Roundtable

< Back

What is the single most challenging Sarbanes-Oxley issue today?

Robert Williams
CEO and Director
Manakoa Services Corporation

My answer to that question boils down to recognizing the need and benefit of creating repeatable and measurable control processes as part of ensuring compliance with Sarbanes-Oxley. The impact of Sarbanes-Oxley compliancy requirements runs broad and deep for todays organizations. The concern of a CEO, for example, is severe: I dont want to go to jail; for IT professionals the challenge is how to break down the project of achieving and maintaining compliance into a digestible process to confidently reassure senior management. Any way you approach it the equation can quickly seem complex and frustrating with an elusive solution.

The endgame we so often hear customers wanting to achieve is to get compliant, which to me sounds like they believe that once compliancy is met, theyre done. This aspiration is not accurate because compliancy is an ongoing process and therefore requires a means to institute a repeatable, measurable process. And, lets not forget that that process needs to evolve when new regulations come online. Manakoa delivers this capability and is a strategic differentiator in our approach to helping customers overcome their challenges and concerns.

Best results are achieved by combining people, policy and technology to create an ecosystem that works together to achieve successful compliance. The first step is to understand the regulations themselves and to begin the development of best-practices-based policies and procedures. You will need to apply risk management processes as a foundation, including a complete assessment of the current state of compliance, identification of key IT assets, potential vulnerabilities and impact analysis.

Furthermore, a comparison of the current state to the desired state as defined by the regulations will provide you with a basis for a compliance plan. From this point, application of needed controls for compliance mitigation is followed by auditing and reporting. As stated earlier, because compliance is a continuous activity, it is important that this effort is repeatable and measurable and can be accomplished through the use of technology integrated into existing business systems to monitor critical controls.

For most organizations seeking to supplement people and policy with appropriate technologies the question of ROI invariably comes up. In many cases it is often too early in the compliance process to have demonstrative data pointing to ROI. To date, there has been a great deal of money thrown at point products and retaining armies of consultants to conduct a compliancy audit, which only provides a single snapshot. First signs of ROI will be evident when corporations demonstrate compliancy by establishing controls to ensure correct financial reporting and protect private personal information. These controls can then provide timely understanding of a corporations compliancy level and allow management to allocate resources more precisely to protect the most important assets.

In other words, correctly aligning IT and accounting controls can directly affect an organizations ability to make informed decisions and provide return on investment for compliancy efforts. Real, tangible ROI will be realized when this process evolves to become repeatable and measurable at any time, thereby cutting exorbitant costs and elevating the strategic value of addressing regulatory compliance.

Robert Williams � Ph.D., chief executive officer and director, Manakoa Services Corp. Dr. Williams has over 20 years of senior-level IT management experience with companies ranging from startups to large technology firms and consultancies.

He was also instrumental in recent anthrax terrorist attack crisis management and remains active in anti-terrorism efforts. Previous positions include president of professional services organization PDS Advanced Technologies, president and founder of pioneering UNIX applications developer Decathlon Data Systems, a senior executive at UNISYS/System Development Corp., and dean of research at the University of California, Los Angeles (UCLA), and California State Polytechnic University.

A recognized technology expert, he was also the featured speaker in the international road shows sponsored by Microsoft Corp., HP, Compaq Computer Corp. and Tech Data Corp. on UNIX and Windows NT interoperability. He is the co-author of the best-selling �The Ultimate Windows Server 2003 Administrator's Guide� (Addison Wesley 2002) and other best-selling books.

Dr. Williams has a bachelor of arts and masters of arts from Whittier College, and a Ph.D. from UCLA. He was named by Microsoft as the Most Valuable Professional in the field of Security (2003�2005).

Advertise your product/service here!

About Us

Editorial