Thursday, August 30th, 2007
We peruse the Internet headlines so you don’t have to. Here are the recent headlines (and links) we felt newsworthy:
SOX rocks, says ex-Rep. Michael Oxley - "The world is following our lead," said former congressman Michael Oxley, the keynote speaker at the third annual Gartner Financial Services Technology Summit in New York yesterday.
Sarbox Peels Back The Onion - While some in the business community have ranted and raved about what was once a compliance debacle, the new regulatory environment is now becoming business as usual.
Top auditors’ median fees up by 345 per cent - In a sign of the explosion in audit activity since the passage of the Sarbanes-Oxley compliance law, the median fees earned by the world’s top auditing firms shot up by 345 per cent in the five years to 2006, a study said on Wednesday.
Survey of CFOs: SOX Compliance Too Costly - Nearly 90% of CFOs believe that the cost of compliance with Sarbanes-Oxley (SOX) outweighs the benefits, according to the latest survey from the Tillinghast business of Towers Perrin.
AFL-CIO Urges More Scrutiny of Options - Old filings could reveal illegal backdating and should include records from 34 days before and 48 hours after the Sarbanes-Oxley Act was enacted in 2002.
Take A Risk-Based Approach To Testing - Sarbanes-Oxley Section 404 Compliance - From Project to Sustainability summarizes the compliance practices of leading companies and describes how they are improving their processes in the second year of compliance as they strive toward long-term sustainability.
Posted in Regulatory Reform, Sarbanes Oxley | No Comments »
Tuesday, August 28th, 2007
What is a Business Continuity Plan & Why is it Needed?
According to the DRII website, a Business Continuity Plan is a management approved set of agreed to preparations and sufficient procedures for responding to a disaster. Since it’s inception during the late 1970s, the business of business-recovery has continued to expand, moving from original application processing on mainframes, to include disaster recovery for telecommunications, distributed processing, and most recently, network area and work area disaster recovery.
Nearly two-thirds of companies have experienced a significant power failure or network outage that had a direct impact on business.
| Significant power failure |
65% |
| Network outage |
65% |
| Hardware |
55% |
|
Significant critical system downtime
|
41% |
|
Application or operations error
|
40% |
| Hurricane |
33% |
| Flood |
31% |
| Terrorist event |
19% |
| Tornado |
18% |
| Explosion or other significant facility issue |
17% |
|
Denial of service attack
|
17% |
| Supply chain disruption |
14% |
| Earthquake |
13% |
| Unable to enter the facility for some reason |
9% |
| Other |
5% |
|
None of the above
|
8% |
|
Source: IDG Research 2007 -
Sungard How to Raise the Bar
|
|
Lest the numbers above didn’t give you food for thought, when you put hard dollars to down time, these are the results that are seen across industries.
Profit-draining potential: A mere minute of downtime can bring big losses.
"Lost revenue is not the only concern of business disruption; there are many other effects as well. Inability to meet your customers’ need could ultimately lead to a reduced opinion of your corporation’s image. Investor confidence and market share can be affected if you cannot be reached. A failure at your primary data center, local or wide area network isolates your internal and external customers from gaining access to critical resources." (Contingency Planning Research Inc., Computer World, August 4, 1997) My thoughts on this are not if…. but when.
Does your company have a plan?
Posted in Business Continuity Management, General | No Comments »
Friday, August 24th, 2007
The incredibly quick growth of digital data has companies of all sizes scrambling to figure out how to store it and how to use it to make better business decisions.
But they also need to be concerned with how to manage it to comply with rules introduced last December that dictate the way electronic evidence is used in legal proceedings.
The Federal Rules of Civil Procedure (FRCP) pose a special challenge for SMBs, notes a recent E-Commerce Times article, because they generally lack a dedicated internal legal team to deal with the related issues. And the outside legal counsel hired by many SMBs often lacks federal experience, which will be needed if a lawsuit involves interstate commerce, says an e-discovery expert in the article.
So what’s an SMB to do? The article’s major point is that proactive planning is always preferable to a reactive strategy that won’t kick in until a lawsuit is filed.
Do some research on where possible electronic evidence may be found and how to preserve it. While a formal, documented process for dealing with such data is best, just knowing where the data is located is a good first step.
Another piece of good advice, from an IT Business Edge interview with the CEO of Solix Technologies, a provider of e-discovery software, New E-Discovery Rules Will Change Document Management: Consider a single tool for managing data rather than multiple tools for documents, e-mail, electronic chats and applications.
Posted in Compliance Management, E-Discovery | No Comments »
