A Time For Assessment

Now might be a good time to check your audit readiness. The good news is, compared to last year, companies are seeing more benefits from their compliance efforts.
Having that queasy feeling in your stomach about the prospect of upcoming compliance audits? If so, good for you, it shows a healthy respect for the challenge ahead. But why not take advantage of some of the tools out there to get a snap shot of your audit readiness? What could it hurt, right? It might help to ease that acid stomach, and it just might turn up a potential problem or two that no one thought of. Either way, you win, and some of these tools are free.

Two compliance vendors last week brought out readiness evaluation tools and services. GlassHouse Technologies was up first up with its Compliance Readiness Solution, a package of evaluation services for CIOs that assess compliance readiness and identify and close potential gaps in companies' data handling procedures.GlassHouse captures organizational requirements from corporate risk management, legal and audit groups and assesses an IT environment against those requirements.

The GlassHouse service isn't free, but BindView's new audit readiness assessment tool is. The BindView Compliance Assessment Tool is a free download that includes a set of survey questions, measurement criteria and associated controls. We'll have to see if the service remains free following Bindview's announced acquisition by Symantec.

And for $99 per regulation, Network Frontiers is offering a database of audit questions spanning 60 different regulations and standards.

The Good, The Bad And The Indifferent

How about some self-assessments? Here's an off-the-cuff reading on the effectiveness of Sarbanes-Oxley. Our most recent reader poll asked readers to review the impact of SOX now that audit time nears for the second time. I'll start with the good news: A third of the respondents indicated that the controls put in place to manage SOX compliance not only proved effective but returned a net gain by improving business process and exposing information that could have remained hidden without the new due-diligence.

Slightly less, 30 percent of the respondents said SOX efforts were a net loss, costing too much for the benefit derived from the new systems that have been implemented.

And slightly more, 36 percent, said the entire SOX compliance effort has been a wash, meaning any of the benefit derived from new systems, processes and resources devoted to SOX compliance is offset by the cost of implementation and administration.

In case you're wondering, when we asked these questions last year, 47 percent of the respondents said it was too early too tell. We didn't provide that option this time, because I refuse to accept it. Last fall, 26 percent of respondents indicated a net gain from their compliance management practices; only 17 percent said it was a net loss and 10 percent called it a wash.

Unfortunately, most of those who weren't ready to commit last time around have become net losers and the fence riders. But still, 69 percent of the current sample is finding at least break-even benefit from its efforts.Now might be a good time to check your audit readiness. The good news is, compared to last year, companies are seeing more benefits from their compliance efforts.

Editor's Choice
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Terry White, Associate Chief Analyst, Omdia
Richard Pallardy, Freelance Writer
Cynthia Harvey, Freelance Journalist, InformationWeek
Pam Baker, Contributing Writer