Welcome to the first international edition of KPMG Information Risk Management’s Compact journal for Business, ICT (Information and Communication Technology) and Audit executives and staff. Over the past 25 years, this journal has only been available in Dutch, in the Netherlands and Belgium. Now we, in particular the editors Dries Neisingh and Ronald Koorn, have brought together a truly international team of Information Risk Management (IRM) professionals to produce this first English language edition.
For those of you who are not familiar with Compact, it is designed to provide Executives, ICT and Audit professionals with practical information on a number of ICT and risk-related topics. The articles are written by KPMG IRM specialists who are at the frontline of service delivery and have to apply the concepts they write about on a day-to-day basis.
In this edition of Compact you will notice two key themes: e-Business and ICT governance. Of course, most organisations are into ‘e’ nowadays, but not everyone is successful at it or able to apply it in the most efficient manner. The integration of major legacy ERPs (in general not that old themselves) and new e-Commerce elements such as Public Key Infrastructures and – the potential e-Business killer app – e-Procurement, is a continuing challenge for many organisations. As Colin Bezant and Peter-Paul Brouwers point out in their article on the controls necessary for e-Commerce, risks are found at the front and rear of the business process. Adequate controls are therefore required at each stage.
The governance and management of ICT in large, often distributed operations, poses problems that many organisations are never quite able to solve. The use of a balanced scorecard approach to measure ICT performance can help to solve this dilemma. In the first article, Jan de Boer, Ken Rau and Joachim Vandecasteele discuss how a balanced scorecard can be applied to ICT organisations at each of the development levels. The performance of ICT organisations depends to a great extent on the success of ICT projects. The article on ICT project reviews addresses the different types of project reviews and key review areas, and asks how project reviews can be leveraged to control ICT projects.
Combining the theme of Governance with e-Commerce is the subject of ICT alliances. The old ethos of doing everything in-house is long gone. Working together with partners, be they outsource suppliers, customers, vendors or consultants, is becoming the norm. Managing these relationships is not a simple matter, however, and there are many risks that need to be addressed. Peter van Toledo discusses the key role that the ICT Auditor can play in helping to identify and manage the risks associated with the set-up and operation of strategic alliances.
I hope you will find this first international edition of Compact of interest. If you have any questions regarding the articles, KPMG’s IRM professionals around the globe are ready to help you (see listing of KPMG IRM locations on page 4). As this edition is very much a pilot, please let us know what you think by contacting malcolmhewson@kpmg.com. We would also appreciate hearing from you, our clients, about the topics which concern you so that future editions may be focused on your needs.
Peter W. Morriss
Global Head of Information Risk Management, KPMG
March 2001