Sustainable IT Compliance
Randy Brasche of Active Reasoning
For most IT organizations, meeting first year
Sarbanes-Oxley requirements was a trial by fire. By throwing bodies, resources and money at the
challenge, IT organizations completed their first audit through brute force. As companies plan
for future audits, significant challenges still loom.
First, IT organizations must manage and test a mountain of
IT controls established during the first audit. In addition,
the current compliance process is expensive and resource-intensive, and has detracted from
day-to-day operations and core business activities. Finally, the first round of audits
uncovered several serious material deficiencies which most companies must immediately
Based upon these challenges, every company is looking for
ways to make their next audit easier and require fewer resources – all while minimizing
the risk of exposing additional deficiencies or weaknesses.
The Active Reasoning seminar will address the risks and
resources associated with achieving ongoing compliance that affect IT Auditors, Change
Managers, IT Operations, Security, and Financial Managers. Learn how a sustainable IT compliance
program reduces unauthorized changes and direct access to material systems while
providing strategic benefits to your organization. This seminar is based upon Active
Reasoning’s popular "IT Compliance
for Dummies" book and will
cover the following topics:
Note: Free copy of "IT Compliance for Dummies" for all attendees.
Challenges Identified During the First Audit
Your compliance challenges are shared with many other IT
organizations. We will review some of the common audit hurdles identified by companies
and how a sustainable IT compliance program will address them during future audits.
Automating your Compliance Testing
Most IT organizations are using expensive manual processes
to test and report IT control effectiveness. For future audits, which IT controls should
you automate? We will discuss automation criteria and some of the prime candidates such
as automated control testing for change management, and direct access to databases and key
Closing the Loop on Your Change Management Process
Poor change management practices were often cited as one
of the most common IT control gaps. By leveraging and extending existing change
management systems, IT organizations can create a closed loop solution that validates approved
changes with actual changes – all while reducing unauthorized changes and reducing downtime.
Manage Your Controls
During the first audit, both auditors and IT organizations
played it "better to be safe than sorry" and created an overabundance of controls to ensure
that they covered all of their bases. Unfortunately, many of these unnecessary controls
will create a lot of needless work through ongoing testing and management. Learn how to work
with your auditor to manage and reduce your controls, ultimately reducing the overall
work effort for ongoing testing.
Focus on Common IT Control Gaps
During the first audit, auditors found a recurring set of
IT control gaps at many companies. In the future, these controls will be a primary focus for
the auditing community. Learn how to address these gaps and avoid common pitfalls.
Derive Strategic Benefits from your Compliance Efforts
Compliance is now a mandatory, ongoing requirement for the
IT organization. As a result, companies should leverage compliance as an opportunity and
catalyst to improve IT operations. Learn how you can turn compliance into a
competitive advantage for your organization.
Randy Brasche is the director of product marketing at
Active Reasoning. He brings more than 11 years of data center operations,
technology infrastructure and marketing experience to the company. During
his career, Brasche has held various strategy, product management and
marketing positions at Cable and Wireless, Exodus, Oracle, Informix and