Compliance And Technology

Below is some of the most recent Compliance Week coverage on issues related to the intersection of compliance, risk and technology. These articles typically explore information-technology issues as they pertain to reliable financial reporting, internal controls, records retention, ERM, privacy, security, and other global requirements or standards. The list below shows the most recent articles first.

Shop Talk: Cloud Computing Poses New Risks, Opportunities

Cloud computing promises to make IT implementations faster, cheaper, and smarter. So what's the catch? At a recent Compliance Week editorial roundtable co-hosted with Crowe Horwath, compliance, audit, and IT executives discussed the security and data management challenges associated with cloud computing. Full coverage inside.
 

Cloud Computing's Not-So-Silver Lining

Cloud computing is quickly gaining steam, with supporters across Corporate America and the government sector touting the remote computing platform's low cost and simple implementation. But security concerns from legal, audit, and risk-management types stand in the way of mass adoption. More inside.
 

Weighing Risks, Benefits of Cloud Computing and SaaS

As cloud computing and software-as-a-service increase in popularity, concerns are growing over the control and security issues that come with adoption of the technologies.
 

Surveys: Companies Still Struggle With e-Discovery

As the use of smart-phones, tablet computers, and other handheld devices explodes across Corporate America, managing and monitoring that enormous volume of “mobile information” can be a herculean task at the best of times. Add the threats of litigation, swiftly changing technology, and increased regulation, and most compliance programs are left flailing.
 

Current Trends in GRC Software Market

This week we talk with industry analyst Michael Rasmussen about IBM’s acquisition of OpenPages and other trends in the GRC software market.
 

How to Avoid a Data Breach Disaster

A few years ago, a laptop containing encrypted information was stolen from the apartment of an employee at Canandaigua National Bank & Trust, creating a potentially large breach of sensitive customer information.
 

Compliance Week TV: Email Management

Compliance Week talks with Scott Burt, CEO of software firm Integro, about how to build intelligence into email management systems.
 

Survey: Cos. Lack Business Intelligence Capabilities

Despite a growing push in business intelligence tools by software vendors, most companies are still lagging in the analytical skills that help drive better decision making.
 

Shop Talk: Compliance Risks in New Data Technologies

Forward-thinking companies know that the next generation of data technology—online social media services, cloud computing, shared data storage centers, and the like—can be valuable business tools if used wisely.
 

Experts Speak on Using Social Media for Good

Amid headlines trumpeting privacy failures and PR nightmares stemming from employee use of popular social media tools such as Facebook and YouTube, it’s no surprise that many companies still struggle with whether and how to dip their toes in the social media pool.
 

Another Round of XBRL Guidance From SEC

Companies coming under the Securities and Exchange Commission’s rule to submit financial statements tagged using XBRL technology got another round of advice from SEC officials recently to help them with that endeavor.
 

Two Reviews of GRC Software Implementations

Plenty of companies still use Microsoft software or homegrown IT solutions to manage their governance, risk, and compliance efforts, but a respectable fraction have also tried to implement dedicated, enterprise-wide GRC software systems to consolidate the management of multiple regulatory compliance burdens under one IT roof.
 

Case Study: ACS Conquers Identity Management

For Affiliated Computer Services, a Dallas-based IT and business-process outsourcing firm that does business in 100 countries, identity management had become not only a compliance concern by 2008—it was a business risk and productivity drain as well.
 

Monitoring Controls a Top Priority in 2010

As Corporate America settles into 2010, it may want to put stronger monitoring controls on its list of things to do this year.
 

Data Privacy Practices Explored

A consensus is emerging among regulators that companies’ efforts to protect the consumer data they collect need a serious overhaul to keep pace with today’s changing technology landscape.
 

More Expansion Plans for XBRL Reporting

XBRL technology may expand its reach in financial reporting even more in 2010, thanks to several efforts in Congress and the states to use XBRL as a means to reduce complexity in financial statements.
 

Case Study: Managing Post-Trade Compliance

Principal Funds, a group of 112 mutual funds with $280 billion in assets, had a problem with post-trade compliance: It wanted some way to confirm that all its transactions stayed within investment trading rules, and to confirm that every day.
 

Study: Companies Lack Mature GRC Systems

A solid majority of compliance departments in Corporate America still rely on standard Microsoft products to manage their governance, risk, and compliance chores, despite the notorious security weaknesses Microsoft can pose, according to an exclusive Compliance Week study.
 

More Progress, Fewer Errors on XBRL Filings

The mandate for companies to tag their financial statements using XBRL technology hasn’t yet proven to be the compliance nightmare that many feared. It also hasn’t yet revolutionized investors’ ability to analyze and compare corporate data.
 

Report: Few Prepared for e-Discovery

Demands for electronically stored information are increasing, but most companies are still coping with those requests on a case-by-case basis, costing them time and money and putting them at risk for sanctions and fines.
 

The Results Are in on First XBRL Filings

Corporate America has finally begun filing financial statements tagged in XBRL technology—and the mandate once hailed by the Securities and Exchange Commission as a transformational event in financial reporting has passed with little fanfare.
 

Cloud Computing Vs. Internal Controls

John Bace, a research analyst at the Gartner Group, had just finished a presentation for a corporate client. Discussion shifted to the company’s data storage, and the client’s CIO mentioned he planned on moving much of that data to “the cloud.”
 

A Comprehensive Approach to Compliance Risks

Frank Lopez’s recent Compliance Week guest column, “Tips for Mitigating Whistleblower Risk,” provided a good overview of whistleblower policy, as well as some excellent suggestions for improving the anonymous hotline reporting process overall. It also got me thinking about the importance of moving beyond the hotline, and beyond business-as-usual reporting on risk- and compliance-related incidents.
 

Required Reading for the XBRL Mandate

Corporate compliance officers who don’t already know the Securities and Exchange Commission’s adopting release for its XBRL mandate—and know it well—ought to put it on their summer reading list.
 

XBRL: More Plans, Still Little Enthusiasm

The XBRL community is launching a new movement to expand corporations’ use of the data-tagging technology to mergers, reorganizations, and similar transactions—even though Corporate America still hasn’t even started complying with a previous mandate to use XBRL in financial statements.
 

Choosing From a Plethora of e-Discovery Vendors

Since the Federal Rules of Civil Procedure were overhauled in 2006 to address the complicated issues of electronic discovery in civil litigation, the number of e-discovery vendors has more than quadrupled. But not all vendors—while ready and willing—can fit every client’s unique needs.
 

Using XBRL to Attack Systemic Risk

Already hard at work making Security and Exchange Commission filings interactive, XBRL technology now finds itself at the heart of plans to save the U.S. financial system from future calamity.
 

eDiscovery Rules for Document Preservation

Technology is often key to helping any business endure a government investigation or lawsuit—and can just as often be the company’s undoing if it navigates the perils of e-discovery poorly.
 

Final XBRL Rule Starts New Compliance Push

The Securities and Exchange Commission has finally delivered its mandate—all 206 pages of it—that corporations start filing financial statements using XBRL technology.
 

Making the Most of ERP Systems for IT Control

Enterprise resource planning software is designed to reach into all corners of an organization and integrate the data throughout the whole company. But when it comes to compliance, cracks remain.
 

Security Control Threats in Tight IT Budgets

For all the improvements companies have made to their IT security and control systems in the last five years, one menace still looms large these days: that layoffs will wreck the compliance system you’ve carefully crafted.
 

XBRL: Who Will Use This Stuff?

When Christopher Cox, former chairman of the Securities and Exchange Commission, heralded the arrival of XBRL technology last year as the greatest advance in financial reporting in 20 years, he declared: “Interactive data will enable new analysis tools to put key information at every investor’s fingertips within seconds, exactly as the investor wishes to see it.”
 

SEC Mandates XBRL Filings by July 2009

The Securities and Exchange Commission has given corporations one final farewell gift before the end of the Bush Administration: six more months to comply with the new XBRL mandate.
 

New Ideas on Corporate Disclosure

A consensus is beginning to emerge that the Securities and Exchange Commission should scrap its 20-year-old system of electronically filed periodic reports—although nobody knows just what new system should be built to haul the SEC into the 21st century.
 

IT Security Benchmarks Help Battle Hackers

IT security may be a routine part of doing business, but it retains an unmistakable aura of a black art, where recovering hackers in white hats battle evil black-hats using various forms of digital sorcery.
 

Perfecting Your IT Infrastructure, the Backbone of GRC

An integrated approach to governance, risk, and compliance will not work without an IT infrastructure to support it; after all, take the wiring out of your Maserati and see how much good its fine-tuned Italian engineering does.
 

Online Shareholder Forums Slow to Catch On

Despite rule changes aimed at facilitating online communication between companies and their shareholders, it seems electronic shareholder forums are an idea whose time hasn’t come, just yet.
 

Spy vs. Spy: Battling Fraud in Social Networks

You did it! You finally joined the 21st century and created a Facebook page. Now, proudly displayed on your profile for the whole world to see are your date of birth, dating status, hometown, college affiliation, and complete employment history.
 

SEC to Shed EDGAR for New IDEA

As companies await a final Securities and Exchange Commission rule that will force them to use XBRL technology in their financial filings as soon as next year, the SEC has unveiled an XBRL push of its own: scrapping the EDGAR database in favor of a new system to handle “interactive data” filings.
 

Advice on IT Governance After a Merger

Christian Phillips, chief security officer at payment processing company Regulus and an old hand at running corporate IT departments, knows all too well the challenges of blending IT departments after a merger.
 

Views on XBRL Adoption

Editor’s note: The Securities and Exchange Commission plans to publish a rule mandating XBRL technology for financial statements as soon as this fall. To hear how much of a challenge XBRL implementation can be, we caught up with four financial reporting executives at companies that have already been participating in the SEC’s voluntary pilot XBRL filing program. These are their stories. If you're interested in hearing first-hand the experiences of the speakers below, join Compliance Week at our XBRL Primer, Nov. 19 in New York City.
 

XBRL Validation—Can It Be Trusted?

The Securities and Exchange Commission can mandate use of XBRL technology for financial reporting all it wants. Ultimately, however, the investing public must take one key action to make companies’ investments in XBRL worth all that time and money.
 

Cautious Support for Proposed XBRL Rule

Corporate America is generally voicing support for the Securities and Exchange Commission’s proposed rule to mandate that corporations file financial statements using XBRL technology, although a few gripes remain about the timetable for adoption and about the difficulty of handling footnotes.
 

New PCI Rules Arrive, Confusion Remains

Another flurry of IT security rules to protect consumers’ credit card data went into effect this month—not that they will be much help to bewildered and frustrated retailers across the country.
 

Explaining IT Risks to Senior Management

Explaining IT risk to senior executives and board directors in a meaningful way has always been difficult for computer folks. Now two major independent efforts to bridge the language gap have begun, with a third to follow later this year.
 

Survey: Many Unprepared for XBRL

A new Compliance Week survey suggests that most of Corporate America is barely aware of XBRL, the financial reporting technology the Securities and Exchange Commission is poised to mandate later this fall.
 

SEC Gets Worldwide Report Card on XBRL

As the Securities and Exchange Commission marches toward the mandatory adoption of XBRL technology, it is hearing encouraging words from its counterparts around the globe already using the eXtensible Business Reporting Language.
 

XBRL Meets Modern Investor Relations

Three years ago, the Securities and Exchange Commission introduced a financial reporting “tagging” concept called eXtensible Business Reporting Language (XBRL). Seventeen pioneers—including 3M Company, Altria Group, Microsoft, Pfizer, and Xerox—volunteered to file their financial statements using XBRL, to see what this new technology could do.
 

SEC Wants Quick Action on XBRL

The Securities and Exchange Commission has released the details of its proposal to mandate XBRL technology for financial filings and begun a full-court press to get a rule passed as quickly as it can.
 

The Early Questions on XBRL Adoption

The Securities and Exchange Commission has yet to release its formal proposal that companies start adopting XBRL technology for financial reports starting as soon as next year—so Corporate America is engaging in some good old rampant speculation until then.
 
 Subscribe to the RSS for this page  [view all our RSS feeds here]

Compliance Week Podcasts ...

Every week we chat with leading thinkers in compliance, auditing, risk management, public policy and more. These short (10-15 minutes) interviews are free to all. Follow Compliance Week podcasts on iTunes.

Compliance Week LinkedIn Group

Compliance Week now has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day. Open to all compliance professionals, free to join.

Survey of the Week


Deloitte is conducting their annual Look Before You Leap: Managing Risks in Global Investments survey to better understand the approaches companies are taking to address compliance and integrity-related risks in emerging markets. 

Thought Leadership

The Risk Intelligent CCO
Sponsored by Deloitte

FCPA Compliance
Sponsored by Kroll Advisory Services

Upcoming Webcasts

ERP Security "Health Check"
Sponsored by ControlPanel GRC

Financial Continuous Monitoring
Sponsored by Infor

Event of the Week

World Class Financial Assurance
Sponsored by Infor