Spring cleaning

This article is a sidebar to The compliance tax

One compliance tool that helped Nicor Gas is the ArcSight Enterprise Security Manager, which collects and analyzes security data from devices such as firewalls, routers, switches and servers. Nicor uses it to correlate relevant security information and assess vulnerabilities — in particular with respect to system access requests.

The ArcSight software isn’t solely responsible for the 90 per cent drop in manpower, but it has helped Nicor to spot potential security issues more quickly and correct them before they multiply and require more resources to handle, says Mark Guth, manager of IT networks. “We’ve been able to clean up our security event log to the point where we feel much more confident about what’s traveling around the network and where we stand with respect to compliance.”

Micros Systems of Columbia, Md., also found compliance costs fell after the first year. Micros’ tab for complying with SOX was in the range of US$3 million to US$4 million in 2004. For 2005, Micros shaved off at least one-third of those costs, says Carmen Requena, an internal auditor at the company, which makes software for restaurants, hotels, casinos and retailers. “A lot of extra effort had to be put in the first year,” she says.

To help with the effort, Micros deployed software from OpenPages, which helps manage internal controls documentation and certification processes across all of Micros’ 60 worldwide divisions.

The company also reduced professional services expenses by establishing an internal SOX audit team and merging the group with Micros’ internal financial auditing department, Requena says. Everyone is smarter about SOX requirements in general, so the auditors — internal and external — are more in sync about what types of controls need to be in place and tested.

“Last year was almost like an ongoing, continual audit,” Requena says. “There was always someone asking for something.” This year will go more smoothly, because internal and external auditors are clearer about what they’re looking for, she says.

QuickLink 060911

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now