---

 

Sarbanes-Oxley Compliance Kit

Mandated regulations impact IT

The audit spotlight now shines on IT. After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Sarbanes Oxley Compliance Kit you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.

Sarbanes-Oxley Section 404 requires that:

• Enterprises have an enterprise wide security policy;
• Enterprises have enterprise wide classification of data for security, risk, and business impact;
• Enterprises have security related standards and procedures;
• Enterprises have formal security based documentation, auditing, and testing in place;
• Enterprise enforce separation of duties; and
• Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.

SOX adopted the COSO model of controls, which is the same model that SAS 70 audits have utilized since inception. SOX heightened the focus placed on understanding the controls over financial reporting and identified a type II SAS 70 report as the only acceptable method of obtaining third-party assurance regarding the controls at a service organization. Security "certifications" are excluded as acceptable substitutes for a type II SAS 70 audit report.

In addition the ISO 27000 standard is used in SAS 70 reports.  The Security Manual Template contains an ISO 27000 Security Process Audit Checklist.  These two items directly address a service organization's descriptions of controls.  The auditor can use these to help them in the evaluation of the service organization's control framework.

Preparation for Disaster Recovery / Business continuation in light of SOX has two primary parts. The first is putting systems in place to completely protect all financial and other data required to meet the reporting regulations and to archive the data to meet future requests for clarification of those reports. The second is to clearly and expressly document all these procedures so that in the event of a SOX audit, the auditors clearly see that the DR plan exists and will appropriately protect the data.

To meet these needs the Sarbanes Oxley Compliance Resource Kit, which comes in four editions (Standard, Silver, Gold, and Platinum) contains:

• Security Policies (all editions);
• Threat & Vulnerability Assessment Tool (all editions);
• Business & IT Impact Questionnaire Risk Assessment Tool (all editions);
• Safety Program Template (all editions);
• Disaster Recovery Template (all editions);
• Outsourcing guide update to reflect what you vendors need to do (all editions);
• Internet and IT Job Descriptions (Silver, Gold, and Platinum Editions) and;
• IT Service Management Template (Platinum Edition) includes
  • Service Request Policy and Standard
  • Help Desk Policy, Procedure, Standard, and Service Level Agreement
  • Change Control Standard, Quality Assurance Standard, and Management Workbook
  • Documentation Standard
  • Version Control Policy and Standard
  • Sensitive Information Standard
  • Blog and Personal Web Site Policy
  • Travel and Off-Site Meetings Security Policy
  • Internet, e-mail and electronic communication Policy

See Table Below for a summary of the contents of each of the versions of the Sarbanes-Oxley Compliance kit

 

Download Componets Table of Contents

Once you get to the download page just bookmark it and you will be able download all of the components without having to re-register.

 

 

---

 

 

 

 

Sarbanes Oxley Compliance News

---

Unemployment rate for foreign-born workers falls Senate moves ahead with new H-1B bill

The unemployment rate for foreign-born persons in the United States was 8.1  percent in 2012, down from 9.1 percent in 2011, the U.S. Bureau of Labor Statistics reported today. The jobless rate of native-born persons also fell  to 8.1 percent in 2012, down from 8.9 percent in the prior year.

In 2012, there were 25.0 million foreign-born persons in the U.S. labor force, comprising 16.1 percent of the total.

• Hispanics accounted for 48.3 percent of the foreign-born labor force in 2012, and Asians accounted for 23.7 percent.
• Foreign-born workers were more likely than native-born workers to be employed in service occupations; production, transportation, and material moving occupations; and natural resources, construction, and maintenance occupations.
• The median usual weekly earnings of foreign-born full-time wage and salary workers were $625 in 2012, compared with $797 for their native-born counterparts.

At the same time the Senate proceeds with a new Immigration bill going to the floor, where attempts to amend it are expected before a final vote is taken some time in the next several months.

The Senate debate will begin next month. The House, meanwhile, has been preparing its own comprehensive immigration bill for vote.

There are a lot of areas in the Senate bill that are certain to draw criticism, particularly some last-minute changes.

The original bill, drafted by a bipartisan Senate group dubbed the Gang of Eight, would raise the base cap on H-1B visas from 65,000 to 110,000, with an escalator that can increase the cap to 180,000 in increments of 10,000 in response to demand. The tech industry wanted a cap of at least 300,000.

The revised bill raises the initial cap to 115,000, a small, seemingly spiteful incremental increase.

- more info

---

Some say the IT job market is improving

An on-line job portal, Dice says IT degree graduates are finding jobs. They also say that some companies still report technology-skill shortages. 

According to them there hass been a solid job market for entry level tech professionals in the past few years with more than 40,000 joining the job market in a given year. That, combined with growing enrollments in computer science departments, implies even bigger numbers of newly minted professionals will be available for the companies that seek to employ them in the years to come. However experience is often valued over education in technology departments. It is recommended that students get some experience.

• Best City for IT jobs - New York 8,600 jobs available
• Second Best City for IT Jobs - Washington DC/Baltimore - 7,000 jobs available
• Third Best Market - Silicon Valley - 5,200 jobs available
• Next Best City - Chicago - 3,800 jobs available
• Unfilled IT jobs in the US over 83,000 -- 48,000 are full time positions
• Over 37,000 contractor positions open
• Over 50,300 IT degrees issued in 2012 versus 59,500 in 2003 (source Dept of Education)
• Low point in number of degrees  2009 - 38,000

 

 

- more info

---

Security IT Pros are in short supply

There is a cybersecurity skills shortage and recent studies magnify the fact.

• 25% of mid-market (i.e. 100 to 999 employees) and enterprise (i.e. more than 1,000 employees) report a "problematic shortage" of IT security skills.
• 36% of organizations increasing IT headcount this year plan to hire information security staff. Of all the IT headcount being added in 2013, hiring information security professionals is the highest of priority.
• 83% of enterprise organizations say that it is "extremely difficult" or "somewhat difficult" to recruit and hire information security specialists. Those organizations having the hardest time include companies in rural areas, mid-market firms, and vertical industries like academia, and the public sector.

IBM recognizes that a dearth of cybersecurity skills presents a threat to its customers, its security business, and its services organization. IBM is trying to do something about it.  IBM just published a paper called, Cybersecurity Education for the Next Generation - http://www.e-janco.com/register_security_IBM_paper.asp.

The paper provides a high-level overview of the current state of cybersecurity skills and education and then suggests a few changes. IBM suggests that cybersecurity programs must become:

• More comprehensive. Yes, firewall rules and AV signatures are important, but the next-generation of cybersecurity leaders need to be able to understand cybersecurity as it relates to the business, legal system, and society. This means that cybersecurity education has to branch out from the Computer Science department alone.
• More cooperative. Cybersecurity protection doesn't work when the CISO and team are not part of business, IT, and application planning. That said, many groups view the security team in an adversarial way. The next-generation of cybersecurity leaders must be able to break down legacy walls and become business facilitators rather than business impediments.
• Book smart and street smart. We need cybersecurity people who understand what works in theory and practice. A degree or certification alone isn't enough.

- more info

---

Software Developer Wages Fall Two Percent as Workforce Expands

The Janco Associates, Inc. and eJobDescription.com salary survey draws on data collected throughout the year by extensive internet-based and completed survey forms sent to businesses throughout the United States and Canada.  Over 300 companies participate in the survey.

The U.S. tech industry added nearly 64,000 software related jobs last year, but as the workforce expanded, the average size of workers' pay checks declined by nearly 2%.

There are multiple theories for the decline in pay, but a common one cited by analysts is simply that the new people being hired are paid less than those already on the job.

The average annual wage of all workers in the software services sector was $99,000 in 2012, about $2,000 less than the prior year.

IT Median Salaries

- more info

---

Unemployment picture looking better but…

Unemployment picture is looking better in many parts of the country, however some states continue to see levels are 8% and above.   Included are some of the most populated states like Illinois, California, and New Jersey.

States with High Unemployment

• Top 10 States with the Highest Unemployment Rates  10 States Have Unemployment Rates over 9% In the latest release of state unemployment rates there are 10 states which stand out because of their...
• Unemployment Data — Is The BLS Playing With It?  Feds say they may delay the unemployment report It is ever so amazing that the feds are now saying that they may delay the unemployment...
• Unemployment is over 9% in 8 states not a good sign for IT Pros As people continue to forecast an improvement in the economy, the latest BLS data shows there still are 8 states with unemployment number that are...
• IT Employment Up In a Soft Job Market  Between the first to second quarter of this year, the unemployment rate of computer hardware engineers went from 4.4% to 0.5%. For software developers, the...
• IT Job Market is Poor at Best  IT Job Market Is Poor At Best The information technology job market in the U.S. shrank by 6,600 jobs in September, and the number of...

- more info

---

H-1B current readings

H-1B battle Readings

• H-1B politics shifts to backroom as vote nears
• Senators begin contentious H-1B battle
• Tech may sink immigration bill if unhappy, Sen. Hatch warns
• An H-1B jobs database the tech industry may hate
• U.S. firms say H-1B restrictions may help them
• Senate's big immigration bill seeks to crack down on offshore outsourcing
• Senate immigration bill may push back on globalization
• U.S. gets 124,000 H-1B petitions, 45% above cap
• With H-1B cap exceeded, visa lottery will be needed
• U.S. gets flood of H-1B petitions on first day

- more info

---

20% Discount for subscribers to CIO and HR News

Subscribers to the CIO and HR News feed can get a 20% discount on any product on www.e-janco.com and www.ejobdescription.com .  All they have to do is enter the discount code of CIOnews 

The news feed is at http://www.ejobdescription.com/News/ejob.xml

Product include:

• CIO IT Infrastructure Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
  • Backup and Backup Retention Policy (more info...)
  • Blog and Personal Web Site Policy (more info...) Includes electronic Blog Compliance Agreement Form
  • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
  • Incident Communication Plan Policy (more info...) Updated to include social networks as a communication path
  • Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (more info...) Includes 5 electronic forms to aid in the quick deployment of this policy
  • Mobile Device Access and Use Policy (more info...)
  • Patch Management Policy (more info...)
  • Outsourcing Policy (more info...)
  • Record Management, Retention, and Destruction Policy (more info...)
  • Sensitive Information Policy (more info...) HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form
  • Service Level Agreement (SLA) Policy Template with Metrics (more info...)
  • Social Networking Policy (more info...) Includes electronic form
  • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
  • Travel and Off-Site Meeting Policy (more info...)
  • IT Infrastructure Electronic Forms (more info...)

- more info

---

Technology based jobs grew slightly in the last 12 month

According to TechAmerica (TA),  The IT industry industry added 67,400 jobs in 2012, a 1.1% increase from a year earlier.

According to thier analysis, the tech industry's growth slightly outpaced the overall private sector in the U.S., which grew by 1%.

Three of four tech industry sectors defined by TA saw growth in 2012. Software services drove the vast majority of growth during the year, adding a net 63,900 jobs, compared to 11,300 jobs added in engineering and tech services and 1,800 added in Internet and telecommunication services. Tech manufacturing had a net decline in employment, dropping by 9,500 jobs.

Thirty-nine states saw a net increase in tech employment in 2012, with the largest increase in California with 17,700 jobs, Texas with 10,000 jobs and New York with 8,400 jobs. The fastest rates of growth were in North Dakota, Michigan and Missouri, all with more than 3% growth.

The top states for tech employment in 2012 were California (968,800), Texas (485,600), New York (318,200), Virginia (285,400), and Florida (270,900), the report said.

As in the past, Virginia continued to lead the nation in concentration of high-tech workers in 2012, with 9.8% of its private sector workforce employed in the tech industry.

California's tech industry workers were paid the highest annual average wage of $123,900 in 2012, followed by Massachusetts, at $116,000, and Washington state at $110,200.

California was the top state for employment numbers in 12 of 15 tech industry sectors, but other states had strong concentrations in some tech fields. Minnesota ranked first in electromedical equipment manufacturing, and Washington ranked first in software publishers, the report said.

Virginia ranked second in computer systems design, and Massachusetts ranked second in measuring and control instruments manufacturing and in R&D and testing labs.

- more info

---

Are Baby Boomers a driver in lower labor participation rates?

Since October 2009, while the civilian population aged 16 and older has risen by 8.6 million people, the labor force has risen by just 1.4 million people, cutting the labor force participation rate to its lowest level since 1979. Or, if the U.S. economy had just maintained the participation rate that prevailed in October 2009, there would be almost 4.2 million more people in the labor force today.

It can be argued that larger numbers of older workers in their 50s and 60s have been discouraged by the lack of opportunities, and are opting for retirement sooner than they would have in a gangbuster economy.
However the formal retirement rate keeps going up, and the net result is an economy with fewer and fewer available workers. Baby boomers are distorting the numbers, because they account for an outsized portion of the population and as they move from prime working age into their golden years, their retirement drags down the overall participation rate just as they helped to elevate it when they entered the market.

There needs to be a way to look at and measure the impact of people engaging in non-traditional approaches to careers, such as part-time, creative and entrepreneurial pursuits. Dropping out of the workforce doesn’t mean dropping out of life.

- more info

---

People may be going back to work...

Among those persons marginally attached to the labor force in April 2013, there were 835,000 discouraged workers - decrease of 133,000 workers from a year earlier.

Persons not in the labor force by desire and availability for work, April 2013

Total not in the labor force              90,436,000

Do not want a job now                   84,107,000

Want a job                                                                 6,329,000

Did not search for work in previous year                                                3,196,000

Searched for work in previous year(2) but not in past 4 weeks               3,133,000

Searched for work in the previous year but not available to work now      786,000

Marginally attached (available to work now)                                          2,347,000

Discouraged over job prospects                                                              835,000

Reasons other than discouragement                                                       1,512,000

- more info

---

More IT Layoffs

CA Technologies will lay off approximately 1,200 employees worldwide and consolidate its development operations after the company reported disappointing fourth-quarter financial results.

The company expects to carry out the majority of the cutbacks by the end of the current quarter in June and will take a charge of approximately $150 million in fiscal 2014 to cover those costs.

CA reported revenue of $1.15 billion for the fourth quarter ended March 31, a decline of 3 percent from $1.18 billion in the same period one year earlier. Income from continuing operations was $242 million, up 15 percent from $211 million last year.

- more info

---

Immigration Bill May Impact H-1B hiring

The U.S. Senate's comprehensive immigration bill has within it a proposal to create a database that may hault some bad H-1B hiring practices.

There are a string of provisions in the Senate's bill its proponents say are intended to help U.S. workers. One is a requirement for the government to create a national database of jobs that employers want to fill with H-1B workers. U.S. workers will be able to apply for those jobs, which will be posted for 30 days. Employers are also barred "from recruiting or giving preference" to visa workers over U.S. workers.

The tech industry is concerned that the immigration bill's recruitment and database provisions may extend the amount of time needed to hire an H-1B worker and, more broadly, increase the risk of litigation and government oversight.

- more info

---

Mobility Policy Bundle with a full job description for a Chief Mobility Officer has just been released by Janco

Janco Associates has just updated its Mobility Policy Bundle to meet critical new requirements being placed on organizations by mobile computing users. This release is part of Janco’s continuing effort to create a set of standard ‘Best Practices’ procedures that organizations can implement to meet the challenges they face as they adjust to the new ways that technology is being utilized by all levels of organizations. In addition to the updated procedures, Janco has developed a complete job description for the Chief Mobility Officer who is critical in the creation, implementation and operation of an organization’s mobility initiative.

The CEO of Janco, Victor Janulaitis said, “As the use of personal mobile devices, social networking, and compliance requirements expand, organizations are faced with a dilemma.  How can they balance business continuity, security, and compliance needs in an ever more complex operating environment, while supporting increased business demands for more technology by an increasingly more technology literate user base.” He added, “Our policies, electronic forms, and job description for the Chief Mobility Officer role Janco has addressed those requirements.”

In addition to the Chief Mobility Officer job description the bundle includes proven policies and electronic forms. The policies included in this bundle are: BYOD Policy; Mobile Device Policy; Record Management Retention and Destruction Policy; Social Networking Policy; Telecommuting Policy; and Travel and Off-site Meeting Policy. The Electronic Forms included are: BYOD Access and Use Agreement Form; Company Asset Employee Control Log; Enterprise Owned Equipment Form; Mobile Device Access and Use Agreement Form; Safety Checklist - Working at Alternative Location; Social Networking Policy Compliance Agreement Form; and Telecommuting Work Agreement

More information on this bundle, including a full copy of the table of contents for all of the policies, can be obtained by following the links.

• Policies - http://www.e-janco.com/Mobility_Policies.html
• Electronic Forms - http://www.e-janco.com/IT-Infrastructure-Forms.html
  

- more info

---

IT is not viewed as a top career choice for recent college graduates

In a recent survey by Accenture of recent college graduates IT was not at the top of the tottem pole of choices.  The top choices were education, media and entertainement, and health care.  Other findings of the study were:

• Only 53% of graudates had jobs in their field of study
• 63% feel they need more training to get the jobs they want
• 42% feel they will need an advanced degree to advance
• Loans outstanding are high - 33% owe $30,000 or less  and 17% owe between $30,000 to $50,000

- more info

---

HR is viewed by many as a source of future earnings

Many view HR as a department that provides little if no value. Line managers who have evaluated them say:

• They speak in gibberish and terms that do not relate to the businesses
• They have more red tape and meaningless processes than the government
• They think they run the company when all they often do is make it more difficult to recruit and retain good talent
• They are not in the business that the company is in

IT Job Descriptions
Salary Data

- more info