Business Standard

"Effective IT governance enhances risk management and statutory and internal compliance"

In this interview, Vittal Raj, International Vice President, ISACA, emphasises on the importance of effective IT governance framework for manufacturing industry

ImageRakesh Rao B2B Connect | Mumbai
"Effective IT governance enhances risk management and statutory and internal compliance"

Vittal Raj, International VP, ISACA

Information Systems Audit and Control Association (ISACA) is an international nonprofit, independent association that advocates for professionals involved in information security, assurance, risk management and governance. In this interaction with Rakesh Rao, Vittal Raj, International Vice-President, ISACA, emphasises on the need of effective IT governance for manufacturing industry and how it can help improve performance of companies in the current highly connected world.
 
Why is it important for manufacturing companies to put in place an IT governance framework?
IT in manufacturing is much beyond mere mundane number crunching. ERPs that automate enterprise-wide process cycles, design, tool room and shop floor automation, RFID based logistics and inventory and asset control, industrial surveillance systems are just a few of technologies that dot the manufacturing IT space. Manufacturing involves several mundane to complex, operational, tactical and strategic decisions across various layers of management. These decisions could range from day to day operational decisions such as pricing of products or responding to RFQs, shop floor, HR and financial decisions as well as range upto strategic decisions such as introducing or discontinuing product or business lines.
 
Right information is the key to good decisions. Several success stories and research studies have highlighted the competitive edge that structured data/information driven decisions provide and a manufacturing organisation’s ability to leverage on its IT. With the processing of enterprise information across layers and departments dependent on IT system, it is essential to ensure the enterprise IT will stand up to the demands of business. Given the complexity of information technology and more so the emerging technologies, and given the dependence on IT for their survival and growth, manufacturing entities often left puzzled when it comes to cracking the managing and governing IT quagmire.
 
Besides with the rapid and significant presence of microprocessor driven automation of production, production planning, management and control of shop floor, most processes characterise a high level of dependency on accurate processing and delivery. A framework based approach to IT governance is essential in providing a perceptible higher level of predictability and consistency in delivery of information as well as automated operations.

ALSO READ: Demand for data leakage prevention software is on the rise: Vadim Kuznetsov, InfoWatch
 
There are several business benefits in implementing effective IT governance in manufacturing entities that range from IT that is aligned and driven by business goals for extracting value from IT while managing risks. This differentiates from other adhoc approaches to IT. IT governance also enables clearly articulated IT goals that are sensitive to the fast changing technology and cyber threat landscape and provides a structured and sustainable approach to managing IT with clearly defined roles and measurement of IT process effectiveness in terms of business outcomes. COBIT 5 from ISACA is among the most comprehensive yet practical and popular guidance on IT Governance.

Are Indian companies/CIOs aware of the importance of IT governance? Do Indian manufacturing companies follow international auditing and control standards for their information system?
The awareness of importance and adoption of IT governance amongst the Indian manufacturing sector is still at a nascent stage. Most manufacturing companies either do not have a CIO or may have a designated CIO but with limited role of mundane IT management. The reasons for such low awareness/adoption primarily stem from lack of board room recognition of importance of business-aligned investment in IT and its effective governance, which when recognised and adopted provides the much needed competitive edge in every sphere of and manufacturing entity’s operation.
 
The Indian Companies Act has always provided for controls in information systems as a mandatory internal control requirement as a significant corporate governance requirement. The importance of IT governance is now further accentuated by the new Companies Act 2013, which provides for robust and structured risk management and internal controls, with specific requirements as regards internal controls that are relevant to financial reporting and electronic records. Effective IT governance enhances risk management and statutory and internal compliance.

CIOs often face daunting challenges when executing inter-departmental projects. How can having an effective IT governance framework help them solve this change?
CIOs in manufacturing entities often face several limitations as compared to their elite counterparts in services and BFSI sectors. In a majority of manufacturing entities, IT is still looked upon as a mere support function rather than a business enabling function. Hence, CIOs in such entities face significant challenges and inter-departmental resistance at every stage right starting from putting together business requirements for new systems and enhancements, securing budgets for optimal IT investment, aligning enterprise IT expectations with vendors and service providers (especially with those in shop floor automation).
 
Most of these challenges arise from lack of understanding of the right perspective to IT to manufacturing entity operations and clarity on expectations of multi-various stakeholders. One of the foremost challenges that IT governance helps in bringing in definition of expectations right across the business, operational and IT management and providing a common understanding of challenges and opportunities that is driven from the common customer and investor perspective. Another key benefit of implementing an IT governance standard such as COBIT 5 is clear definition of IT processes and underlying activities and more so clarity of roles thereof.
 
How has the adoption of SMAC (Social Media, Mobility, Analytics and Cloud Computing) technologies in the Indian manufacturing industry been so far?
The Indian manufacturing industry, ironically more so amongst the SME businesses have seen encouraging adoption of emerging technologies, particularly cloud and mobility that have lead to significant cost savings and hassles with managing IT and improving team and customer communication in many cases with benefits of a resultant healthier order book. Social media is enabling greater customer and employee connect thus helping moving towards demand driven and customer responsive innovations and quality. Though the adoption of analytics is yet to take off, several large manufacturing entities have experienced significant improvement in understanding sales and spend trend, internal processes efficiencies and also detection of potential frauds.

What challenges do manufacturing companies encounter as they leverage benefits of SMAC technologies?
Again the primary issue with adoption of SMAC technologies is the lack of awareness and availability of right consultants to help organisations with the right strategies for SMAC. While the cloud and mobility are seeing greater adoption for inherent benefits of cost savings and ease of doing business, social media for business and particularly analytics are yet unknown amongst the Indian manufacturing sector.

What is the level of awareness amongst Indian manufacturing companies on Advanced Persistent Threats? And how prepared are they to manage the risks associated?
A survey from ISACA, found that every 1 of 5 organisations surveyed were victims of advanced persistent threats, while two-thirds of respondents thought it was only a matter of time before an attackwas experienced. Indian manufacturing companies are potential targets for APTs, hackers are silently on the prowl looking to steal various kinds of information that is strategic to manufacturing enterprises.

ALSO READ: PPP model for water industry is not viable: Rajesh Sharma
 
Most manufacturing entities remain under the false sense of notion that cyber security is not relevant to manufacturing entities while they could have APTs sitting undetected in their organisation networks, known to bypass traditional security techniques such as firewalls, anti-malware and mail filters. These APTs can sit for long periods silently stealing anything from customer contacts, financial information such as bank account and credit card particulars, pricing information, intellectual property rights or even interfering with software instructions and operating systems processes.
 
What role can IT governance play to ensure industries can leverage SMAC technologies seamlessly?
Manufacturing entities are often at loss for understanding what to expect from SMAC and the right strategy to adopt for leveraging on such technologies. Most organisations are driven by vendor sales talk or competitor actions in adhoc adoption of such technologies that may result in more harm than good. As regards SMAC adoption, an IT governance frameworksuch as COBIT 5, at the outset helps in clearly articulating a business case aligned with information requirements, potential benefits that an entity can expect from adoption of each of these technologies and the risks that need to be guarded against. COBIT 5 also enables definition of business and IT goals for SMAC adoption and helps establishing the processes that will ensure securing measurable and sustainable business benefits thereof, while enablement management of risks inherent to such technologies.

Don't miss the most important news and views of the day. Get them on our Telegram channel

First Published: Oct 06 2014 | 11:03 AM IST

Explore News