Quick Links
Advertise with Sarbanes Oxley Compliance Journal
News


< Back

Sarbanes Oxley : Technology : Survey

Passing the SOX Audit: More than 60% Say They Aren?t Ready



Survey From Oracle Applications Users Group (OAUG) Shows Manual Controls Significantly Increase Operational Costs

Phil Neray
Vice President of Marketing
Guardium
Despite years of effort and millions of dollars of investment, nearly 61 percent of companies say they have not yet completed implementation of their Sarbanes-Oxley (SOX) compliance processes. At the same time, about 64 percent of those tracking SOX metrics report that they have already identified deficiencies within their financial/ERP database environments related to Sarbanes-Oxley.

These new findings from the Oracle Applications Users Group (OAUG), the leading Oracle user group, also reveal that companies are spending far too much on manual controls and processes ? and consequently, not enough on securing the critical data upon which their businesses depend. The survey is based on the responses of more than 200 enterprise IT managers and professionals.

Among organizations with more than 5,000 employees, 80 percent of the respondents say they require four or more full-time employees to manage database monitoring and compliance reporting ? which translates into a fully loaded operations cost approaching $500,000 per year. A related OAUG survey found that compliance management is still largely a manual process, with four out of ten respondents saying that most of their staff?s time is spent generating and editing compliance reports for auditors.

But help is on the way: 65 percent of the respondents say that automating database activity monitoring would save money. The report, ?Automating Compliance: The Role of Automation in Database Compliance Monitoring,? was commissioned by the OAUG, in cooperation with Guardium, and published by Unisphere Research, which specializes in tracking trends in the database industry.

Complex, Heterogeneous Environments
The complexity of large data centers may generate many of the challenges to adequate database compliance monitoring. Four out of ten of respondents from the largest enterprises say they are having difficulty extracting and consolidating audit data from disparate brands of enterprise applications, such as Oracle E-Business Suite, PeopleSoft, and SAP. Adding to the challenge, 75 percent of Oracle users say their companies also deploy other database platforms, such as Microsoft SQL Server and IBM DB2.

Databases are at the heart of most business-critical applications, wrote Unisphere analyst Joseph McKendrick. ?The main focus of any compliance effort, then, should be monitoring, auditing, and protecting the database,? McKendrick wrote.

Rogue Users, M&A Create New Risks The report also highlighted several high-risk conditions afflicting companies of all sizes:

• ?Rogue? privileged users ? such as administrators, developers, or outsourcers ? accessing confidential information for malicious purposes.

• A scarcity of technologies to easily monitor and enforce corporate policies regarding database change controls, password sharing, connections to databases from unauthorized applications, and viewing sensitive data.

• Poorly integrated application environments that often result from mergers and acquisitions.

Enforcing Change Controls, Monitoring Privileged Users and Failed Logins To protect the integrity of corporate financial information, auditors are now requiring organizations to monitor a wide range of database activities. The information collected includes:

• Change control data (database schema changes, cited by 79 percent)

• Privileged user activities (74 percent)

• Which users are accessing sensitive objects (64 percent)

• Failed logins (55 percent).

Security Best Practices Help the Business The report also states that, ?Many companies that have put processes and tools in place to address compliance have seen tangible results from their efforts.?

Better controls arising from compliance initiatives have resulted in:

• More than six out of 10 enterprise managers expect to see better alignment between IT and the rest of the business.

• More than half have improved the accuracy of financial data.

• Nearly half have leveraged compliance to identify inefficiencies in existing processes.

?Security and compliance go hand-in-hand. The ultimate goal is ensuring that organizations can effectively deliver reliable information to support their businesses, while minimizing risk,? said Phil Neray, Vice President of Marketing at Guardium. ?Securing the data in real-time and automating database activity monitoring are key ways organizations can protect their critical information while increasing operational effectiveness.?

To download a copy of the OAUG report, please visit www.guardium.com/OAUG.

Guardium delivers the most widely-used solution for database activity monitoring, security, and auditing. Founded in 2002, Guardium was the first company to identify the core data security gap and bring to market the only out-of-the-box solution that both protects databases in real-time and automates the entire compliance auditing process ? without impacting performance or requiring changes to databases or applications.

Guardium?s investors include Cisco Systems and leading venture capital firms. The company is a member of IBM's prestigious Data Governance Council and has partnerships with Oracle, IBM, Microsoft, Sybase, EMC, and HP. For more information, please visit www.guardium.com






About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY