IT Risk & Compliance

Risk

IT Risk and Compliance continues to increase in importance for a simple reason; the reliance on technology is now so pervasive that an IT failure can result in significant revenue loss and become a threat to corporate survival.

RGZ has a history of providing IT risk expertise that predates the phrase itself. Our understanding and approach to risk encompasses the following:

• Risk is tied to uncertainty and involves Decision Theory Science; making rational decision choices under uncertainty
• Risk cannot be eliminated; it can be mitigated
• Risk can be measured
• The best hedge against risk is prevention
• Risk is an essential business ingredient; every business decision requires executives and managers to balance risk and reward

RGZ’s Approach to Enterprise IT Risk Management can be illustrated as follows:

RGZ has and continues to assist organizations assess risk and develop complete IT risk mitigation strategies using a cost-value methodology. An IT Risk Mitigation Plan and Policies are part of the overall enterprise IT strategy.

Compliance

In today’s environment, there are a myriad of regulatory compliance mandates affecting a wide range of industries. Specifically, in the Financial Services Industry, “The Office of the Comptroller of the Currency requires regulated institutions to develop and implement effective anti-money laundering programs that encompass terrorist financing.” Other industries face similar requirements in the areas of FCPA (Foreign Corrupt Practices Act) and ITAR (International Traffic in Arms Regulations) to name but a few.

For most businesses offering employee benefits, there are HIPAA (Health Insurance Portability and Accountability Act) mandates. For any business collecting customer information there are PII (Personally Identifiable Information) and PCI (Payment Card Industry) compliance issues.

What all of these compliance matters have in common is data generated by technology systems. Data drives compliance therefore data must be secure, accurate and synchronized. RGZ is working with several clients in the areas of compliance data quality, performance measurement and continuous monitoring.

As compliance mandates increase, the area of data governance becomes increasingly important. As the data governance and compliance methodologies evolve, RGZ’s view of the process is as illustrated as follows: