SOX Compliance Best Practices Revealed in New Report
Senior officers from 27 Fortune 500 companies share their practices, pitfalls and successes during the year-one implementation of Section 404 in "Sarbanes-Oxley Section 404 Implementation -- Practices of Leading Companies," published by Financial Executives Research Foundation (FERF), the research arm of Financial Executives International (FEI). Sarbanes-Oxley Section 404 requires public companies to evaluate the effectiveness of internal controls over financial reporting. Further, an external auditor must audit these internal controls in conjunction with their audit of the financial statements. Commenting on the report and release of today's Sarbanes-Oxley guidelines from the PCAOB and the anticipated guidelines from the SEC, Colleen Cunningham, President and CEO of FEI, said, "FEI welcomes this guidance. These guidelines, FEI's research on year-one implementation costs, the recurring theme at the SEC's April roundtable, and the practices identified in this new report all point to the same conclusion: Section 404 should move to a 'risk-based' approach, rather than focusing on 'coverage' ratios for testing. Our recommended practice is to identify key risks and focus controls there." The FERF report covers nine areas of implementation focus for Sarbanes-Oxley Section 404 -- organization structure; scope, documentation and testing; IT controls; the use of external resources; the relationship with the auditor; deficiency management; audit committee communications; Section 302/404 certification process; management letter; and reporting. For each area, the report lists the practices of leading companies, followed by a case study of a Fortune 500 company. The report also outlines some of the unintended consequences of Section 404 compliance.
"Sarbanes-Oxley Section 404 Implementation -- Practices of Leading Companies" can be ordered online at www.FEI.org/rfbookstore or by contacting Lorna Raagas at (973) 765-1033. The report is $99.00.
Yaletown Technology Group Releases Content Compliance Solution
Yaletown Technology Group, a Vancouver, British Columbia-based provider of enterprise content compliance solutions, released its CONSPECT Solution for Content Compliance. Leveraging core enterprise technology, such as content and messaging management systems, CONSPECT enables the management of content, policies and processes to address both internal and external compliance requirements, while also ensuring that the information a financial services organization uses on a day-to-day basis is delivering business value.
The solution provides secure and auditable management of corporate records and communications, boundary protection for communications and intellectual property, reliable business process management as well as policy creation, management and real-time enforcement.
"With so much content to control, particularly e-mail and instant messaging, many organizations find it increasingly difficult to balance both risk mitigation and operational efficiency when it comes to managing their corporate content," said Adam Wilkins, vice president of business development at Yaletown Technology Group, in the press release.
Elemental Enhances Functionality of Its Security Compliance Management Products
Elemental Security, an enterprise information security company, announced the next release of the Elemental Compliance System (ECS)-- a solution designed to unify policy management, host configuration and network access control in one seamlessly integrated offering. Through ECS, enterprises can express cross-platform security policies that affect individual computers and their behavior on the network, gather meaningful up-to-date information to compare to established metrics, and selectively enforce policies across a diverse, dynamic environment. In addition, this newest version delivers increased platform coverage, including agent support for Win2000 desktops, Win2000 and Win2003 servers, and Red Hat EL 3.0. Elemental also offers a deeper policy library, including templates for SOX and additional Windows OS and server applications.
"In pulling together capabilities from several security segments, Elemental's solution is differentiated from the pack in that it addresses the complete life cycle of security compliance management, and does so with powerful grouping capabilities useful in dynamic environments," said Andrew Braunberg, a senior analyst of information security at Current Analysis, in the press release.
Elemental's new release includes other key enhancements, such as automated remediation of host and application configuration policies, additional reports to further assist security administrators and compliance officers in making informed decisions about managing security policies, and multiple enhancements to further simplify the processes of managing policies throughout their compliance life cycle. Elemental's dynamic grouping capabilities also are extended to enable organizations to map policies to users based on their organizational affiliations and permissions.
Asigra Expands Multisite Backup and Recovery Package for Backup Service Providers
Toronto-based technology provider, Asigra, announced expanded capabilities of its Televaulting for Backup Service Providers (BSP), giving service providers, resellers and integrators the ability to offer enterprise-class backup and recovery as a service. Using Televaulting for Backup Service Providers, BSPs can implement the industry's highest-level, end-to-end solution to meet accountability requirements, business continuity and disaster recovery.
Asigra Televaulting for Backup Service Providers features complete utility provisioning, chargeback and accountability capabilities. As data moves from distributed sites throughout the customer's facilities to a centralized location at the service provider facility, it is automatically tracked and can be billed easily on a "per usage" basis. Televaulting's utility service provisioning model allows for each remote location to be charged individually, eliminates inefficiencies of backing up duplicate data and lowers customer cost while turning the data center into a profit center.
"The idea that resellers can offer Televaulting as a storage service utility from their own data centers and receive a recurring income based on the amount of data being managed is being well received by storage resellers looking for additional profit centers," said Ron Roberts, president of BluPointe DRS, Asigra's North American distributor, in the press release. "The Asigra approach is a win-win situation for both service providers and corporate customers."