Controlling Change While Meeting Compliance Needs
By Integrify Posted November 8, 2009
The Challenge: Managing change while meeting compliance needs
Increasingly, management, governance, and auditors are relying on IT to support enterprise planning, risk management, and performance. Compliance in general – and Sarbanes-Oxley compliance in particular – is crucial to the ability to meet shareholder expectations and government regulations.
Design, execution, and monitoring processes and their controls all are impacted by the underlying IT applications and infrastructure. Of course, these are constantly in flux as issues arise and systems are upgraded to align them with business strategy and priorities, and to take advantage of better features. Thus, the very core of these controls is constantly changing.
Concerned auditors want a steady state during their assessments, so some have instructed IT executives to prevent changes during these periods. Meanwhile, competition will not wait, technologies are changing, and business executives are driving IT to fix bugs and improve performance. This leaves the IT executive in a precarious position, caught between inherently conflicting demands.
The Alternative: Controlling rather than preventing change
Rather than trying to prevent change – an impossible task from any practical perspective – the dynamic IT organization can serve the conflicting needs of auditors and executives by applying controls to IT change management.
Implementing a system whereby IT can better manage change while supporting and serving the organization offers far-ranging benefits, including:
• Executing and enforcing policies and procedures
• Enabling proper approval of all changes
• Having automated documentation of all activities in a process
• Providing visibility into operations, management and governance processes
• Limiting the risk of bad data
• Reducing the time and cost of approval cycles
• Maintaining a central repository for process documentation and definition.
Unfortunately, all too often there is no existing system or infrastructure to manage the processes associated with requests and approvals for IT services, security access, IT projects, testing, and code changes to existing applications.
Installing such a system and defining these processes can not only satisfy auditors, but also improve risk management. A system that can offer these benefits to an organization while providing the auditor an easy way to obtain information and satisfy compliance requirements can save a tremendous amount of time, effort and money.
The Solution: Integrify
An optimal solution keeps process implementation and management simple, allowing IT to meet deadlines and budgets while promoting user adoption. Integrify provides this solution.
Typical IT departments have only about 20% of their processes, such as ERP or help desk issue tracking, managed with existing systems. Integrify enhances these systems by automating and self-documenting these processes.
Integrify then provides a single platform for automating and tracking the remaining 80% of the processes that previously had been left unmanaged. Integrify helps IT organizations meet Sarbanes-Oxley compliance by enforcing and documenting change control.
Integrify offers organizations a proven solution for managing their IT processes, including:
Process Execution and Enforcement
Integrify allows IT departments not only to define their processes and controls, but also, more importantly, to execute and maintain an audit trail of all activity that takes place.
IT processes are many and varied. Often, companies do not have a system in place that offers the flexibility to manage any type of process. Or, if they do, the current systems are often cumbersome and difficult for process owners and end users alike to understand and manage.
The current state of an IT Service Request process may include paper, faxes, uncontrolled email chains, and other media that are difficult, if not impossible, to track and audit. With Integrify, an organization can centralize all processes and their related forms, provide end-users a common interface to select and execute a given process simply, provide visibility into process status updates, proactively notify users, and maintain a complete audit trail for both management and the organization’s auditors.
Immediacy with Simplicity
Many IT departments are hearing the same story from their auditors: get control of those loose processes – security access, IS project approvals, software/hardware change controls, and more. With Sarbanes-Oxley a permanent fixture in the management environment, and management’s desire to eliminate significant deficiencies, IT cannot afford to implement systems that take years to deploy.
Why react with solutions that are essentially platforms for BPM and create not only confusion but long, expensive projects for implementation? Integrify can be applied in days, allowing process definition to go to production almost immediately.
Think about it: why does nearly everyone today use Google™ when there were so many popular search engines in existence before it appeared on the market? Because it is simple as well as effective, thereby easily adopted by new users.
Integrify provides the same simplicity and effectiveness for process management. With Integrify, IT departments can ensure that they will have their processes defined, executed, and enforced without lengthy projects, and with immediate user adoption.
Flexible Service Delivery Model
Spending to satisfy Sarbanes-Oxley requirements and on related audit fees has increased for companies of all sizes. Meanwhile, IT budgets are relatively stagnant. How can IT executives implement a solution while meeting their budgetary goals?
Integrify provides flexible delivery models for Integrify to meet customers’ specific needs. A company can either install Integrify, or can be Web-enabled through Integrify.
Using this latter approach, with subscription-based Integrify OnDemand, customers can activate their processes within 30 days and instantly give users access throughout their enterprise without a huge up-front investment. Integrify OnDemand requires no software and hardware installation, providing immediate value, low cost, and low risk.
The security policies of some organizations require process control systems to reside inside their firewall. Integrify offers a server-based version of Integrify to satisfy these demands as well.
The Result: ROI in months, not years
By allowing a company's employees the most efficient means to access, submit and obtain fulfillment for requests, an organization can offer the best possible level of service to its employees and customers, while satisfying auditors and management in regard to control and compliance.
Integrify's flexible process management system allows companies to automate requests and streamline approval processes. The software provides form creation, routing definition and tracking tools to those responsible for processing requests, which leads to minimizing data entry and simplifying requests for approval and fulfillment.
Integrify is Web-based, allowing both easy user accessibility and management of approval processes. It eliminates typical problems related to labor-intensive processes, such as manual paper handling and email requests, and can reduce costs per transaction 60 to 90 percent compared to paper-based processes.
With Integrify, efficiency gains are immediate, and most companies