About Us

The Phoenix Story

• Bringing Education and Assessment to Audit
• The first storm
• Banking to Telecommunications
• Ominous Clouds and biting wind
• Bracing for the big storm
• Participation and Contribution
• What is Facilitated Compliance Management™ (FCM)?
• Core Value
• Bread Crumbs
• Shingles
• RegWatch

The Story

PB&SP founder (Robin Basham) began Phoenix with over a decade experience in managing Information Technology and Audit services within public, private and federal/government, banking, education, telcom, defense and manufacturing industries . Designing and implementing ITIL® Service Support and Infrastructure Management programs,  contributing to various Application Life cycle and Database Management initiatives, participating in advance degree and technical committees across areas such as Java Enterprise and Open Source Standards,, leading Process Engineering (as conforming to ISO 9000), delivering Capital Projects Requirements Analysis (as aligned to Department of Defense), completing major OSS Migration across two platforms including SAP, MetaSolve an Remedy (Telcom), and currently delivering project management, ongoing control self assessment programs, SAS 70 and Sarbanes-Oxley internal compliance reporting, supplemented by 100+ workflow process diagrams mapping COBIT®.and ITIL® controls across entire organizations, and facilitating live compliance reporting using mainstream desktop applications.

PB&SP provides regular on line and face to face certified COBIT®.4.0 and ITSM ISEB Foundation level IT Governance and Regulatory Training.

Bringing education, technology and assessment to audit   [Top]

Entering IT a fifteen year veteran to assessment, graduate level training, and the implementation of networking and software to meet special learning in mainstream environments, Ms. Basham discovered that industry efforts to operate at a profit in spite of complex financial, legal, conformity assessment standards presented a familiar challenge. Projects aiding conformity to (ISO 9000, ISO 14000 and ISO17799), and evolving certifications around SDLC and CMM standards, extended programs from utility and data management to facilitating standard practice in development of procedures and guidance toward maintaining acceptable risk and compliance management posture.

Working extensively in the design and data management, projects ranged from:

• Decision Support Systems (DSS) to
• Order Management Systems (OMS) and
• Data Center Management (DCM) according to TMN, ITIL® and FCAPS
• Operations Support System and
• Data Integrity between Financial, Service and Network Management Systems.

The following consistent and increasingly normalized elements emerged:

• Process architecture models must adapt to meet specialized business requirements
• Any variance from the norm needs policy, work instructions, and monitoring
• Process Controls Map, aligning Risk to Legal Requirement and control to meeting risk
• Business case workflow and data validation controls were only as effective as the communication across all phases of the Development Life cycle
• Role based access is driven by policy, no matter what the condition or product
• Anything measured is fair game for audit and data retention
• Performance Metrics are more than executive show and tell

The first storm   [Top]

1996 marked the millennium bug and mounting concerns over business continuity. Career and Education Director for Association for Women in Computing (AWC), Robin pitched a Y2K Conference promoting SDLC and Quality Management standards. Joining AWC forces with ASM (Association for Systems Management) SIM (Society for Information Management), and PMI (Project Management Institute), Robin directed, RoadMap 2001. 30 industry leaders and 400 Babson attendees collaborated on best management and project practice necessary to avert the pending crisis. Unfortunately no one’s vision included the business scandals and failures of ethic that lay ahead.

Banking to Telecommunications [Top]

Codes of Federal Regulation exploded with the onset of on line Banking, but even more demanding were those with responsibility to enforce FCC regulations in an industry evolving technologies and products adapted as mainstream and made obsolete by competition or bad design overnight. Attempts to maintain market position unleashed a frenzy of cutting edge software and devices, always claiming alignment to IEC and TeleManagement Forum (TM Forum) standards, and always released with little or no attention to testing, support, change, security and performance management process. Where small configuration anomalies affected legal and financial requirements, Telcom OSS platforms too came and went, costing the industry billions of dollars, but never providing audit with simple clean answers to inventory and count.   After two unsuccessful OSS migrations, Ms. Basham proposed a grass roots Performance Management Forum, networking metrics to finance and service data, with comparative reports presented monthly to CTO and Executive Board.  People realized the numbers told the truth, and soon after joined the ranks of WorldCom, Global Crossing and MCI.

Ominous clouds and biting wind [Top]

2001 marked by common stories of hidden debt, overstated value and manipulated dates in the name of stock values and ironically keeping share-holders happy, Corporate scandals such as WorldCom and Enron rippled through Wall Street, swelling to an unemployment tsunami.  With so many peers out of work, Ms. Basham took a leap of faith, turning private practice into corporation.   Upholding conformity to legal mandates had been simply a part the last twenty years in professional practice, (See RegWatch), but with Sarbanes-Oxley Act of 2002 there was widespread need of Facilitated Compliance Management™ and documentation of all controls related process.

The SEC asked for internal controls reporting as aligned to The Committee of Sponsoring Organizations of the Treadway Commission (COSO), adding to the implications of the Clinger Cohen act, suggesting efficient balance between business and systems, where IT scores aligned to meeting business objectives.  The accounting oversight mandate aimed to force order out of chaos, but the renaissance came from ISACA in the form of an IT controls assessment roadmap, Control Objectives for Information and related Technology (COBIT®.).   The breakthrough IT governance standard did not’t introduce new methods or technologies.  To the contrary, this IT toolkit provided a comprehensive matrix enabling controls visibility across all enterprise IT functions.  Using language that spoke to an overall business assessment, an underlying organizations resource model and all other form of audit and conformity requirements were now represented with one single compliance standard.

After 9/11 and more than half million technology layoffs, Ms. Basham regarded COBIT®. as the phoenix.  Phoenix Business and Systems Process, (PB&SP) adopted COBIT®., ISO/IEC 17799:2000 and ITIL® (BS15000 and ICT Infrastructure Management Best Practice) standards as comprehensive response to all mandates over IT control.   As Sarbanes-Oxley’s requirements immobilized the United States economy, PB&SP first two years assisted corporations as well known as Siemens, Raytheon and Journal Communication to implement IT Infrastructure and Assessment programs entirely aligned to the measurements found in COBIT®..

Bracing for the big storm [Top]

Released January 2003 to the Association for Women in Computing, “Scoping Sarbanes-Oxley.” urged a lowest common denominator approach, meeting section 404 general control attestation requirements  A full two years in advance of the ISACA, PricewaterhouseCoopers LLC, IIA, AICPA landmark direction “IT Control Objectives for Sarbanes-Oxley, [i]   Ms. Basham’ s strategy stressed a risk based approach, lowest cost and highest return controls, and distributed self assessment activity that would enforce a program of sustainable compliance.

Participation and Contribution [Top]

Avoiding claim to answers, Ms. Basham’s wisdom is aligning questions to authorities, and tools to business, technology and audit requirements.  Firm believer in collaboration, she makes full use of platforms for professional development, offering any new ideas to a team “reality check” on the ISACA list services open forum of technology, audit and legal experts.  Keeping current in definitive rulings, PB&SP leverages collaboration among leaders at IIA, ISACA, OASIS,  their associated committee members and resources, and guidance as provided by the efforts of our Big5 (PricewaterhouseCoopers LLP, Deloitte & Touche LLP, Ernst & Young global, KPMG International, and Protiviti® Inc).   Global Communications by ISACA and direct attention to posted changes by FASB, GASB, AICPA, ISACA, and IFAC, as would affect Information Systems Audit and Control guidelines is of primary focus to PB&SP.

Acting as liaison between OASIS, ISACA, itSMF and the IIA, Ms. Basham’s influence is seen in practical templates, UML proposals and applications for RunBook and Risk Management.  Robin’s most current publication, a satire regarding the struggle to stay current with industry is titled The Perils of Mount Must Read  Introducing a new theory of Compliance Professional Evolution, the story reveals a common mission to unite by way of standards and alignment to the best each has to offer.   The Perils are caused by everyone’s pervasive anxiety in just trying to stay afloat.

What is Facilitated Compliance Management™ (FCM)? [Top]

DoD, Telcom, Securities and Trading, Education, Government and Banking regulations, impact every aspect of systems and operations management.  PMM (Personal Maturity Management) methods guided creation of a process and controls tracking application. Database and grew from Help Desk, to Order Management, to Process Engine and Knowledge Base.  Managing Process Engineering and later Controls Assessment teams the application became known as the SamePage Process Development Tracking, an unofficial and non registered trade mark.  Designed as an evolving compliance prototype, the tool is provided to clients and was never intended to be sold as product.  Discovering that SamePageSolutions had registered and been provided a SamePage trademark, application for FCM, "Facilitated Compliance Management" trademark was immediately filed and the use of SamePage in reference to PB&SP practice is now phased out.  Resisting offers to turn what is now FCM into another compliance product, the tool remains true to its intended purpose, offering open code and data models for use as a compliance prototype, leveraging the portability of Microsoft HTML, BPEL and XML Compliant Microsoft Visio Standard and VBA forms posting to a SQL back end.

Core Value [Top]

PB&SP keeps clients ahead of the compliance curve. Using a combination of best of breed tools and processes for RunBooks, Configuration and Change Management, Enterprise Risk Management, Security Management and Performance Management, PB&SSP emphasizes ITIL® [ii] , and COBIT® frameworks ., prudent examination of existing infrastructure, and technology acquisition recommendations based in a risk and legal context.  PB&SP utilizes partner resources to provide clients with extended requirements in long term data support, network management, software development and staff augmentation.  These are no fee, value add perks and are among the many reasons clients remain satisfied with PB&SP.

Bread Crumbs  [Top]

Presentations in the last year include, Organization for the Advancement of Structured Information Standards (OASIS) 2005 Symposium in New Orleans, Information Technology Service Management Forum, New England (itSMF), Information Systems Audit and Control Association Chicago and Cleveland Chapters (ISACA), Financial Executive and Technology Executive Networking Groups (FENG/ TENG)  Robin is a regular contributor and a founding member of the OASIS Configuration Compliance Technical Committee and an regular contributor the ISACA IT Governance, Information Security and Sarbanes-Oxley Compliance and COBIT®.list services.

Shingles  [Top]

Among Robin's credentials are Certified Information Systems Auditor (CISA), ITIL® Foundations certification (ISEB), Master Degree in Information Technology (M.IT), and a Masters of Education (M.Ed).