Using an enterprise information management system to enhance IT compliance and information value

During the latest years, IT governance has become more and more important, for several reasons: the increasing pervasivity of IT in business organization, management and administration requires a veritable governance activity, to strategically orient decision making about IT investments and management; the role of information systems in administrative data processing requires a special focus on information security and process control; the need to keep down IT budget forces to balance IT capital expenditure and operational expenditure and to increase IT systems productivity and information value. More of the attention on IT Governance is captured by compliance, owing to the recent financial scandals and the severe rules regarding information systems audit and control. Companies need to comply with these rules, but it requires important investments, considered not strategic but only necessary (Remenyi et. Al. 2000). However, companies should analyse the compliance requirements and to implement an IT governance system, not only to comply with legal rules, but also to improve the strategic alignment between IT and business and to optimise value creation by IT compliance investments (Ventrakaman and Henderson 1996, Van Grembergen 2003). Therefore, IT governance should have a complex set of goals, such as: to standardize and unify processes; to align information delivery with business needs; to control IT initiatives cost; to comply with external requirements. These goals are often opposed and difficult to pursue, because: they regard cross functional enterprise systems; they are strictly linked; they concern large databases and applications, very difficult to control. To optimise IT compliance it is useful to define a roadmap to IT compliance, orienting these activity to value creation, by realising scale, scope and experience economies in IT compliance activities. The accomplishment of this roadmap is the automation of IT compliance processes, using Governance, Risk and Compliance (GRC) standard solutions or developing in house systems, such as Enterprise Information Management (EIM) systems, to automatically manage processes, data and information security, access control, system performance and to data usability. In this paper, IT compliance topic is introduced, to define how to orient IT compliance to value creation; GRC systems and EIM systems are described, with their different cost and benefits for companies. Aim of the paper is to define how to develop compliance automated systems, to save money and enhance information integration and value. Observations and conclusions derive from practical experience of the author, participating to a project of EIM implementation in a major Italian company