Profile of Mitch Irsfeld
News & Commentary Posts: 49
Articles by Mitch Irsfeld
Knowing that proper information management can be the most effective means of reducing risks and bolstering regulatory compliance efforts, ARMA International, the not-for-profit professional membership association for records management professionals is offering some simple tips on setting your records and information management policies.
The first, and potentially highest, hurdle in shifting compliance management from a labor-intensive manual activity to an automated process is defining the scope of the project. That entails chores like identifying stakeholders and their roles, setting milestones and determining things like workflow and sign-offs.
In fact, this is where many companies pressing toward compliance automation get stuck and flounder. And when sighting down on a compliance problem, it's easy to overlook some obvious
As we continue to find out, there are many ways to skin the compliance cat, especially when it comes to archiving. And every once in a while simple ideas crop up that are relatively inexpensive to deploy and can really help the compliance cause.
Here's an example: We've all heard that archiving is less than half the battle in proving compliance with several key regulations. Once the data is archived, you have to be able to quickly search and discover the files critical to any ongoing litigation
If you're still harboring doubts about meeting your SOX deadlines, you might want to check out a webinar tomorrow (Feb. 28) that features Michael Horowitz, commissioner of the United States Sentencing Commission (USSC).
The event, titled, "Upward Mobility: Leveraging Your Sarbanes-Oxley Investment for Broader Risk Management," will take place 1 p.m. EST. Co-hosted by compliance vendor Axentis and Business Finance Magazine, speakers will also include
So how many of you are surprised that the Securities and Exchange Commission is looking to possibly withdraw the Section 404 requirements of Sarbanes-Oxley for small businesses? It seems to be one of those controversies that won't go away.
We learned that an advisory panel is expected tomorrow to urge the SEC to eliminate Section 404 compliance for smaller companies. The agency has twice extended the SOX comp
Listen to technology vendors and automating compliance processes seems like a snap. Listen to the companies trying the reach the level where they can even think about automating their processes and you come away with a more realistic picture. No one is patting their CIOs on the head for waving the magic automation wand yet.
At first, I was a little alarmed to read the surveys that showed a majority of organizations felt they would be approaching 2006 with few, if any, more compliance processes
We can all use a little guidance when it comes to identifying how regulations will affect our business processes and IT environments. The hard part is figuring out how compliance requirements change based on geographic variables and vertical markets.
And such guidance is starting to emerge. Two directories/guides were recently announced; both are free after registration, but only one is currently available.
The Object Management Group (OMG) and the OMG Regulat
Will storage concerns outweigh security this year? It seems like a stretch but that's what a recent survey by Glass House Technologies indicates. According to Glass House's "2006 Storage Budget Survey", 2006 will be a year for holding down costs and that means IT will be wringing out more efficiency from storage architectures.
Now, Glass House is a provider of independent services that help organizations solve enterprise storage problems and focuses on in
Analysts and vendors have been telling us Sarbanes-Oxley compliance costs should go down each year, but in a recent reader poll, more than half of our respondents claimed they are expecting just the opposite. A third of respondents did, however, expect their compliance costs will go down this year.
That tells me one of three things is happening: Either the promised return on investment from tools already applied to the p
Market dynamics often mean good news for users when it comes to technology products, especially when competition drives prices down, but there are other dynamics that work to your benefit; for instance, when vendors partner to deliver more features and services to round out their offerings.
The market for compliance-related software and services is still young, and you've probably heard me warn here before not to expect these products to meet all your requirements. Not to say that all complianc
Two years into the regulation, the issues of Sarbanes-Oxley compliance, technical and otherwise, are so diverse and complex that an entire sub-industry has emerged to assist companies looking for resources, technology or just good old advice.
Most of those resources have a Web presence, so from time to time I'll point you to some of the more useful Web content. Here's three sites to check out:
This final prediction for 2006 is a look at where the rubber will meet the road in the journey toward a sustainable, automated compliance architecture. Your goal is to create an environment of continuous controls, but what exactly is that? Continuous controls are something that analysts, consultants and auditors stress but, somehow, only vaguely describe. It will be your number one priority for compliance management but there is no silver bullet technology that gets you there.
There are no pre
Every organization subject to regulatory compliance needs it; every vendor of compliance tools promises it; so achieving it is a piece of cake, right?
Unfortunately, when the "it" in question is a sustainable, automated compliance management framework, its existence has been a bit hit and miss. The main problem with a promise like sustainability is that it means something different to nearly all organizations, not to mention nearly all vendors of IT products and services.
With most of the regulatory focus up to this point on larger public companies, financial institutions and healthcare providers, it wasn't until the last half of 2005 that we started to see a concerted effort on the part of technology vendors to scale down compliance-related systems and tools for small- and medium-sized businesses (SMBs).
It was only a matter of time; the SMB market is huge, hot and underserved, especially when it comes to compliance. Vendors focused first on the low hanging fru
The laws of physics still apply to compliance spending. In my second prediction in this series on the expected reduction in manpower costs associated with SOX compliance, I said that the funds spent in 2005 to automate SOX compliance processes would pay-off with a nice reduction in manpower costs.
But for every action there is s separate but equal rea
I've already discussed in an earlier prediction the biggest and most annoying cost of compliance; the manpower dedicated to manual compliance processes, including human auditors. But there's more to consider than people costs. Some companies have used Sarbanes-Oxley as an excuse to re-examine their core business processes for ways to drive out cost.
In fact, cost reduction and return on investment will be the focus of SOX compliance activity in 2006. Why? Because it's time to complete the hand-
Remember your first reaction when you found out you had to manage content like e-mail and instant messages as part of the business record for compliance regulations like Sarbanes-Oxley. Remember the collective "Oh Brother" you heard from your department. Well repeat after me . . . "Oh Brother" because its happening again.
With the growing popularity of blogs in the enterprise and the use of wikis in corporate settings, these outlets are being recognized to contain potential material information
After going out on a limb for my third prediction for the new year, I'll make another semi-safe forecast this time around. What compliance management, disaster recovery, and general process optimization has shown us in 2005 is that some data is just better off centralized.
At the very least, the views to data need to be centralized, but companies found this year that managing for Section 404 of SOX, or ge
This one might put me out on a limb, but I'm going to say that in 2006 we will see a marked reduction in customer data theft cases. Why, because it's on everyone's radar.
Today, close to half the states have enacted data privacy laws modeled after California's SB-1386, requiring companies to out themselves when a breach occurs. And late last month, the Senate approved the Personal Data Privacy and Security Act
With more and more manual processes associated with Sarbanes-Oxley compliance activities being automated through technology, we expect the people costs for SOX to fall off dramatically in 2006.
This is actually a pretty safe bet since it will be the third year that large public companies have had to manage SOX compliance. One could assume that everyone is getting more adept, including the independent auditors, so manpower costs should go down as a percentage of overall costs associated with SOX
The holiday season is now officially out of its cage and you know what that means . . . Yup, it's time for that annual right of analysts, pundits, journalists and wags everywhere to vent their predictions for the coming year.
But rather than wait and wrap all predictions up in a nice holiday bundle, I think I'll meter out our guesswork in the time-honored tradition of seasonal marketing campaigns that dictate the emergence of flocked trees and jingle bells shortly after the back-to-school sale
It's right before Thanksgiving and I'm trying hard not to think curmudgeonly thoughts but just in case you haven't noticed your users downloading AOL's spiffy new IM client (which is much more than an IM client) be aware that instant messages aren't the only thing that could be breaking your compliance policies.
The new AIM Triton service, which became available for free download today, is an integrated communications client that off
There is a code of conduct in professional sports dictating that what happens or gets said in the locker room stays in the locker room. Well, a quick scan of the sports headlines shows how closely that honor rule is followed. And the same holds true for corporate teams with the added problem of incidental and accidental information leakage.
I've been on a bit of a harangue the last couple weeks about monitoring the internal flow of information for compliance policy violations, as well as the i
Retailers and consumer products manufacturers need to take a more risk-based, top-down approach to Sarbanes-Oxley compliance in order to increase efficiencies, eliminate unnecessary work and reduce costs, according to a recent white paper issued by PricewaterhouseCoopers.
The document, titled "Leading Strategies: Streamlining Sarbanes-Oxley Compliance for Retail & Consumer Companies" offers three
Yesterday I issued a reminder that data security and compliance meant protecting the data stores as well as the network perimeter, but good compliance practices also require a consistent and thorough monitoring of the way your users are interacting with the enterprise applications, in particular your databases.
Once again we are talking mostly about internal intruders, those getting access to information they are not authorized to use or using authorized information in an unauthorized manner.
An out-of-site, out-of-mind attitude toward data protection should leave most corporate exectives with that insecure, non-compliant feeling in the pit of their archives. And guess what? It does, but not enough take action—at least not yet.
The threat is still perceived to be at the barriers, while stored data remains relatively unprotected. The reason for this continued problem remains relatively simple. Companies set up policies and systems and then monitor activity at the borders with t
We would never get a chance to be a fly on the wall during something as sensitive as a fraud examination, but Oversight Systems provides us with the next best thing. The company released today the results of a survey of 204 U.S. fraud examiners identifying current institutional fraud trends. And the findings are, well, eye-opening, to say the least.
Despite the increase in regulatory oversight, only seven perc
It used to be the case that internally created and internally transmitted messages (the oldest form of e-mail) were of little threat to the security posture of an organization. That was before we actually started monitoring what went on behind closed doors, so to speak.
Organizations started paying a little more attention to internal messages once compliance and legal requirements made it more important to do so. But the focus for e-mail protection has always been on incoming messages, and more
For small- and medium-sized businesses (SMBs), it may be the only procedure.
Security is still the biggest concern for SMBs when it comes to their messaging systems, but archiving is starting to pick up steam as a priority for this group as well as large enterprises.
So says a report just published by the Radicati Group, which contains the results of Radicati's survey of businesses with less than 500 employees.
From time to time, I like to let you know of inexpensive (or sometimes free) tools that might help guide your thinking as you begin or continue to roll out new compliance processes. I noticed a couple interesting new Web-based survey tools that help assess employee attitudes and awareness of integrity and antifraud risks as part of an ethics program evaluation.
I found it interesting because it got me thinking
It's time for corporate America to get specific. Shortly after the SOX legislation was introduced, we heard a lot of drum beating about shareholder value and the rosy, glass-half-full notion that early adopters of compliance management technology would hold a competitive advantage over the kickers and screamers. It seemed plausible at the time—still does, but the examples of that actually happening are few and far between.
So it gets me wondering: In the final analysis, will SOX go down a
How many of you think life would be so much easier if the brass in your company actually took Sarbanes-Oxley compliance seriously? With all the fear and loathing voiced over the C-level accountability of Section 404, we still hear from IT managers that their bosses still don't take SOX seriously.
The publicized fines levied for non-compliance have been few and far between, and the threat of incarceration for CEOs and CFOs has not been made real. Little wonder, according to some, why their comp
The most confusing, frustrating and mind-numbing aspect of any compliance automation project is discovering that there are now a host of hardware and software tools for any compliance activity you can think of, and many you didn't think of. There are compliance tools that cost a couple hundred bucks and some that can set you back a couple hundred thousand just to initiate preliminary designs. If your company is like the majority who got past the initial regulatory audits the manual way, fixing p
It was as inevitable as my next tax bill; the "rest of us" now have a reference guide for compliance. Wiley Publishing has added IT compliance to the Dummies series, in this case a pocket guide to help with an IT audit.
Now might be a good time to check your audit readiness. The good news is, compared to last year, companies are seeing more benefits from their compliance efforts.
I also like the fact that these devices could be a boon for small- and medium-sized businesses. This group in particular seems to have the most trouble meeting SOX requirements, and more and more compliance vendors are targeting this sector with less-expensive products that are easier to deploy, use and administer.
It probably didn't jump out as a big surprise when the SEC voted yet again to extend the Section 404 filing deadline for small-cap companies by yet another year. The commission's Advisory Committee on Smaller Public Companies investigated enough comments and complaints about the undue financial burden of SOX's Section 404 compliance on smaller public companies that a second extension was near
Maybe it's worse than I thought. Is anyone taking message archiving seriously?
Can the message archiving market really be that hot? If the volume of new products and services geared to the practice, and the amount of new research devoted to the topic, is any indication, then my completely unscientific and seat-of-the-pants analysis is . . . yes.
When the Radicati Group released its five-year projections for the instant messaging market yesterday, the biggest news wasn't in the growth numbers, which call for a steady increase in worldwide IM traffic through 2009. More intriguing were the vendors present for a panel discussion and what they see as the opportunities that the growth numbers represent.
Is that a good thing, or bad?
As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.
Confused about the expanding array of products designed to help manage messaging policies and compliance? A new Radicati Group report helps break down this evolving market.
Yes, we've reached that phase in the market cycle for compliance-related products and services where the vendors start climbing in bed with each other. And that's a good thing. No, really!
We've known all along that the ability to set and enforce data use policies across an enterprise, on records and documents and even idle chit-chat, spanning everything spreadsheets to instant messages, well. . .that was going to take a lot of vendors working together or some heavy lifting by internal develop
It's been three years since the Sarbanes-Oxley Act was signed into law, and public companies are well into their second year of compliance. So where do we stand?
Initiative looks to align more than 60 regulations and standards and deconstruct their requirements into a consolidated IT compliance view.
OK, let's get serious, no quips about corporate ethics being an oxymoron. We all know that a lot of the recent regulatory fervor was the result of an unethical few engaging in downright illegal activities. And now we're all wearing this compliance monkey on our backs.
Our current slate of lead feature stories all deal with the CIO's relationships and changing roles within the broader organization. We all know those relationships have been, how should we say, tested recently.
New Internet GEM suite will filter, monitor and archive data in a central database.
Sarbanes-Oxley-compliant organizations are starting to back up vendor claims that compliance management practices are producing benefits beyond compliance.