®Financial Services Technology | US EDITION | October 2008 ALDON
tsi Do your compliance requirements cripple your the lines between business and IT, increasing the s
ge efforts to rapidly deliver solutions to business number of people that must be kept up to date, tare
problems? Or if you break the bank to become managed, and tracked. So as the IT infrastructure tSi compliant, have you been a success? The changes, the compliance "To Do" list gets bigger yg auditors don't care how you do it, but your CEO while IT budgets are shrinking in an uncertain olg
o may expect more. economy. nhe
ce Chances are high your organization is dealing Fortunately, companies are finding ways to Tt n with regulatory compliance, maybe with just one reduce compliance costs while, at the same time, oa
dl standard or maybe many. From Sarbanes-Oxley increasing the effectiveness and productivity of A r to HIPPA to Basel II, to PCI and the FSA, or their IT organizations. Below are some tips for ,dit combinations thereof, you may be contending implementing some cost reducing strategies ga with compliance just to remain in business. that will make regulatory requirements much s
M l While most companies have implemented easier to achieve. ein compliance strategies, the cost in both dollars ag
D and resources has been daunting. At the same Tip #1: Encapsulate compliance processes into an time, the rapidly changing IT environment automated system n
means that IT compliance continues to become Creating and maintaining the documentation of e
i
more complex. While the stakes are high, most IT approved processes can be some of the most t c
budgets are not. Proper IT Governance is more difficult and unrewarding of compliance tasks. t
important then ever, but the administrative Because maintenance is so arduous, the n
burdens continue to grow. documentation is often created, put on a shelf u
a
and never touched again-except during audits. c
i The One IT Constant: Constant Change As processes change, the documentation l- Sprawling multi-platform infrastructures, ever- becomes obsolete. Implementing an automated t changing applications, and a string of new compliance solution allows an organization to p
s development methods (e.g. Service oriented encapsulate its processes within the system. As applications, agile development, mash-ups, etc.) processes are updated, they are viewable directly o
are all trademarks of a healthy IT department, but through the compliance system. The documentation m
they don't do your IT compliance efforts any and the processes are never out of sync because c
o
favors. It means shorter delivery schedules, a change to the process changes the
more components to track, more IT changes to documentation. When the auditors arrive, they c
x
record, more people and access to control, and can view exactly what process is currently being i
more risk to manage so that you can meet used. They can also see the history of changes to s
T
regulatory requirements and produce the the process. I necessary audit trails. Compliance efforts can
require critical staff resources, delaying Tip #2: Create structured, controlled software p
r
important business building IT projects. development processeso
Meanwhile, these new service oriented, mash-up In a nutshell, repeatable and measurable o
t f and agile development methods are blurring processes-structured, defined, implemented, 2
and enforced-are key to effectively and easily determining the best overall approach. The complying with regulatory requirements. result is an environment that is very difficult to Determining the most effective change manage and even harder to audit.processes and then ensuring they are used consistently not only reflects IT best practices, it Over the last 60 years of developing applications, also reduces the cost of compliance. If the we have learned a great deal about how to auditor can see that the same proc... [download for more]
