Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Keep me logged in Forgot your password?

Please wait...

Please wait...

Compliance And Technology

Below is some of the most recent Compliance Week coverage on issues related to the intersection of compliance, risk and technology. These articles typically explore information-technology issues as they pertain to reliable financial reporting, internal controls, records retention, ERM, privacy, security, and other global requirements or standards. The list below shows the most recent articles first.

Balancing the Power of Social Media With Compliance Risks

March 18, 2014

While no one doubts the power of communicating over social media, the risks are numerous. First are the risks of running afoul of regulations that cover records retention, e-discovery, labor relations, advertising, and disclosure, to name a few. Then there are the reputational risks involved with unmanaged or unplanned messaging. To strike a balance, companies must craft policies that don't overly restrict the business from leveraging social media, while addressing all these risks. More inside.

Boards Look to Boost IT, Data Security Oversight

March 11, 2014

Two recent surveys find that boards admit they have a poor grasp of cyber-security and data breach risks, and that management does a poor job of providing them with adequate information for effective oversight. To bridge the gap, boards are looking to boost their IT and data management experience and ask better questions of management. Details inside.

Are You Ready for Bitcoin?

January 07, 2014

Bitcoin, a virtual currency that has remained mostly on the fringes of online transacting, could be set to go mainstream, as companies like,, and Zynga begin accepting it for payment and others consider it as a financial hedging tool. Bitcoin's quirks offer some unique benefits, along with several accounting, risk, and compliance challenges. More detail inside.

Harnessing Big Data to Find Fraud? First, Find the Data

January 07, 2014

For all the promise of using Big Data to spot potential fraud, there's a steep hill to climb when getting started: identifying what data to gather and analyze from the heaps of information most companies generate. Getting it wrong can waste time and money. "You really want to collect and analyze only the data that is going to be of most value to you," says David Jonker, senior director at business software company SAP.

Some Growing Pains, but No Stopping BYOD

November 05, 2013

Some companies may be rethinking their policies of letting employees bring their own devices to work and accessing company data and networks with them, as the task of managing data and keeping up with new product releases proves difficult, and cost savings aren't meeting expectations. But don't expect a reversal of the trend. Surveys indicate that companies are still planning to move to BYOD in the coming years. More inside.

EU Regulators: Prepare Now for New Data Protection Rules

October 29, 2013

EU policymakers want companies to prepare now for new data protection rules, even though regulators are still working out several aspects of the plan and there's a chance the project could still collapse. "There is still genuine disagreement about how data protection should work" in Europe, said Simon McDougall, managing director of consulting firm Promontory at the recent Compliance Week Europe conference. Inside, we look at the potential for changes to the draft legislation.

Busting the Barriers Between Compliance, IT, and the Business

October 22, 2013

Large, global companies have plenty of language barriers to consider—including the communication gaps that divide business functions. During a panel discussion at last week's Compliance Week Europe conference, compliance and legal executives from telecom giant BT and Bank of Ireland looked at how compliance executives can unify all three sides early, often, and effectively. More inside.

Getting a Grip on Investigations & Data

August 06, 2013

Internal investigations, and the endless reams of data each one can bring, may seem overwhelming—but with savvy use of modern IT systems, compliance teams can cut an investigation's time and cost while increasing its effectiveness. Big Data analysis, de-duplication, automated translation, visualization, and other tools can turn an unwieldy probe into an organized one. More details inside.

e-Discovery in Multimedia Age

August 06, 2013

Not only the volume of information subject to e-Discovery is exploding; now the formats for that information are, too. So even as companies still struggle to pore through electronic libraries of text, e-Discovery of audio and video material is coming up fast. That will require new IT and legal department processes, but savvy compliance execs can leverage those advances in other ways. More inside.

Is Your Confidential Data Safe in the Hands of Regulators?

July 30, 2013

Regulators spend a lot of time looking at how well private enterprise can protect sensitive data and defend against cyber-attacks. But what about the government agencies themselves? Are they able to secure the massive trove of confidential corporate and consumer data they collect? "It seems they are not doing much better than the private sector with this," says Tom Smedinghoff, a partner with the law firm Edwards Wildman Palmer.

Anti-Bribery Efforts Turning to Technology

July 16, 2013

As regulators turn up the heat on anti-bribery and corruption compliance, companies are increasingly turning to technology solutions to improve programs and search for potential problems. Transaction monitoring, third-party monitoring, e-mail review—all can be used to find penitential violations of the Foreign Corrupt Practices Act. Inside, we provide a sampling of some of the latest technology solutions, from full GRC compliance suite offerings to point solutions.

SEC May Bolster Cyber-Threat Disclosure Guidance

July 02, 2013

New guidance may be on the way that would require companies to say more about their exposure to cyber-security risks and provide more detail on specific attacks. While the Securities and Exchange Commission issued guidance in 2011 calling for voluntary disclosures, new Chairman Mary Jo White has called for the SEC to consider new ways to improve the disclosures after Sen. John Rockefeller (D-W.Va.) urged more stringent requirements.

The Latest Fraud-Finding Tools

June 11, 2013

As companies continue to advance Big Data projects, they are realizing that sophisticated data analytics that combine structured and unstructured data might give them their best chance yet to pinpoint fraud, waste, and abuse by employees. Inside, we look at the latest fraud-finding techniques, including social media search, text analytics, and recognizing deviations from behavior patterns and how companies are combining them to spot the red flags of fraud.

Retooling the Compliance Function for Modern Technology Risks

June 04, 2013

It sounds simple enough on paper: As new risks emerge, the compliance function adapts to address them. In an age of rapidly evolving technology, however, that approach can leave organizations a step behind. At the recent Compliance Week 2013 conference, a panel of experts discussed how to build a framework to address technology and data risks as they emerge, not after they do. Their advice is to focus less on the specific technologies and put more policies and controls around the larger principles.

Information Governance: How to Destroy Data ... for Good

April 16, 2013

Compliance Week concludes our six-part series on information governance this week with a natural endpoint: how to handle your data once it's ready for final destruction. Techniques to destroy data are less effective than you'd think, but litigation and privacy risks make the final phase of governance vital. "If you leave data around, it can come back and bite you," says Doug Miles of AIIM. More inside.

SEC's Social Media Guidance Raises as Many Questions as it Answers

April 09, 2013

Last week the Securities and Exchange Commission approved the use of social media sites such as Facebook and Twitter to make company announcements. While some criticized the agency for taking so long to embrace modern communication technology, others quickly pointed out that the guidance raises lots of new questions on using social media to disclose material information. Details inside.

Legal Departments Struggle With Technology Shifts

April 02, 2013

Cloud-based storage and the ubiquity of smart phones and tablets are pushing legal teams in charge of e-discovery to the limit. Two separate surveys released in March indicate that the legal department is falling behind on managing electronic discovery. The studies also reveal a significant lack of communication and collaboration among legal, IT, records management, and other business units.

e-Discovering the Cloud

March 26, 2013

Moving data-heavy components such as e-mail and collaboration systems to the cloud is a no-brainer, right? Not so fast. Companies that don't consider the cloud's implications on e-discovery could suffer major headaches later in excess litigation costs or damages resulting from poor recordkeeping. "You can see it as a train wreck waiting to happen if you don't think about these things in advance," says Michael Lackey, a partner at law firm Mayer Brown.

Clouds With Industry-Specific Compliance Built In

March 19, 2013

Companies have increasingly been turning to cloud providers that cater to specific industries, such as financial services or healthcare, to satisfy their unique security and compliance needs. Now industry-specific clouds are cropping up in such diverse industries as gambling and filmaking. "Here's a model that I think makes a lot of sense for a lot of industries," says Mike West, an analyst at consulting firm Saugatuck Technology.

Protecting Data From Inside and Outside Threats

March 12, 2013

In the next installment of our Information Governance series, we look this week at how to keep data protected (from threats inside and outside the business) once you create it. "When a genie is out of the bottle, it's out of the bottle," says Matthew Butkovic of Carnegie Mellon University. Thankfully, he and others say, principles and control systems are emerging to help you keep a cork on the data you have.

Info Governance: Get Data Classification Right First

March 05, 2013

Data classification is one of the most crucial elements of information governance—yet one that many companies fail to implement well. They want to put adequate security controls around the most sensitive data, but they have no process for determining what that data is, or where it resides. In part three of our six-part series on information governance, we look at common mistakes in data classification.

Catching and Managing New Data

February 20, 2013

In part two of our four-part series on information governance, we look at how companies are stockpiling mountains of data, with varying degrees of usefulness and sensitivity. Increasingly, compliance is playing a role in helping organizations to break down information silos and ensure that data users inside the company understand the compliance and regulatory risks inherent in customer and employee information.

Human Error, Not Hackers Cause Most Data Breaches

February 05, 2013

Sophisticated cyber-security attacks on companies may get all the attention, but the most common cause of data breaches isn't hackers; it's usually little more than simple human error—laptops left in taxis, smartphones forgotten on a restaurant table, or misplaced thumb drives. "It's not really an ominous cyber problem; it's actually a people problem," says Shane Sims, director of PwC's advisory forensics practice.

Changing Your Data-Hoarding Ways

February 05, 2013

Some companies are finding that they are the corporate equivalent of hoarders, needlessly holding on to piles of documents and files. Fear of running afoul of litigation holds and a wide variety of data preservation laws keeps them from deleting data that is often redundant, obsolete, or holds no value. Most companies store "ridiculous amounts of garbage," says Barclay Blair, president of consulting firm ViaLumina.

How the SEC Is Using Analytics to Spot Reporting Problems

January 29, 2013

The Securities and Exchange Commission is hard at work on a project, the Accounting Quality Model, that when finished could subject all financial filings to sophisticated analysis for risky accruals, accounting problems, and even fraud. SEC Chief Economist Craig Lewis described it as "a model that allows us to discern whether a registrant's financial statements stick out from the pack." Details inside.

A Successful BYOD Policy Balances Usability and Control

December 18, 2012

Allowing employees to use their personal gadgets for work causes several compliance headaches, but companies find it increasingly difficult to keep them out or see bring-your-own-device policies as a cost saver. "The reality is that BYOD is being forced upon the major corporations we interact with," says David Remnitz, leader of Ernst & Young's forensic technologies and discovery services practice. Inside we look at how to weigh the benefits with the concerns.

Big Data Privacy Standards: Working Toward Progress

December 11, 2012

Big Data holds great promise in helping companies mine the vast quantities of data they collect for new insights on risk, fraud, and especially on the purchasing habits of customers. But along with that promise come the challenges of using customer data in a responsible way. Two separate groups are now working on sets of guidelines to encourage fair information practices to address privacy and data security concerns of Big Data analytics. Details inside.

Battling Escalating Risks With Emerging Technology

November 27, 2012

Adapting to the increasing speed and complexity of risk was a common theme throughout the Compliance Week West conference earlier this month in Palo Alto, Calif. While evolving technology was touted as part of the solution, compliance officers also warned about its potential to create new problems. Follow the discussion inside.

Disclosure Questions Arise After a Cyber-Attack

November 13, 2012

When hit with a cyber-attack, many companies choose to remain tight-lipped on the incident, despite guidance from the SEC that requires disclosure of cyber-security risks and attacks that result in material losses. "Companies may find that the risk of actual disclosure is much higher than the penalties for not disclosing," says Josh Walderbach, senior network security and compliance analyst at data security company LogRhythm.

Data Mapping Doesn't Have to Be Daunting

November 06, 2012

The first step in any effort to improve data management is to figure out what data the company has, where it is, how important it is, and whether the data is still needed. But data mapping can be complex and time-consuming. To make it easier, enlist business units to help, and "try to tackle it by business process," says Chris Babel, CEO of online privacy software vendor TRUSTe. More tips inside.

Compliance Officers Wear Many Hats

November 06, 2012

How odd can the odd jobs of a chief compliance officer get? There's the compliance exec who follows sales reps into the operating room, the CCO who hired a model to help with an investigation—so much for not attracting attention that time—and plenty more weird moments you can encounter on the job. We have a few tales from the front inside.

Effective Policy Enforcement Involves Technology

October 30, 2012

Document-centric approaches to policies—that lack technology to manage communication and enforcement—are a recipe for disaster, and could actually cost companies more, since they expose them to ineffective policy management. In the latest installment of our GRC Illustrated series, we look at how IT systems can be put to work for policy management, so the compliance team can, you know, actually enforce things.

Managing Compliance Risks in the Supply Chain

October 23, 2012

Lapses in ethics and compliance by major suppliers or contract manufacturers not only cause embarrassment and anger consumers, as companies like Apple and Samsung can attest; they also create exposure to potential violations of anti-bribery and corruption laws. Increasingly, companies are improving processes and systems to manage risk in the supply chain. How? More details inside.

New Social Media Privacy Laws Raise Questions for Financial Firms

October 10, 2012

New rules that prohibit employers from demanding access to employee social media accounts—passed or proposed by Congress and 17 states—could conflict with financial industry requirements for firms to monitor business-related communications between employees and clients. In an age when the lines are often blurred between personal and business use of social media, the new rules could be problematic for employers. Details inside.

Considering an Acquisition? Get Ready for Litigation

September 25, 2012

Most large acquisitions are now followed by litigation. That means merger-minded companies need to be on the legal defensive from the moment a deal gets considered, including putting a bulletproof e-discovery strategy in place. Merged companies, however, are tough environments to manage data. "Most companies don't have a good handle on their data assets," says Robert Rohlf, e-discovery counsel at software company Exterro.

Group Emerges to Develop Big Data Privacy Standards

September 11, 2012

Sure, Big Data has massive potential to provide new insights about customers and how they use products and services, but it also raises a host of privacy and data security concerns. Companies such as Verizon, eBay, IBM, and others have developed the Big Data Working Group to establish joint solutions and create standards on privacy, possibly to beat government regulators to the punch. More details inside.

Samsung's Failure to Warn of Legal Loss Raises Accounting Questions

September 11, 2012

Samsung was hit with a $1 billion jury verdict in its patent lawsuit with Apple last month, but it had made no warning to investors in financial statements leading up to the verdict, despite accounting rules to disclose potential losses. The omission highlights the difficulties of putting loss contingency rules into practice. A full look at what Samsung and Apple did and didn't report before the verdict is inside.

Big Data: For All Its Promise, Obstacles Remain Ahead

August 28, 2012

So Big Data has arrived, has immense potential, and could help compliance functions in all sorts of ways. Wonderful news—but that doesn't mean companies will be able to embrace the concept easily. In the last article of our four-part series on Big Data, we look at all the obstacles still remaining, from the availability of data to finding skilled Big Data workers, and more. The full story is inside.

Big Data: Starting Small, Scaling Up

July 31, 2012

Corporate America is taken with Big Data right now, yes—but that doesn't mean the idea is, well, a big bang. "Familiar ideas writ large" may be more apt. In the second part of our Big Data series, we look at several businesses tip-toeing into Big Data for improved auditing and efficiency. "It's a lot of smaller, lower-value things we can do that, over time, should have a bigger impact," says Neil Frieser, head of audit for Frontier Communications.

Big Data: Unlocking the Potential of Information

July 17, 2012

The modern corporation now gushes with data, every day, of all kinds, in staggering amounts. How can risk and compliance officers put all that information to use? This week Compliance Week kicks off a four-part series examining the era of "Big Data," and how compliance officers can find their role in this landmark business transformation. More inside.

Latest NLRB Social Media Guidance Draws Criticism

June 26, 2012

The National Labor Relations Board has published yet more guidance for companies on how to craft social media policies—but this time, some say it may have overstepped its bounds. "It's so overbroad," says Martha Zackin, of counsel at law firm Mintz Levin. The report takes issue with aspects of policies widely used among companies. Details inside.

Outlook for Data Security in the Cloud Starting to Brighten

April 17, 2012

Cloud computing has a long list of benefits, and two big risks: data security and compliance weakness. Take heart, however; while those problems are still a long way from being solved, cloud providers are starting to make inroads. Providers are doing more to certify their compliance strength and to create service agreements that make moving data onto the cloud much less of a leap of faith. Details inside.

Mobile Computing Raises New e-Discovery Challenges

December 13, 2011

More employees are accessing sensitive company data on mobile gadgets, such as smartphones and tablets, and many of them are doing it on their personal devices. This new reality is creating e-discovery challenges, since it makes it harder for companies to quickly produce required data. "To get to that data, they need to have it in an easily accessible place," says Philip Favro, a discovery attorney at IT security company Symantec.

Mobile Apps: Productivity Godsend, Compliance Headache

November 01, 2011

Smartphones, tablet computers, and the thousands of apps that run on them are wonderful ways to solve problems—er, unless you're a compliance officer. Then they're just a problem. "With laptops, people are comfortable with the security risks, but the phones aren't there yet," says Kevin Johnson of Secure Ideas. "Right now it's, 'Put a policy in place and hope.'" Inside, we look at what types of apps cause the most trouble, and why.

Shop Talk: Cloud Computing Poses New Risks, Opportunities

February 15, 2011

Cloud computing promises to make IT implementations faster, cheaper, and smarter. So what's the catch? At a recent Compliance Week editorial roundtable co-hosted with Crowe Horwath, compliance, audit, and IT executives discussed the security and data management challenges associated with cloud computing. Full coverage inside.

Cloud Computing's Not-So-Silver Lining

January 19, 2011

Cloud computing is quickly gaining steam, with supporters across Corporate America and the government sector touting the remote computing platform's low cost and simple implementation. But security concerns from legal, audit, and risk-management types stand in the way of mass adoption. More inside.

Weighing Risks, Benefits of Cloud Computing and SaaS

October 05, 2010

As cloud computing and software-as-a-service increase in popularity, concerns are growing over the control and security issues that come with adoption of the technologies.

Surveys: Companies Still Struggle With e-Discovery

October 05, 2010

As the use of smart-phones, tablet computers, and other handheld devices explodes across Corporate America, managing and monitoring that enormous volume of “mobile information” can be a herculean task at the best of times. Add the threats of litigation, swiftly changing technology, and increased regulation, and most compliance programs are left flailing.

Current Trends in GRC Software Market

September 17, 2010

This week we talk with industry analyst Michael Rasmussen about IBM’s acquisition of OpenPages and other trends in the GRC software market.

How to Avoid a Data Breach Disaster

September 14, 2010

A few years ago, a laptop containing encrypted information was stolen from the apartment of an employee at Canandaigua National Bank & Trust, creating a potentially large breach of sensitive customer information.
 Subscribe to the RSS for this page  [view all our RSS feeds here]

Compliance Week now has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day. Open to all compliance professionals, free to join.

Top Global GRC Risks
Sponsored by NAVEX Global

Thought Leadership

Data: The Tail That Wags the Stress Test
Sponsored by Trillium Software

Conflict Minerals Webcast Series
Sponsored by 3e Co., iPoint, Schulte Roth & Zabel and Source Intelligence

Compliance Week Podcasts ...

Every week we chat with leading thinkers in compliance, auditing, risk management, public policy and more. These short (10-15 minutes) interviews are free to all. Follow Compliance Week podcasts on iTunes.