The IT compliance program cannot be conceived in isolation and devoid of the key links
to non-IT and financial compliance. Effective IT compliance requires an aggregate
vision and architecture to achieve compliance that goes beyond becoming infatuated
with a given control framework.
As a group, provide a detailed plan of action based on life cycle concepts to develop
and deploy an ongoing IT compliance process. Your plan should provide practical
knowledge on what you should consider when developing and implementing an IT
compliance program for key regulations such as Sarbanes-Oxley, HIPAA, GrammLeach-Bliley,
PCI
and
others
to
achieve
meaningful
IT
governance.
Your
plan should
include
the
following:
Discuss the challenges IT divisions face in achieving regulatory compliance
Assess how IT governance will improve the effectiveness of the IT Division to attain
regulatory compliance
Develop a broad vision, an architecture, and a detailed plan of action that follows
a life cycle concept
Assess all key business processes and IT compliance factors and link to all
business processes (financial and non-IT) to develop an aggregate vision of IT
compliance
Your detailed plan should include the following phases: initiate, plan, develop and
implement.
