Hi Everybody!
Welcome to my inaugural blog entry. I’m excited to join the team of experts at Quest Software, and I am looking forward to sharing my observations, issues, tips, tricks, and solutions on compliance with you.
I’m John Weathington, President and CEO of Excellent Management Systems, Inc., a management consultancy that helps companies improve their regulatory and contractual compliance. My clients have included Hogan and Hartson, Sun Microsystems, Hitachi Data Systems, and Silicon Graphics just to name a few.
Although I principally work with upper management now, I have a deep technical background in database administration and development, data warehousing and business intelligence, and software development. I’ve been an Oracle DBA for a number of years now, and have used Quest tools including Toad all along the way. I recently lead the way on the new construction of a 2 TB GSA compliance data warehouse for Sun Microsystems. It was quite a ride, but well worth it. Not only were we able to fortify their $100 Million contract, but we also paved the way for an improved sales process.
In addition to being a techie, I’m also an accomplished project manager ( PMP certified ), process improvement expert ( Six Sigma Black Belt from Motorola ), and pioneer on using agile development techniques for the construction of data warehouses and business intelligence environments. With Sarbanes Oxley concerns rearing their ugly head, I was called upon to manage an identity and access management 404 control effort for a large high-tech firm. I had only 4 months to get 9 systems compliant! It was tough, but we pulled it off.
So, I decided to take my broad set of skills and tools, and help companies improve their compliance – any kind of compliance. I’m a pragmatist, so I’m not so concerned with the latest revision of the laws, and their political implications. What I’m concerned about is getting compliance done, and done right.
My clients are typically Board of Directors, CEOs, CFOs, CIOs, CCOs ( Chief Compliance Officer ), VP of Finance / IT, Controllers, or anybody else that is responsible for getting compliance done. I also help Partners of accounting firms and law firms. I recently helped Hogan and Hartson in a data-based defense against a Fortune 500 firm, in a GSA related matter.
So what does this have to do with DBAs, database developers, and IT Managers?
Actually a lot.
And it’s not just compliance. There’s a whole family of related areas of corporate interest; governance, risk, compliance, and security.
So for starters, let’s clarify some terminology in this space:
Governance: Governance is about administration and control. It’s the processes and policies that a corporation develops, to make sure it’s achieving its mission and goals. Governance is also tied to performance and return on investment ( ROI ). For instance, there is a big trend in business intelligence governance now. This simply means, understanding and directing the return on investment for your business intelligence investment, and systematically migrating it through maturity.
Risk: Risk is uncertainty. Managing risk means managing uncertainty. There’s a common misconception that risk only involves unfavorable events. This is not true. There is a concept of positive risk, which means something unexpected and fortunate happened. Mitigating risk means taking deliberate action to lessen the probability, increase the visibility, and / or reduce the impact of a risk-related event.
Compliance: Compliance is making sure that stated policy is adhered to. This is more specific and tactical than governance. Compliance usually comes in the form of regulatory ( i.e. complying with laws like Sarbanes-Oxley, HIPPA, or PCI ) or contractual ( complying with contract terms like GSA or royalties ). GSA compliance is a universal contractual concern for most companies. The GSA is the General Services Administration of the US Federal Government. If a company wants to do business with the US government, they need a GSA Schedule. This schedule is part of an overall contract, that has terms and conditions that usually concern your company’s sales policies.
Security: Security is taking deliberate actions to defend against attacks on the corporation and its data. As you are probably well aware, there is a plethora of ways that corporate data can be exposed and compromised. And the hackers are getting smarter by the second.
DBAs, database developers, and IT managers must be concerned with all of these. In talking with CFOs, Compliance Officers, and Controllers, there is one consistent liability – IT controls. Finance people, no matter how senior, do not understand how to deal with the complexity of keeping data systems secure and under control.
In addition you have the talent and skills to build data systems, that will help your organization improve their compliance. And your organization will be a better company because of it. You know how to crunch through data, and you know how to organize their data in ways they haven’t even thought of yet. Your involvement can make or break your organization’s ability to meet its corporate goals, manage risk, comply with standards, and secure its information.
My hope for this blog is to impart my wisdom and advice, so that you can help your company improve. I’d also like to engage in active discussions with you around the compliance issues you are facing, so that I can guide you to the right solution. Please comment on any and all topics that strike your interest. Also, feel free to send me a private email if there’s a topic you’d like to see discussed.
I’m honored to be invited into your community, and I look forward to sharing ideas with you.
Now, let’s start talking about compliance!