IT and Corporate Governance
The world is on a constant to path to create efficiencies in existing environments and at the same innovate. In order to attempt to retain control and a measure of safeness that, as these new and existing technologies, methods, concepts and effects have on us, there is growing need to have and introduce new frameworks around which the various business sectors of the world need to operate within. Some of these frameworks are very well established and entrenched, for instance, the Banking and Pharmaceutical industries. Others are still being defined.
Irrespective of the framework or its maturity, there is an opportunity for SAP Solution Manager to contribute the governance effort required by a business to confirm to their respective governance frameworks. There is no silver bullet here, however, as these frameworks mature and cross from the policy and procedure area into the IT systems, the task of validating for compliance has become more complex and time consuming.
There are obviously too many of these Frameworks across the multiple industry sectors in the world to give specific examples, however, the opportunity still exits. SAP Solution Manager is capable of providing a wealth of information depending on the capabilities that have been deployed. This information has the potential to either fully validate an aspect of an audit, or maybe provide a part of the audit contribution.
There is a very low probability that a framework auditor has the necessary understanding of what SAP Solution Manager can offer, and there is also a low probability that the consumer of SAP Solution Manager is fully aware of what can be used to satisfy an Audit.
The trick here is to try bring these worlds together outside of the audit exercise and identify from the audit requirements, what information is required to satisfy the audit, then working with the SAP Solution Manager experts identify the key capabilities that are able to make the relevant data available.
A simpler example is the use of SAP Solution Manager’s Change and Release Management (ChaRM) capabilities to create a fully traceable change history for code and system configuration changes. Using ChaRM reporting as part of an audit submission is pretty widespread and probably obvious to a lot of readers.
I want to raise the bar here, and bring executive liabilities into the conversation.Depending on the respective Company’s Acts around the world, more and more emphasis is being placed on the potential liability that is carried by the directors or executives of the businesses. I can’t possibly know all the rules and the legal implications and don’t pretend to be an expert either, however, where these circumstances exist, they are being taken more seriously as each audit cycle is commenced.
Here again, SAP Solution Manager can assist. The technical output might be too far from the audit requirement in terms of content, however, the collective summary of the output, creates an audit message of effective control and governance of the underlying systems and operation thereof, thus bubbling up to satisfy the higher level audit requirements.