Five Ways to Reduce Your IT Audit Tax

Lumension Security
October 28, 2009 | COMMENTS

Most organizations spend 30-50% more on compliance than they should. No matter the industry, with regulations such as GLBA, PCI, FISMA, SOX, and other regulations and mandates, it seems nobody is immune to scrutiny—but why spend so much more than what is necessary? In order to reduce the burden of an IT audit, you must understand the costs involved to demonstrate due care, which can be almost as harrowing as the fines and litigation costs for non-compliance.

If your organization continues to rely on ad hoc, manual, and disjointed compliance and audit processes—which is the norm for many organizations today—you can be sure that your IT audits will be expensive and inefficient. Recent research has noted that organizations struggle with as many as 40,000 spreadsheets for just one compliance purpose. You must support multiple regulations, mandates, and internal policies and the amount of spreadsheets can easily get out of hand, ensuring inaccuracies and forcing you to rely upon costly third-party consultants.

For many organizations the high cost of compliance is unavoidable. In effect it has become a sort of “tax” on the enterprise. This audit tax manifests itself in a number of ways. Organizations pay it when they divert personnel and manpower to prepare for audits and liaise with internal and external auditors. They pay the tax when they hire expensive consultants to assist in the effort.

Some pay the audit tax in the extra time spent by auditors sifting through missing information and undergoing a second audit after a failed first attempt. Even though no organization can completely sidestep the audit tax, it is possible to pay less than the competition. Management must apply the old “work smarter, not harder” philosophy to compliance efforts to cut down on compliance costs and reap the greatest security benefit for the money invested.

Compliance can be achieved effectively and efficiently by following five key methods . The following five methods offer a good start toward reducing the business audit tax to a manageable line item:

1. Take a top-down approach to compliance.
2. Harmonize multiple compliance efforts.
3. Automate compliance data-gathering.
4. Apply compliance best practices.
5. Learn to deliver the right compliance reports.

While you can't eliminate the audit tax altogether, it is possible to reduce it and ultimately gain value out of the costs incurred. Your goal should be to bring together individual compliance activities under an overall corporate strategy that includes all segments, technologies, and regulations with which the company must comply. A cohesive strategy with specific, non-redundant controls lends itself to greater automation of data gathering and more accurate reporting.

Beyond audit tax savings, this streamlined process gives a much better view into all of the risks facing the organization and provides an efficient means to making important mitigation decisions. Thus, an organization reaps meaningful benefits to its audit tax, rather than just considering it as another sunk cost.

This summary is from a white paper written by Lumension entitled “ Five Ways to Reduce Your IT Audit Tax.” Read the complete white paper online here.