Author
 Mitch Irsfeld
RSS
E-Mail

Profile of Mitch Irsfeld

News & Commentary Posts: 49
Articles by Mitch Irsfeld

Tips On Information And Records Retention Management

3/30/2006
Knowing that proper information management can be the most effective means of reducing risks and bolstering regulatory compliance efforts, ARMA International, the not-for-profit professional membership association for records management professionals is offering some simple tips on setting your records and information management policies.

Post a Comment

Don't Overlook Project Management Applications

3/13/2006
The first, and potentially highest, hurdle in shifting compliance management from a labor-intensive manual activity to an automated process is defining the scope of the project. That entails chores like identifying stakeholders and their roles, setting milestones and determining things like workflow and sign-offs. In fact, this is where many companies pressing toward compliance automation get stuck and flounder. And when sighting down on a compliance problem, it's easy to overlook some obvious

Post a Comment

Simple Ideas Can Be Big Ideas

3/1/2006
As we continue to find out, there are many ways to skin the compliance cat, especially when it comes to archiving. And every once in a while simple ideas crop up that are relatively inexpensive to deploy and can really help the compliance cause. Here's an example: We've all heard that archiving is less than half the battle in proving compliance with several key regulations. Once the data is archived, you have to be able to quickly search and discover the files critical to any ongoing litigation

Post a Comment

It's Not Wise To Neglect Certain SOX Requirements

2/27/2006
If you're still harboring doubts about meeting your SOX deadlines, you might want to check out a webinar tomorrow (Feb. 28) that features Michael Horowitz, commissioner of the United States Sentencing Commission (USSC). The event, titled, "Upward Mobility: Leveraging Your Sarbanes-Oxley Investment for Broader Risk Management," will take place 1 p.m. EST. Co-hosted by compliance vendor Axentis and Business Finance Magazine, speakers will also include

Post a Comment

Small Companies Could Get Permanent SOX Breaks

2/20/2006
So how many of you are surprised that the Securities and Exchange Commission is looking to possibly withdraw the Section 404 requirements of Sarbanes-Oxley for small businesses? It seems to be one of those controversies that won't go away. We learned that an advisory panel is expected tomorrow to urge the SEC to eliminate Section 404 compliance for smaller companies. The agency has twice extended the SOX comp

Post a Comment

Don't Kid Yourself, Automation Is Hard

2/7/2006
Listen to technology vendors and automating compliance processes seems like a snap. Listen to the companies trying the reach the level where they can even think about automating their processes and you come away with a more realistic picture. No one is patting their CIOs on the head for waving the magic automation wand yet. At first, I was a little alarmed to read the surveys that showed a majority of organizations felt they would be approaching 2006 with few, if any, more compliance processes

Post a Comment

More Guidance On Regulations

1/31/2006
We can all use a little guidance when it comes to identifying how regulations will affect our business processes and IT environments. The hard part is figuring out how compliance requirements change based on geographic variables and vertical markets. And such guidance is starting to emerge. Two directories/guides were recently announced; both are free after registration, but only one is currently available. The Object Management Group (OMG) and the OMG Regulat

Post a Comment

Keep The Knives Away From Storage

1/26/2006
Will storage concerns outweigh security this year? It seems like a stretch but that's what a recent survey by Glass House Technologies indicates. According to Glass House's "2006 Storage Budget Survey", 2006 will be a year for holding down costs and that means IT will be wringing out more efficiency from storage architectures. Now, Glass House is a provider of independent services that help organizations solve enterprise storage problems and focuses on in

Post a Comment

If Compliance Costs Are Still Rising, Something Is Wrong

1/24/2006
Analysts and vendors have been telling us Sarbanes-Oxley compliance costs should go down each year, but in a recent reader poll, more than half of our respondents claimed they are expecting just the opposite. A third of respondents did, however, expect their compliance costs will go down this year. That tells me one of three things is happening: Either the promised return on investment from tools already applied to the p

Post a Comment

Vendor Partnerships Mean Added Functionality

1/17/2006
Market dynamics often mean good news for users when it comes to technology products, especially when competition drives prices down, but there are other dynamics that work to your benefit; for instance, when vendors partner to deliver more features and services to round out their offerings. The market for compliance-related software and services is still young, and you've probably heard me warn here before not to expect these products to meet all your requirements. Not to say that all complianc

Post a Comment

A Universe Of SOX Assistance

1/6/2006
Two years into the regulation, the issues of Sarbanes-Oxley compliance, technical and otherwise, are so diverse and complex that an entire sub-industry has emerged to assist companies looking for resources, technology or just good old advice. Most of those resources have a Web presence, so from time to time I'll point you to some of the more useful Web content. Here's three sites to check out: The Sarba

Post a Comment

Prediction No. 10: Continuous Controls, The Intersection of BPM, ECM And Event Monitoring

12/30/2005
This final prediction for 2006 is a look at where the rubber will meet the road in the journey toward a sustainable, automated compliance architecture. Your goal is to create an environment of continuous controls, but what exactly is that? Continuous controls are something that analysts, consultants and auditors stress but, somehow, only vaguely describe. It will be your number one priority for compliance management but there is no silver bullet technology that gets you there. There are no pre

Post a Comment

Prediction No. 9: The Watchword in 2006 Will Be Sustainability

12/22/2005
Every organization subject to regulatory compliance needs it; every vendor of compliance tools promises it; so achieving it is a piece of cake, right? Unfortunately, when the "it" in question is a sustainable, automated compliance management framework, its existence has been a bit hit and miss. The main problem with a promise like sustainability is that it means something different to nearly all organizations, not to mention nearly all vendors of IT products and services. Sustainable complian

Post a Comment

Prediction No. 8: SMBs Forced To Wear Their Compliance Hats

12/20/2005
With most of the regulatory focus up to this point on larger public companies, financial institutions and healthcare providers, it wasn't until the last half of 2005 that we started to see a concerted effort on the part of technology vendors to scale down compliance-related systems and tools for small- and medium-sized businesses (SMBs). It was only a matter of time; the SMB market is huge, hot and underserved, especially when it comes to compliance. Vendors focused first on the low hanging fru

Post a Comment

Prediction No. 7: SOX Still Takes The Blame

12/15/2005
The laws of physics still apply to compliance spending. In my second prediction in this series on the expected reduction in manpower costs associated with SOX compliance, I said that the funds spent in 2005 to automate SOX compliance processes would pay-off with a nice reduction in manpower costs. But for every action there is s separate but equal rea

Post a Comment

Prediction No. 6: The IT Hand-Off Brings Focus On Cost

12/12/2005
I've already discussed in an earlier prediction the biggest and most annoying cost of compliance; the manpower dedicated to manual compliance processes, including human auditors. But there's more to consider than people costs. Some companies have used Sarbanes-Oxley as an excuse to re-examine their core business processes for ways to drive out cost. In fact, cost reduction and return on investment will be the focus of SOX compliance activity in 2006. Why? Because it's time to complete the hand-

Post a Comment

Prediction No.5: New Content To Manage

12/7/2005
Remember your first reaction when you found out you had to manage content like e-mail and instant messages as part of the business record for compliance regulations like Sarbanes-Oxley. Remember the collective "Oh Brother" you heard from your department. Well repeat after me . . . "Oh Brother" because its happening again. With the growing popularity of blogs in the enterprise and the use of wikis in corporate settings, these outlets are being recognized to contain potential material information

Post a Comment

Prediction No. 4: A Central Theme

12/6/2005
After going out on a limb for my third prediction for the new year, I'll make another semi-safe forecast this time around. What compliance management, disaster recovery, and general process optimization has shown us in 2005 is that some data is just better off centralized. At the very least, the views to data need to be centralized, but companies found this year that managing for Section 404 of SOX, or ge

Post a Comment

Prediction No. 3: Lockdown On Customer Data

12/2/2005
This one might put me out on a limb, but I'm going to say that in 2006 we will see a marked reduction in customer data theft cases. Why, because it's on everyone's radar. Today, close to half the states have enacted data privacy laws modeled after California's SB-1386, requiring companies to out themselves when a breach occurs. And late last month, the Senate approved the Personal Data Privacy and Security Act
Post a Comment

Prediction No. 2: Manpower Reductions

11/30/2005
With more and more manual processes associated with Sarbanes-Oxley compliance activities being automated through technology, we expect the people costs for SOX to fall off dramatically in 2006. This is actually a pretty safe bet since it will be the third year that large public companies have had to manage SOX compliance. One could assume that everyone is getting more adept, including the independent auditors, so manpower costs should go down as a percentage of overall costs associated with SOX

Post a Comment

Let Us Predict

11/28/2005
The holiday season is now officially out of its cage and you know what that means . . . Yup, it's time for that annual right of analysts, pundits, journalists and wags everywhere to vent their predictions for the coming year. But rather than wait and wrap all predictions up in a nice holiday bundle, I think I'll meter out our guesswork in the time-honored tradition of seasonal marketing campaigns that dictate the emergence of flocked trees and jingle bells shortly after the back-to-school sale

Post a Comment

Something Else To Worry About, Or Not

11/22/2005
It's right before Thanksgiving and I'm trying hard not to think curmudgeonly thoughts but just in case you haven't noticed your users downloading AOL's spiffy new IM client (which is much more than an IM client) be aware that instant messages aren't the only thing that could be breaking your compliance policies. The new AIM Triton service, which became available for free download today, is an integrated communications client that off

Post a Comment

What Happens In The Clubhouse Doesn't Stay In The Clubhouse

11/15/2005
There is a code of conduct in professional sports dictating that what happens or gets said in the locker room stays in the locker room. Well, a quick scan of the sports headlines shows how closely that honor rule is followed. And the same holds true for corporate teams with the added problem of incidental and accidental information leakage. I've been on a bit of a harangue the last couple weeks about monitoring the internal flow of information for compliance policy violations, as well as the i

Post a Comment

Data Misuse Comes In Many Forms

11/4/2005
Yesterday I issued a reminder that data security and compliance meant protecting the data stores as well as the network perimeter, but good compliance practices also require a consistent and thorough monitoring of the way your users are interacting with the enterprise applications, in particular your databases. Once again we are talking mostly about internal intruders, those getting access to information they are not authorized to use or using authorized information in an unauthorized manner.

Post a Comment

Stop Making It So Easy

11/2/2005
An out-of-site, out-of-mind attitude toward data protection should leave most corporate exectives with that insecure, non-compliant feeling in the pit of their archives. And guess what? It does, but not enough take action—at least not yet. The threat is still perceived to be at the barriers, while stored data remains relatively unprotected. The reason for this continued problem remains relatively simple. Companies set up policies and systems and then monitor activity at the borders with t

Post a Comment

Regs Aren't Putting The Hurt On Fraud

11/1/2005
We would never get a chance to be a fly on the wall during something as sensitive as a fraud examination, but Oversight Systems provides us with the next best thing. The company released today the results of a survey of 204 U.S. fraud examiners identifying current institutional fraud trends. And the findings are, well, eye-opening, to say the least. Despite the increase in regulatory oversight, only seven perc

Post a Comment

Messaging Behind Closed Doors

10/27/2005
It used to be the case that internally created and internally transmitted messages (the oldest form of e-mail) were of little threat to the security posture of an organization. That was before we actually started monitoring what went on behind closed doors, so to speak. Organizations started paying a little more attention to internal messages once compliance and legal requirements made it more important to do so. But the focus for e-mail protection has always been on incoming messages, and more

Post a Comment

Before SOX, Archiving Was Just Good Procedure

10/25/2005
For small- and medium-sized businesses (SMBs), it may be the only procedure. Security is still the biggest concern for SMBs when it comes to their messaging systems, but archiving is starting to pick up steam as a priority for this group as well as large enterprises. So says a report just published by the Radicati Group, which contains the results of Radicati's survey of businesses with less than 500 employees.

Post a Comment

Being Compliant And Ethical

10/24/2005
From time to time, I like to let you know of inexpensive (or sometimes free) tools that might help guide your thinking as you begin or continue to roll out new compliance processes. I noticed a couple interesting new Web-based survey tools that help assess employee attitudes and awareness of integrity and antifraud risks as part of an ethics program evaluation. I found it interesting because it got me thinking

Post a Comment

Show Me The Value

10/20/2005
It's time for corporate America to get specific. Shortly after the SOX legislation was introduced, we heard a lot of drum beating about shareholder value and the rosy, glass-half-full notion that early adopters of compliance management technology would hold a competitive advantage over the kickers and screamers. It seemed plausible at the time—still does, but the examples of that actually happening are few and far between. So it gets me wondering: In the final analysis, will SOX go down a

Post a Comment

Tired Of Crying Wolf

10/19/2005
How many of you think life would be so much easier if the brass in your company actually took Sarbanes-Oxley compliance seriously? With all the fear and loathing voiced over the C-level accountability of Section 404, we still hear from IT managers that their bosses still don't take SOX seriously. The publicized fines levied for non-compliance have been few and far between, and the threat of incarceration for CEOs and CFOs has not been made real. Little wonder, according to some, why their comp

Post a Comment

Do All Compliance Roads Lead To BPM?

10/18/2005
The most confusing, frustrating and mind-numbing aspect of any compliance automation project is discovering that there are now a host of hardware and software tools for any compliance activity you can think of, and many you didn't think of. There are compliance tools that cost a couple hundred bucks and some that can set you back a couple hundred thousand just to initiate preliminary designs. If your company is like the majority who got past the initial regulatory audits the manual way, fixing p

Post a Comment

A Time For Assessment

10/4/2005
Now might be a good time to check your audit readiness. The good news is, compared to last year, companies are seeing more benefits from their compliance efforts.

Post a Comment

Compliance Appliance: I Like The Sound Of That

9/27/2005
I also like the fact that these devices could be a boon for small- and medium-sized businesses. This group in particular seems to have the most trouble meeting SOX requirements, and more and more compliance vendors are targeting this sector with less-expensive products that are easier to deploy, use and administer.

Post a Comment

Much Ado About Archiving

9/13/2005
Can the message archiving market really be that hot? If the volume of new products and services geared to the practice, and the amount of new research devoted to the topic, is any indication, then my completely unscientific and seat-of-the-pants analysis is . . . yes.

Post a Comment

Enterprise IM: Get Used To It

9/9/2005
When the Radicati Group released its five-year projections for the instant messaging market yesterday, the biggest news wasn't in the growth numbers, which call for a steady increase in worldwide IM traffic through 2009. More intriguing were the vendors present for a panel discussion and what they see as the opportunities that the growth numbers represent.

Post a Comment

Your Data Has Left The Building

9/6/2005
Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

Post a Comment

'Tis The Season For Not So Unusual Pairings

8/25/2005
Yes, we've reached that phase in the market cycle for compliance-related products and services where the vendors start climbing in bed with each other. And that's a good thing. No, really! We've known all along that the ability to set and enforce data use policies across an enterprise, on records and documents and even idle chit-chat, spanning everything spreadsheets to instant messages, well. . .that was going to take a lot of vendors working together or some heavy lifting by internal develop

Post a Comment

Happy Anniversary SOX

8/2/2005
It's been three years since the Sarbanes-Oxley Act was signed into law, and public companies are well into their second year of compliance. So where do we stand?

Post a Comment

How Are You With the "R" Word?

6/2/2005
Our current slate of lead feature stories all deal with the CIO's relationships and changing roles within the broader organization. We all know those relationships have been, how should we say, tested recently.

Post a Comment

The Rumor Of SOX ROI

1/11/2005
Sarbanes-Oxley-compliant organizations are starting to back up vendor claims that compliance management practices are producing benefits beyond compliance.

Post a Comment
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 24, 2014
Start improving branch office support by tapping public and private cloud resources to boost performance, increase worker productivity, and cut costs.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.