mountainview

accredited courseware accredited training corporate training consultancy

   home   accreditation   testimonials   mindmaps   navigator   rapid itsm   workshops   eclipse   downloads   bookstore   rationale   careers   news   blog   partners   contact us   about us

   

Regulatory Compliance

Many public companies are required to comply with regulations that govern and control their industry. For example, an HMO in the healthcare industry must comply  with the regulations specified by HIPAA to ensure that health records are protected, secured and access is authorized. 

Another example is Sarbanes-Oxley (SOX), the accuracy and timeliness of financial reporting relies heavily on a well-controlled IT environment. The Sarbanes-Oxley Act was enacted by Congress in 2002.  Essentially, the Sarbanes-Oxley Act establishes new standards for corporate accountability by requiring companies to assess and report the effectiveness of control procedures for financial reporting.  CxOs must certify and provide quarterly and annual reports to the SEC. Management must accept responsibility for the effectiveness of its internal controls, evaluate the effectiveness using suitable control criteria, and support this evaluation with sufficient evidence (such as records to validate the intent). Then internal and external auditors are required to verify and attest to these controls.  This places an unexpected burden on IT organizations because it represents a drastic shift in what they are now required to provide. Since the accuracy and timeliness of financial reporting depends on a well-planned and well-controlled IT environment, IT organizations must not only provide various forms of control documentation (as seen in the forms of manuals, flowcharts, memoranda, etc.), but also documentation about the effectiveness of those controls.

Many organizations simply don’t have mature IT processes in place to hold IT accountable.  IT service providers are relying on ISO 20000, ITIL, ISO 27000, and COBIT, to assist them in attaining regulatory compliance through IT governance.  According to the COSO Enterprise Risk Management method ,achieving internal controls require the following:

  • Internal Environment
  • Setting Objectives
  • Event Identification
  • Risk Assessment
  • Risk Responses
  • Control Activities
  • Information and Communication
  • Monitoring

Accordingly, Internal Control is a mandatory requirement for regulatory compliance [SOX, Bill198, HIPAA, BASIL2, GAAP, GAMP, ...].  Since IT is an integral part of the business, internal and external auditors will require that the IT organization demonstrate their internal controls.   But many IT organizations don’t yet have these internal controls in place. A company must first ask itself whether it is in control of the IT services required for business operations. If the answer is no, the next step is to use ISO 20000, ISO 27000, and COBIT to enable internal IT controls. 

Rapid ITSM enables this internal control by leveraging by providing documented evident to auditors.  Rapid ITSM is a non-proprietary open system that is anyone can use without extensive training.

Contact us for a webinar so we can demonstrate Rapid ITSM to you, no vapour-ware or smoke and mirrors, just that facts. 

  

 

  www.mountainview.ca

  Terms and Conditions of Use

  Copyright © 1992-2010 Mountainview Inc.

 

This website is best viewed with IE5 or greater

ITIL ® is a Registered Trade Mark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the U.S. Patent and Trademark Office

The Swirl logo™ is a Trade Mark of the Office of Government Commerce

PMP and PMBoK are a Registered Trade Mark of the Project Management Institute (PMI)

COBIT is registered to the Information Systems Audit and Control Association (ISACA)

itSMF is registered to the IT Service Management Forum