Prevari Risk Management

Article by Ben Worthen Via CIO Magazine

Companies are experiencing the reality that the auditing community has not defined clear standards on how to judge 404 compliance as defined by Sarbanes Oxley. The auditors are training on their client's time, and the clients are paying the bill while companies continue to implement reactive measures, versus a proactive and constructive method to define effective controls. New tools such as Prevari's Technology Risk Manager, provide the proactive mechanisms to “take control” of the auditing process, and provide a clear road map for audit focus and control remediation.

Article by Sanjay Srivastava Via Sarbanes-Oxley Compliance Journal

The business processes which surround SOX compliance add value to an organization.  Ongoing controls and measured trend analysis, will help to elevate technology risk from a subjective art to an objective management process.

Article by Maria Wakem Via Wall Street & Technology

Complying with multiple regulations requires a holistic approach that seeks to eliminate redundancy in the overall compliance program.  Individual siloed compliance programs are being viewed as  redundant and cost prohibitive.  A guideline that helps to define a strategy for a holistic and enterprise approach is suggested in this article.  Innovative tools to help measure risk in an enterprise-wide view will help to reduce the cost of compliance, and demonstrate reusable purposes across SOX and other regulatory initiatives.

Article by Steve Ranger Via ZDNet News

There is a growing concern that the fear of meeting section 404 compliance requirements, may cause organizations to over invest in security controls that are not appropriate given the business needs of the organization.  This highlights the need to gain a measured and objective view of how technology risk should be managed in the context of organizational risk.  Through objective measurement, organizations can make informed decisions that are based upon fact, not opinions or FUD (fear, uncertainty and doubt).

Article by Brian McDonnell Via Insurance Networking News

Helpful insights on how companies can prepare for section 404 control requirements as required by 7/15/05.  Key observations include the need to audit IT activities, identify and communicate all compromises, define mitigation approaches and demonstrate year to year improvements of all established control processes.  In order to manage critical control processes, it is necessary to effectively measure the effectiveness of these processes, and establish a repeatable process for ongoing measurement and reporting. Prevari offers the industries only objective process to provide a proven measurement methodology for security and risk controls.

Sarbanes-Oxley, like other government regulations, struggles to express the need for forward-thinking security that encompasses an organization’s entire infrastructure.  Clear, objective metrics that account for all security issues are needed to allow an organization to proactively manage its risk.  Unfortunately, no governmental agency has jumped the gap to create such metrics.  Prevari has the solution to effectively meet and exceed Sarbanes-Oxley compliance reporting criteria with truly objective metrics.  Contact Prevari at 763.377.3241.