7
JUNE, 2005
HP
offers compliance as part of the management
Enterprises
face a dilemma at the moment, and it is one that architects are bound
to be asked to solve. The growing - and more importantly pressing - demands
being placed on them to meet the impositions of new regulations such as
Sarbanes-Oxley and Basel II mean that they either have to have the necessary
management skill-sets already in place in the existing workforce, or they
have to get them from somewhere. The latter (also the most common scenario)
currently means that (expensive) consultants are required. However, as
seems to be the way of things these days, a third way is emerging - the
introduction of compliance management tools. This is just what HP has
launched this week.
The company has also added the tools as an integratable module in its
OpenView systems management environment, adding to its already significant
set of capabilities. Known as OpenView Compliance Manager, it got a sneak
preview at the company's annual ENSA@Work event last week, in Copenhagen.
It is formally launched this week. The idea, taken at its essence, is
simple: provide a set of tools that can be configured to manage the day-to-day
governance of all relevant systems and applications that are used in any
business process subject to a compliance regime.
As far as it goes that may not sound too exciting, but consider the situation.
There are already a large number of regulations (Sarbanes-Oxley, UK Public
Records Office, UK Financial Services Authority, BSI PD0008, NF Z 42-013
in France, GDPdU & GoBS in Germany, AIPA in Italy and endlessly on;
these just scrape the surface of a huge and continually growing pile).
More to the point, do you know what any of these are about or whether
they affect your business? If your company trades in any of those countries,
chances are they will apply, and failure to meet the regulations could
be punitive.
One of the important issues for business managers is that ignorance of
the regulations is unlikely to be considered a reasonable defence. This
must then be coupled to the fact that one of the most important management
functions to be controlled in this process is the implementation of the
processes needed to meet compliance. In practical terms, this means comprehensive,
auditable management of the applications that are used in any process.
It does not take much in the way of getting down to the detail of this
to realise that, in the real world of developing and growing business
processes, while many of them will use `Application X' as a contributing
function, the actual version of the application used may well be different
in individual processes, depending on when the process was developed and
(more importantly) ratified as the accepted process for that task. In
just this one area it is possible to see that the IT infrastructure now
has to manage multiple versions of the same application and ensure that
the right version is used in any individual business process.
Now multiply this across the number of application a typical business
will run, and you have just one of the on-going management problems that
compliance to new regulations means. There is, in practice, significant
danger that the imposition of new regulations - understandable as they
might be following the scandals at Enron, WorldCom and the rest - will
create a new workload for business managers that could halt new developments
in their tracks. At a time when the common call is for ever-increasing
flexibility in business, with speed of reaction to new opportunities the
goal of every business manager, the management implications of the imposition
of compliance regulations could halt that flexibility dead in its tracks.
Companies could find themselves unable to respond to new business opportunities
without first ducking their regulatory responsibilities - yet the regulations
are there for a sensible reason.
It is obviously too early to tell whether HP's new OpenView Compliance
Manager will effectively square this circle, though the company has already
consulted widely amongst the specialist consultants in the area and worked
closely with its own internal audit teams in the development of the system.
What it clear, however, is that with the management pressures and workload
that business managers now face following the imposition of new regulations,
the solution is most likely to come from the application of some automation
and technology rather than consultants. If for no other reason, this is
because managing compliance will be an on-going and growing area of responsibility,
and using consultants in such circumstances is a financial nonsense.
OpenView Compliance Manager is expected to be shipping by the end of this
year. www.hp.com
|
|
