Risk Management Companies Denver CO

By Courtney Macavinta

The end of 2006 marked what seemed like a minor reprieve for companies on the compliance front -- especially when it came to financial and accounting reform rules detailed in Sarbanes-Oxley (SOX). For starters, small businesses got an extension on their compliance deadline. Then the Security Exchange Commission proposed new "guidance" to purportedly streamline the auditing requirements detailed in the legislation. Yet in 2007, companies are still expected to grapple with not only SOX, but a flood of expected proposed legislation to better protect consumers' personal information and prevent identity theft.

In her report, IT and Compliance: 10 Big Predictions for 2007, Cass Brewer, editorial and research director for the IT Compliance Institute, predicted that while SOX would loosen up, "companies would continue to be required to defend their list of high-risk controls." On top of that she notes that companies need to be aware of recent amendments to the U.S. Federal Rules for Civil Procedure (FRCP). On Dec. 1, 2006, FRCP amendments went into effect pertaining to electronic records and their discovery in litigation -- in particular the amendments reinforce that email should be archived and easily retrievable if needed for legal discovery. In addition, Brewer says federal regulators will likely push for a tougher consumer privacy law and internally CIOs will be focused on increasing internal security and compliance for mobile devices, instant messaging (IM), blogs, and corporate wikis.

"Compliance itself will become increasingly integrated with the larger picture of corporate governance and risk management," Brewer writes. "This understanding should benefit the process-integration effort and serve to elevate compliance accountability to the board and executive level, where active and interested sponsorship must ultimately support successful implementations."

Though regulations -- and how to fully comply with them -- are not always clear cut, what is obvious is that when it comes to risk management issues there can no longer be a disconnect between business and IT strategic- and risk- management processes. The CIO needs to be on the same page as other C-level executives -- and vice versa -- and not just when it comes to compliance but overall business strategy, as well. In its report, Predicts 2007: CIOs and IT Making Discomfort Zone, Gartner, Inc. projects that by 2009, 40% of strategic decisions will be made by people with blended business and IT expertise -- and by 2012, the percentage will rise to 60%.

To lead better decision-making efforts when it comes to risk management -- and other enterprise-wide strategies -- experts say CIOs can build the necessary relationships to move their organization away from an "us vs. them" mentality by:

Tactic No. 1: Build relationships
When it comes to risk management or business strategy, IT leaders must not only understand the "big picture" of wher...