IT Governance
In today’s environment, many compliance processes are driven or highly influenced by IT systems. Such systems, whether QMS, ERP or otherwise, are integral to initiating, recording, approving, and reporting crucial compliance information in accordance to internal and external mandates. One particular regulation, the Sarbanes Oxley Act (SOx), mandates that an internal control framework over financial reporting is established and monitored. IT systems are highly integrated into the various financial reporting processes targeted by this regulation. In fact, the SEC’s June 2007 Final Rule for the Commission Guidance Regarding Management’s Report on Internal Control over Financial Reporting, underscored the importance of the influence of IT controls and governance stating “while IT general controls alone ordinarily do not adequately address financial reporting risks, the proper and consistent operation of automated controls or IT functionality often depends upon effective IT general controls. The identification of risks and controls within IT should not be a separate evaluation. Instead, it should be an integral part of management’s top-down, risk-based approach to identifying risks and controls and in determining evidential matter necessary to support the (control) assessment.”
In response to these regulations, various organizations and bodies have released guidance such as ITGI’s IT Control Objectives for Sarbanes Oxley and Control Objectives for Information and related Technology (COBIT). In addition, the IT Infrastructure Library (ITIL) provides a framework to allow organizations to meet corporate governance obligations, monitor and reduce IT spending, and manage assets more effectively.
Amadeus’ web-based eQCM allows organizations to manage IT governance within the organization by managing two critical components; the monitoring and assessment of IT objectives, including the risks and controls established to ensure effective governance, and the capability to manage and monitor IT changes. With eQCM, the various framework’s such as COBIT can be modeled in the system and assessments run to determine the effectiveness of reaching the control objectives. Issues and corrective actions can be effortlessly initiated and managed. eQCM also allows IT managers to consistently follow best practices to initiate an IT change request, follow a risk-based approach to assess the change impacts, create action plans, obtain the appropriate approvals and sign-offs, and provide communication and collaboration throughout all stages of the change cycle. With the Processes-In-Control dashboard, the managers can see the status of current processes, identify bottlenecks and review critical indicators in order to optimize process performance.
The eQCM added value
- Enables managers to configure IT change workflows with forms, notifications, and assignment rules easily without IT or Amadeus intervention.
- Enable better business decisions by providing higher-quality; more timely information in a collaborative environment.
- Gain competitive advantage through more effective and efficient operations.
- Shares information between processes enabling the flow of information to be seamless and delivering a more realistic process approach.
- Provides a risk-based approach to assessing IT control objectives and monitoring follow-up.
- Fosters collaboration and allows managers to visualize and monitor all quality and compliance processes as a unified system by connecting departments and personnel with appropriate data and processes.
- Provides advanced reporting and dashboards for all critical business processes and delivers timely information that you can act upon to ensure sustainable compliance and improve compliance business performance.
Amadeus automates processes to improve efficiency. Processes include:
- IT systems change control
- IT governance
- IT objectives, risk, and control assessments
