Part 4 of the CIO Dinner Party - Chief Compliance Officer

CIO Dinner Party

CCO Brings Order to Confusion

CIO Dinner Party, Part 4 - Chief Compliance Officer Brings Order to Confusion

The cheese course of any dinner is usually a favorite. Everyone is more relaxed, after dinner drinks may be on the way, and the guests are open to more fluid discussions about almost any topic. In our last installment of our CIO Dinner Party we discussed the challenges of digital transformation and how the Chief Procurement Officer (CPO) and IT Director must manage the budget and spend once an organization moves onto the trajectory of Digital Transformation. Today, our guest of honor is the Chief Compliance Officer (CCO) to touch on the areas of risk and governance in terms of contracts, license consumption and audits. This is an area that is becoming increasingly complicated as companies move their applications and services to the cloud. Gone are the days of tracking entitlement, inventory and consumption of on-premises software contracts, as a new era of both transforming, yet confusing, cloud software takes off. In this environment, indirect use of software could be a violation of a corporate license agreemen

The CCO’s role is unique in that in the last few years it has moved out of the legal suite and into its own distinct role reporting directly to the CEO. This is key because the CCO’s breadth of issues it is dealing with has not only expanded, but also elevated. For example, according to a recent Thomson Reuters report the top 10 challenges facing compliance officers in 2017 are:

  1. Regulatory Change and Uncertainty
  2. Personal Liability
  3. Conflicts of Interest
  4. Sales practices, suitability, and risk disclosure
  5. Culture, conduct risk and compensation
  6. Outsourcing
  7. Insider trading or misuse of material non-public information
  8. Liquidity risk and valuation risk
  9. Data protection, technology management and cyber resilience
  10. Terrorist financing and financial crime

Further, in 2016, 69% of organizations felt their compliance budget would increase over the next 12 months to help address these myriad issues. This is obviously an extensive list and for the sake of our dinner party we are going to focus on topic nine – around technology management – as this is an area where SofwareONE has expertise and solutions. When you look up the definition of compliance one of the top entries is “the act of conforming to fulfill official requirements.” In other words, follow the rules. What happens though if you don’t know all of the rules, and unintentionally break one? Software compliance is one of the most complicated areas for organizations to adhere to. But, it does not have to be as compliance and following the rules should be a byproduct of an effective software portfolio management strategy. Effective software portfolio management means you are proactively managing your software landscape:

  • Entitlement – What do we own and how can we use it?
  • Inventory – What has been installed?
  • Consumption – How well (or not) is it being utilized?By having a view into entitlement, inventory and consumption, it helps the CCO answer questions around compliance gaps, audit risk exposure, and areas of overspend. All in, it helps the CCO minimize the risk exposure, and above all it helps the organization maximize the value of their software portfolio. From a security perspective, retiring or de-provisioning under-utilized software reduces the attack surface and improves the overall security posture of the organization.

As we spoke about in a prior post, different line of business units within companies today are simply going out and purchasing whatever software suits their needs, without a second thought to the CPO, adherence to existing contracts, or how those purchases might impact the bottom line. This is where the CCO needs to step in and ensure that the contracts being executed across the organization are being adhered to, and that the company isn’t either over or under paying for services rendered.

Final Thoughts

The CCO has his work cut out for him, particularly as the Lines of Business (LoB) start to attain more autonomy when it comes to software purchasing and deployment. We will close out our CIO dinner party series next week as we talk to both the LoB and the CFO. Perhaps they will have the secret to getting our cake, and eating it too.

Find Out More

Thank you for joining us on our dinner party adventure. If you're now ready for PyraCloud and interested in how we can help you on your Digital Transformation journey, visit our website.

Discover PyraCloud
  • Managed Security, PyraCloud
  • Cyber Security

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Blog Editorial Team

Trend Scouts

IT Trends and industry-relevant novelties

Related Articles

Cyber Security Update August / September 2020
  • 07 September 2020
  • Bala Sethunathan
  • Cybersecurity, Managed Security
  • Ransomware

Cyber Security Update - August/September 2020

Data breaches like these show that one single breach can not only irreparably damage the firm’s brand, but also jeopardize clients’ names and operations. Read more about recent attacks.

securing-your-workforce-with-microsoft-atp-and-a-soc
  • 01 September 2020
  • Bala Sethunathan
  • Managed Security
  • Microsoft

Securing Workforces with ATP & SOC

Microsoft ATP promises cutting-edge security to remote workforces – but your workforce should still invest in a SOC to stay secure. Here’s why.

Protect Your Remote Workers against the new Voicemail Phishing Campaign

Protect Against Voicemail Phishing

Cybercriminals use fake voicemail messages to lure victims into entering their M365 email credentials. Learn how to protect your M365 environment.