Upgrading risk and compliance management on System z


Company executives around the world are drastically increasing their focus on properly governing their businesses as they step through increasingly complex minefields of fiscal integrity, government regulation, stakeholder concerns and a dramatically shifting market landscape. It has never been so important for companies to be able to clearly demonstrate the appropriate level of control and management, ensuring all parts of the business without exception are operating within corporate policy and externally imposed demands. Given this increased focus on corporate governance, managing business risk and regulatory compliance can be a matter of survival, and there is perhaps no market segment where this is more true than the financial services industry. Financial institutions are under the public spotlight as never before, making shareholders, media and government bodies focus with laser-beam intensity on day-to-day company health and the performance of the senior management team, and spawning more and more regulatory activity.

But this increased focus on the minutae of business operations causes problems for many large corporations. IT systems that have grown up over thirty or forty years, often based on IBM mainframes and the ubiquitous CICS transaction processing software, are the backbone of operational processing across the world, but they were never designed with this level of internal visibility in mind – the focus was always to have an application that delivered the right results, without a particular focus on how those results were delivered. In short, it was results that mattered. Of course, the same is still true today, but the added need to demonstrate the appropriate level of corporate governance, for example by ensuring that regulations and policies are followed or that risk is properly managed, requires a greater degree of transparency in IT-driven business operations.

So, technology is required that allows companies to pay closer attention to the details of business operations, looking inside the mainframe applications that previously remained stubbornly opaque. But care must be taken to deliver this increased transparency in a practical fashion – requiring a compliance officer to watch every transaction in order to ensure regulations are faithfully being met is clearly not the answer. What is actually needed is the ability to ‘manage by exception’, leaving the vast majority of transactions that are operating within required limits alone and only flagging ones that seem to be out of line.

Fortunately, the IT industry has come up with business events technology, where certain business conditions can be pre-defined as being noteworthy in some way and then detected and resolved as prescribed. Not only does this provide a way of increasing the transparency of IT-based business operations, but it also provides more or less real-time notification, allowing a much greater degree of timeliness and responsiveness than offered today by the typical weekly or monthly compliance reports. The final piece of the puzzle is that a method of upgrading existing mainframe applications is required to generate the information on how transaction execution is progressing, to provide the necessary input to determine if a particular event has occurred. IBM has recently announced just such support for CICS, enabling all System z CICS workloads to be instrumented in order to provide business transparency, which in turn leads to better corporate governance through more effective risk and compliance management.

Risk and compliance are not optional – managing them effectively is of paramount importance, and often nothing short of a survival issue. But the corollary is that effectively managing risk and compliance delivers greater confidence and increased operational freedom, resulting in greater competitiveness and improved returns to the business and all its stakeholders.


Delivering enhanced business transparency for mainframe workloads

This Lustratus Report looks at new ways IBM has made available to address risk and compliance management needs for CICS workloads. IBM’s CICS Events support can be used to improve business visibility into System z CICS workloads, making it possible to govern IT-based operations more effectively. Although applicable to all industries, the paper concentrates on the needs of the financial services industry which is very much under the spotlight in this area.


There are no reviews yet.

Be the first to review “Upgrading risk and compliance management on System z”