GRC Journal - (Page 3) Governance, Risk & Compliance MEET THE MODERATOR Amit Chatterjee is Senior Vice President for SAP’s Governance, Risk, and Compliance Management business unit. Prior to this, he was VP of Strategy at SAP. Prior to SAP, Amit was at McKinsey & Co. Prior to joining McKinsey, Amit held several management roles in sales, business development, and marketing for companies across the software spectrum, including Excite@Home, Luminant Worldwide, and Kendara. Lee Dittmar is a Principal with Deloitte Consulting, where he leads the Enterprise Governance Consulting practice and serves as Co-Leader of Deloitte’s SarbanesOxley services. He is a highly sought after speaker for governance issues, SOX, and how companies can improve financial information, financial performance, and investor confidence. Treasury and Risk Management identified Lee as among the 100 most influential people in finance in 2005 and again in 2006. Consulting Magazine named him as one of the top 25 most influential consultants in 2006. Robert (Bob) Worrall is Chief Information Officer for Sun Microsystems, Inc., and is responsible for all aspects of Sun’s global IT infrastructure and line-of-business application development, support and maintenance, including information service delivery and security. Bob was honored by CIO Magazine as one of its “Ones to Watch” for 2006. With 25 years of technical and IT management experience, Bob has held a wide variety of IT roles at Sun. Bob currently enjoys serving as an advisor to several engineering and business colleges throughout the Bay Area. Jay Mellman is currently a Director of Software Initiatives at Cisco. In this role, he is focused on helping deliver customer-centric solutions that leverage the network and its related functionality. Previously at Cisco, he helped formalize a focus on application networking, bridging the worlds of enterprise applications and the networked infrastructure. During his 20-plus years in the IT industry, he has held leadership roles at larger companies like Mercury and HP, and executive roles in a number of emerging technology companies. What is your perspective on how and why the topic of IT and enterprise risk management is getting so much attention these days? AC: There are three main reasons why IT and enterprise risk management are getting so much attention – and will continue to get much attention in the coming years. First, we have all seen increasing regulation in countries around the world, as well as increasing industry-specific regulations. Many companies don’t consider carefully that entry into a new market may mean making their operations subject to completely new regulations. And of course, each additional regulation adds risk – the risk of non-compliance which can bring fines, loss of brand value, etc. Second, the number of threats in the world is increasing. Your IT network is at risk of being compromised by hackers, and your supply chain – which is now more globally oriented than ever before – is at risk of being interrupted by political instability, even the rate of natural disasters seems to be increasing. Third, the face of business has completely changed in the last ten years, and the revolution is continuing. No longer do all employees sit under one roof, enabling the value chain to be executed under the watchful eyes of managers. Instead, employees are scattered across multiple time zones, and the value chain itself is stretched across companies. IT enables this decentralization, but it is still critical that the right products make it through the production chain and to customers efficiently and effectively; information must continue to flow. Risk management helps managers identify blips in the chain before they become errors. Q1 2007 | www.btquarterly.com BW: Senior management no longer looks to IT as a service bureau to process data, but views IT as an integrated part of the business, where all strategic information resides. Senior management looks to IT as a competitive weapon to provide information for strategic business decisions. As a result, the enterprise risk management process has escalated the importance of IT risks when assessing the overall risk to the business. Furthermore, today’s companies are cutting costs to increase profitability. The IT organization has come under increased pressure to reduce costs. As a result, consolidation of systems and applications, and outsourcing of business and IT functions has resulted in new risks that the company must address at an enterprise risk management level. The last critical factor is the explosive growth in regulatory requirements over the past few years around the world. These requirements force IT to pay attention to the business requirements of the organization and the business to pay attention to IT. These factors together raise the level of risk to the enterprise. More and more organizations are starting to treat IT as a kind of internal outsource so that the IT organizations are set up to successfully support all the requirements of a global organization. JM: The issue of IT and business has been hot on the table for several years – whether it is IT alignment, the business value of IT, or any other number of ways of putting it. With ERM, the stakes just got higher. As companies operate more completely across an extended enterprise, the issues multiply. Analysts are routinely talking about increasing risks and regulations, BTQ Business Trends Quarterly 37 http://www.btquarterly.com
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.