IT risk management becomes operational priority

A broader range of security threats, combined with increased regulatory and compliance demands, has driven IT risk management to the operational level, reports ARNNet.

Greg Hughes, executive VP of Symantec worldwide services and support, says that - for most companies - IT is posing an unnecessary risk as organisations rely on enterprise computing for customer interaction and e-commerce.

Hughes adds that risk management is one of the top spending priorities for CIOs in 2006.

The US-based Compliance Security Council has found companies that fail regulatory audits generally do so because they have inadequate access controls for applications and application servers, and inadequate documentation, reports Dr Dobbs Portal.

The council, made up of the Institute of Internal Auditors, the Computer Security Institute and Symantec, has been tracking what`s working and what`s not. It will be renamed the IT Policy Compliance Group later this year and has gathered compliance benchmarks and anecdotal data from interviews over the past few months in a survey of over 1 000 organisations that have been through audits.

Among its recent findings is that, in the past year, about 85% of organisations have been through one regulatory audit; 60% have been through two or more; and 80%, three or more. Some 10% of these firms have less than three IT compliance deficiencies (including security) a year; 20% have more than 15; and 70% have between three and 15 a year.

Faster and easier regulatory compliance as well as improved IT governance for the Indian financial sector are imperative, reports Express Computer Online.

Serena Software`s country manager for India Keshav Prakash says India is growing and maturing as a domestic and international market. To support this growth, increasing sophistication in its financial services is needed to service the growing demands of customers.

As India`s ties with the global economy strengthen, players have to pay close attention to other countries` rules and regulations that affect their business. For example, business scandals in the US (Enron, WorldCom, Adelphia, Tyco and dozens of other companies) have led to intensified scrutiny of banks, brokerages and accounting firms involved with such customers.

Some 64% of companies in Hungary have little or middling knowledge about European Union regulations, even though 84% say they appreciate their importance, reports Caboodle.

Thomas Papathanasziu, president of risk and insurance services firm Marsh in Hungary, said new member states had adopted EU regulations pertaining to businesses, but full ratification might take another three years. Different degrees of harmonisation, local regulations and even cultural and historical differences can lead to confusion, he added.

Marsh, working with the Economist Intelligence Unit (EIU), has published a general risk management booklet to help follow EU regulations. Papathanasziu stressed that the Marsh-EIU guide can help companies understand the changes in the business climate, learn about present risks, get to know current and planned regulations and develop an effective self-defense strategy.