Information Management and IT Compliance Presented to User

Скачать презентацию Information Management and IT Compliance Presented to User

82bdc62e3deac76e20c4e7129f91204f.ppt

Количество слайдов: 29

Introductions Computer Software Alliance, Inc. (CSA) is a national provider of technology services and business computing solutions directly to small, medium and enterprise class customers throughout the USA. icetools™– Process Management 2 © Copyright CSP Group, Inc. , 2005. All rights reserved.

Strategic Business Alliances Our strategic alliances with trusted and reliable partners help CSA deliver the comprehensive solutions that our customers demand. icetools™– Process Management 3 © Copyright CSP Group, Inc. , 2005. All rights reserved.

Content • Information Management and IT Compliance • Structured Process Management Standards • Automated Tools for Supporting Regulatory Documentation and Process Management • Questions & Answers icetools™– Process Management 4 © Copyright CSP Group, Inc. , 2005. All rights reserved.

Sarbanes-Oxley The Sarbanes-Oxley Act of 2002 is the reform of public company accounting and investor protection guidelines imposed by the SEC. These rules require officers to certify that they are responsible for establishing, maintaining, and regularly evaluating the effectiveness of the issuer's internal controls and processes. icetools™– Process Management 6 © Copyright CSP Group, Inc. , 2005. All rights reserved.

COBIT and IT Governance COBIT provides best practices for the management of IT processes. Developed by The Information Systems Audit and Control Foundation, IT Governance Institute and sponsoring organizations, the internationally accepted set of information technology control objectives support enterprise risk management of IT and associated processes. icetools™– Process Management 7 © Copyright CSP Group, Inc. , 2005. All rights reserved.

COBIT and Sarbanes-Oxley The IT Governance Institute has combined COSO standards with the IT control standards to support Section 404 of SOX which requires the management of public companies to assess the effectiveness of the organization’s internal control over financial reporting and annually report the result of that assessment. icetools™– Process Management 8 © Copyright CSP Group, Inc. , 2005. All rights reserved.

A Business Process A group of related activities that produce required business outputs. . . • • • Designing a product Processing general ledger Producing financial reports Manage Data Acquire Technology icetools™– Process Management 9 © Copyright CSP Group, Inc. , 2005. All rights reserved.

Who is Responsible for the Process and where does it begin and end? Companies are structured in functional divisions. Key Processes tend to flow across division lines, causing ineffective management of the process. Produce New Product Process Product Orders icetools™– Process Management 10 © Copyright CSP Group, Inc. , 2005. All rights reserved.

Business Process Management is the on-going documentation and support of business procedures. When processes change due to the implementation of new products, corporate initiatives, or government regulations, an organization must understand the impact to their underlying activities. Those that maintain up-to-date process documentation and models will not only be prepared to comply with regulatory requirements, they will be able to react to change more effectively. icetools™– Process Management 11 © Copyright CSP Group, Inc. , 2005. All rights reserved.

Organizations ability to maintain Compliance Documentation • Was the first time viewed as just get it done? • Will any of this year’s documentation be maintained for future reporting periods? • What does process and controls documentation for SOX mean? • What method or approach to use? • Is there an easy way to Implement Process Management? • The on-going challenge … icetools™– Process Management 12 © Copyright CSP Group, Inc. , 2005. All rights reserved.

Benefits of a Structured Process Management Program for all Activities Vision Mission Goals Objectives Strategies • Strategic Planning = SUCCESS • Requirements for Process Driven Employee Support Improvement Projects • System Conversions / Integrations • Compliance Requirements icetools™– Process Management 13 © Copyright CSP Group, Inc. , 2005. All rights reserved.

What are the Keys? • Understand your core processes, not just those that effect your financials • Leverage the subject matter experts knowledge of the business and technology • Build a reusable repository of business activities and controls • Maintain the documentation for all types of process driven initiatives icetools™– Process Management 14 © Copyright CSP Group, Inc. , 2005. All rights reserved.

IDEF 0. . . the methodology that gives standards to Process Management IDEF 0 and its predecessor SADT are the most complete and fully tested system of methods for the description and design of complex systems and enterprise processes. SADT - (Structured Analysis and Design Technique) IDEF - (Information DEFinition Language) • IDEF 0 - used to document processes • IDEF 1 X - used to document information needs • IDEF 3 - used to document workflow icetools™– Process Management 16 © Copyright CSP Group, Inc. , 2005. All rights reserved.

IDEF 0. . . the methodology • Has been used in the United States, Australia, Japan, and Europe for 30 years • IDEF 0 evolved as a subset of SADT for use by the ICAM (Integrated Computer-Aided Manufacturing) Department of the Air Force for the aerospace program. • The IDEF 0 system of methods provides standards for: – – Information acquisition and structuring Documentation Consensus building Model creation, maintenance and change control icetools™– Process Management 17 © Copyright CSP Group, Inc. , 2005. All rights reserved.

A Business Process Model (IDEF 0) A graphical and natural language representation of the interaction of business processes and the resources needed to produce outputs. Controls Arrows/ICOMs I = Input: resources consumed in the process C= Control: a constraint on the Inputs operation of the process O= Output: something resulting from the process M= Mechanism: something that performs the process, but is not consumed Process or Activity Outputs Mechanisms icetools™– Process Management 18 © Copyright CSP Group, Inc. , 2005. All rights reserved.

IDEF 0 Diagrams • Activity Node Tree - Process each node represents a level of work and each line depicts a decomposition relationship Subprocess • Context - Activities defines the subject/process being modeled and its relationship to the enterprise • Decomposition shows the details of the parent diagram icetools™– Process Management 19 © Copyright CSP Group, Inc. , 2005. All rights reserved.

IDEF 0 Documentation • Activity name and definition - activities are named with a Verb + Noun phrase and should be further defined to fully explain each activity. • Purpose - defines the objective to maintain focus and should include: Why the process is being modeled? What the model will show? What readers of the model can expect? • Viewpoint - the activity model must be from a single, specific viewpoint, usually a job title (i. e. manager, clerk). • Scope - defines the breadth and depth of the model and will determine the level of decomposition. icetools™– Process Management 20 © Copyright CSP Group, Inc. , 2005. All rights reserved.

Compliance Tools Must Provide • Templates for the process and control structure • A repository for documentation • Links to business modeling tools icetools™– Process Management 22 © Copyright CSP Group, Inc. , 2005. All rights reserved.

Audience Product Process Business Systems SOX Owner Analyst icetools – Process Manager icetools – Process Modeler icetools – Repository icetools™– Process Management 23 © Copyright CSP Group, Inc. , 2005. All rights reserved.

Develop a WBS Document with the icetools – Process Manager Process decompositions show the hierarchical parent-child breakdown of activities without showing their interrelationships (flow). icetools™– Process Management 24 © Copyright CSP Group, Inc. , 2005. All rights reserved.

Diagram the Business Activities The icetools – Process Modeler provides custom views of process details from the Process Repository to be used in the creation of Flowcharts and Business Diagrams. The add-in to Microsoft Visio allows for rapid creation of process and dataflow diagrams without retyping the details. Support for BPwin Export To Modeling Tools from the icetools – Process Manager converts the process breakdown into text files for use in Computer Associates’ All. Fusion Process Modeler. The Process View displays the outline of activities to be automatically loaded into the process/activity shapes in the model. The ICOM View displays the Inputs, Controls, Outputs, and Mechanisms to be automatically loaded to the connectors/arrows on the diagram. icetools™– Process Management 25 © Copyright CSP Group, Inc. , 2005. All rights reserved.

Analyze the Controls by System and Process in the Repository • Update Document Details • Preview ICOMS by Activity • Review Controls by Activity • Identify Activities without Controls for regulatory compliance icetools™– Process Management 26 © Copyright CSP Group, Inc. , 2005. All rights reserved.

Conclusion By managing information according to its significance, and by protecting the accuracy, integrity, confidentiality, and reliability of their information assets, organizations can meet their compliance requirements as well as realize significant business benefits. Managing information properly might be a regulatory requirement, but it is also critical to business success. icetools™– Process Management 28 © Copyright CSP Group, Inc. , 2005. All rights reserved.

Computer Software Alliance, Inc. 9212 Cliffmere Dallas, TX 75238 (866)272 -5351 www. csatech. net © Copyright CSP Group, Inc. , 2005. All rights reserved. Other product names are trademarks of their respective holders. icetools™– Process Management 29 © Copyright CSP Group, Inc. , 2005. All rights reserved.