When looking at real life strategic goals you can categorize them in two ways:

• Strategic goals for marketing purposes
• Strategic goals for operational purposes

Read the complete article on the IT GRSC Blog:

http://itgrsc.blogspot.com/2010/08/operationalising-strategic-goals.html

If IT were to be considered just a cost center the answer would be easy: pull the plug and save a bundle of cash each month!

Read the complete article on the IT GRSC Blog: 

http://itgrsc.blogspot.com/2010/08/new-it-goal-reducing-expenditure-so.html 

One of the primary objectives of IT governance is to align IT Strategic goals with the organization's strategic goals . A clear understanding of the organization's strategic goals and the reasons behind them is the first step in achieving this objective.

Read the complete article on the IT GRSC Blog:

http://itgrsc.blogspot.com/2010/08/changing-strategic-goals-as-result-of.html

Moderator: Brandon Dunlap  Panelists: Chris McCLean, Sumner Blount and Jean-Bernard Rolland. Audience participation required!

*All live attendees will be entered into a prize draw for an iPad*

Integrating IT Risk Management systems is critical for organizations who want to secure their IT investments from internal and external risks related to information security, infrastructure, project management and business continuity processes.

A well defined GRC program based on frameworks such as COBIT and ISO 27002 cannot achieve high maturity scores without integrating risk management systems across divided organisational units.
 
With growing volumes of data, disconnected systems, constantly changing regulatory compliance challenges and a dynamic business climate, gaining a complete view of an organization's risk exposure is increasing in complexity. Organizations are under increased pressure to ensure their compliance mandates are not geographically siloed. For example, a manufacturer may have aggressive revenue goals for an emerging market, but those goals may generate business risks such as not aligning to regional regulations and unintended costs associated with extending the necessary financial, IT and business controls to a remote location. A recent Industry study of 1900 global CFOs and senior finance leaders revealed that risk management has risen in priority by 93 percent since 2005. The survey also noted that two out of three companies had encountered material risk events within the past three years. Unforeseen risk can hurt a company's bottom line as well as its brand reputation so integrating risk management systems across once-divided units and functions is essential to seeing the bigger picture, and will help businesses tackle their complex risk challenges.
 
Topics covered will include:

• What is IT Risk Management process and why is it critical for an organization?
• Challenges with manual IT Risk management process
• How IT Risk management can impact IT Governance and Compliance programs
•  Benefits of IT Risk Management Systems Integration 
•  Best practices Integrate IT Risk Management Systems 

Attendees will learn:

• How to develop a comprehensive compliance and risk management strategy across the neccessary business domains
• How enterprise-wide risks can impact the organization's future performance
• How a holistic and consistent approach to risk management can drive better decision making
• How to best allocate resources to reduce risk exposure
• How to lower the cost of risk management and compliance activities.

All live attendees will be able to participate and put questions to the panel, and afterwards this webinar will be available on-demand.

Click here to register

Oct 29 2010 - Since the enacting of the Sarbanes-Oxley (SOX) Act 2002, publicly quoted businesses have experienced a tightening of financial reporting regulations. Lyle Smith, Director of Global SOX Compliance, Walmart Stores Inc. gives his insight as to how the SOX provisions are continuing to impact companies across America. Lyle is a speaker at our partner event the 20th Edition SOX Compliance & Evolution to GRC Conference from November 4-5, 2010 at the Doubletree Hotel in Philadelphia, PA.

Have the Sarbanes-Oxley provisions introduced an overly complex regulatory environment into US financial markets?
LS: SOX definitely added to the complexity of the regulatory environment, but more than anything it really increased the cost of compliance. Certainly in the first three years the requirement for Sec. 404 of the regulation meant it was very expensive to comply and to create and maintain all the necessary documentation and testing that was required under the law. It may have been misunderstood somewhat, but once it was understood I wouldn't refer to it as overly complex. The primary obstacle was the cost associated with it. That has led to what has been happening over the last two to three years, which is the right sizing of the regulatory effort to comply with SOX. 

What are the difficulties and challenges that SOX compliance presents for a company like Walmart?
LS: The challenges and difficulties that we have at Walmart are universal to all companies that have to comply with SOX. Continuing to mature and evolve our SOX compliance efforts to make sure that we're gaining the most value out of the efforts that we undertake to comply so that we aren't being too burdensome on the business or incurring too much cost has been an ongoing challenge.

Another common challenge we have is learning to connect SOX compliance with other governance and compliance activities. SOX is just another area where a company has to comply and is regulated and to the extent that we can integrate that effort with other compliance activities there is the opportunity to gain economies of scale.

We have other challenges and opportunities that are directly attributable to our size, being the largest company in the world. Walmart is experiencing tremendous growth internationally.  As a result, we must continuously monitor each country to consider how their growth is impacting SOX compliance, including whether they need to be a part of our formal program.  Additionally, we have over 100 IT applications operating on multiple platforms in various geographic areas that need to be in compliance with SOX.  The depth and breadth that comes with Walmart is certainly a challenge but it also creates an exciting and diverse environment where SOX compliance remains fresh and relevant.

Has SOX compliance restored investor confidence in corporate governance systems?
LS: Somewhat.  It has provided increased visibility into controls over financial reporting for investors as well as management within organizations. It definitely has provided early warning signs for companies that are considering going public. This hasn't been a big deal in the US in the last couple of years as the economic environment has been so unfavorable for companies considering a public offering. However, one recent example where SOX compliance requirements are providing that visibility in potentially restoring investor confidence was the very popular and well-publicized S-1 filing that General Motors just submitted. In the filing they mention that their disclosure controls and procedures and their internal controls over financial reporting aren't effective. That is a good illustration of putting investors on notice for what their current control environment looks like.

With its focus on transparency, did the SOX Act lessen the severity of the global financial crisis or did the meltdown point to the failure of the SOX Act?
LS: Neither. It did uncover a gross misunderstanding of what SOX compliance does for a company. I think that some folks were either explicitly or inherently relying too much on SOX compliance and the assurance that should provide. It provided an opportunity to better understand SOX - what level of assurance it provides, what level of assurance it doesn't provide.
The marcus evans 20th Edition SOX Compliance & Evolution to GRC Conference will take place from November 4-5, 2010 in Philadelphia, PA.

For the PDF version of the interview, click here

Posting Guidelines

• You need to create an account to make blog postings on this platform.
• Generally speaking, blog posts run 200-1200 words. Exceptions can be made on a case-by case basis.
• We strive to represent balanced perspectives on topics of interest to the IT compliance community. The ideal submission will be educational in nature, broadly addressing IT compliance topics, or narrowly focused on particular aspects of IT compliance. User case studies, best practices, real-world examples, analysis, tutorials, perspectives and opinions are all acceptable. Please avoid commercial messages and promotions. Submissions by vendors and/or vendor representatives must be both product and vendor-neutral.
• We reserve the right to edit, modify or reject submissions that include a favorable slant to any one vendor.
• All submissions will be reviewed and published/rejected within 24hours of posting. We reserve the right to edit all submissions for length and suitability to a given issue, without final and formal review of the contributor.

**The facility to post blogs directly through the forum is currently unavailable due to spam issues. If you want to post content onto this site please follow the guidelines below**

User notice for blog page submissions

• If you have an article prepared for submission forward a copy of the article to This email address is being protected from spambots. You need JavaScript enabled to view it.
• All articles submitted are required to be editable and proof read-able.
• Your voluntary submission to The IT GRC Forum will carry the "Reserved Rights" copyright of Executive IT Forums Inc.
• All articles should be accompanied by a brief biography of the author.
• Generally speaking, articles run 800-1500 words. Exceptions can be made on a case-bycase basis.
• We strive to represent balanced perspectives on topics of interest to the IT compliance community. The ideal submission will be educational in nature, broadly addressing IT compliance topics, or narrowly focused on particular aspects of IT compliance. User case studies, best practices, real-world examples, analysis, tutorials, perspectives and opinions are all acceptable. Please avoid commercial messages and promotions. Submissions by vendors and/or vendor representatives must be both product and vendor-neutral.
• We reserve the right to edit, modify or reject submissions that include a favorable slant to any one vendor.
• We reserve the right to edit all submissions for length and suitability to a given issue, without final and formal review of the contributor.