Resources for Federal Information Security Management Act (FISMA)

The Changing Face of IT

www.technewsworld.com

As new regulation comes out, we in IT find ourselves in the position of having more and more requirements to find technical solutions to. We find ourselves facing off against internal and external auditors on a regular basis. To do our jobs well, very often we need to understand the regulations we're subject to almost as much as the auditors do themselves.

So what are these changing conditions? First and foremost, we in IT have to deal with all sorts of regulatory and legal issues that we didn't have on our plate a few years ago. Remember Enron and WorldCom? Nobody's ever alleged that the root cause of the accounting scandals in these firms had anything to do with IT. However, in the post-SOX (Sarbanes-Oxley Act) world, we find ourselves in the position of documenting, demonstrating and justifying the "effective business controls" in use within the financial and accounting systems that we support.

Was it IT's fault that these scandals occurred? Absolutely not. However, in the interests of due diligence, we now have the burden of ensuring that these systems have sufficient controls to give our management the data that they need to make accurate and informed decisions.

For many of us, this represents quite a bit of extra overhead that we didn't have before. We have to work with the business to define the controls, we have to find technical ways to implement them, and we have to track them to make sure that they operate as we intend, and SOX is just the tip of the iceberg.

View the Resource

Share or bookmarklet this web page at: