A link on the Inside Sarbanes Oxley feed just jumped out at me.
Building a Compliance Architecture.
Evidently PeopleSoft’s CIO David Johnson’s thinking is very close to RedMonk’s. we recently put forward a model for Compliance Oriented Architecture.
Johnson argues: “It’s time to apply some new thinking to your IT strategy. Try running IT like a business with a renewed focus on customer service, operations, and financial control. Prioritize IT projects using a project portfolio management methodology to improve project focus, tracking, and business communication.
Then you can view compliance management as a new layer of architecture so you can deal with all your regulatory hurdles in a consistent manner. Compliance is not going away. It’s here to stay. You need to get control and automate for the long term. Properly applied technology reduces time, cost, and risk associated with an organization’s compliance activities.”
RedMonk agrees.
It seems the firm has also put forward the PeopleSoft Blueprint for Compliance Architecture which looks to
1. enforce internal controls using automation and
2. to replace written documentation with real-time metrics, diagnostics, and alerts
We have been pretty skeptical about the use of ERP backbones in ongoing, service oriented compliance efforts, but the approach Johnson lays out looks right. I will likely come back to this if we hear from PSFT, and more importantly reference customers.
James says:
May 14, 2005 at 11:23 am
I have been selling internally the notion of a forensic oriented architecture indicating what attributes are important as part of architecture to allow for evidence collection, auditing, etc to comply with GLB, HIPAA, SOX, etc.
Hope to blog it out sometime this week at http://blogs.ittoolbox.com/eai/leadership
Hopefully you can react to any thinking on the matter and extend it for your customer base.