Disaster Recovery

Because information technology is now integrated in most businesses, a business continuity plan (BCP) cannot be complete without a corresponding disaster recovery plan (DRP). While a BCP encompasses everything needed – personnel, facilities, communications, processes and IT infrastructure – for a continuous delivery of products and services, a DRP is more focused on the IT aspects of the plan.

If you’re still not sure how big an impact loss of data can have, it’s time you pondered on the survival statistics of companies that incurred data losses after getting hit by a major disaster: 46% never recovered and 51% eventually folded after only two years.

Realising how damaging data loss can be to their entire business, most large enterprises allocate no less than 2% of their IT budget to disaster recovery planning. Those with more sensitive data apportion twice more than that.

A sound disaster recovery plan is hinged on the principles of business continuity. As such, our DRP (Disaster Recovery Plan) blueprints are aimed at getting your IT system up and running in no time. Here’s what we can do for you:

  • Since the number one turn-off against BCPs and DRPs are their price tags, we’ll make a thorough and realistic assessment of possible risks to determine what specific methods need to be applied to your organisation and make sure you don’t spend more than you should.
  • Provide an option for virtualisation to enjoy substantial savings on disaster recovery costs.
  • Provide various backup options and suggest schedules and practices most suitable for your daily transactions.
  • Offer data replication to help you achieve business continuity with the shortest allowable downtime.
  • Refer to your overall BCP to determine your organisation’s critical functions, services, and products as well as their respective priority rankings to know what corresponding IT processes need to be in place first.
  • Implement IT Security to your system to reduce the risks associated with malware and hackers.
  • Introduce best practices to make future disaster recovery efforts as seamless as possible.

We can also assist you with the following:

Check our similar posts

Knowing the Caveats in Cloud Computing

Cloud computing has become such a buzzword in business circles today that many organisations both small and large, are quick to jump on the cloud bandwagon – sometimes a little too hastily.

Yes, the benefits of the cloud are numerous: reduced infrastructure costs, improved performance, faster time-to-market, capability to develop more applications, lower IT staff expenses; you get the picture. But contrary to what many may be expecting or have been led to believe, cloud computing is not without its share of drawbacks, especially for smaller organisations who have limited knowledge to go on with.

So before businesses move to the cloud, it pays to learn a little more about the caveats that could meet them along the way. Here are some tips to getting started with cloud computing as a small business consumer.

Know your cloud. As with anything else, knowledge is always key. Because it is a relatively new tool in IT, it’s not surprising that there is some confusion about the term cloud computing among many business owners and even CIOs. According to the document The NIST Definition of Cloud Computing, cloud computing has five essential characteristics, three basic service models (Saas, Paas and Iaas), and four deployment models (public, community, private and hybrid).

The first thing organisations should do is make a review of their operations and evaluate if they really need a cloud service. If they would indeed benefit from cloud computing, the next steps would be deciding on the service model that would best fit the organisation and choosing the right cloud service provider. These factors are particularly important when you consider data security and compliance issues.

Read the fine print. Before entering into a contract with a cloud provider, businesses should first ensure that the responsibilities for both parties are well-defined, and if the cloud vendor has the vital mechanisms in place for contingency measures. For instance, how does the provider intend to carry out backup and data retrieval operations? Is there assurance that the business’ critical data and systems will be accessible at all times? And if not, how soon can the data be available in case of a temporary shutdown of the cloud?

Also, what if either the company or the cloud provider stops operations or goes bankrupt? It should be clear from the get go that the data remains the sole property of the consumer or company subscribing to the cloud.

As you can see, there are various concerns that need to be addressed closely before any agreement is finalised. While these details are usually found in the Service Level Agreements (SLAs) of most outsourcing and servicing contracts, unfortunately, the same cannot be said of cloud contracts.

Be aware of possible unforeseen costs. The ability of smaller companies to avail of computing resources on a scalable, pay-as-you-go model is one of the biggest selling points of cloud computing. But there’s also an inherent risk here: the possibility of runaway costs. Rather than allowing significant cost savings, small businesses could end up with a bill that’s bound to blow a big hole in their budget.

Take for example the case of a software company cited on InformationWeek.com to illustrate this point. The 250-server cluster the company rented from a cloud provider was inadvertently left turned on by the testing team over the weekend. As a result, their usual $2,300 bill ballooned to a whopping $23,400 over the course of one weekend.

Of course, in all likelihood, this isn’t going to happen to every small and midsize enterprise that shifts to the cloud. However, this should alert business owners, finance executives, and CEOs to look beyond the perceived savings and identify potential sources of unexpected costs. What may start as a fixed rate scheme for on-demand computing resources, may end up becoming a complex pricing puzzle as the needs of the business grow, or simply because of human error as the example above shows.

The caveats we’ve listed here are among the most crucial ones that soon-to-be cloud adopters need to keep in mind. But should these be reasons enough for businesses to stop pursuing a cloud strategy? Most definitely not. Armed with the right information, cloud computing is still the fastest and most effective way for many small enterprises to get the business off the ground with the lowest start-up costs.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
How to Reduce Costs when Complying with SOX 404

Section 404 contains the most onerous and most costly requirements you’ll ever encounter in the Sarbanes-Oxley Act (SOX). In this article, we?ll take a closer look at the salient points of this contentious piece of legislation as it relates to IT. We?ll also explain why companies are encountering difficulties in complying with it.

Then as soon as we’ve tackled the main issues of this section and identify the pitfalls of compliance, we can then proceed with a discussion of what successful CIOs have done to eliminate those difficulties and consequently bring down their organisation’s IT compliance costs. From this post, you can glean insights that can help you plan a cost-effective way of achieving IT compliance with SOX.

SOX 404 in a nutshell

Section 404 of the Sarbanes-Oxley Act, entitled Management Assessment of Internal Controls, requires public companies covered by the Act to submit an annual report featuring an assessment of their company?s internal controls.

This ?internal control report? should state management’s responsibility in establishing/maintaining an adequate structure and a set of procedures for internal control over your company?s financial reporting processes. It should also contain an assessment of the effectiveness of those controls as of the end of your most recent fiscal year.

Because SOX also requires the public accounting firm that conducts your audit reports to attest to and report on your assessments, you can’t just make baseless claims regarding the effectiveness of your internal controls. As a matter of fact, you are mandated by both SEC and PCAOB to follow widely accepted control frameworks like COSO and COBIT. This framework will serve as a uniform guide for the internal controls you set up, the assessments you arrive at, and the attestation your external auditor reports on.

Why compliance of Section 404 is costly

Regardless which of the widely acceptable control frameworks you end up using, you will always be asked to document and test your controls. These activities can consume a considerable amount of man-hours and bring about additional expenses. Even the mere act of studying the control framework and figuring out how to align your current practices with it can be very tricky and can consume precious time; time that can be used for more productive endeavours.

Of course, there are exceptions. An organisation with highly centralised operations can experience relative ease and low costs while implementing SOX 404. But if your organisation follows a largely decentralised operation model, e.g. if you still make extensive use of spreadsheets in all your offices, then you’ll surely encounter many obstacles.

According to one survey conducted by FEI (Financial Executives International), an organisation that carried out a series of SOX-compliance-related surveys since the first year of SOX adoption, respondents with centralised operations enjoyed lower costs of compliance compared to those with decentralised operations. For example, in 2007, those with decentralised operations spent 30.1 % more for compliance than those with centralised operations.

The main reason for this disparity lies in the disorganised and complicated nature of spreadsheet systems.

Read why spreadsheets post a burden when complying with SOX and other regulations.

Unfortunately, a large number of companies still rely heavily on spreadsheets. Even those with expensive BI (Business Intelligence) systems still use spreadsheets as an ad-hoc tool for data processing and reporting.

Because compliance with Section 404 involves a significant amount of fixed costs, smaller companies tend to feel the impact more. This has been highlighted in the ?Final Report of the Advisory Committee on Smaller Public Companies? published on April 23, 2006. In that report, which can be downloaded from the official website of the US Securities and Exchange Commission, it was shown that:

  • Companies with over $5 Billion revenues spent only about 0.06% of revenues on Section 404 implementation
  • Companies with revenues between $1B – $4.9B spent about 0.16%
  • Companies with revenues between $500M – $999M spent about 0.27%
  • Companies with revenues between $100M – $499M spent about 0.53%
  • Companies with revenues less than $100M spent a whopping 2.55% on Section 404

Therefore, not only can you discern a relationship between the size of a company and the amount that the company ends up spending for SOX 404 relative to its revenues, but you can also clearly see that the unfavourable impact of Section 404 spending is considerably more pronounced in the smallest companies. Hence, the smaller the company is, the more crucial it is for that company to find ways that can bring down the costs of Section 404 implementation.

How to alleviate costs of section 404

If you recall the FEI survey mentioned earlier, it was shown that organisations with decentralised operations usually ended up spending more for SOX 404 implementation than those that had a more centralized model. Then in the ?Final Report of the Advisory Committee on Smaller Public Companies?, it was also shown that public companies with the smallest revenues suffered a similar fate.

Can we draw a line connecting those two? Does it simply mean that large spending on SOX affects two sets of companies, i.e., those that have decentralised operations and those that are small? Or can there be an even deeper implication? Might it not be possible that these two sets are actually one and the same?

From our experience, small companies are less inclined to spend on server based solutions compared to the big ones. As a result, it is within this group of small companies where you can find a proliferation of spreadsheet systems. In other words, small companies are more likely to follow a decentralised model. Spreadsheets were not designed to implement strict control features, so if you want to apply a control framework on a spreadsheet-based system, it won’t be easy.

For example, how are you going to conduct testing on every single spreadsheet cell that plays a role in financial reporting when the spreadsheets involved in the financial reporting process are distributed across different workstations in different offices in an organisation with a countrywide operation?

It’s really not a trivial problem.

Based on the FEI survey however, the big companies have already found a solution – employing a server-based system.

Typical server based systems, which of course espouse a centralised model, already come with built-in controls. If you need to modify or add more controls, then you can do so with relative ease because practically everything you need to do can be carried out in just one place.

For instance, if you need to implement high availability or perform backups, you can easily apply redundancy in a cost-effective way – e.g. through virtualisation – if you already have a server-based system. Aside from cost-savings in SOX 404 implementation, server-based systems also offer a host of other benefits. Click that link to learn more.

Not sure how to get started on a cost-effective IT compliance initiative for SOX? You might want to read our post How To Get Started With Your IT Compliance Efforts for SOX.?

What are Operational Reviews

Faced with growing competition, businesses continually need to find new innovative solutions and ideas to improved organizational performance, especially in various cut-throat industries where innovation and good management can make or break the company.

This is the reason why, businesses place greater emphasis on the evaluation of efficiency, effectiveness, and economics of its operations.

Conducting regular Operational Reviews are key to keeping your company at peak performance.

What is an Operational Review

An operational review is an in-depth and objective review of an entire organization or a specific segment of that organization. It can be used to identify and address existing concerns within your company such as communication issues between departments, problems with customer relations, operating procedures, lack of profitability issues, and other factors that affect the stability of the business.

Operational reviews allow the organization members to evaluate how well they are performing, given that they perform appropriately according to the procedures set by them, allocating their resources properly, and performing such tasks within time frame set and using cost-effective measures. More importantly, it also shows your company how well it is prepared to meet future challenges.

What are the objectives of an Operational Review

The goals of an operational review are to increase revenue, improve market share, and reduce cost.

An operational review allows the management to see their company in a different light i.e a larger perspective. That is, it gives the management the opportunity to evaluate if the entrusted resources were used wisely to achieve the desired results of operations.

Operational reviews provide a comprehensive assessment of authority in that they help define expectations, and empower people within an organization to enact? up on it. This is due feedback provided will help them to better gauge the value of tasks performed and whether the job is being done the right or wrong way, and on what areas the company can excel and improve on.

The whole is greater than the sum of its parts

Questions worth considering in an Operational Review

Are you able to view your own organization as a whole from an objective angle?

Do the different departments complement each other so that they form a cohesive unit that boosts your business in the right direction?

With our comprehensive assessment of your organization?s current systems, operations, processes, and strategies, our operational review programs aim to help you in achieving these lofty goals: to improve business profitability and identify incompetence in both operations and organizational systems.

Benefits of an Operational Review

The main objective of an operational review is to help organizations like yours to learn how to deal with and address issues, instead of simply reacting to the challenges brought about by growth and change.

Information and data gathered in an Operational Review is practical from both a financial and operational perspective. Using? data, management can then formulate recommendations, which are not only realistic, but more importantly, can help the organization achieve its goals.

The Operational Review recognizes the extent to which your internal controls actually work, and enables you to identify and understand your strengths, weaknesses, opportunities and threats.

What should be included in an operational review

  • Assess compliance within your own organizational objectives, policies and procedures
  • Evaluate specific company operations independently and objectively
  • Impartial assessment regarding the effectiveness of an organization’s control systems
  • Identify the appropriate standards for quantifying achievement of organizational objectives
  • Evaluate the reliability and value of the company’s management data and reports
  • Pinpoint problem areas and their underlying causes
  • Identify opportunities to increase profit, augment revenue, and reduce costs without sacrificing the quality of the product or service.

More Operational Review Blogs

 

Carrying out an Operational Review

 

Operational Reviews

 

Operational Efficiency Initiatives

 

Operational Review Defined

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today