Johannesburg, 26 Aug 2004
With increased pressure from mandated regulations, today`s IT executives not only have to deal with the daily challenges of maintaining an IT environment but have to manage risk through regulatory, legal and fiscal compliance.
They have to develop sound strategies to adhere to these regulations and auditing functions, while also ensuring that software development processes are defined and repeatable.
There are inherent business risks in not establishing processes and procedures. Regulatory deadlines and non-compliance penalties are just some of the less savoury realities that executives face today.
The reality is that every technological advance brings potential benefits and risks, some of which are not that easy to predict.
Robert Frances Group comments: "Without controls, the application lifecycle is full of huge risks. Such risk is unacceptable, especially for regulated companies."
OK, so what steps should IT executives take to avoid potential risks? Application lifecycle change management is a good place to start and has the potential to minimise risk and enable good corporate governance.
Typically it`s the CIO`s responsibility to determine how these risks are related to internal control within the organisation. Risks are based on how IT processes impact applications and data integrity.
Change management ensures that applications function as intended and the integrity and processing are intact. Through these processes, access to applications and data are restricted so that inadvertent or deliberate changes don`t occur.
Changes to production data, interface routines, background and updates are also mitigated.
Established change management processes, together with strong security administration, ensure that transactions can only be initiated, modified or deleted by authorised or appropriate individuals.
Therefore, applications, programmed controls, access transactions and data function as designed.
In saying this, it`s also important that critical transactions and data are reviewed periodically in order to determine that authorised individuals have a valid business purpose when accessing this information. Also, this review needs to have an audit trail.
It is key that problem management procedures related to processing errors need to be in place, this entails the documentation of how problems are monitored and resolved.
Current change management software solutions minimise the risk of change-related failure by automating change throughout the enterprise. These software solutions reduce the risk of non-compliance and ensure a well-managed application environment.
Share