budget

Dec 18 2008   9:15PM GMT

Top 10 business risks in 2009 - SAS70

Posted by: sas70expert
Management, SAS 70, budget

For 2009, Ernst and Young has compiled the top 10 business risks for your companies operations. As regulation and compliance is #2, SAS 70 audits should be a priority to complete in 2009.

With the downturn in the economy, your controls should not be the first area to fall.  If you must conserve, turn to green controls or automate your controls using technology. Develop a long-term relationship with a respectable IT auditor that has experience in your industry. There advice may cost upfront, but the potential revenue growth can be exponential.

Here are the risks:

1. The credit crunch. (Number 2 in the 2008 report.)
2. Regulation and compliance. (Number 1 last year.)
3. Deepening recession. (New this year)
4. Radical greening. (9)
5. Non-traditional entrants. (16)
6. Cost cutting. (8)
7. Managing talent. (11)
8. Executing alliances and transactions. (7)
9. Business model redundancy. (New)
10. Reputation risks. (22)

 sas70expert at gmail.com

Dec 1 2008   11:10PM GMT

Have you received your stimulus today? SAS70

Posted by: sas70expert
SAS 70, budget

In order to meet budgetary guidelines, you may be wanted to ask for your handout from the US government. I know I would like to receive mine. My business is just getting started, but I could justify that if the economy would have held out, I would be substantially better off. Our newly elected president is going to have a struggle, but I hope that he will find a solution.

 

By accepting a portion of the stimulus package, US companies have basically outsourced/sold part of their business. Shouldn’t that mean that more regulation is required? With any loan more buy-back options, more oversight is required to make sure funds are managed appropriately, and that contractual agreements are met. Should that include SAS 70 audits? Basically, how can we prevent frivolous use of our funds. I think SAS 70 audits is an essential part of the regulation process.  Trackback URL

Sep 19 2008   5:34PM GMT

Asset Identification and Valuation in a Risk Assessment process? SAS 70

Posted by: sas70expert
Management, Risk management, Financials, CFO, SAS 70, budget

What is a fixed asset you say? And what is it’s value today? Don’t know where to start? Call your insurance company….if you don’t have your most precious business assets formally listed or insured, then you need help. From your insurance policy and from your understanding of what are key components that drive your revenue stream, you should be able to get a good idea of how many computers/servers that you have and what is their monetary value.

 

After asset identification, make sure you determine the replacement cost of your equipment. Recently, in discussions with IT Director at a Fortune 500 Company, he noted that he had made a formal listing of all his information technology equipment. Soon after, he had a flood to occur in his datacenter. Upon contacting his insurance company, he noted that he would only be reimbursed for the depreciated value of his equipment, not the replacement cost. Your $3000 server that you bought today, may only be worth $700 as soon as you walk out of the store when considering the depreciated value. Lesson learned — List your assets, but also understand how much it would truly cost to replace them.

 

When determining value, monetary terms are not always identifiable. You may have to perform some “ciphering.” Talk to your Company’s CFO or controller, as you may have to understand how the assets are used to generate revenue. From there, determine if the asset value can be calculated by determining a percentage of revenue. Using a financial ratio to determine value can be very subjective, so it is wise to gather several opinions.

 

As a starting point in a SAS 70 audit, when examining the risk assessment process, the auditor will want to verify that all critical assets have been identified and if you have assigned appropriate values. If you Google the blue book value of your server, or review Craig’s list to determine the price that similar products are selling for, be sure to keep a record so that your auditor may review also. Get your asset list completed today and determine the values, otherwise you may fail to meet your Corporate objectives. SAS70ExPERT@gmail.com.

 

Sep 2 2008   8:57PM GMT

Successful traits of a CIO equal successful SAS70 audits (Part 4) – SAS 70

Posted by: sas70expert
Compliance, Auditing, Financials, CIO, SAS 70, budget, bugeting

Budgets, financial statements, and account analysis all provide you with detailed information on the financial operations of your company. An effective CIO must have a good grasp of his Companies revenue and expenses and how this information flows into his IT operations.

 

If you are aware of the finances of your operation, then you will be able to understand the facets of the SAS70 audit that deal with the testing and examination of financial transactions. By understanding the processes that record financial transaction, an effective CIO will quickly be able to explain abnormal differences to an auditor. Do you have financial information required to manage your operations? Or are you still managing with an abacus? What types of reports are most effective for helping you guide your organization? Are you using balanced scorecards? Sas70expert@gmail.com

 

Jul 1 2008   5:45PM GMT

Do you need the Secret Service to guard your data? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Database issues, Disaster Recovery, Networking, Active Directory, Network security, Storage, Security, Network monitoring, Servers, Microsoft Windows, Information risk management, Management, Security Program Management, Risk management, human factors, Database, Database Management Systems, business/IT alignment, Access, Financials, Access control, Industry Solutions, Data center operations, Network Management Systems, Data center design, Network, CIO, DataCenter, DataManagement, CEO, management software, Single sign-on, FTP, CFO, cooling systems, Backup & recovery, Exchange, Backup, power systems, SAS 70, budget, bugeting, CSO

It’s election year and security to protect some of our most valuable assets is being discussed more frequently – including politicians and data privacy requirements (proposed Regulation S-P). Does that mean you should be considering the Secret Service to guard your data? I don’t think so; however, you should have a plan to manage risk of data loss. This plan should contain proactive thinking that promotes a culture of prevention. A SAS70 audit will assist you in determining your vulnerabilities and identifying weaknesses in information technology network; however, you must continually assess and evaluate scenarios, and stay informed of the latest and greatest networking threats. Communication and training are key to a data protection plan. What are some of the other characteristics?SAS70expert@gmail.com

 

Jun 22 2008   11:50PM GMT

IT Strategic Plan – What is the recipe? – SAS70

Posted by: sas70expert
Networking, Security, Strategic Enterprise Management, Identity & Access Management, Compliance, business/IT alignment, Auditing, Monitoring, CIO, DataCenter, CEO, CFO, SAS 70, budget, bugeting, CSO

An IT strategic plan is critical to be a success in today’s economy and to grow your CIO career. Don’t be afraid to define some concrete details about your datacenter network and the IT security required. Here are some important characteristics of an IT strategic plan:

 

Timing/Length – Start NOW! You can’t get there without an IT roadmap. Make it in increments of one year, 3 years, and five years.

 

Scope – Obtain the business goals and objectives. Understand how information technology will support achievement of these goals. Design your IT plan to not only meet these objectives, but to add additional value and revenue when each of these goals is attained.

 

Presentation – Keep it simple. From the Boardroom to the staff meeting, keep everyone focused on the high level IT goals. Be specific about how IT and business will work together to meet the requirements. Simple statements to drive your IT department towards success are best.

 

Monitoring – Put measurements in place which include deadlines. Monitor these like a hawk. The goal is not precision, but to keep moving forward. Revise and update the IT plan as necessary.

 

Communicate – How does the Boardroom know you are success? You are your own marketer and so is your staff. When you achieve success in completing an IT project, be sure to inform your staff and your management. Identify internal and external meetings to inform. 

 SAS70ExPERT@gmail.com

 

 

Jun 16 2008   4:46AM GMT

CIO, CEO, CFO’s role in future Information Technology(IT) - SAS70

Posted by: sas70expert
Disaster Recovery, Networking, Storage, Security, Microsoft Windows, Career development, Compliance, business/IT alignment, Auditing, CIO, DataCenter, DataManagement, CFO, Email, Exchange, SAS 70, budget, bugeting, CSO

When I was with the big four, we couldn’t just be auditors, we were risk management consultants. Today, it seems that IT job titles and roles are in a similar transition.As a consultant/auditor, I am always discussing with the client the value that I bring to their organization as an experienced SAS70 auditor. Because of my expertise my audit will be much more in-depth, more efficient and effective with their time, resources, and revenue.

According to Computerworld, the below job titles are examples of the kinds you’ll see cropping up in IT in the not-too-distant future. IT job titles with any hint of computers, databases, software development languages or data network will disappear.

· Product Architect

· Chief Delivery Officer

· Chief Process Officer

Why? It’s a direct result of IT becoming integrated into the business strategy and being considered a partner in the business instead of a service provider who has no effect on revenue.

Xcel Energy, a $10 billion electric power and natural gas utility in Minneapolis, is changing the way it looks at IT. The company expects its data managers to be able to look at data and figure out answers to questions, such as where money is being lost. In other words, the company wants someone to put data in a business context.

The outsourcing of ping, power, and pipe is common to third party vendors. Even management of the application is increasing outsourced; however, companies still need IT to manage the flow of data in/out of the application, the relationship with the outsourced vendor, and assist in performing data analysis.

The focus more on life-cycle management, vendor management and data analysis has raised the expertise requirements of IT functions and is requiring more business management decisions to be made by IT. Moving IT management away from technology management doesn’t take them out of the picture, it will make them more critical to the survival of the business and elevate their ability to make a difference within their companies strategic direction.

How do you think your role is changing? Are you being elevated? Or just asked to do more with less?

SAS70ExPERT@gmail. com

Jun 14 2008   6:39AM GMT

CIO - Are you sitting on your DataCenter assets or using them?

Posted by: sas70expert
Networking, Storage, Security, Microsoft Windows, Career development, Compliance, business/IT alignment, Auditing, CIO, DataCenter, DataManagement, CEO, CFO, Email, Exchange, SAS 70, budget, bugeting, CSO

Are you sitting on your DataCenter assets or using them? CIO/SAS70

 

As the economy continues to be unsteady, what are your priorities as CIO? As CEO’s continue to be fired, CIO’s should use the uncertainty to prioritize there IT efforts, strengthen their information security within their DataCenters, and improve communication to the business of IT efforts.

 

IT project funds are shrinking. Are you concentrating in the area that will return results to the bottom line of the business and keep your paycheck coming? Re-evaluate your priorities now – concentrate on those projects that will improve revenue; that will make you a superstar in the eyes of your management, and will solidify your job.

 

Prioritize and communicate to get the most value from all the hard work that you do. According to survey results, only 10% of CIO’s say that they did an excellent job of communicating the value of their IT assets to their bosses. If you performed a SAS70 audit, not only tell your customers, but make your internal management aware of it, as it should strengthen your network security internal controls. CIO’s should form an alliance with CFO’s to communicate the business value of the core IT assets and the projects completed within the year. Make efforts to let the Board, Management and other stakeholders aware of your hardwork and that are critical to survival of the business and quantity the net return that these IT projects bring to the organization. Scorecards work best to quickly identify areas of accomplishments, areas in process, and future plans. I use a similar technique to communicate to the audited the SAS70 audit process, results, issues and deadlines. What other methods do you use? Do you plan on cutting or adding to your IT budget for 2008 an 2009?

 

TAGs: DataCenter, Budgeting, Business/IT alignment, Career development, CIO,