LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 31st, 2014
Linux Security Week: October 27th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Turning Sarbanes-Oxley into a strategic Advantage Print E-mail
User Rating:      How can I rate this item?
Source: Nerys Grivolas - Posted by Benjamin D. Thomas   
Security

Author: Nerys Grivolas, Senior Consultant, Net Report SAS
The key to turning your company’s conformity with Sarbanes-Oxley into a strategic advantage is to sustain your compliance year-on-year. To do so, you must embrace the idea that Sarbanes-Oxley compliance is an ongoing journey not a final destination.

To increase your company’s competitive advantage and close the IT audit gap you must leverage a combination of the right people, processes and technology. This means making compliance a repetitive process via careful planning, effective communication, efficient processes and applied technology applications aligned with best practices, audit and internal control guidelines and corporate culture.


Sarbanes-Oxley compliance has forced and is continuing to force companies to reengineer their business processes, which can improve overall enterprise risk management and business performance and therefore create enormous productivity gains. Complying with Sarbanes-Oxley mandates can be costly and time-consuming. Global companies have estimated that it will cost between $10-$20 million to implement the appropriate control frameworks (COSO, CoBiT) and create the environment needed to fulfill Sarbanes-Oxley requirements on an annual basis. Yet, for those companies determined to turn the business knowledge gleaned from Sarbanes-Oxley into a competitive advantage, an important silver lining beckons. The information that companies gather while complying with Sarbanes-Oxley, in particular regarding internal controls and risk management processes, can open up new opportunities to streamline businesses and increase profit. Here are ten tips to getting the most out of your company’s Compliance Strategies and benefiting from the silver lining.

Tip 1. Take a Strategic Approach to Conformity
Initially, organizations were focusing their compliance efforts purely on Sarbanes-Oxley. Now, as companies are deep into Year Two of Sarbanes-Oxley compliance, they are re-examining their first efforts. Most are finding that taking a rushed initial approach left them without a comprehensive strategy for ensuring ongoing, cost-effective and efficient Corporate Governance, IT Risk Management and compliance management. To decrease the burden of ongoing compliance costs, forward-thinking companies are starting to apply a more strategic approach to compliance by implementing technology to automate internal controls, reporting and testing and establish a centralized repository for this data to lower costs and ensure that annual compliance is a iterative and sustainable process. Companies are recognizing that if they do not start to address this now, their compliance costs next year will be at least the same as this year, and possibly higher.

Tip 2. Address Broader Risk Management Practices
Smart companies have also learned that they can leverage their Sarbanes-Oxley compliance efforts to address their broader risk management practices and thereby improve their overall business performance. Now more than ever, management teams are working to create stronger control of operational risks and compliance execution as a means to minimizing losses and improving business performance, which is critical to maintaining a positive brand reputation among customers and investors. Having a strong hold over risk management processes is a clear indicator to regulators, customers and investors that leadership is strong within an executive team and that it is being treated with the same sense of urgency as Sarbanes-Oxley compliance. The push for improved transparency in financial reporting and increased enterprise-wide accountability by companies who believe they will be stronger and more attractive to investors if they take the opportunity to institute transparency are also realizing the need for strong risk management practices.

To address all these needs, the organizations are now looking to utilize Corporate Governance and IT Risk Management specific technologies to drive inefficiencies out of the compliance process. A powerful, enterprise class solution that combines log collection, long-term archival, analysis, monitoring, correlation, alerting, reporting and forensic data investigation is now a key element in a company’s compliance.

Tip 3. Select the Appropriate Control Framework Mix
A combined approach marrying a known Risk Management Framework (for example COSO) and an IT Risk Management Framework (for example CoBiT) with an effective enterprise-wide risk management technology solution to automate your IT internal controls such as Net Report Monitoring Center can take your Sarbanes Oxley compliance that bit further to ensuring sustained conformity.

Tip 4. Bring Together the Right Combination for Sustaining Sarbanes-Oxley Compliance
Sustained SOX compliance takes the right combination of people, processes and technology to make the journey successful.

Tip 5. People - Instill Data Quality Mindset
The first step is to harness the best people in the company to manage the sustainment effort. The goal should be to instill a culture of data quality within your company. Educate anyone who has contact with company data (read: everyone) on how important it is to maintain the data quality standards developed in the SOX compliance process via Training, Corporate Communication, Seminars. To this end, develop metrics for measuring data entry accuracy rates, and tie performance to incentives.

Tip 6. Processes - Evaluate and Improve Your Compliance Methodology & Processes
Next, evaluate your initial compliance methodology and fine-tune it to enable the sustainment effort. The trials and errors that went into developing your SOX compliance methodology should give you valuable insight into which data quality maintenance processes work best for your company. Examine your initial compliance processes to confirm that they can be reused – and tweaked, if need be – to enable you to monitor and sustain the compliance effort.

Tip 7. Technology - Implement and Automate your Data Management Tools
To augment the work of your people and processes, it's critical both to implement best-of-breed data management tools and to automate data management processes when possible (data collection, archival, analysis correlation). Because of time constraints, your initial SOX compliance effort may have entailed using your existing technical architecture. However, now that you are in compliance, it's time to re-evaluate that technical architecture. You need flexible, scalable data management tools that can grow with your company and enable you to automate as much as possible of the data management effort.

Tip 8. Communicate – Report by People through Processes via Technology
Monitor your compliance and put accurate information into the hands of the people who need it – when they need it. A SOX compliance solution such as the Net Report Solution gives executives, managers and knowledge workers role-based views, allowing them to monitor multiple processes that occur simultaneously and to consolidate seemingly disparate information into a relevant and usable context for analysis and action. With this technology, data management issues can be identified and rectified long before they become serious, widespread problems.

Tip 9. Ensure Agility at Each Level of the Company
Corporate agility is the key to beating competitors to market with strategic initiatives, and to reacting more effectively to regulatory mandates. In today's market, this strategic advantage is fast becoming an imperative as business cycles rapidly decrease. Sustaining SOX compliance will never be easy. Regulations will change, and problems will almost certainly arise. The goal of compliance sustainment, however, is to gain the ability to identify and correct potential problems before they become endemic. The right combination of your company's best and brightest people, usable and repeatable data management processes, and flexible, powerful technology will go a long way toward helping you sustain SOX compliance.

Tip 10. Monitor, Test and Continue Improving the Compliance Strategy Constantly
IT organizations must ensure that they are continuously monitoring their Sarbanes Oxley policies to remain in compliance at all times, not just at the point-in-time that an audit is performed. One way to achieving this is via the real-time and robust advantages offered by an automated log lifecycle management solution. This kind of automation does not just save money, more importantantly, it gives organizations the tools to plan and prevent and react quickly, when necessary. It is no longer enough to think of compliance as a series of reports providing an auditable trail of change. Instead, compliance is a complete process not a final destination.

Conclusion

Sarbanes-Oxley forces companies to manage internal IT controls, justify the flow of information in the company, align internal audit procedures with best practices, focus on real-time reporting, implement an early-warning system to alert key stakeholders and boards of dubious accounting methods, and make hundreds of similar efforts. All of these actions will, no doubt, improve corporate governance.

However, this information poses a challenge to management it can, through the implementation of automated IT Security Control Tools (such as Net Report Log Analyser) and Net Report Monitoring Center) and the integration of a rigorous Corporate Governance and IT Risk Management strategy, help a company mitigate risk and perform more effectively.

By implementing your Compliance strategy with Net Report’s Consulting Services and Automation Tools, smart businesses can reduce their ongoing costs, minimize regulatory and operational risk and turn compliance into a repeatable, sustainable, and cost effective process.

For more information on Net Report please click the link below Click here...

Read this full article at Nerys Grivolas

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pirate Bay founder guilty in historic hacker case
Parallels CTO: Linux container security is not the problem
Advisory says to assume all Drupal 7 websites are compromised
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.