Compliance And Technology

Below is some of the most recent Compliance Week coverage on issues related to the intersection of compliance, risk and technology. These articles typically explore information-technology issues as they pertain to reliable financial reporting, internal controls, records retention, ERM, privacy, security, and other global requirements or standards. The list below shows the most recent articles first.

Information Governance: How to Destroy Data ... for Good

April 16, 2013

Compliance Week concludes our six-part series on information governance this week with a natural endpoint: how to handle your data once it's ready for final destruction. Techniques to destroy data are less effective than you'd think, but litigation and privacy risks make the final phase of governance vital. "If you leave data around, it can come back and bite you," says Doug Miles of AIIM. More inside.
 

SEC's Social Media Guidance Raises as Many Questions as it Answers

April 09, 2013

Last week the Securities and Exchange Commission approved the use of social media sites such as Facebook and Twitter to make company announcements. While some criticized the agency for taking so long to embrace modern communication technology, others quickly pointed out that the guidance raises lots of new questions on using social media to disclose material information. Details inside.
 

Legal Departments Struggle With Technology Shifts

April 02, 2013

Cloud-based storage and the ubiquity of smart phones and tablets are pushing legal teams in charge of e-discovery to the limit. Two separate surveys released in March indicate that the legal department is falling behind on managing electronic discovery. The studies also reveal a significant lack of communication and collaboration among legal, IT, records management, and other business units.
 

e-Discovering the Cloud

March 26, 2013

Moving data-heavy components such as e-mail and collaboration systems to the cloud is a no-brainer, right? Not so fast. Companies that don't consider the cloud's implications on e-discovery could suffer major headaches later in excess litigation costs or damages resulting from poor recordkeeping. "You can see it as a train wreck waiting to happen if you don't think about these things in advance," says Michael Lackey, a partner at law firm Mayer Brown.
 

Clouds With Industry-Specific Compliance Built In

March 19, 2013

Companies have increasingly been turning to cloud providers that cater to specific industries, such as financial services or healthcare, to satisfy their unique security and compliance needs. Now industry-specific clouds are cropping up in such diverse industries as gambling and filmaking. "Here's a model that I think makes a lot of sense for a lot of industries," says Mike West, an analyst at consulting firm Saugatuck Technology.
 

Protecting Data From Inside and Outside Threats

March 12, 2013

In the next installment of our Information Governance series, we look this week at how to keep data protected (from threats inside and outside the business) once you create it. "When a genie is out of the bottle, it's out of the bottle," says Matthew Butkovic of Carnegie Mellon University. Thankfully, he and others say, principles and control systems are emerging to help you keep a cork on the data you have.
 

Info Governance: Get Data Classification Right First

March 05, 2013

Data classification is one of the most crucial elements of information governance—yet one that many companies fail to implement well. They want to put adequate security controls around the most sensitive data, but they have no process for determining what that data is, or where it resides. In part three of our six-part series on information governance, we look at common mistakes in data classification.
 

Catching and Managing New Data

February 20, 2013

In part two of our four-part series on information governance, we look at how companies are stockpiling mountains of data, with varying degrees of usefulness and sensitivity. Increasingly, compliance is playing a role in helping organizations to break down information silos and ensure that data users inside the company understand the compliance and regulatory risks inherent in customer and employee information.
 

Human Error, Not Hackers Cause Most Data Breaches

February 05, 2013

Sophisticated cyber-security attacks on companies may get all the attention, but the most common cause of data breaches isn't hackers; it's usually little more than simple human error—laptops left in taxis, smartphones forgotten on a restaurant table, or misplaced thumb drives. "It's not really an ominous cyber problem; it's actually a people problem," says Shane Sims, director of PwC's advisory forensics practice.
 

Changing Your Data-Hoarding Ways

February 05, 2013

Some companies are finding that they are the corporate equivalent of hoarders, needlessly holding on to piles of documents and files. Fear of running afoul of litigation holds and a wide variety of data preservation laws keeps them from deleting data that is often redundant, obsolete, or holds no value. Most companies store "ridiculous amounts of garbage," says Barclay Blair, president of consulting firm ViaLumina.
 

How the SEC Is Using Analytics to Spot Reporting Problems

January 29, 2013

The Securities and Exchange Commission is hard at work on a project, the Accounting Quality Model, that when finished could subject all financial filings to sophisticated analysis for risky accruals, accounting problems, and even fraud. SEC Chief Economist Craig Lewis described it as "a model that allows us to discern whether a registrant's financial statements stick out from the pack." Details inside.
 

A Successful BYOD Policy Balances Usability and Control

December 18, 2012

Allowing employees to use their personal gadgets for work causes several compliance headaches, but companies find it increasingly difficult to keep them out or see bring-your-own-device policies as a cost saver. "The reality is that BYOD is being forced upon the major corporations we interact with," says David Remnitz, leader of Ernst & Young's forensic technologies and discovery services practice. Inside we look at how to weigh the benefits with the concerns.
 

Big Data Privacy Standards: Working Toward Progress

December 11, 2012

Big Data holds great promise in helping companies mine the vast quantities of data they collect for new insights on risk, fraud, and especially on the purchasing habits of customers. But along with that promise come the challenges of using customer data in a responsible way. Two separate groups are now working on sets of guidelines to encourage fair information practices to address privacy and data security concerns of Big Data analytics. Details inside.
 

Battling Escalating Risks With Emerging Technology

November 27, 2012

Adapting to the increasing speed and complexity of risk was a common theme throughout the Compliance Week West conference earlier this month in Palo Alto, Calif. While evolving technology was touted as part of the solution, compliance officers also warned about its potential to create new problems. Follow the discussion inside.
 

Disclosure Questions Arise After a Cyber-Attack

November 13, 2012

When hit with a cyber-attack, many companies choose to remain tight-lipped on the incident, despite guidance from the SEC that requires disclosure of cyber-security risks and attacks that result in material losses. "Companies may find that the risk of actual disclosure is much higher than the penalties for not disclosing," says Josh Walderbach, senior network security and compliance analyst at data security company LogRhythm.
 

Data Mapping Doesn't Have to Be Daunting

November 06, 2012

The first step in any effort to improve data management is to figure out what data the company has, where it is, how important it is, and whether the data is still needed. But data mapping can be complex and time-consuming. To make it easier, enlist business units to help, and "try to tackle it by business process," says Chris Babel, CEO of online privacy software vendor TRUSTe. More tips inside.
 

Compliance Officers Wear Many Hats

November 06, 2012

How odd can the odd jobs of a chief compliance officer get? There's the compliance exec who follows sales reps into the operating room, the CCO who hired a model to help with an investigation—so much for not attracting attention that time—and plenty more weird moments you can encounter on the job. We have a few tales from the front inside.
 

Effective Policy Enforcement Involves Technology

October 30, 2012

Document-centric approaches to policies—that lack technology to manage communication and enforcement—are a recipe for disaster, and could actually cost companies more, since they expose them to ineffective policy management. In the latest installment of our GRC Illustrated series, we look at how IT systems can be put to work for policy management, so the compliance team can, you know, actually enforce things.
 

Managing Compliance Risks in the Supply Chain

October 23, 2012

Lapses in ethics and compliance by major suppliers or contract manufacturers not only cause embarrassment and anger consumers, as companies like Apple and Samsung can attest; they also create exposure to potential violations of anti-bribery and corruption laws. Increasingly, companies are improving processes and systems to manage risk in the supply chain. How? More details inside.
 

New Social Media Privacy Laws Raise Questions for Financial Firms

October 10, 2012

New rules that prohibit employers from demanding access to employee social media accounts—passed or proposed by Congress and 17 states—could conflict with financial industry requirements for firms to monitor business-related communications between employees and clients. In an age when the lines are often blurred between personal and business use of social media, the new rules could be problematic for employers. Details inside.
 

Considering an Acquisition? Get Ready for Litigation

September 25, 2012

Most large acquisitions are now followed by litigation. That means merger-minded companies need to be on the legal defensive from the moment a deal gets considered, including putting a bulletproof e-discovery strategy in place. Merged companies, however, are tough environments to manage data. "Most companies don't have a good handle on their data assets," says Robert Rohlf, e-discovery counsel at software company Exterro.
 

Group Emerges to Develop Big Data Privacy Standards

September 11, 2012

Sure, Big Data has massive potential to provide new insights about customers and how they use products and services, but it also raises a host of privacy and data security concerns. Companies such as Verizon, eBay, IBM, and others have developed the Big Data Working Group to establish joint solutions and create standards on privacy, possibly to beat government regulators to the punch. More details inside.
 

Samsung's Failure to Warn of Legal Loss Raises Accounting Questions

September 11, 2012

Samsung was hit with a $1 billion jury verdict in its patent lawsuit with Apple last month, but it had made no warning to investors in financial statements leading up to the verdict, despite accounting rules to disclose potential losses. The omission highlights the difficulties of putting loss contingency rules into practice. A full look at what Samsung and Apple did and didn't report before the verdict is inside.
 

Big Data: For All Its Promise, Obstacles Remain Ahead

August 28, 2012

So Big Data has arrived, has immense potential, and could help compliance functions in all sorts of ways. Wonderful news—but that doesn't mean companies will be able to embrace the concept easily. In the last article of our four-part series on Big Data, we look at all the obstacles still remaining, from the availability of data to finding skilled Big Data workers, and more. The full story is inside.
 

Big Data: Starting Small, Scaling Up

July 31, 2012

Corporate America is taken with Big Data right now, yes—but that doesn't mean the idea is, well, a big bang. "Familiar ideas writ large" may be more apt. In the second part of our Big Data series, we look at several businesses tip-toeing into Big Data for improved auditing and efficiency. "It's a lot of smaller, lower-value things we can do that, over time, should have a bigger impact," says Neil Frieser, head of audit for Frontier Communications.
 

Big Data: Unlocking the Potential of Information

July 17, 2012

The modern corporation now gushes with data, every day, of all kinds, in staggering amounts. How can risk and compliance officers put all that information to use? This week Compliance Week kicks off a four-part series examining the era of "Big Data," and how compliance officers can find their role in this landmark business transformation. More inside.
 

Latest NLRB Social Media Guidance Draws Criticism

June 26, 2012

The National Labor Relations Board has published yet more guidance for companies on how to craft social media policies—but this time, some say it may have overstepped its bounds. "It's so overbroad," says Martha Zackin, of counsel at law firm Mintz Levin. The report takes issue with aspects of policies widely used among companies. Details inside.
 

Outlook for Data Security in the Cloud Starting to Brighten

April 17, 2012

Cloud computing has a long list of benefits, and two big risks: data security and compliance weakness. Take heart, however; while those problems are still a long way from being solved, cloud providers are starting to make inroads. Providers are doing more to certify their compliance strength and to create service agreements that make moving data onto the cloud much less of a leap of faith. Details inside.
 

Mobile Computing Raises New e-Discovery Challenges

December 13, 2011

More employees are accessing sensitive company data on mobile gadgets, such as smartphones and tablets, and many of them are doing it on their personal devices. This new reality is creating e-discovery challenges, since it makes it harder for companies to quickly produce required data. "To get to that data, they need to have it in an easily accessible place," says Philip Favro, a discovery attorney at IT security company Symantec.
 

Mobile Apps: Productivity Godsend, Compliance Headache

November 01, 2011

Smartphones, tablet computers, and the thousands of apps that run on them are wonderful ways to solve problems—er, unless you're a compliance officer. Then they're just a problem. "With laptops, people are comfortable with the security risks, but the phones aren't there yet," says Kevin Johnson of Secure Ideas. "Right now it's, 'Put a policy in place and hope.'" Inside, we look at what types of apps cause the most trouble, and why.
 

Shop Talk: Cloud Computing Poses New Risks, Opportunities

February 15, 2011

Cloud computing promises to make IT implementations faster, cheaper, and smarter. So what's the catch? At a recent Compliance Week editorial roundtable co-hosted with Crowe Horwath, compliance, audit, and IT executives discussed the security and data management challenges associated with cloud computing. Full coverage inside.
 

Cloud Computing's Not-So-Silver Lining

January 19, 2011

Cloud computing is quickly gaining steam, with supporters across Corporate America and the government sector touting the remote computing platform's low cost and simple implementation. But security concerns from legal, audit, and risk-management types stand in the way of mass adoption. More inside.
 

Weighing Risks, Benefits of Cloud Computing and SaaS

October 05, 2010

As cloud computing and software-as-a-service increase in popularity, concerns are growing over the control and security issues that come with adoption of the technologies.
 

Surveys: Companies Still Struggle With e-Discovery

October 05, 2010

As the use of smart-phones, tablet computers, and other handheld devices explodes across Corporate America, managing and monitoring that enormous volume of “mobile information” can be a herculean task at the best of times. Add the threats of litigation, swiftly changing technology, and increased regulation, and most compliance programs are left flailing.
 

Current Trends in GRC Software Market

September 17, 2010

This week we talk with industry analyst Michael Rasmussen about IBM’s acquisition of OpenPages and other trends in the GRC software market.
 

How to Avoid a Data Breach Disaster

September 14, 2010

A few years ago, a laptop containing encrypted information was stolen from the apartment of an employee at Canandaigua National Bank & Trust, creating a potentially large breach of sensitive customer information.
 

Compliance Week TV: Email Management

September 10, 2010

Compliance Week talks with Scott Burt, CEO of software firm Integro, about how to build intelligence into email management systems.
 

Survey: Cos. Lack Business Intelligence Capabilities

August 31, 2010

Despite a growing push in business intelligence tools by software vendors, most companies are still lagging in the analytical skills that help drive better decision making.
 

Shop Talk: Compliance Risks in New Data Technologies

July 07, 2010

Forward-thinking companies know that the next generation of data technology—online social media services, cloud computing, shared data storage centers, and the like—can be valuable business tools if used wisely.
 

Experts Speak on Using Social Media for Good

June 02, 2010

Amid headlines trumpeting privacy failures and PR nightmares stemming from employee use of popular social media tools such as Facebook and YouTube, it’s no surprise that many companies still struggle with whether and how to dip their toes in the social media pool.
 

Another Round of XBRL Guidance From SEC

March 30, 2010

Companies coming under the Securities and Exchange Commission’s rule to submit financial statements tagged using XBRL technology got another round of advice from SEC officials recently to help them with that endeavor.
 

Two Reviews of GRC Software Implementations

March 23, 2010

Plenty of companies still use Microsoft software or homegrown IT solutions to manage their governance, risk, and compliance efforts, but a respectable fraction have also tried to implement dedicated, enterprise-wide GRC software systems to consolidate the management of multiple regulatory compliance burdens under one IT roof.
 

Case Study: ACS Conquers Identity Management

February 09, 2010

For Affiliated Computer Services, a Dallas-based IT and business-process outsourcing firm that does business in 100 countries, identity management had become not only a compliance concern by 2008—it was a business risk and productivity drain as well.
 

Monitoring Controls a Top Priority in 2010

January 20, 2010

As Corporate America settles into 2010, it may want to put stronger monitoring controls on its list of things to do this year.
 

Data Privacy Practices Explored

January 20, 2010

A consensus is emerging among regulators that companies’ efforts to protect the consumer data they collect need a serious overhaul to keep pace with today’s changing technology landscape.
 

More Expansion Plans for XBRL Reporting

January 05, 2010

XBRL technology may expand its reach in financial reporting even more in 2010, thanks to several efforts in Congress and the states to use XBRL as a means to reduce complexity in financial statements.
 

Case Study: Managing Post-Trade Compliance

December 22, 2009

Principal Funds, a group of 112 mutual funds with $280 billion in assets, had a problem with post-trade compliance: It wanted some way to confirm that all its transactions stayed within investment trading rules, and to confirm that every day.
 

Study: Companies Lack Mature GRC Systems

December 01, 2009

A solid majority of compliance departments in Corporate America still rely on standard Microsoft products to manage their governance, risk, and compliance chores, despite the notorious security weaknesses Microsoft can pose, according to an exclusive Compliance Week study.
 

More Progress, Fewer Errors on XBRL Filings

November 24, 2009

The mandate for companies to tag their financial statements using XBRL technology hasn’t yet proven to be the compliance nightmare that many feared. It also hasn’t yet revolutionized investors’ ability to analyze and compare corporate data.
 

Report: Few Prepared for e-Discovery

October 20, 2009

Demands for electronically stored information are increasing, but most companies are still coping with those requests on a case-by-case basis, costing them time and money and putting them at risk for sanctions and fines.
 
 Subscribe to the RSS for this page  [view all our RSS feeds here]

Compliance Week LinkedIn Group

Compliance Week now has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day. Open to all compliance professionals, free to join.

Events of the Week

Addressing the Challenges of Solvency II Pillars 2 and 3
Sponsored by IBM

Information Governance: Managing the Lifecycle of Data
Sponsored by HP Autonomy

Who's Minding the Files? Managing the File Transfer Explosion
Sponsored by IBM

e-Books

Getting It In Writing: The Art of Policy Management
Sponsored by NAVEX Global

Information Governance: Managing the Lifecycle of Data
Sponsored by HP Autonomy

Anti-Money Laundering Illustrated: Visualizing an Effective Capability
Sponsored by OCEG

Thought Leadership

Today's Chief Audit Executive: Continuing on a Path to Value Creation
Sponsored by Grant Thornton

What Does an Effective Customer Risk Assessment Program Look Like?
Sponsored by OCEG

Getting Ready for the Physician Payment 'Sunshine' Rule
Sponsored by Bloomberg BNA

New Compliance Week and Kroll Benchmarking Report on Anti-Bribery & Corruption
Sponsored by Kroll

Upcoming Webcasts

Strengthening Controls in 2013, Part 3: Purchase-to-Pay Cycle
Sponsored by ACL

Evolution of Compliance: 2013 State of Compliance Survey Results
Sponsored by PwC

Compliance Week Podcasts ...

Every week we chat with leading thinkers in compliance, auditing, risk management, public policy and more. These short (10-15 minutes) interviews are free to all. Follow Compliance Week podcasts on iTunes.