IT Governance and Risk Advisory Services

Many organizations aim to implement a correct partnership between business and technology. Very few of them manage to create coexistence. Instead, most view the Information Technology as a support function, or at best, a strategic obligation. Information Technology governance forms a critical component of this difference.

So, how those these questions apply to your business?

• What are the current IT risks that have critical impact on your business?
• What is the last time you reevaluated and reprioritized each risk? Is there an updated risk management plan?
• Which method do you use to quantify your return on IT investments?
• What are your company’s investment or outsourcing opportunities to optimize costs and to maximize return on IT investments?
• How should you set IT performance targets?
• How aligned is your technology with your requirements?
• What is the expiration date of your technology investments?
• Are you aware of the risks involved with technology projects?
• Do you have the necessary processes, structures and mechanisms in place to improve the alignment of Business-IT?
• Is your IT organization structure allows maximum efficiently?

Deloitte Information Technology Governance services help you align Information Technology with your organizational objectives and to develop effective and efficient processes for Information Technology. It helps IT achieve the promised gains by actualizing opportunities, maximizing gains, increasing efficiency/automation, reducing the cost and complexity, and creates the most appropriate resource using strategy for our customers.

Our team is highly experienced in the most widely accepted models of IT governance, COBIT, ITIL, CMMI, ISO20000, PMBOK, ValIT, and can also help you implement customized governance models

Today there is one big question for organizations that want to make smart investments in information technologies: is the Information Technology organized in a way to improve the services and products? Surprisingly, the primary focus of many Information Technology teams is technology itself. On the other hand, more effective Information Technology managers focus their attention to the quality of services provided, which improve the relations with the business, and also its value.

An Information Technology Service Management (ITSM) approach, built upon an Information Technology Infrastructure Library (ITIL ®) can provide significant benefits to expedite the process. Information Technology Service Management increases the effectiveness and efficiency when the need to adapt to meet the specific objectives and environments arises, while also helping to accelerate efforts to transform IT resources into business-oriented services. Built on ITIL to ensure smart growth and that the technology used is appropriate for the business goals, the IT Service Management helps promote the necessary standards, policies, processes and functions, and to realize these challenging goals.

How can we help?

Transforming from technology-oriented operations to a portfolio of services requires a sharp focus on business-oriented IT strategy, organizational skills and planning and the presentation of processes without mentioning the technologies that work behind the scenes. With an extensive experience combined with a practical business strategy, our team helps design specific services to support the organization. In addition, it provides support to achieve the performance objectives of this organization of services with Information Technology Service Management and ITIL -based solutions to create more value for the business.

Deloitte offers comprehensive solutions in the following areas:

• Service Strategy – Service portfolio creation, cost modeling, cost alignment, , IT Service Management architecture, IT Service Management operational strategy and funding
• Service Design – IT Service Management solution design, service catalog creation, IT Service Management technology strategy, service modeling and service infrastructure design
• Service Transition – Implementation of IT Service Management solutions, process implementation, IT Service Management training strategy and assistance in determining if the planned service or application is ready operationally
• Service Operation – Short-term strategic recruitment of process owners and service managers
• Continuous Service Improvement – ITIL assessment, service evaluation, service reporting, service risk analysis, preparations for COBIT and ISO20000

IT Service Management provides the following benefits to companies:

• Cost transparency for directing BT investments
• High quality IT Service Delivery
• IT decisions and priorities in line with business outcomes
• Increased job satisfaction in IT services
• Protection of investments in IT services and initiatives
• A IT behavior focusing on work outcomes, not technology outcomes

The definition of the success of a project varies for many people. For many, the most important criteria are on-time delivery of a project, expenditures managed within the budget and achieving expected results. Yet the success of a project often depends on percentage of stakeholder expectations have been fulfilled. It is likely to encounter problems in a project if experience, skills, leadership and discipline is applied in a consistent manner, combined with the necessary skills.

Our Project Risk Services team assists our customers in the planning, operations and control of IT projects, protecting their investments and reducing the risks. We provide solutions based on your needs to uncover hidden risks, to provide advice to your project team, and to ensure accountability and best practices.

We offer various solutions, from simple control to end-to-end review of a larger program to meet the needs of our customers.

Deloitte has a proven project assurance and risk management methodology, building on the best practices. Deloitte Project Risk Services framework provides a risk-based approach ensuring on time and smooth operations.

Deloitte assists its clients in the following topics:

• Ensuring early identification of project risks and managing their effects for the duration of the project
• Reducing development costs without sacrificing quality
• Ensuring compliance with legislations, corporate standards and industry best practices
• Identifying, implementing and monitoring quality throughout the project
• Proactive measurement of the progress of project outcomes, and ensuring timely action on issues and new risks identified
• Selecting the right project partners/suppliers, negotiating and contracting the correct elements to minimize operational risks
• Ensuring business requirements are met during the project in a consistent manner
• Addressing changes to the scope of the project or the requirements
• Identifying and implementing control mechanisms without causing delay in project operations

Transition projects for SAP ERP systems, one of the largest investments of organizations, bring the burden of providing continuous human resources and direct financial investment for institutions. The efficiency provided by successful SAP solutions creates opportunities to standardize business processes and significantly reducing costs.

It is advised to implement control mechanisms to ensure adherence to risks, compliance and widely accepted standards of SAP solutions in SAP structures that are complex for administrators. These mechanisms reveal institutions’ SAP risks, provide controls to eliminate these risks, and ensure the continuity of the system. These controls also help adapt users to the processes, increase the security level of the system, ensure end-user satisfaction and monitor the return on investments.

Institutions are often faced with the following problems using SAP:

• Lack of expertise required to identify the risks due to SAP's unique application development platform, and complex and closed data structure,
• Problems arising from incorrect design and cost accounting and the complexity of control records that might affect the financial statements,
• Inability of the management and internal auditors to verify the accuracy of the controls, due to the complexity of the BASIS management module and the authorization structure of SAP

Deloitte offers comprehensive solutions for all SAP processes and functions:

• BASIS Security and role design: Eliminating issues with security configurations, segregation of duties, precise access and high authorization access in BASIS processes through improving and/or restructuring security and role design processes.
• Segregation of duties in business processes: Analyzing situations contrary with the principle of segregation of duties in business processes and creating authorization matrices through authorization and profile analysis.
• Technical infrastructure control and security: Implementing risk assessments that include SAP database and server control as well as SAP continuity and performance issues.
• Post-installation acceptance testing and general scans: Identifying and eliminating risks during the acceptance process of the application using an independent, 360-degree control program, and controlling the project life cycle.
• Installation of global tools and analysis & continuous monitoring systems (eQSmart / SainChek / SekChek / SAP GRC): Using Deloitte’s proprietary and other widely accepted applications to identify control and compliance risks, and ensuring an effective monitoring option to the management for business processes and SAP BASIS management module risks.

The sole function of data is to support the business activities. Each system requires a different view and characteristics for billing, customer management, financial reporting, or for any other purpose. Data quality can only be defined in order to achieve its intended purpose. The concept of expediency means understanding the concept of data quality, and knowing which data is available is not enough by itself; the purpose of this data must also be made clear. For many tasks, data is collected for a single purpose, but is usually used for different ones. As a result, data quality problem forms a complex and constantly evolving challenge for businesses.

The first step in any attempt for data quality is to define quality itself. The quality required must be identified prior to any project. Typical factors are availability, accuracy, integrity, consistency, completeness, validity, timeliness and accessibility.

Data quality should be viewed as a continuous process. Data potentially loses its validity from the moment it is collected. A high-quality flow of data can only be acquired with continuous measurement, evaluations and refinement.

Deloitte Data Management team uses pre-determined processes and industry-leading tools to solve data quality problems. Some of these tools can be named as evaluating the suitability of business units and locations, monitoring and ensuring adherence to data standards, identifying incomplete and inaccurate data, developing processes to correct and enhance the data and enhancing the single customer and product views on various business structures.

Deloitte data management approach combines three dimensions to create value to the business. Although technology implementation consultation and assurance is based on years of experience, a successful data management actually includes more than the simple integration of technology.

• Data Risk Management- Ensuring data assurance through research, analysis, negotiation and evaluation
• Data Administration- Determining the correct people and policies for keeping and regulating company data in order to create a business structure managed by data
• Data Management Technology- Selecting, installing, integrating and implementing the technology required for efficient data management

Despite that the focus of any data management initiative might be identified with a single dimension, success depends on the integration of all three. The interaction, vital to a successful initiative, is the center of these dimensions. A successful data management requires an understanding of risk, management and technology.