CA Community






This Blog
Syndication

Big Impact: Continuous Monitoring and Auditing for Business and IT Processes

Published: August 04 2009, 05:05 AM
by Tom McHale


A recent article in Business Finance takes an in-depth look at continuous monitoring and continuous auditing and focuses on the differences and where it can be beneficially deployed within business processes. It's a great overview and got me thinking about how the same concepts can also be applied to be successful in IT business processes.

The IT departments in most businesses are operating in a lean mode with a scaled down team of highly skilled technologists and administrators. Having these folks working on IT control testing for operational controls and internal audit is an expensive use of these resources. The good news is that these pros already are technology savvy and understand what automation can do to help in this area, and they know how they can leverage it. If they work closely with their compliance and auditing teams on continuous monitoring and auditing opportunities, they can quickly show the benefits of making investments in this area.

The low-hanging business needs that IT provides that can benefit from such testing automation include:



  • Business continuity and disaster recovery



  • Access controls, role management, and separation of duty (SoD)



  • Security (threats, vulnerabilities, configuration management)



  • Privacy and data loss prevention



  • Systems and application performance



  • Capacity and scalability




Using the same improvement results as the Business Finance article does for ERP processes, the effectiveness of automated IT controls testing can be measured by:



  • Reduced costs of manual testing



  • More current and accurate testing and quicker notification of negative trends



  • Reduced systems and applications downtime



  • Quicker provisioning of entitlements for applications, and fewer SoD concerns



  • Improved security



  • More mature configuration management processes



  • Improved performance and response times




In summary, my point is that IT compliance teams can expect to achieve similar benefits explained within the article and increased ROI of the IT resources if they embark on a continuous monitoring and continuous auditing program within their IT domain.

What do you think? Have you seen similar benefits from implementing such a program? Please share your experiences in comments to this post.
Share this post:  
Tags: , , , , , , , ,
Leave a comment

 

By: Tom McHale
Tom McHale is VP of Product Management for CA, Inc., where he responsible for defining the functional specifications of the CA GRC Manager product. Tom has worked in the areas of technology direction and product development of enterprise IT security and systems management products in Australia, Canada...
Read More..

Comments:

No Comments

Leave a Comment

* An asterisk indicates a required field

* :  

:

* :  

 Submit