Financials

Sep 19 2008   5:34PM GMT

Asset Identification and Valuation in a Risk Assessment process? SAS 70

Posted by: sas70expert
Management, Risk management, Financials, CFO, SAS 70, budget

What is a fixed asset you say? And what is it’s value today? Don’t know where to start? Call your insurance company….if you don’t have your most precious business assets formally listed or insured, then you need help. From your insurance policy and from your understanding of what are key components that drive your revenue stream, you should be able to get a good idea of how many computers/servers that you have and what is their monetary value.

 

After asset identification, make sure you determine the replacement cost of your equipment. Recently, in discussions with IT Director at a Fortune 500 Company, he noted that he had made a formal listing of all his information technology equipment. Soon after, he had a flood to occur in his datacenter. Upon contacting his insurance company, he noted that he would only be reimbursed for the depreciated value of his equipment, not the replacement cost. Your $3000 server that you bought today, may only be worth $700 as soon as you walk out of the store when considering the depreciated value. Lesson learned — List your assets, but also understand how much it would truly cost to replace them.

 

When determining value, monetary terms are not always identifiable. You may have to perform some “ciphering.” Talk to your Company’s CFO or controller, as you may have to understand how the assets are used to generate revenue. From there, determine if the asset value can be calculated by determining a percentage of revenue. Using a financial ratio to determine value can be very subjective, so it is wise to gather several opinions.

 

As a starting point in a SAS 70 audit, when examining the risk assessment process, the auditor will want to verify that all critical assets have been identified and if you have assigned appropriate values. If you Google the blue book value of your server, or review Craig’s list to determine the price that similar products are selling for, be sure to keep a record so that your auditor may review also. Get your asset list completed today and determine the values, otherwise you may fail to meet your Corporate objectives. SAS70ExPERT@gmail.com.

 

Sep 5 2008   7:19AM GMT

Successful traits of a CIO equal successful SAS70 audits (Part 5) – SAS 70

Posted by: sas70expert
Security, Compliance, Auditing, Financials, Network, CIO, SAS 70

Do you have 3 mainframes systems and one stand alone application that you use for recording financial results? Do any of these systems talk to one another? Are you starting to use Saas applications to better manage your data? Knowing how to leverage technologies, old or new, is key to being an effective CIO.

 

During a SAS70 audit, it is critical that you have an deep understanding of your systems and how they work together. If you are able to provide documentation, such as network diagrams, and data hierarchies to your auditor, then they will be more efficient when determining the controls necessary to be tested within your organization. An effective CIO cannot leverage technologies within corporate walls or as outsourced solutions without having a complete understanding of IT networks, applications, and operating systems. What helps you know how to leverage your company technologies? Or to predict what technologies will work best within your company?   

Sep 2 2008   8:57PM GMT

Successful traits of a CIO equal successful SAS70 audits (Part 4) – SAS 70

Posted by: sas70expert
Compliance, Auditing, Financials, CIO, SAS 70, budget, bugeting

Budgets, financial statements, and account analysis all provide you with detailed information on the financial operations of your company. An effective CIO must have a good grasp of his Companies revenue and expenses and how this information flows into his IT operations.

 

If you are aware of the finances of your operation, then you will be able to understand the facets of the SAS70 audit that deal with the testing and examination of financial transactions. By understanding the processes that record financial transaction, an effective CIO will quickly be able to explain abnormal differences to an auditor. Do you have financial information required to manage your operations? Or are you still managing with an abacus? What types of reports are most effective for helping you guide your organization? Are you using balanced scorecards? Sas70expert@gmail.com

 

Aug 7 2008   7:06PM GMT

Do Risk Assessments increase profits? SAS 70 (part one)

Posted by: sas70expert
Security management, Security, Information risk management, Risk management, Financials, CIO, DataCenter, CFO, SAS 70, CSO

SAS70 audits are becoming a standard for any outsourced organization. As part of the audit process, a company must perform an internal risk assessment of the IT and business related risks. According to a recent survey of IT Executives, here are the top five areas of most concern:

 

1. Security
2. Systems management tools
3. Virtualization solutions
4. Product road map
5. Power consumption

 

While power consumption was number five, I think that it has taken on great significance today than ever before. If you are paying $4.50 at your local gas dealer, then you can expect to continue to pay higher prices for electricity for your data center. What steps are you taking to conserve energy? Are you a part of a “green revolution?” From the component level, the server and rack level and up all the way to the datacenter, I would expect everyone is finding ways to cut costs, and increase profit. I think a risk assessment which reviews the operating details of your Company will assist you in meeting corporate objectives.   

Jul 1 2008   5:45PM GMT

Do you need the Secret Service to guard your data? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Database issues, Disaster Recovery, Networking, Active Directory, Network security, Storage, Security, Network monitoring, Servers, Microsoft Windows, Information risk management, Management, Security Program Management, Risk management, human factors, Database, Database Management Systems, business/IT alignment, Access, Financials, Access control, Industry Solutions, Data center operations, Network Management Systems, Data center design, Network, CIO, DataCenter, DataManagement, CEO, management software, Single sign-on, FTP, CFO, cooling systems, Backup & recovery, Exchange, Backup, power systems, SAS 70, budget, bugeting, CSO

It’s election year and security to protect some of our most valuable assets is being discussed more frequently – including politicians and data privacy requirements (proposed Regulation S-P). Does that mean you should be considering the Secret Service to guard your data? I don’t think so; however, you should have a plan to manage risk of data loss. This plan should contain proactive thinking that promotes a culture of prevention. A SAS70 audit will assist you in determining your vulnerabilities and identifying weaknesses in information technology network; however, you must continually assess and evaluate scenarios, and stay informed of the latest and greatest networking threats. Communication and training are key to a data protection plan. What are some of the other characteristics?SAS70expert@gmail.com

 

Jun 28 2008   1:33AM GMT

Are you ready to make decisions as CSO or CIO? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Networking, Security, Strategic Enterprise Management, Microsoft Windows, Information risk management, Career development, Management, Security Program Management, Compliance, Risk management, human factors, business/IT alignment, Auditing, Monitoring, Financials, Data center operations, CIO, DataCenter, DataManagement, CEO, management software, CFO, Email, Exchange, SAS 70, CSO

As you complete that CISSP or CISA designation and move up the corporate ladder, do you have the right skills to begin making the decisions as CSO or CIO? Even if you have a great understanding of IT operations(networking, disaster recovery, datacenter management), compliance(SAS70, Webtrust, Systrust, SOX), and leadership(Project management, financial budgeting and administration), if you don’t communicate effectively you will not make the list. IT leaders can write, speak until they are red in the face; however, if they are unable to speak general business language, the business audience will not support their IT objectives or provide funding. Some of the more important skills to have as CSO or CIO are:

• Communicate effectively
• Lead during a disaster
• Provide an IT strategy

 What are the important skills that a CSO or CIO must have to be a success? As a team leader? To build Board support? To be an effective information technology project manager/business leader? To build another Google, Microsoft Windows, or Email Exchange?

SAS70ExPERT@gmail.com