May 2006 Monthly Meeting

May 16, 2006

Sustainable IT Compliance

Presented by
Randy Brasche of Active Reasoning


For most IT organizations, meeting first year Sarbanes-Oxley requirements was a trial by fire. By throwing bodies, resources and money at the challenge, IT organizations completed their first audit through brute force. As companies plan for future audits, significant challenges still loom.

First, IT organizations must manage and test a mountain of IT controls established during the first audit. In addition, the current compliance process is expensive and resource-intensive, and has detracted from day-to-day operations and core business activities. Finally, the first round of audits uncovered several serious material deficiencies which most companies must immediately address.

Based upon these challenges, every company is looking for ways to make their next audit easier and require fewer resources – all while minimizing the risk of exposing additional deficiencies or weaknesses.

The Active Reasoning seminar will address the risks and resources associated with achieving ongoing compliance that affect IT Auditors, Change Managers, IT Operations, Security, and Financial Managers. Learn how a sustainable IT compliance program reduces unauthorized changes and direct access to material systems while providing strategic benefits to your organization. This seminar is based upon Active Reasoning’s popular "IT Compliance for Dummies" book and will cover the following topics:
Note: Free copy of "IT Compliance for Dummies" for all attendees.

Challenges Identified During the First Audit

Your compliance challenges are shared with many other IT organizations. We will review some of the common audit hurdles identified by companies and how a sustainable IT compliance program will address them during future audits.

Automating your Compliance Testing

Most IT organizations are using expensive manual processes to test and report IT control effectiveness. For future audits, which IT controls should you automate? We will discuss automation criteria and some of the prime candidates such as automated control testing for change management, and direct access to databases and key applications.

Closing the Loop on Your Change Management Process

Poor change management practices were often cited as one of the most common IT control gaps. By leveraging and extending existing change management systems, IT organizations can create a closed loop solution that validates approved changes with actual changes – all while reducing unauthorized changes and reducing downtime.

Manage Your Controls

During the first audit, both auditors and IT organizations played it "better to be safe than sorry" and created an overabundance of controls to ensure that they covered all of their bases. Unfortunately, many of these unnecessary controls will create a lot of needless work through ongoing testing and management. Learn how to work with your auditor to manage and reduce your controls, ultimately reducing the overall work effort for ongoing testing.

Focus on Common IT Control Gaps

During the first audit, auditors found a recurring set of IT control gaps at many companies. In the future, these controls will be a primary focus for the auditing community. Learn how to address these gaps and avoid common pitfalls.

Derive Strategic Benefits from your Compliance Efforts

Compliance is now a mandatory, ongoing requirement for the IT organization. As a result, companies should leverage compliance as an opportunity and catalyst to improve IT operations. Learn how you can turn compliance into a
competitive advantage for your organization.


Randy Brasche is the director of product marketing at Active Reasoning. He brings more than 11 years of data center operations, technology infrastructure and marketing experience to the company. During his career, Brasche has held various strategy, product management and marketing positions at Cable and Wireless, Exodus, Oracle, Informix and Liberate Technologies.




Home ] Up ] [ Next Meeting ] Directions ] Past Meetings ] Future Meetings ]