OVERVIEW...

Recent worldwide financial scandals-such as Enron in the US and Parmalat in Italy-have had a profound effect on current information technology management. Henceforth, the powers that be have an overriding aim to verify the reliability of the information provided by businesses. Information system transparency has become a major priority.

Up to now, companies have tailored their compliance effort by balancing implementation costs for these control systems against the penalties that could be incurred for failure to establish the controls.

The recent changes will lead to fundamental alterations in information system architecture: business managers can now be held legally or criminally liable. Sarbanes-Oxley (SOX) in the US imposes up to 20 years in prison for non-compliant CEOs and GMs. The European Union is already looking into establishing a similar system.

Information technology can no longer keep out of the fray. IT systems must be able to demonstrate rigorous organization and obvious transparency. The application of these controls and the risks involved make compliance to the regulations unavoidable.
SOX, Basel II, Operational Risk, and other new regulations have one point in common: they all enforce preparation for precise technical audits.

While the basic idea of these controls is simple on paper, implementation can be prohibitively complex if companies do not have the tools they need. In fact, the upcoming audits will impact not just current operations, but previous operations as well.

TRACEABILITY...

As regards their IT, companies must be able to demonstrate each step that led to a result, and they may need to be able to rerun the process.
This means that saving data alone will no longer suffice. Compliant companies must also save the corresponding processing (programs, scripts, etc.).
It is clearly meaningless to plan today’s execution on data from two years ago, and vice versa--the processes are no longer compatible.
It is now imperative to have available all the information needed to reproduce a given process. This implies documentation archiving that is in phase with application changes, preferably by having a retro-documentation tool that can generate this documentation on demand. Just imagine how much space this documentation would take up on paper!

THE ARCAD APPROACH...

The ARCAD-Skipper and ARCAD-Observer suites are the perfect match for your IT compliance needs. All application changes are processed via an organized and secure system, with clearly identified versions that allow traceability every step of the way. Furthermore, documentation generated in phase with your developments can be integrated into the modified system itself, so as to maintain information on your previous versions. The graphical interface to ARCAD-Observer supports run real-time information searches, making it easy to use even for auditors and other non-development staff. In addition to managing technical audits, ARCAD’s solutions will allow you to implement a solid, secure architecture, where all software changes can be archived and traced—so your system will meet all the basic requirements for quality procedures. Instead of being a burden, these new laws are in fact an opportunity for companies to finally implement structured, professional management of their information system—which is, after all, one of their primary assets. We’re betting that these new norms will lead to the kind of unprecedented quality levels that are already taken for granted in industry.

SOX...

Corporations with American parent companies and public capital are impacted by the Sarbanes-Oxley Law, better known as "SOX". It is highly likely that as of next year, European directives will be finalized, with the same goal of company account transparency. This law is being implemented in the field through a number of projects that have led to legal definition of information technology best practices. The focus is now on "information technology governance".
In the US, the IT Governance Institute has published these regulations in its "COBIT" program, which you can examine at the following address: HERE

BASEL II...

In late 2006, the Basel II accords will enter into effect.
These accords apply to financial organizations. They are intended to cover three risk types:

• Credit risk,
• Market risk,
• Operational risk.

For information systems, operational risk management is the main issue to consider.
Operational risk management is defined as "direct or indirect losses resulting from inadequate or failed internal processes, personnel or systems, or by outside events".
Under the Basel II accords, operational risk management must include capital coverage of these risks.
However, proof of solid internal mastery of these risks will allow companies to release a part of this capital, which is required by default.
This last point provides clear evidence that demonstrated effective control of the IS will be a major factor in minimizing levels of immobilized capital.
Implementation of tools and procedures for the organization and traceability of information system change—along with application mining and retro-documentation--will become strategic factors in business management. Furthermore, the cost of these tools is usually negligeable when compared to the amount of capital they free up.
The Basel II deadlines are approaching, and the planned information system changes are sweeping. In addition, since most financial organizations have based all or part of their IT on custom software, they are relying on information that is often difficult to retrieve from suppliers.
Once again, ARCAD’s solutions stand out as tools that enable a company to set up a controlled, rigorous organization of their information system, while shaking off supplier constraints. Even better, by adopting these solutions you free up capital and make it available for other projects.

CONCLUSION...

The ARCAD Software solutions firstly address the expectations of development and production teams. They also guarantee the security and traceability required by the law and by auditors.

The entire application life cycle is covered:

• Referencing of software components,
• Managing incidents and user requests,
• Development version control and software deliveries,
• Test automation,
• Multi-environment and multi-machine transfers,
• Transfers to production.

This climate of mounting regulatory pressure is making it easier for IT management to convince their general management of the added value of Software Configuration Management solutions. Just one more good reason to tool up.