Compliance Strategies

COSO & CobitT Standards

The introduction of Sarbanes-Oxley caused many businesses to upgrade or develop comprehensive contingency plans that ensure compliance under all conditions. Many businesses are confronted with added compliance requirements of other laws and regulations. Although each law or regulation may focus on a unique industry or set of issues many share the common objective of requiring protection strategies that eliminate risks to the integrity, availability, accountability or confidentiality of data.

The financial impact to non-compliance can be substantial both in terms of significant fines and in terms of damage to reputation to the business. As a result, most reputable businesses are developing new contingency plans or upgrading existing plans to ensure compliance.

In order to develop plans that meet regulatory intent, many businesses are utilizing formal planning criteria and processes defined by widely recognized COSO or CobiT standards. The features and advanced failure prevention capabilities of a BTECH solution comply with control objectives of both standards. For example, advanced BTECH Technology gives management the ability to effectively and efficiently meet the CobiT Control Objective that requires management to assess UPS batteries regularly (DS12.6) to secure against power failures and fluctuations.

The following overview of COSO & CobiT standards provide some insight as to how advanced BTECH Technology can help each business achieve compliance to either set of standards.

COSO

COSO is a voluntary private sector organization formed in 1985 to study factors that lead to fraudulent financial reporting. To improve and standardize public company and independent auditor reporting for the SEC and other regulators COSO developed internal control standards for identifying and controlling risk factors that negatively impact effective internal controls.

Many companies seeking to comply with Sarbanes Oxley and other standards utilize COSO Enterprise Controls-Risk Management and Internal Control - Integrated Frameworks to assure compliance. Many enterprise organizations also utilize COSO controls to optimize enterprise risk management and control expenses. Although the COSO framework does not specify specific steps for organizing or controlling information systems it does help identify corporate wide responsibilities for them.

The following table outlines benefits and implications of BTECH Technology as they relate to several key COSO components.

COSO Component	BTECH Capabilities	Regulatory Implications
Event Identification	All power interruption and major outage events are recorded, date & time stamped.	Battery performance and power consumption is recorded and stored for management analysis.
Risk Assessment	BTECH Predictive Technology actively provides 24X7 updated risk assessments of future UPS battery failures.	Trend graphs plotted for each unit enhance relevancy and accuracy of corporate risk assessments.
Risk Responses	System alerts identify units at risk of failure, damaging temperature conditions and power outage events.	BTECH amber and red alert thresholds provide criteria for response plans. Timely problem resolution demonstrates business commitment to meeting regulatory guidelines.
Control Activities	System operates 24X7. Automatic notification of identified resources.	Preventive action demonstrates business commitment to meeting regulatory guidelines
Information & Communication	All data is maintained in a corporate database	Dial-up or TCIP communications,
Monitoring	The available BTECH Remote Monitoring Center can supplement corporate resources and provide added security	Demonstrates proactive planning to provide consistent protection across geographically dispersed enterprise facilities

To learn more about COSO click here: http://www.coso.org/

COBIT

CobiT is a widely recognized set of IT Standards that provide a framework for overall best practices to control internal operations and financial reporting. The COBIT framework links IT processes, resources and information to enterprise strategies and objectives. Many companies are using COBIT as a means of meeting government regulations such as Sarbanes Oxley.

CobiT standards build on the COSO framework to provide more detailed steps for information system compliance. CobiT is essentially links business controls and objectives to information systems and processes.

The unique predictive capability to identify and prevent UPS battery failures enables BTECH Technology to support various CobiT Control Objectives in addition to DS12.6, which specifies the necessity of management o assess UPS batteries regularly. The following tables list several control objectives that BTECH Technology can help achieve.

Control Objective	Description	BTECH Technology
P09-Assess & Manage IT Risks
P09.1-IT & Business Risk Management Alignment	Integrate governance, risk management criteria & risk tolerance levels	Reduces important risk factors impacting power availability
P09.2 Risk Context	Assess risk criteria to ensure desired outcomes	Improves probability of Power availability
P09.3 Event Identification	Identify threats and vulnerabilities that impact regulatory, business & customer relationship objectives	Predictive capabilities identify future failures
P09.4 Risk Assessment	Assess impacts of all identified risks	Quantifies battery failure rates
P09.5 Risk Response	Establish risk response strategies to avoid, reduce or control risks	Alert Notification gives early warning
DS4 - Ensure Continuous Service
DS4.2 IT Continuity Plans	Frameworks to reduce impacts of disruptions on key business functions	Ensures viability of overall power and power backup plans
DS4.3 Critical IT Resources	Ensure critical systems have resilience to meet regulatory, contractual and operational business needs.	Ensures avoidance of local power failures and implementation of power backup plans
DS12.4 Protection Against Environmental Factors	Specialized equipment to monitor and/or control the environment	Environment and battery temperature calculations avoid air pollutions
DS12.6 Uninterruptible Power Supplies	Management should assess regularly the need for uninterruptible power supply batteries and generators for critical information technology applications to secure against power failures & fluctuations.	Early warning of pending battery failures supplies management information required to remain compliant
DS13.3 Infrastructure Monitoring	Ensure sufficient chronological information is stored to enable review regulatory, contractual or operational impacting events	Database of all information maintained

To learn more about COBIT click here: http://www.bwise.com/bwise/download/common/cobit.pdf