With so many new regulatory demands being placed on business, it is easy to spend vast sums of money in implementing solutions that are deemed best practice only to find that this is "overkill".
The challenge for local companies is not necessarily to be at the so-called front of the pack, nor at the back, but rather to keep up the momentum and to adapt along the way.
Companies should evaluate best practices and select what they deem appropriate. In some cases the company should be satisfied with something less than "best practice" while in other cases it should set its own standards, which may be far beyond what others think is best practice.
One of the best sources of defining such best practices is the simple principle of communication using mechanisms like "communities of practice", innovation and improvement programmes and involving various stakeholders to jointly agree on what works best.
Various organisations, like the IT Governance Institute, are very good sources for best practices especially in the IT environment.
Local companies should investigate all the available standards and map those standards with the company`s own environment. Companies should consider using methodologies like IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and even re-visit things like ISO to define its own desired best practice.
A company should, as an example, take a conscious decision if it wants to be at level three (Defined) of ITIL or if the benefit of being on level four (Managed) or even level five (Optimised) far outweighs the cost, and then it will have a yardstick and even a possible differentiator.
Unlike King I, which said very little about IT, the King II report has recognised information technology as an integral part of enterprise strategy.
The result of this is that businesses must not merely state that they accept or agree that IT is an integral part of enterprise strategy, they must identify to what extent that this is so.
Many businesses face the challenge of defining their IT universes and mapping software applications and infrastructure. Tools like enterprise architecture could help in this instance.
Some of the biggest demands placed on ICT in terms of corporate governance revolve around data availability, data integrity, business continuity and data confidentiality (security). In order to comply with the requirements of the Basel Accord, for instance, organisations will also need to do a certain level of data cleansing.
Although Basel primarily addresses the element of risk management within the banking industry, other industries like insurance, medical aid, mining, etc, should take note that it is perhaps only a question of when and no longer if other industries will adopt their own specific standards.
Data management will undoubtedly be the key challenge in meeting Basel II. The demand on businesses to have a robust and flexible technical architecture in order to meet the current and future business requirements is but one of the technical challenges of Basel II.
From an investment perspective, businesses will face the challenge of leveraging existing IT infrastructure to meet business requirements. The need to store large volumes of data, including analytical data, required for purposes of Basel II will no doubt lead to an increase demand on effective storage management.
Share
Editorial contacts