Making compliance work for you

by David Greene

February 21, 2007 —

Just because you passed your last compliance audit doesn't mean that you'll pass the next one. So what can you do about it? Change your perception.

If you want to be fully prepared for an audit, consider altering the way you approach compliance. Think of Sarbanes-Oxley (SOX) as an opportunity to improve your IT and operational processes and technology. Organizations that take a minimal, project-based approach with SOX - rather than treating it as an ongoing compliance program - are less likely to gain additional business value from their compliance investments. Instead, try taking a risk-based approach that identifies the impact to the business if a control fails.

For example, if your company's key source of revenue comes from its online business, things can come to a screeching halt if your Web server goes down during manual maintenance tasks. Instead, consider using automated controls to manage changes to your Web server. Replacing tedious, manual controls with automated controls will more quickly satisfy auditors and can free up your staff to focus on other innovative projects. It may be the catalyst for reviewing your existing processes, such as those for change control, and determining how they can be streamlined, simplified, and standardized.

Instead of viewing compliance as a project that must be grappled with every nine months, embrace it as a sustainable process. This approach will enable your organization to support SOX objectives and will help you run your organization more efficiently and flexibly, something that will become even more significant as IT's role in compliance continues to grow. Make compliance a part of how you do business in IT, and you will spend less time with auditors and more time running a better IT organization.

The ideas expressed in this article are solely those of the author and do not necessarily reflect the opinions of ITworld.com.

BMC Software