CenterBeam

Accelerating IT to the Speed of Business

contact us | search  

 
home company profile business advantage managed services featured industries news room
Contact us today »
 overview   news articles   press releases   awards   resource center   SOX IT compliance   recommended reading 

The CFO's Guide to SOX IT Compliance

Top Line Information Delivering Bottom Line Savings

Compiled by CenterBeam's Security Experts

"CenterBeam definitely helped us with our Sarbanes Oxley audit. I don't know what we would have done without them. It would have created a lot more work for us than we have time for. I am very thankful for CenterBeam's help with the audit. I could not function without CenterBeam." Aimee Stadtfeld
Endeavor International

Because you’re focused on leading your company to success, Sarbanes-Oxley (SOX) and other regulations can be an expensive, but necessary, distraction. It is precious time and money spent managing what initially appears to be a non-value added effort of compliance instead of focusing on the upside of profitability. One critical area that SOX and other regulations touch is IT. Because your financial records are stored and managed on a network of computers, the SEC wants to know that your systems for protecting financial records conform to a set of best practices. According to the world’s most esteemed IT analyst company, Gartner, anywhere from 30% to 50% of all financial reporting controls are IT based, so IT compliance is critical.

For mid-sized companies, IT can be a bit of a black hole. It’s hard to measure IT’s effectiveness. Accountability tends to be rather vague and your company is probably somewhere behind the curve of best practices. Auditing IT is probably going to turn over some rocks that haven’t been turned over before. And you know that what lies beneath won’t be pretty.

Even more frustrating can be the lack of clarity and specificity in the SOX language regarding what a 'competent' IT infrastructure looks like. Given the current lack of set precedents, auditors are trying themselves to discern what to audit and when. Many fall back on old standards such as SAS 70 or struggle to compile checklists that change from year to year.

So you are left with a dilemma: do you invest in your own IT staff and infrastructure to achieve and maintain compliance, or can you outsource some or all of it and at the same time ensure you keep your SOX controls in place?

CenterBeam manages the IT infrastructure for hundreds of companies across North America and has helped many of our clients dramatically simplify their IT SOX compliance. The lessons learned from building and managing our own SAS 70 Type II compliant infrastructure are brought to bear in solving our customer's IT issues. CenterBeam can serve as a facilitator to SOX and other regulatory compliance for our customers by providing three functions:  

  1. Consulting: Certain parts of the SOX language require strategic decisions and planning be done. CenterBeam can and often does help our customers in this area.


  2. Enabling: By coming onto the CenterBeam service we enable our customers to meet some audit criteria by virtue of our own existing processes, e.g., when CenterBeam provides Server and Network management our customers automatically inherit a fully developed and functioning Change Control Process that they themselves may be lacking. To the extent CenterBeam provides services we enable these control objectives to be met.


  3. Providing: Lastly, CenterBeam can directly provide compliance for certain criteria, e.g., if we are providing you with desktop services, we automatically provide anti-virus, patch management, etc., so you are compliant without the need for doing this work and possible capital investment yourself.

In the course of working with our own customers and their auditors during their compliance efforts, we’ve found some invaluable references for CFOs that we’re passing along to you.

First, it’s always a good idea to have a copy of Sarbanes-Oxley at hand for ready reference.

The Economist
The Economist recently published an article on how to best calculate the true cost of compliance. According to Deloitte, large companies are spending an additional 70,000 man hours on SOX compliance.

Entrepreneur Magazine
In a recent article in Entrepreneur magazine, Cisco states that even if your company doesn’t have to worry about SOX compliance now, your company would benefit from following SOX provisions as they represent a new “best practice standard.”

Optimize
Optimize magazine recently ran a comprehensive article for CEOs and CFOs, “The Compliance Imperative,” that gives clear advice on how to best manage SOX compliance.

Protiviti
Protiviti, an independent risk consultancy with a SOX practice, has published a white paper, “Building Enterprise Risk Management on the Foundation Laid by Sarbanes-Oxley.”

The Channel Insider
CenterBeam frequently works with Protiviti to help mutual clients with SOX compliance. Recently the two companies were profiled in an IT trade magazine as experts in this field.

CIO Update
Another IT trade magazine, CIO Update, profiled CenterBeam as a leader in helping companies win SOX compliance for their IT departments.

CONTACT US  |  CAREERS  |  PRIVACY POLICY  |  TERMS OF USE      ©2000-08 CenterBeam, Inc. All Rights Reserved