Many accounting and auditing firms seek to maximize revenue through venturing into new investments, hiring new resources and adapting to the latest technology. While these methods can increase your revenue, they increase the company’s expense sheet as well. However a more costs effective method can be undertaken. With human resources proving to be both the largest overhead cost and source of revenue for an accounting and auditing company, it would only make sense to utilize these resources efficiently. Thus through effectively organizing and assigning the company’s staff to the right jobs and projects, an accounting firm can extract maximum revenue. But how will it achieve this? Is there such a solution?Firms that provide professional services manage resources that are highly skilled and trained, meaning that every resource is critical. So when resources in an accounting and auditing firm aren’t efficiently allocated to the right job then the loss of utility is felt as a greater pinch then if it were in a lesser skilled arena. So we would firstly need a solution that has the ability to allocate the right resource to the right job. It should help the accounting firm to easily plan and schedule resources by quickly identifying the right resource. This should be simple to use and easy to understand visually so that you can find the right resource from a big pool based on skills, training, role, quality, availability etc. and allocate it against various projects, milestones or tasks. Managers should be able to create and address resource requests and share resources across divisions and teams with little hassle. Finally, you should be able to plan your resources in whatever metric your company desires be it hours, days, shifts or percentages and should also be able to integrate leave, holiday, planned and unplanned tasks.Accounting and auditing firms would want the right balance of its supply of staff to the demand of their skills. Creating the perfect balance is what can enable a minimal loss in expenditure but that is not always possible as future demand patterns are highly unpredictable and difficult to read. Therefore the solution should be able to forecast accurately excess and shortfall of specific type of employees based on skill, role, department, team, location etc. This helps in hiring the right number of accounting staff at the right time in the future, reorganizing your workforce and retraining existing employees with a new set of skills as per changing business demands across the organization.So back to our original question, how will we resolve this? The prime solution is finding the right resource planning and scheduling software. Such software holds all the required information on your employees: their skills, their line manager, relevant details of their employment status etc. It also has their availability and schedule for work for the past, present and future. Hence, as far as transparency of your work is concerned, a line manager can easily track those things for administration, budgeting and career development purposes. Simultaneously, project managers are happy because they can get the best resource without having to pay for the wages of hiring a new staff member – all they need to do is simply search through the resource scheduling database and assign available resources to their jobs. Finally the company’s overall bottom line is happy, because the increased efficiency with employee allocation has enabled them to maximize profit, and they can easily track all this information through intuitive software that provides them with powerful, graphically based reports.This leaves us with the final question, do such tools exist out there that can maximize profits for an accounting firm that are cheap and easy to use? Yes there do.
The Top Five Security Information Management Considerations1. Ensure your log management layer is scalable. The log management layer is responsible for collecting the hoards of audit logs within your environment; it is not likely to filter any collected data. A key requirement for a Security Information Management (SIM) tool is to collect all audit log data so that a forensic investigation can be instigated if required. This layer therefore needs to scale to ensure full log collection.2. Comprehensive Reporting. The log management layer should be able to report on activity that have been collected and identified within the accounting and audit logs. This should include running reports across up to 90 days of data. When you are collecting 10-20 million logs a day, this means the report will need to search upwards of 2 billion entries to retrieve the requested data for the report. It is also possible that you will run several reports a day.3. Log Collection. It is important that you can collect logs from across the enterprise. The SIM layer should be a true forensic store of accounting and audit logs that allows a complete investigation, should the need arise. This means you want logs from firewalls, operating systems, applications, VPN’s, Wireless Access Points etc. You therefore need to ensure that logs from all of these sources can be collected. Plain text logs stored in flat files are typically widely collected, as are Windows Event Logs. Event logs stored database’s are not easily collected, so if you have any custom built or internal built applications ensure that these logs can be collected, as often these are stored in some type of database.4. Chain of Custody. Ensure that you can validate that the logs have not been changed or modified, since they were collected from the source device. This should include collection of the logs in real-time from the original device, to ensure they are not modified before collection. This will allow for a forensically assured investigation, if required.5. Trend Dashboards. It is important to be able see the trend of the volume of logs being collected. When collecting millions of logs a day, dash-boarding all of that data becomes pointless, as it will be a sea of information. However the size of the haystacks can tell you if there are problems. For example if you see a huge spike in failed logins, this tells you that there is something going on within the environment that is not normal.The Top Five Security Event Management Considerations1. Correlation. The main purpose of a SEM tool is to filter out the noise from the forensic data and flag up or alert up any suspect behaviour. It is critical therefore that your SEM can filter the rubbish down to useful information via complex correlation rules.It is almost useless to alert on every failed login within your environment, as in large enterprises there are hundreds or thousands of these per day. However 100 failed logins within a five minute span, from an external IP address, for an administrative account should be alerted on and investigated. Your correlation engine should support easy creation of these multiple event rules.2. Dashboards. Once you have generated a correlated alert, you want to place this information on a dashboard for easy user consumption. While it is not feasible to dashboard the forensic data that the SIM has collected, because of the sheer volume, it is recommended to dashboard the SEM alerts, as they are likely to be significantly less in number. On average you should be alerting on less than 1% of 1% of the collected logs that equates to a maximum of 200 alerts from 2 million collected audit logs. With a really strong correlation engine we would expect to eventually tune these alerts down to 2 a day, instead of 200 a day. You only want to be alerted on TRUE security or operational risks to your enterprise, not every time someone fat fingers their password.3. Reporting. While reporting capability is critical for SIM, it is also important for SEM. The reports are not going to be as difficult to produce, for starters you are not reporting against billions of logs, more likely you are reporting against tens of thousands of alerts. But management will want to see that critical alerts have been responded to and resolved.4. Log Normalisation. To create detailed alerts you will need to “understand” the raw logs, for example you will need to understand what part of the log string is the group name, if for example you want to alert when a user is added to an administrator group. Most vendors will create normalisation rules for the standard off the shelf applications, but you should be able to normalise your organisations custom log formats, without having to employ the vendors, likely to be expensive, professional service consultants.5. Alert Management. As well as creating complex alerts based on correlation rules it should be possible to track the status of generated alerts. Has the Alert been resolved? What steps were taken after the alert was raised. A built in ticketing system or tight integration in to an existing ticketing system is a critical feature of a Security Event Management tool.