Comments on: Wake Up To Continuous Compliance for Breakfast with CA http://www.redmonk.com/jgovernor/2006/07/19/wake-up-to-continuous-compliance-for-breakfast-with-ca/ An industry analyst blog looking at software ecosystems and convergence Fri, 03 Feb 2012 10:35:40 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Thomas Otter http://www.redmonk.com/jgovernor/2006/07/19/wake-up-to-continuous-compliance-for-breakfast-with-ca/comment-page-1/#comment-1745 Thomas Otter Fri, 21 Jul 2006 17:25:16 +0000 http://www.redmonk.com/jgovernor/wp/?p=665#comment-1745 James, I like the CA story. CA has had a tough time with complicance issues themselves, and have come a long way to fix it. They have the scars, and really understand the value of a compliant intrastructure. This gives them the cred to talk about it. Key though, the compliance architecture is a rock solid transaction platfrom, good old boring ERP!! I explore this a bit in my post this morning, but I think this is a topic we ought to explore further. Your compliance architecture paper is prescient, given when you wrote it and it remains the best analyst paper I've read on compliance. It is now ready for an update though. The solutions to support continuous compliance have moved on significantly in the last couple of years. The CA pitch is good evidence of this, but you need to check out My own view is continous risk management will become much more important than compliance. Understanding, measuring and reacting to risk is where I see the next big play. I dont mean risk in a audit sense, but risk in the sense of a portfolio risk. risk sounds a conservative word, one that inhibits innovation, but I dont believe it is. It allows you to understand better what you are letting yourself and your investors in for. James,
I like the CA story. CA has had a tough time with complicance issues themselves, and have come a long way to fix it. They have the scars, and really understand the value of a compliant intrastructure. This gives them the cred to talk about it.

Key though, the compliance architecture is a rock solid transaction platfrom, good old boring ERP!! I explore this a bit in my post this morning, but I think this is a topic we ought to explore further.

Your compliance architecture paper is prescient, given when you wrote it and it remains the best analyst paper I’ve read on compliance. It is now ready for an update though. The solutions to support continuous compliance have moved on significantly in the last couple of years. The CA pitch is good evidence of this, but you need to check out

My own view is continous risk management will become much more important than compliance. Understanding, measuring and reacting to risk is where I see the next big play. I dont mean risk in a audit sense, but risk in the sense of a portfolio risk. risk sounds a conservative word, one that inhibits innovation, but I dont believe it is. It allows you to understand better what you are letting yourself and your investors in for.

]]> By: James Governor http://www.redmonk.com/jgovernor/2006/07/19/wake-up-to-continuous-compliance-for-breakfast-with-ca/comment-page-1/#comment-1744 James Governor Thu, 20 Jul 2006 22:36:13 +0000 http://www.redmonk.com/jgovernor/wp/?p=665#comment-1744 that is right on the money. if organisations are not automating spreadsheet aggregation. its almost impossible to be compliant with ANYTHING if your approach is management by excel. that is right on the money. if organisations are not automating spreadsheet aggregation. its almost impossible to be compliant with ANYTHING if your approach is management by excel.

]]> By: Phil Ayres http://www.redmonk.com/jgovernor/2006/07/19/wake-up-to-continuous-compliance-for-breakfast-with-ca/comment-page-1/#comment-1743 Phil Ayres Thu, 20 Jul 2006 06:55:16 +0000 http://www.redmonk.com/jgovernor/wp/?p=665#comment-1743 James, Great feedback from CA. I'm happy to see that organizations of this stature are starting to understand and promote the importance of internal control improvement. It seems that I have been involved in this area more than I would like! In this post [ <a href="http://improving-nao.blogspot.com/2006/07/bpm-modeling-as-easy-as-spreadsheet_12.html" rel="nofollow">http://improving-nao.blogspot.com/2006/07/bpm-modeling-as-easy-as-spreadsheet_12.html</a> ] I introduced a similar CMM model for internal controls that I had tried to promote. It's a shame I don't have the clout of CA! [... in a previous life I tried to convince finance groups that there was value in automating spreadsheet processes. How? Imagine there is something like the software CMM model for internal controls and processes...] <a href="http://photos1.blogger.com/blogger/3211/1309/1600/levels%20of%20efficiency%20for%20controls%20and%20processes.0.png" rel="nofollow">http://photos1.blogger.com/blogger/3211/1309/1600/levels%20of%20efficiency%20for%20controls%20and%20processes.0.png</a> [...On explaining that every organization starts on the left and the aim is to take the most complex, highest volume or most risky processes up to the right using workflow and integration tools there were nodding heads. But the audience had little time to concentrate on the problem at any level above managing their compliance documents in a repository (the 2nd level). The best they could do was migrate a bunch of spreadsheets that represented the documentation of the whole organization's SOX internal controls and processes to a document management system with a compliance skin on it...] Again, great feedback. Phil <a href="http://improving-nao.blogspot.com/" rel="nofollow">http://improving-nao.blogspot.com/</a> James,

Great feedback from CA. I’m happy to see that organizations of this stature are starting to understand and promote the importance of internal control improvement.

It seems that I have been involved in this area more than I would like! In this post [ http://improving-nao.blogspot.com/2006/07/bpm-modeling-as-easy-as-spreadsheet_12.html ] I introduced a similar CMM model for internal controls that I had tried to promote. It’s a shame I don’t have the clout of CA!

[... in a previous life I tried to convince finance groups that there was value in automating spreadsheet processes. How? Imagine there is something like the software CMM model for internal controls and processes...]

http://photos1.blogger.com/blogger/3211/1309/1600/levels%20of%20efficiency%20for%20controls%20and%20processes.0.png

[...On explaining that every organization starts on the left and the aim is to take the most complex, highest volume or most risky processes up to the right using workflow and integration tools there were nodding heads. But the audience had little time to concentrate on the problem at any level above managing their compliance documents in a repository (the 2nd level). The best they could do was migrate a bunch of spreadsheets that represented the documentation of the whole organization's SOX internal controls and processes to a document management system with a compliance skin on it...]

Again, great feedback.

Phil
http://improving-nao.blogspot.com/

]]>