When performing your risk assessment as required for the SAS70 audit — dive in head first, but keep your eyes focused on the details. Meet with C-level executives and line-level managers and have direct and open discussions about the perils that your company faces. Don’t be afraid to ask questions or confront CIO’s with pointed questions. If they don’t know the answer or the risk, you are already in big trouble.
Three goals CIO’s should keep in mind during these uncertain economic times are to:
1) reduce operating expenses
2) increase capacity in the data center
3) improve reliability of IT infrastructure
If you determine the risks to not meeting these three objectives, then you are well on your way to completing a reliable risk assessment. Sas70expert@gmail.com