Friday, April 18th, 2008
ITPolicyCompliance.com
Performance Results: Small Business
The majority of small businesses - those with revenue, assets under management or budgets of less than $50 million - are performing at the norm when it comes to compliance results (Table 1).
Table 1: Small Business Compliance Results
| |
Small
businesses
|
All organizations, private and public
|
|
Laggards
(More than 15)
|
20%
|
21%
|
|
Norm
(3 to 15)
|
69%
|
70%
|
|
Leaders
(Less than 3)
|
11%
|
9%
|
Source: ITPolicyCompliance.com, 2006
Compliance Results: Size Does Not Matter
The compliance performance results - for small business - are nearly dentical to the performance results for all organizations. Despite slight differences, the smaller size - and presumably fewer available resources - does not materially influence compliance performance results among small businesses.
Strategic Actions to Improve Results: Mixed Results
The top five prioritized strategic actions taken by small businesses do not match, one for one, the strategic actions being taken by organizations with the best (fewest deficiencies) compliance results (Table 2).
Moreover, increasing the frequency of monitoring - the key factor determing results - is not emphasized enough by most small businesses. On average, small businesses are conducting IT audit, monitoring and reporting once every 200 days: far short of the once every 21 days of the industry leaders.
Table 2: Top Five Strategic Actions for Compliance
|
Compliance leaders
|
Small business
|
|
1. Documented business procedures, IT assets and IT controls
|
1. Automated IT configuration and controls management
|
|
2. Changed business procedures to comply with mandates
|
2. Automated monitoring and reporting
|
|
3. Automated monitoring and reporting to improve results
|
3. Changed business procedures to comply
|
|
4. Automated configuration and controls management
|
4. Automated IT security controls and procedures
|
|
5. Increased the frequency of monitoring, measurements and reporting
|
5. Delivered training and accountability to employees
|
Source: ITPolicyCompliance.com, 2006
Guidance Recommendations:
Guidance for small businesses, based on fact-based benchmark results, include:
- Document business procedures, IT assets and IT controls
- Increase the monitoring of IT policies, controls and audit logs to monthly or more frequently
© IT Policy Compliance Group, 2006
Posted in General | No Comments »
Monday, April 14th, 2008
Don’t wait for some new eco-friendly product to save money and the environment. Here’s what your business can do today.
by Oliver Rist
It’s the year of green, so SMBs can expect a flood of sales pitches hawking greenness—not just for products that you need, but for ones to replace existing equipment that you’ll be told is outdated and wasteful. But do be careful: There’s often a lot of misinformation in these pitches. Take APC’s new Back-UPS ES 750 UPS (we’ll review it in an upcoming issue). Touted as the company’s first green UPS (uninterruptible power supply), the Back-UPS ES 750 adds a "Master/Controlled Outlet," which senses when the device plugged into it goes to sleep or ceases drawing power. When that happens, the UPS shuts off power to that outlet. This is important, because even when your devices aren’t eating power, outlets are still "juiced" and draw a significant amount of power.
The unit is compliant with RoHS (Restriction of Hazardous Substances, the European Union directive), meaning you won’t find more than trace amounts of lead or other toxic chemicals in it (batteries, disposed of separately, excepted), and it uses recycled packaging. But the new power-management circuitry is the ES 750’s main claim to green. Other backup companies will likely start selling boxes with new lithium ion batteries, not just because they last longer but because dumping them is supposedly easier on the environment. This effectively doubles the greenness—of the pitch. APC says the recycling programs for lead-acid batteries are more reliable than any kind of disposal for lithium ion. The company has chosen to keep using lead-acid until lithium ion recycling catches up.
This’ll be a common "gotcha": You’re presented with a green sales pitch for replacing existing equipment. But when you look closer, you may find that the newest technologies still have a ways to go before achieving true greenness, and the benefits they’re touting can often be had simply by using what you own now more intelligently.—The Five Steps >
Posted in General | No Comments »
Thursday, April 10th, 2008
Blogger LORA BENTLEY - One of the first non-profits to demonstrate voluntary compliance with the Sarbanes-Oxley Act of 2002 was the University of Pittsburg Medical Center. Representatives said they chose to do so as a means of maintaining accountability with the organization’s contributors and the public. New research reveals, however, that not all Sarbanes-Oxley-like requirements are effective in the non-profit health care environment. In particular, it seems that imposing requirements upon non-profit hospital boards of directors — such as minimum donations or term limits — don’t yield significant improvements in hospital financial management or patient care. The study, conducted by researchers from the University of Michigan, found only a weak connection between board structure and hospital function. READ MORE
Posted in General, Sarbanes Oxley | No Comments »
