Compliance aspects of online hosted apps improving?

Chances are that you've at least considered moving to Web-based apps for core productivity software, word processing and spreadsheets and even email services--especially if you are a small- or medium-sized firm. There's something appealing about it, and it might be cheaper. Astutely, Google has purchased on-demand security software maker Postini for $625 million. The idea is to add enterprise-quality security to on-demand, online applications, to allay customers compliance fears. It may turn the tide for some users. Some big firms especially may be wary of such apps because they might not seem kosher from a Sarbanes-Oxley point of view. You would have to think that any hosted service provider will have to move along similar lines.

For more:
- here's an article from Instant Messaging Planet

State of compliance: Automation catching on?

I know, I know. Most corporate surveys tend to be mere marketing. An attempt by a company to get some press, get its name "out there," and associate its brand with the appropriate issues. So we all take them with a grain of salt. Still, the Approva 2007 compliance survey of high-level finance, audit and IT execs included some interesting nuggets. "52 percent of respondents said their company will be spending less, 31 percent said they will be spending the same, and only 17 percent said they will be spending more." This strikes me as true for large companies but not so true for small companies, which are ramping up now. "83 percent of respondents are aware of the new guidance related to SOX from the SEC and PCAOB." Are you kidding? This strikes me as low. 53 percent of companies are not using a software solution to automate SOX compliance. "Of the 47 percent who are using software solutions, 34 percent report that between 30-50 percent of their controls remain manual versus automated." I have to think these numbers will head north.

For more:
- here's the survey results

Shortage of financial talent at home--and abroad

There has obviously been a lot of talk about outsourcing certain internal processes. The software-as-a-service movement seems to be intact. More service providers indeed seem bent on easing their customers concerns about the legitimacy of their services. See the next item on Google. What about the outsourcing of core financial functions. Well, there's a huge lack of talent that might make the idea interesting to you. There are some domestic providers of course--what about going offshore? Well, the fact is that there is a shortage of financial talent around the world. Deloitte surveyed more than 600 senior finance executives from 73 countries and found two-thirds thought that Asia's talent was limited or inadequate. Sixty percent said the same about Europe. At the same time, 42 percent said that they were barely able or unable to meet the demand for finance professionals.  

For more on the survey:
- here's a write-up

What the heck is ISO 27001?

You've likely been talking about an integrated approach to compliance, a platform, if you will, that can help you scale your system to new regulations as well as all the old ones. Don't make me repeat them. Sarbox, of course, ranks high on the list for most companies. When it comes to security, there may similarly be a need for an integrated approach. Which is why some people tout ISO 27001. Standards are pretty boring, but the approach makes sense. ISO 27001 supporters make the case that their standard offers a holistic approach that shatters the silos that can easily crop up. Intuitively, it makes sense to build something once and then tweak it as new rules come along.

For background:
- here's a q&a from TechTarget

Pay closer attention to the database wars

The database wars have raged for so-long, many people roll there eyes when it comes up. But financial and compliance managers may want to pay attention to the much-touted launch of Oracle's Database 11g. Let's face it, you're being held accountable for lots of data these days. And the database guys will certainly be making marketing hay out of all this. As far as 11g goes, enhanced partitioning and storage-related features may be worth looking at, if only to stay abreast of what's out there. You can expect the Microsoft vs. Oracle war to rage. Sybase certainly senses the issue. It will be interesting to see who, if any, comes up with features that really make a difference. Article

> Think you know a lot about Sarbanes-Oxley? Test yourself. Take this quiz.  

> Relief for small companies. I've said it before: Do not count on another small-company Sarbox extension. But the House has added an amendment to a bill that would do just that. I still doubt it will happen. Article  

> The SEC has announced another fair fund distribution. This one, for $316 million, will got to investors in Time Warner. Total distributions now total $2 billion. Article

> New book (not free) on practical tips for Sarbox compliance. Release  

> Tricky issues. Lawyers are grappling with discovery issues and personal email accounts. Article  

> Survey: CFOs lack succession plans. Article

> More on AIM's plans to snag more U.S. small companies. Article  

> Judge's ruling results in dropped charges in KPMG case. Article

> More on the need for an e-discovery action plan. Article  

> Sarbanes-Oxley still looms large in the U.K. Article  

> Another major breach of customer data. Article  

> LogicalApps helps Qualcomm with financial reporting. Article  

> Reference accounts: One way vendors sell Sarbox (and other) solutions. Article 

And finally... Are you a frustrated achiever? Article