For Target, it was a heating and air conditioning company. At a large oil company it was a nearby Chinese restaurant. Hackers increasingly use third-party relationships to gain access to computer networks and steal data. The trend means that companies need to conduct even better due diligence on third-party relationships than they do already. And here’s the hard part: Even the smallest, most insignificant relationship can be the avenue for a breach. More inside.
As companies put the finishing touches on the adoption of the updated framework for internal controls, many are realizing that there are hidden benefits to the work. Audit experts say there are several other areas where elements of the updated COSO framework can apply, such as divisional reporting, customer profitability analyses, sustainability reports, and other areas. “Compliance is the easiest area to apply this to,” said Kenneth Blomster, a risk assurance partner with PwC.
The Antitrust Division of the Department of Justice has signaled a shift in its enforcement approach concerning companies that violate antitrust laws and don’t have effective compliance programs. During two recent speeches, Antitrust officials said they would seek court-supervised probation in such cases. “Conversely, companies that can demonstrate they have adopted or strengthened existing compliance programs may be able to avoid probation,” said Brent Snyder, the Division’s deputy assistant attorney general for criminal enforcement.
At long last, IT audit is finding its place in the sun—so says the latest IT Audit Benchmarking Study, published last week by ISACA. By almost any measure, IT audit is getting a higher profile at large organizations. What does that mean for compliance officers, and how can they work with IT audit as more IT-related risks arise? Compliance Week Editor Matt Kelly gives his thoughts inside.
Three years after a lawsuit scuttled the SEC’s proxy access rule, a new push is underway to give shareholders the right to nominate directors directly on the proxy. New York City Comptroller Scott Stringer, on behalf of the $160 billion New York City pension funds, recently submitted proxy access shareholder proposals to 75 companies. The move, some say, could trigger an avalanche of similar proposals in the 2015 proxy season and beyond. More inside.
Banks, retailers, online services, and others that issue prepaid cards to consumers will soon have some new rules to follow, including the need to conduct “ability to repay” assessments if they offer credit options. The rules, proposed by the Consumer Financial Protection Bureau, could also bring new regulations to mobile and peer-to-peer payment systems, such as Google Wallet and PayPal. More details inside.
Chances are your annual and quarterly financial reports are too long, and it’s not just that regulators and rulemakers require too much information. Lots of words in your filings are neither useful nor required. Since they aren’t important or necessary, take them out. Inside, columnist Scott Taub makes some suggestions for eliminating the unnecessary information and verbiage from your financial filings.