alfabet - IT Planning and Management

Download list
|
Amount:

Finding Solutions to SOX Compliancy in IT Architecture Planning

planningIT provides a platform for building SOX compliancy solutions into IT architecture planning

planningIT is a software solution supporting strategic architecturebased IT planning. It is comprised of various disciplines, many of which have been discussed in this paper. In the following, we will look at specific capabilities of the solution and their relevance to SOX compliance.

Capturing and Evaluating Business Demands
Business demand management in planningIT transforms demands for new services from operational business divisions into effective IT services by systematically documenting and evaluating new IT demands with their underlying business motivation. The fundamental pre-requisites for effective business demand management are a current, consistent baseline of information about the as-is landscape and an integrated planning process from demand to budget, both provided by planningIT. In this context, business demand management involves documenting new service requests with reference to the goals and strategies they support (such as SOX compliancy) and the architecture they affect or are triggered from (to identify impact to SOX relevant IT elements). This will ultimately enable their consolidation in new project proposals which can then easily be identified as SOX relevant or not.

Preparing Alternative Plans for Changes
Application architecture management in planningIT is the process of developing a clearly documented technical offer to deliver an IT service. It supports detailed analysis of as-is and target architectures, and is used to develop and compare target scenarios for defining project proposals, performing gap analysis and preparing migration plans. With each new scenario carrying the risk of compromised compliance, examination for non-compliance at this stage of planning is an indispensable part of an enterprise’s compliancy efforts. This is also a stage in which collaboration plays an important role. planningIT has a built-in collaboration and alerting framework assuring that the responsible users are triggered to provide, update and certify correctness for SOX relevant information for the SOX relevant artefacts.

Analyzing Proposals before Commitment
The program portfolio management process in planningIT informs decision makers of the value, cost and risk (for example, risk of noncompliancy) across a number of possible IT investment alternatives. It is used to prioritize project proposals and assign budgets on the basis of strategic and technical alignment, resource priorities and risk. Key to the effectiveness of program portfolio management is the seamless integration with enterprise architecture management processes so that architectural risk is minimized and opportunities to migrate, enhance or retire current applications or other IT artefacts is not ignored.


Figure 1: Business Demand Management in planningIT enables evaluation for SOX compliancy at an early stage, Figure 2: Application Architecture Management in planningIT lets the IT architect construct scenarios for risk assessment

Aligning IT with Business
The IT master plan is the keystone in translating business strategy into IT tactics. Without it, the IT organization’s capability to progress in line with the business strategy will be constrained, especially in a climate of accelerating environmental and organizational change. planningIT is unique in its comprehensive support for master planning. The IT Master Plan can be described as the tactical plan to achieve the IT strategy starting from the IT planning baseline. It is defined as a number of incremental steps or milestones bridging from the as-is landscape to the target landscape defined in the IT strategy. Thus it helps companies keep abreast of how IT support for business processes are changing over time in order to detect where and when a change may incur the risk of noncompliancy.
planningIT’s master plan is an easy to comprehend, single point of reference, hence an excellent medium for discussion with the compliancy PMO. Additionally, the master plan is very suitable for planning roll-outs of applications along organizational or business structures and to communicate such plans.

Making Decisions Based on Relevant Data
planningIT provides a rich, generic approach to evaluations that embraces an enterprise’s assessment needs. This is complemented by a full set of preconfigured evaluations that is delivered with the product and enables customers to get a quick start in this area. Its generic approach has the advantage of providing full configuration flexibility to the customer so that evaluation criteria and dimensions are defined according to the enterprise’s individual needs. It allows for the assessment of SOX compliance of relevant architecture elements through simple Yes/No statements as well as a scale, ie. ‘not at all’ to ‘completely’. Using planningIT’s evaluation methodologies an enterprise can, for example, analyze component compliance in an application group or perform risk assessment of the application landscape.


Taking Stock of What Exists and What is Planned planningIT’s logical IT inventory is key to its ability to support IT in their SOX compliancy efforts. It captures:

  • organizations and their hierarchical structures, and the roles, responsibilities and contact details for employees
  • business processes
  • applications and their versions which provide functionality (IT services) to end users, together with their assigned lifecycle states
  • information flows which describe data flows between applications and the supporting software
  • business objects and their versions which are used in business processes and by applications to describe ‘real’ information such as customers, products and contracts
  • financials captured in cost types such as maintenance, hardware, license and human resource costs
  • infrastructure which is used to carry deployed applications and includes devices and their connections
  • geographic location of devices
  • catalogs of standards for IT services, components, business objects and technical platforms with time sensitivities an policies


Figure 3: planningIT’s IT Master Plan provides visualization of application support for business processes and organizations., Figure 4: planningIT’s Application Portfolio assessment methodology allows evaluation of architecture elements, e.g., applications along three different dimensions, for example ‘Incidence Rate’, ‘Amount of ‘Loss’ and ‘Criticality’.

It recognizes time states making sure that newly introduced enterprise architecure artefacts are automatically included in assessments as they become active and also eliminates SOX reviews for elements of the EA that have been phased out.

Managing the Enterprise Architecture
planningIT’s enterprise architecture management helps enterprise architects to view as-is and to-be architectures, analyze the enterprise portfolio by defining its scope, analyze pain points to derive demands, create the architecture roadmap, and define enterprise standards and guidelines for platforms. It is the most effective vehicle for IT governance for an enterprise. SOX and other types of regulatory compliancy are an important facet of this discipline.


Figure 5: planningIT’s Logical Inventory cleanly documents all artefacts in the IT architecture and provides audit trailing for each artefact.


back 1 2 3 4 5 forward

Quick picks