Virtualisation

Using an IT solution that can provide the fastest (but still reliable) disaster recovery process is essential for the success of any business continuity plan. Although virtualisation is still considered leading edge technology by many business continuity specialists, it definitely brings a promise that, once fulfilled, can result in the cheapest, fastest, and most comprehensive solution for business continuity.

One great advantage of virtualisation over traditional BC (Business Continuity) methods is the relatively cheaper cost needed to achieve a certain level of business continuity assurance. Thus, more companies will find it easier to reach their required minimum for BC assurance. By contrast, some BCPs (Business Continuity Plan) based on a physical environment require companies to invest more than what they are willing to in order to reach the same minimum level of assurance.

Virtual machines, which can already encapsulate your operating systems and their corresponding applications, can be transported as a file from one machine running a compatible hypervisor to another. This makes the business continuity tasks of backup, replication, and restoration simpler and faster.

As of 2008, about 54% of IT professionals in Europe were willing to implement virtualisation within a maximum of two years. Furthermore, the expected compound annual growth rate of installed virtualised servers from 2008 to 2012 is already pegged at 33%.

If you want your organisation to take advantage of the benefits of this revolutionary technology, we’d be more than willing to help you discover what it can do for you. Then once you decide to make that transition to virtualisation, we can guide you every step of the way.

  • As not all applications are suited for virtualisation (e.g. some are too demanding on I/O and memory access), we’ll start by reviewing your entire IT system to see which portions can be implemented on a virtualized environment.
  • Using virtualisation and replication, we can conduct disaster recovery tests using up-to-date data without interrupting operations in your main IT site. Running these tests will increase your team’s preparedness and will allow you to discover possible weak points.
  • Provide a simple but comprehensive protection and backup system that encapsulates not only data, but also system configurations and application installations. This kind of setup allows for faster and easier disaster recovery operations. Because of these same characteristics, you can enjoy zero downtime while performing scheduled maintenance operations.
  • Since virtual machines are hardware-independent and transparent to operating systems, we can help you run a mix of legacy and new systems as well as open source and proprietary systems, allowing for more flexibility in your BCP budgeting.

We can also assist you with the following:

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Competencies, Roles and Responsibilities of Lead Assessors

Any organisation that opts for energy audits, Display of Energy Certificates and Green Deal Assessments needs a lead assessor to review the chosen ESOS compliance routes. The Derivative provides that energy audits should be carried out independently by qualified and accredited experts. Additionally, these audits should be implemented as well as supervised by independent authorities under the national legislation.

Lead assessors undertake several roles in ESOS assessments. He or she is the one responsible to take the lead of the entire assessment team, prepare the plan, conduct the meetings and submit the formal report to governing authorities. Nevertheless, selecting an appropriate lead assessor is an important element that every organisation should carefully consider.

Competencies Requirements of Lead Assessors

Lead assessors should be knowledgeable enough with in-depth expertise in carrying out energy efficiency assessment. They should also possess foundational, functional and technical competencies to deliver the task effectively. Likewise, consider the assessors? sector experiences, familiarity with your business? technologies and properties, and accreditation with prescribed standards.

As you choose your lead assessor, contemplate on the skills and qualifications that would give your organisation benefits.

Roles and Responsibilities of Lead Assessors

The business organisation is responsible for the overall legal ESOS compliance. Moreover, here are some of the roles and responsibilities that lead assessors should assume in ESOS assessments.

The lead assessor agrees on the audit methodologies that the organisation would undergo in new audits. He or she agrees with the ESOS participant regarding the audit timetable, sampling approach and visits required. It is also the lead assessor?s role to identify the opportunities on energy saving and assist in calculating the cost savings from the measures taken. During the ESOS audits, the lead assessor determines the energy use profiles, presents the recommendations and reviews the entire assessment as a whole. Furthermore, he or she should maintain the evidence pack of the ESOS to uphold the audit’s credibility, its findings and recommendations.

Finding Lead Assessors

Energy and environment professionals would only be able to demonstrate their expertise as lead assessors upon registering in a professional body accredited by the Environment Agency. Any business that needs a lead assessor is advised to check on the EA?s website to see the details of approved registers.

Lead assessors can either be in-house experts or external professionals. However, they should be able to provide proof of membership as an approved register to take the role of a lead assessor. If the organisation has an internal lead assessor, the company should then take the final ESOS assessment to two board-level directors that would sign the formal report.

Indeed, the lead assessor is an organisation’s partner when it comes to delivering great results. With good professional conduct and excellent management of an assessment team, the lead assessor can help achieve breakthrough energy efficiency strategies. More than anything else, the organisation will benefit from maximum energy savings opportunities ahead. Thus, every qualified business enterprise should invest in finding the best lead assessor to guide them towards success.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Why Executives Fail & How to Avoid It

The ?Peter Principle? concerning why managers fail derives from a broader theory that anything that works under progressively more demanding circumstances will eventually reach its breaking point and fail. The Spanish philosopher Jos? Ortega y Gasset, who was decidedly anti-establishment added, “All public employees should be demoted to their immediately lower level, as they have been promoted until turning incompetent”.

The Peter Principle is an observation, not a panacea for avoiding it. In his book The Peter Principle Laurence J. Peter observes, “In a hierarchy every employee tends to rise to his level of incompetence … in time every post tends to be occupied by an employee who is incompetent to carry out its duties … Work is accomplished by those employees who have not yet reached their level of incompetence.”

Let’s find out what the drivers are behind a phenomenon that may be costing the economy grievously, what the warning signs are and how to try to avoid getting into the mess in the first place.

Drivers Supporting the Peter Principle

As early as 2009 Eva Rykrsmith made a valuable contribution in her blog 10 Reasons for Executive Failure when she observed that ?derailed executives? often find themselves facing similar problems following promotion to the next level:

The Two Precursors

  • They fail to establish effective relationships with their new peer group. This could be because the new member, the existing group, or both, are unable to adapt to the new arrangement.
  • They fail to build, and lead their own team. This could again be because they or their subordinates are unable to adapt to the new situation. There may be people in the team who thought the promotion was theirs.

The Two Outcomes

  • They are unable to adapt to the transition. They find themselves isolated from support groups that would otherwise have sustained them in their new role. Stress may cause errors of judgement and ineffective collaboration.
  • They fail to meet business objectives,?but blame their mediocre performance on critical touch points in the organization. They are unable to face reality. Either they resign, or they face constructive dismissal.

The Warning Signs of Failure

Eva Rykrsmith suggests a number of indicators that an individual is not coping with their demanding new role. Early signs may include:

  • Lagging energy and enthusiasm as if something deflated their ego
  • No clear vision to give to subordinates, a hands-off management style
  • Poor decision-making due to isolation from their teams? ideas and knowledge
  • A state akin to depression and acceptance of own mediocre performance

How to Avoid a ?Peter? in Your Organization

  • Use succession planning to identify and nurture people to fill key leadership roles in the future. Allocate them challenging projects, put them in think tanks with senior employees, find mentors for them, and provide management training early on. When their own manager is away, appoint them in an acting role. Ask for feedback from all concerned. If this is not positive, perhaps you are looking at an exceptional specialist, and not a manager, after all.
  • Consider the future, and not the past when interviewing for a senior management position. Ask about their vision for their part of the organization. How would they go about achieving it? What would the roles be of their subordinates in this? Ask yourself one very simple question; do they look like an executive, or are you thinking of rewarding loyalty.
  • How to Avoid Becoming a ?Peter??Perhaps you are considering an offer of promotion, or applying for an executive job. Becoming a ?Peter? at a senior level is an uncomfortable experience. It has cost the careers of many senior executives dearly. We all have our level of competence where we enjoy performing well. It would be pity to let blind ambition rob us of this, without asking thoughtful questions first. Executives fail when they over-reach themselves, it is not a matter of bad luck.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today