Integrating IT Risk Management systems is critical for organizations who want to secure their IT investments from internal and external risks related to information security, infrastructure, project management and business continuity processes.
A well defined GRC program based on frameworks such as COBIT and ISO 27002 cannot achieve high maturity scores without integrating risk management systems across divided organisational units.
With growing volumes of data, disconnected systems, constantly changing regulatory compliance challenges and a dynamic business climate, gaining a complete view of an organization's risk exposure is increasing in complexity. Organizations are under increased pressure to ensure their compliance mandates are not geographically siloed. For example, a manufacturer may have aggressive revenue goals for an emerging market, but those goals may generate business risks such as not aligning to regional regulations and unintended costs associated with extending the necessary financial, IT and business controls to a remote location. A recent Industry study of 1900 global CFOs and senior finance leaders revealed that risk management has risen in priority by 93 percent since 2005. The survey also noted that two out of three companies had encountered material risk events within the past three years. Unforeseen risk can hurt a company's bottom line as well as its brand reputation so integrating risk management systems across once-divided units and functions is essential to seeing the bigger picture, and will help businesses tackle their complex risk challenges.
Topics covered include:
- What is IT Risk Management process and why is it critical for an organization?
- Challenges with manual IT Risk management process
- How IT Risk management can impact IT Governance and Compliance programs
- Benefits of IT Risk Management Systems Integration
- Best practices Integrate IT Risk Management Systems
Attendees will learn:
- How to develop a comprehensive compliance and risk management strategy across the neccessary business domains
- How enterprise-wide risks can impact the organization's future performance
- How a holistic and consistent approach to risk management can drive better decision making
- How to best allocate resources to reduce risk exposure
- How to lower the cost of risk management and compliance activities
Moderator: Brandon Dunlap Panelists: Chris McCLean, Sumner Blount, and Jean-Bernard Rolland.
Speaker BIO's
Brandon Dunlap is the Managing Director of research at Brightfly. He has more than 15 years of experience managing business technology risk in large and small organizations. He has served in a variety of roles across heavily regulated industries, successfully leading all aspects of IT security programs, including policy and procedure management, oversight and control, strategy, architecture, development, and training. Currently, he is the Managing Director of Research of Brightfly, an independent, advisory and research firm that focuses on building a collaborative IT practitioner communities and bridging the gaps within information technology, security, risk, compliance, and audit disciplines.
Chris McClean contributes to Forrester's offerings for the Security & Risk professional, leading the company's coverage of governance, risk, and compliance (GRC). He is also a thought leader on the related issues of corporate social responsibility (CSR) and sustainability. He is a frequent speaker on these subjects at vendor events as well as conferences run by industry organizations such as the Risk Management Association. He has also been interviewed by top media outlets such as CFO Magazine, Compliance Week, CRO Magazine, and Treasury & Risk Magazine. Chris serves Forrester clients with research on GRC and CSR strategy, organization, best practices, and technologies, and he is a frequent speaker on these subjects at industry and vendor events. Before coming to Forrester, his background was in marketing for security and risk management vendors, representing a broad range of market segments, such as compliance management, vulnerability management, digital forensics, and security information management.
Sumner Blount has been associated with the development and marketing of software products for over 25 years. He has managed the large computer operating system development group at Digital Equipment and Prime Computer, and managed the Distributed Computing Product Management Group at Digital. More recently, he has held a number of Product Management positions, including Product Manager for the SiteMinder product family at Netegrity. He is currently Director of Security Solutions at CA Technologies, with a focus on compliance issues.
Jean-Bernard Rolland is the Senior Director at SAP in charge of the IT Strategy and Governance group. The SAP Strategy and Governance group is designed to help CIOs run their IT department as a business and provides CIOs with solutions related to IT Finance, IT Strategy, IT Value and the CIO Cockpit. The IT GRC solution of SAP helps CIOs automate their GRC activities, protect value by preventing crisis and create new value by taking calculated technology risks and linking them to business objectives. Prior to that, Jean-Bernard was product manager for SAP Risk Management. Jean-Bernard's experience prior to SAP is in the area of risk management in the banking industry. He has an MBA from Stanford University.
