenter, did his best to show how compliance can influence the outsourcing relationship. At the end of the presentation Job, the host, concluded that this was a complex subject and that more time could, and should, be spent explaining all possible consequences. Antal, Job: sorry but I disagree with that conclusion.

For the complete story read the IT GRSC Blog:

http://itgrsc.blogspot.com/2010/08/compliance-for-outsourcers.html

In part one I discussed the first reason why I do not like the term ’business-IT alignment’. The term suggests that business is one homogenous entity with clear and consistent requirements for the IT domain, which in my experience it is not. The second reason I dislike the term is that it suggests an “us against them” mentality between business and IT that is common and (even worse) found acceptable in many organizations.

For the complete article read IT GRSC Blog:

http://itgrsc.blogspot.com/2010/08/business-it-alignment-bad-term-part-two.html

The summer is always a nice time to step back and look at what you are doing. While I enjoyed the nice weather in the south of France and watched my kids play on the beach I thought about why I dislike the term ’business-IT alignment’. I know, I am a workaholic: you should not spend your summer holiday thinking about these kinds of things. I just like my work so there you go…

For the complete article read the IT GRSC Blog:

http://itgrsc.blogspot.com/2010/08/business-it-alignment-bad-term-part-one.html

Each builder knows tools are not the goal they are just the means to an end. After talking to his customer the builder knows what the goal is. He looks over the situation, decides what the solution should be and if he needs screws he reaches into his toolkit and picks up a screwdriver, and if a nail does the trick… you guessed it, a hammer.

For the complete article read the IT GRSC Blog:

http://itgrsc.blogspot.com/2010/08/my-kingdom-for-scrammer.html

These days when I look at the information on the internet it seems that the disciplines of IT governance and IT service management are considered to be one and the same. Tools that used to be promoted as IT service management tools suddenly became IT governance tools. ITIL, which I will always regard as "the best practice for it service management", is mentioned frequently these days as an IT governance model.  These examples lead me to the following question: Are IT governance and IT service management one and the same thing? If not, what is the distinction between them, were does one end and the other begin?

For the complete article read the IT GRSC Blog:

http://itgrsc.blogspot.com/2010/08/it-governance-and-it-service-management.html

The Blog post “To GRC or not to GRC, that is the question” looked at the integrated function of IT governance, risk and compliance (GRC) and why it is logical to combine these functions. The article ended with a question: “Why not integrate even more functions?” To answer that question we now look at integrating the ‘s’ of IT security.

Read the complete article on the IT GRSC Blog:

http://itgrsc.blogspot.com/2010/08/g-r-c-where-did-s-go.html

Don’t you love the use of abbreviations? Often before you learn what the abbreviation stands for you have to read to the end of the story completely dazed about what it is the writer is trying to say. So let’s not do that: GRC stands for Governance, Risk and Compliance. These three functions are important to all organizations. Wikipedia define GRC as ‘an increasingly recognized term that reflects a new way in which organizations can adopt an integrated approach to these three areas.’

Read the complete article on the IT GRSC Blog:

http://itgrsc.blogspot.com/2010/08/to-grc-or-not-to-grc-that-is-question.html