This article is a sidebar to The compliance tax
One compliance tool that helped Nicor Gas is the ArcSight Enterprise Security Manager, which collects and analyzes security data from devices such as firewalls, routers, switches and servers. Nicor uses it to correlate relevant security information and assess vulnerabilities — in particular with respect to system access requests.
The ArcSight software isn’t solely responsible for the 90 per cent drop in manpower, but it has helped Nicor to spot potential security issues more quickly and correct them before they multiply and require more resources to handle, says Mark Guth, manager of IT networks. “We’ve been able to clean up our security event log to the point where we feel much more confident about what’s traveling around the network and where we stand with respect to compliance.”
Micros Systems of Columbia, Md., also found compliance costs fell after the first year. Micros’ tab for complying with SOX was in the range of US$3 million to US$4 million in 2004. For 2005, Micros shaved off at least one-third of those costs, says Carmen Requena, an internal auditor at the company, which makes software for restaurants, hotels, casinos and retailers. “A lot of extra effort had to be put in the first year,” she says.
To help with the effort, Micros deployed software from OpenPages, which helps manage internal controls documentation and certification processes across all of Micros’ 60 worldwide divisions.
The company also reduced professional services expenses by establishing an internal SOX audit team and merging the group with Micros’ internal financial auditing department, Requena says. Everyone is smarter about SOX requirements in general, so the auditors — internal and external — are more in sync about what types of controls need to be in place and tested.
“Last year was almost like an ongoing, continual audit,” Requena says. “There was always someone asking for something.” This year will go more smoothly, because internal and external auditors are clearer about what they’re looking for, she says.