budgets

Here's one way to cut back on T&E fraud

Jim Kim — Tue, 18 Nov 2008 19:19:51 -0500

We've noted recently that more companies seemed bent on instilling better travel and entertainment cost controls. Let's face it: The expense account is among the easiest to fudge. At some companies, T&E "fraud," for lack of better word, is a great pastime, but it's going to get harder to fudge expenses. Financial Week reports that more companies are slashing T&E budgets. A Towers Perrin survey has found that 75 percent of its clients say they're likely to scale back in 2009. You can bet that the funds that are spent will get a lot more scrutiny, so an employee would be crazy to try any shenanigans now. Companies that invested in automated solutions will likely find it easier to grapple with the new austerity. For those lacking such solutions, it's unclear how efficient a manual crackdown would be--you might end up asking for a lot more paper.

For more:
- here's the article

Time to get serious about ERM?

Jim Kim — Wed, 05 Nov 2008 19:21:04 -0500

We've noted recently that risk management has moved to the top of the agenda at some companies, and even the PCAOB, which is pushing its seven new risk standards. For enterprise risk management vendors, this counts as a great marketing opportunity. Compliance Week notes that Standard & Poor's has decided it will take a closer look at ERM in establishing its ratings reviews. It will begin discussing ERM in the fourth quarter, with an initial look at risk-management culture and management. A rating or scoring system isn't expected immediately. Despite constrained budgets, companies seem to be getting more serious about ERM. Article

IT folks struggling with compliance, still

Tue, 20 May 2008 06:59:59 -0400

Is anyone really surprised by this? A recent survey by Shavlik Technologies (vendor survey alert!) has found that IT professionals are still struggling with compliance issues, according to Redmond Channel Partner Online. The survey, which asked questions of attendees at RSA Conference and Infosecurity Europe, said that "the No. 1 difficulty among IT pros was finding an all-encompassing approach to tackle vulnerabilities, protect data and meet compliance objectives--all while doing that pesky thing: their actual jobs." This situation stands to get even worse as budgets shrink. The to priorities are not surprising: 1) Data protection, integrity and information leakage, 2) Internal network security, and 3) IT policy and governance. If there is some sort of breech, you can bet the IT will be among the first questions. They know this all too well.

For more:
- here's the article

Data center growth to explode

Tue, 20 May 2008 06:59:59 -0400

We've been talking a lot about the growth of data centers, a market that has skyrocketed because of Sarbanes-Oxley and other regulations, as well as the need for better disaster recovery options. Large companies are set to boost the market again in 2008. According to a survey by Digital Realty Trust, nearly 90 of 300 large US firms said they "would definitely or probably expand their data centers over the next 12 months," notes CBR. Almost half say they will expand to three or more data center locations. Square footage is expected to grow by 50. All this at a time when IT budgets are under pressure. Some are warning that this growth looms as a nightmare in terms of the costs of running and cooling all those servers. Energy's not cheap these days. But what choice do companies have?

For more:
- here's the CBR article
- here's a CIO Insight article on the looming problems

Take steps to control the "new face" of fraud

Tue, 05 Feb 2008 06:59:58 -0500

There is some talk that the most likely perpetrators of crime within an organization are no longer likely to be the top executives. Thank Sarbanes Oxley. The most likely fraudsters may stem from the rank and file management pool. So you may want to think about what to do discourage this. You need a program, says Yigal Rechtman, head of the forensic accounting department for Buchbinder, Tunick, and Company. High on his list: avoid reliance on budgets to root out fraud (they're too easy to hide stuff in); install a tip line; get credit reports on employees. More tips

Is your disaster recovery system up to speed?

Mon, 09 Apr 2007 20:01:39 -0400

Most compliance people would agree that disaster recovery has become a compliance issue. You have to be focused on data and records retention, even in the face of something catastrophic. This is likely one reason that the global market for data protection and recovery systems is projected by IDC to surge to $200 million by 2011, up from $58 million last year. There's a lot of innovating at work, notably new disk-based technologies and people are upgrading to tools that can better manage complex protection configurations. One bubble of activity is centered on smaller companies. They also perceive the need for enhanced services, but are limited to a degree by their budgets. Increasingly, there are more solutions being aimed at these companies.

For more:
- here's a release from one company, Unitrends, that aims to make a splash.

More CIOs benefit from Sarbox

Mon, 05 Feb 2007 19:01:39 -0500

For information technology execs, Sarbanes-Oxley has been a mixed blessing. True, there's more pressure than ever and a lot of systems flaws have been revealed. But some CIOs and others have been able to use Sarbox to their advantage. According to Baseline, some have used compliance requirements as a way to initiate strategic systems reviews. Others have consolidated multiple ERP systems into one. Still others have upgraded different infrastructure segments. Many have been able to boost their budgets and hire new workers, and quite a few have become versed in financial notions of risk, which only makes them seem that much more well-rounded. For these CIOs, compliance has been a boon, one that has raised their internal stature. Now, I do not expect one to be seen as a candidate for CEO. Still, it seems wise to view Sarbox as a vehicle for positive change.

For more:
- read this article

Related Article:
Should the CIO report to the CFO? Report
Flexible compliance saves time and money. Report
Sarbox pushing IT salaries higher. Report

Get a grip on supply chain risk

Mon, 08 Jan 2007 19:01:39 -0500

Supply chain management is getting a lot more complex, apart from Sarbanes-Oxley, natural disasters, terrorist threats and the like. For many large companies, supply chains are far flung networks that represent a lot of risk to the enterprise. Unsurprisingly, a new study from AMR Research has found that nearly half of firms surveyed have indicated that they will implement or evaluate risk-management technologies over the next two years. That is a bit vague; what does "evaluate" really mean? Still, more than 50 percent of firms plan to increase their budgets for risk management over the next 12 months. Of those firms, the average spending increase will be 17 percent a year. Obviously, compliance and risk go hand-in-hand at the supply chain level, and you had better not be caught unprepared. The critical compliance issue is to make sure whatever plans you put in place to ensure or secure supply can support your compliance needs in ways that are not onerous and perhaps even supportive.

To learn more:
- see this press release

Steps to balance security and compliance

Mon, 08 Jan 2007 19:01:38 -0500

We've noted before that compliance burdens imposed on the IT side of the house may be working against the firm's security needs. Indeed, you can be fully compliant and less secure than you were before. With this in mind, one commentator has suggested five principles for balancing these needs: 1) Base your security program on a security framework, 2) Leverage compliance budgets for information security controls, 3) Automate policy compliance and auditing, 4) Be prepared to manage change in threats and regulations, and 5) Create an effective awareness and training program. Read more about these principle in this article on SearchSecurity.com.