|
Public companies, and companies with future aspirations of going public, are adopting automated IT policies and practices in order to maintain an environment that meets the requirements as stipulated by the Sarbanes-Oxley Act of 2002 (SOX). Likewise, private companies are finding that they too can benefit by deploying the same corporate governance best practices to mitigate risk, improve processes and raise credibility among stakeholders and investors.
Signed into law on July 30, 2002, the Sarbanes-Oxley Act is a far reaching piece of US legislation impacting corporate governance, financial disclosure and public accounting practices. Created to restore public confidence in the capital markets in the wake of serious corporate abuses, the Act places significant new responsibilities on boards of directors and on management of public companies. The Act contains numerous provisions concerning corporate responsibility and enhanced financial disclosure, as well as other guidelines covering the detection and punishment of white-collar crime.
While the SOX Act does not explicitly define requirements for information technology, they do provide the guidelines for the requirements that companies must set in place to adequately maintain and protect the systems that support their financial reporting process. According to the Security and Exchange Commission (SEC),
SOX requires that companies must "Include in their annual reports a report of management on the company's internal control over financial reporting."
Due to the potential liability to corporate officers should their company not meet these requirements, IT organizations have turned to industry consultants and standards bodies for direction in interpreting the necessary IT requirements. The goal is to acquire and implement an automated solution that provides an auditable process and eliminates human error and process failures to the greatest extent possible.
To aid organizations in successfully meeting today's business challenges, groups such as the IT Governance Institute® (ITGI)
have produced standards like COBIT™ (Control Objectives for Information and related Technology). COBIT is an IT governance framework that enables IT management to bridge the gap between control requirements, technical issues and business risks. These best practices have been translated for regulatory compliance with SOX to assist organizations in determining the type of IT controls they must have in place.
The following is a list of key supporting COBIT areas and the contribution of the CaseSentry® Systems Management solution for that area:
| COBIT Recommendation |
 |
AI2
Acquire and implement application software
Acquire, deploy and update applications that support financial processes in order to protect integrity of transactions and data processed by those applications. |
CaseSentry is a complete systems management solution that manages the availability and performance of vital systems running financial applications. By identifying the root-cause of systems events, support personnel can immediately focus their efforts on the precise source of the problem. Minimizing mean time to repair (MTTR) increases systems availability and business impact. All events and actions taken for remediation are logged in an auditable database for analysis.
|
AI3
Acquire and implement technology infrastructure
Acquire, deploy, and update infrastructure that supports financial processes in order to protect integrity of transactions and data. |
CaseSentry is a vendor-agnostic management solution that monitors the complete business process, including all systems and infrastructure that supports an organization's financial systems. Using CaseSentry's dynamic Groups and Systems Console capability, management personnel can view the status and availability of this process to ensure proper operation and have visibility to remediation efforts when issues occur. |
AI6
Manage Changes
Manage and control system production environment changes to ensure control and integrity of financial accounts |
CaseSentry's Change Management application provides a comprehensive, formalized process to handle changes to the dynamic network and systems supporting financial data. It provides a common means to request, process and log the changes that are continuously occurring in the dynamic systems and network landscape.
The CaseSentry Change Management application contains a rich set of capabilities to help organizations implement an effective change management strategy. A key component is not only following a defined process that ensures the integrity of supported systems, but also to have a detailed audit trail that can be used to identify who made changes, what changes were made, when they were made, change success and business impact. As these capabilities are tightly integrated into CaseSentry Case Management, CaseSentry's positioning as the primary workgroup portal helps to ensure staff compliance and overall change visibility.
Additional applications, such as CaseSentry Version Control, provide automated functions such as configuration back-ups to support fast restoration of systems or infrastructure following a failure. CaseSentry monitors the success of such systematic process, generating an AutoCase and alerting support personnel when a process has failed so that immediate corrective action can be taken to restore it. |
DS1
Define and Manage Service Levels
Define and manage operations service levels to meet requirements specific to financial processes. |
CaseSentry contributes to these areas through the following capabilities:
- The Availability Report provides visibility to financial systems and infrastructure availability metrics. This data is used to monitor overall availability of the financial process, and to measure progress in response to ongoing upgrades and process improvement initiatives.
- Systems Console and other status views provide visibility to current service levels. CaseSentry's Groups capability can provide tailored views of all systems supporting the financial business process, financial systems of the same type or supported by an individual workgroup and systems by location or geography.
- Policy-based notifications maximize the awareness of systems issues, leading to faster response and minimized downtime for financial processes. Automated escalations are used to ensure service responsiveness per stated policy.
- CaseSentry's SLA Manager application allows organizations to set firm service level agreements (SLAs) around the availability of financial systems, ensuring that incidents involving these systems are properly acknowledged, quickly handled, and recorded for accountability.
|
DS9
Manage the Configuration
Ensure that security, availability, and processing integrity controls are set up in the system and maintained through an asset's life cycle. |
CaseSentry's Availability Management application consists of the following key capabilities to identify financial system failures and minimize corresponding system downtime:
- Systems and infrastructure monitoring
- Root cause analysis
- Notification of events
- Parent/child dependency relationship topology for all financial systems and applications
- Status Display Views
- Maps
- Tables
- Consoles
- Summaries
- Archival of complete systems status data, including time of failure, root-cause device, length of failure and how frequently it has occurred.
CaseSentry monitors the systems and applications that together make up the complete financial process. This includes such items as application services monitoring and synthetic transactions that replicate actual user experiences in accessing and using the systems.
CaseSentry also monitors the availability of firewalls and IDS systems that protect the financial systems.
|
DS10
Manage Problems and Incidents
Respond to system failures consistently and effectively in order to sustain operations and preserve the integrity of financial data |
CaseSentry's Service Management application contains an integrated, fully-featured Case Management system. This capability enables IT organizations to implement and maintain a formal process to log, manage and track problems and project initiatives that have impacted (or have the potential to impact) financial systems.
CaseSentry's AutoCases deliver optimal service management functionality. In response to CaseSentry identifying and validated systems and network problems it systematically opens an AutoCase, creating a repository for all subsequent CaseSentry and staff updates pertaining to that issue. Coupled with policy-based notifications and escalations, CaseSentry ensures that problems receive maximum visibility and timely handling to minimize financial systems impact.
The wealth of detail that accumulates in case history, together with the fact that case data cannot be changed, combines to form a comprehensive auditable knowledge base.
|
M1
Monitor the Processes
Monitor IT processes to ensure that various control objective requirements are consistently met. |
CaseSentry's integrated applications form a cohesive IT management and support process that resides on a common platform. CaseSentry provides an effective means to monitor compliance through the following:
- Availability Management, providing monitoring and management of your complete systems and network landscape. CaseSentry monitors all aspects of the systems supporting the end-to-end financial process.
- Service Management, providing an effective means to track problems and projects through to completion. Case history forms a knowledge base to review occurrences and service responsiveness. It's structured elements such the time/date an update was made, who made the update, and identification of specific failed systems through root cause analysis provide a valuable audit trail that enforces accountability and policy compliance.
- Workflow Automation, enabling streamlined support and service responsiveness through automation. Through automation of routine tasks such as configuration back-ups and recording systems event data in cases, policy compliance can be enforced with minimal human intervention.
- Service Level Management, providing visibility to your systems and network operations, support responsiveness and systems availability. Availability and other CaseSentry reports are used to track the health and operational status of financial systems. CaseSentry's SLA Manager application allows organizations to set firm SLAs around the availability of financial systems, ensuring that all incidents involving those systems are properly acknowledged, quickly handled, and recorded for accountability.
|
Available as a complete on-site subscription service, CaseSentry is quickly implemented and includes ongoing management administration to ensure your management is always synchronized with your systems and network environment. This eliminates the burden of your having to administer, maintain and upgrade the management application and supporting hardware, which allows your workgroups to focus on initiatives critical to your business. CaseSentry is available in a completely redundant configuration, and data is backed-up to an off-site location at routine intervals to ensure mission-critical accessibility.
|
