Not a member? Subscribe Today | Forgot password?

Remember me

Recent Coverage Of Internal Control Issues (SOX 404)

Below is some of the most recent Compliance Week coverage related to the internal control provisions of The Sarbanes-Oxley Act, ubiquitously known as "Section 404 of SOX." Includes extensive coverage of ICFR issues, including the PCAOB's Audit Standard No. 5, and related audit and "top-down, risk-based" approach issues. See also The Resource Exchange for checklists, process maps, surveys, questionnaires, and other tools submitted by public company executives to assist them in complying with SOX 404.

Rethinking Supply Chain Risk Management Strategies

Jaclyn Jaeger February 22, 2012

Companies such as Cisco Systems are working to get more visibility into, and control over, supply chain disruption risks. The strategy: invest heavily in analytics and build risk management into the design and planning phase of that. Other businesses, alas, still lag. "Overall, most companies don't have a strategy for managing supply chain risks," says Jerry O'Dwyer, a principal at Deloitte.

COSO Framework Update Strives for Incremental Change

Tammy Whitehouse January 03, 2012

The Committee of Sponsoring Organizations' proposal to modernize its landmark framework to govern internal controls is finally here—and is being praised as much for what it doesn't change as for what it does. "I don't see companies that have already used COSO having to change anything very much," says Norman Marks, vice president at SAP. A look at the tech-centric, globalized overhaul is inside.

The Reasonable Person: Internal Audit's Role in Internal Investigations

José Tabuena November 08, 2011

Yes, sometimes the best response to an allegation of misconduct is to commission an external investigation—but in many cases, an internal investigation will do just as well. How can you assure objectivity and independence in those cases? Inside, Compliance Week Columnist José Tabuena explores internal audit's role in serving as the "reasonable person" whose expectations are what counts in court.

SEC Settlement Gives Insight on Internal Control Requirements

Jaclyn Jaeger November 08, 2011

A settlement between stock exchange Direct Edge and the Securities and Exchange Commission reveals some of the SEC's latest thinking on proper internal controls. The agency accused the company of failing to invest adequately in its systems and processes, and of lacking proper backup and failover systems. As part of the settlement, Direct Edge agreed to hire a chief compliance officer who reports directly to the CEO.

Boards Continue to Struggle With Oversight of Risk Management

Jaclyn Jaeger September 27, 2011

A new report suggests that boards haven't done all they would like to tackle risk-management issues. More than half of those surveyed say they don't spend enough time on them, and about the same amount say their companies still don't have a chief risk officer. Meanwhile, more than 60 percent say that personal liability risks for directors are increasing. More survey results inside.

Proper Execution of an Employee Survey

Jaclyn Jaeger August 16, 2011

Employee surveys are one of the best ways to measure corporate culture: They create data on workplace behavior, and indicate trouble spots. "What we gain out of them is a better understanding of the ethical environment in our organization," says Bob Miromonti, head of compliance at $1.5 billion Centene Corp. So how should a survey be conducted? Details inside.

Want Strong Controls? Start With Respect

Jason Mefford August 16, 2011

Speaking of employee surveys—Jason Mefford, head of internal audit at Ventura Foods, writes in a guest column this week that one of the most important variables a survey should track is employees' perceptions of respect in the workplace. If you want more engaged and productive employees, he says, then focus on respect in your organization.

Auditing in the Clouds, Coming Down to Earth

José Tabuena July 12, 2011

The move to cloud services continues to accelerate, but the shift is more than just a change in technological platforms. It fundamentally alters the way business and IT systems function. Inside, Columnist José Tabuena looks at the many challenges the cloud creates for internal audit, including a lack of security standards, and finds that no way currently exists to audit the cloud in a consistent manner.

Improving Risk Assessments and Audit Operations

Tammy Whitehouse June 07, 2011

OK, you've been managing Sarbanes-Oxley compliance for years and your internal controls over financial reporting are solid. What's next for the internal audit team? How do you monitor other risks? Audit and compliance executives from Disney, Office Depot, Timken, and elsewhere gave attendees at Compliance Week 2011 a glimpse into their programs. Full coverage inside.

How to Handle Internal Investigations

Jaclyn Jaeger June 07, 2011

Internal investigations are a critical component of a robust compliance program; without the ability to investigate allegations of wrongdoing, your company's credibility with regulators is pretty much sunk. At Compliance Week 2011, a trio of compliance professionals shared their approaches. Their ideas and advice are inside.

The 'Mundane' World of Internal Control

Richard M. Steinberg March 22, 2011

Because of misunderstandings and a lack of board oversight, critical elements of the internal control system are woefully lacking at some companies. Inside, Columnist Richard Steinberg dispels some of the myths of internal controls and explains why it's not enough to simply comply with Section 404 of the Sarbanes-Oxley Act.

Case Study: Tyco International’s Centralized EH&S Audits

Jaclyn Jaeger November 23, 2010

The regulatory and compliance difficulties that accompany a single merger are challenging enough. Now imagine the hurdles that arise when acquiring hundreds of companies in the course of just a few years.

Where Were the Banks’ Internal Controls?

Richard M. Steinberg November 16, 2010

After suffering through one of the worst crises in financial history, the big banks that survived the collapse in 2008 now find themselves dealing with another crisis: the foreclosure fiasco. First, banks lost billions on bad home mortgages and now theyre finding they often dont have proper paperwork showing ownership of the properties on which theyre trying to foreclose.

A Smart Approach to Compliance Program Assessment

José Tabuena November 02, 2010

Ethics and compliance officers, internal auditors, and the like have tried to conduct periodic reviews of their programs, but that has taken on new importance thanks to and updated definition of “effective” compliance programs under the U.S. Sentencing Guidelines.

Did Mark Hurd Deserve to Be Fired From HP? Yes

Richard M. Steinberg September 21, 2010

As Compliance Week readers know, Mark Hurd, the hard-charging chief of Hewlett-Packard—who through acquisitions, layoffs, and cost cutting raised the company’s fortunes—was recently fired. The surrounding circumstances are the stuff of tabloids, including allegations of sexual harassment by a female consultant. We may never know exactly what transpired, and we probably don’t need to. But there are some lessons here worth examining.

Remediation Center: CCOs, Subsidiaries & Reporting Roles

Brotman Ellen August 03, 2010

At the request of subscribers, Compliance Week offers a Remediation Center, in which readers can submit questionsanonymouslyto securities and accounting experts. Compliance Weeks editors will review all questions and then submit themconfidentially, of courseto specialists who can address the issues. The questions and responses will then be reprinted in a future edition of Compliance Week. Below is one of the Q ask your own questions by clicking here.

SAS 70 Reports, in Harsh Spotlight Again

Melissa Klein Aguilar July 27, 2010

A recent analyst report is reminding the compliance community yet again that so-called SAS 70 reports—the supposedly formal assurances software vendors give to corporate customers about their own internal controls—aren't worth much more than the paper they’re printed on.

Key Steps for Auditing the Legal Department

José Tabuena July 07, 2010

General counsels wield lots of power inside a corporation. They are the ones who translate legal mandates that influence how a corporation internalizes its compliance duties, and they have a huge range of daily tasks.

Case Study: Abiomed Conquers Segregation of Duties

Jaclyn Jaeger July 07, 2010

Like most small public companies, Abiomed Corp., a $73 million medical device maker, must meet all the same Sarbanes-Oxley internal control compliance requirements as most large public companies—but with quite fewer resources.

Social Media Use in the Financial Industry

Jaclyn Jaeger June 22, 2010

More and more, the financial services industry is realizing the business benefits of online social media tools—as well as the legal and compliance risks that come along with them.

When to Consider Splitting CEO, Chairman Roles

Richard M. Steinberg June 22, 2010

The question of whether to combine the roles of board chairman and CEO or to separate them generates robust debate, with visceral feelings and often-strained relationships. Many institutional investors and leading governance experts, and indeed many sitting directors, argue in favor of splitting the jobs; many CEOs holding the chairman title insist their authority and the company itself would be badly damaged should they be forced to wear only one hat.

Paper Argues Alternatives to SOX 404 for Small Cos.

Melissa Klein Aguilar June 15, 2010

As smaller public companies hold out hope that Congress will exempt them from compliance with the external auditor provision of Section 404(b) of the Sarbanes-Oxley Act, an academic paper may provide ammunition to the exemption’s supporters.

Tips for Structuring the Compliance Department

Melissa Klein Aguilar June 08, 2010

The structure of corporate compliance departments has become a hot topic lately, thanks in particular to amendments to the U.S. Sentencing Guidelines that put a spotlight on compliance officer’s reporting authority and independence.

Succeeding With External Compliance Monitors

Jaclyn Jaeger June 02, 2010

Any compliance officers out there who believe they have a hard time working with a government-appointed compliance monitor, be quiet. United Launch Alliance has a story that tops yours.

Shop Talk: Managing Third-Party Risks

Jaclyn Jaeger May 11, 2010

On April 22, 2010, Compliance Week and SAI Global presented an exclusive editorial roundtable about strategies for managing third-party risks. The roundtable, held at the Jefferson Hotel in Washington D.C., was moderated by Compliance Week Editor Matt Kelly and Christine Mills, senior vice president of SAI Global. Panelists included executives from Hewlett-Packard, Johnson Controls, Aramark Corp., among others. The following article provides readers with an in-depth look at their discussion.

Auditing the HR Function

José Tabuena May 04, 2010

Workforce issues such as recruitment, retention, diversity, and business conduct are often the expression of a company’s commitment to good values. A company with poor values is probably going to have confused and disgruntled employees. So it should be no surprise that human resource (HR) issues have been at the forefront of major business frauds or reputational breakdowns for years.

Study Finds Gap in Privacy Expectations, Delivery

Melissa Klein Aguilar May 04, 2010

Corporations are still failing to deliver on efforts to tighten up information security and consumer privacy, despite all the bad publicity and legal risks that they—and everyone else—are already painfully aware of, according to a new study on the problem.

Survey: IT Risk, IFRS Are Internal Auditors’ Top Worries

Jaclyn Jaeger April 27, 2010

A new survey of internal auditors finds that they are most concerned about improving their mastery of IT risks and global accounting standards, but seem to be less worried about their expertise in enterprise risk management.

Four Steps to Better Privacy Compliance

Jaclyn Jaeger March 30, 2010

The floodgates of guidance about Massachusetts’ new data privacy regulations are officially open.

Split Opinions on Internal Audit Scrutinizing Compliance

Jaclyn Jaeger March 23, 2010

Internal auditors and chief compliance officers appear to have differing opinions about the internal audit department’s ability to assess risk and compliance functions.

Learning From Culture Mistakes at Toyota, J&J

Richard M. Steinberg March 23, 2010

Oh, how the mighty have fallen—or at least seen their reputations for quality products and “doing the right thing” for customers badly damaged. Let’s take a look at two recent high-profile cases.

Small Filers Struggle With Internal Controls Over Fraud

Melissa Klein Aguilar March 16, 2010

A large school of thought has developed to support the argument that non-accelerated filers should be exempt from compliance with Section 404(b) of Sarbanes-Oxley, which requires external auditors to review and attest to the strength of a company’s internal controls.

Getting Ready for the 2010 Proxy Season

Louis M. Thompson February 17, 2010

Are you ready for the 2010 proxy season? Companies are faced with new rules for expanded disclosure of executive compensation and director experience in the proxy statement. They have more issues that will come under more scrutiny from more people, be they activist investors, proxy advisory services, pension and union funds, or the media. Here’s what you need to consider to be prepared for the proxy season ahead.

Study: Policy Management Needs Improvement

Jaclyn Jaeger February 09, 2010

Compliance officers might be a bit dispirited by a new study of policy-management efforts in Corporate America, which shows that companies are making some improvements at the task but still struggling to achieve the mythical “effective” compliance program amid increasing regulation and tough budgets.

Study: Cos. Still Lagging on Records Management

Jaclyn Jaeger January 26, 2010

A new study of corporations’ records management programs paints a troubling picture of companies still struggling to keep pace with the huge compliance demands piling onto them, despite the strides made in the last several years.

How to Manage Communication About Risks

Richard M. Steinberg January 20, 2010

Every corporate director knows he or she needs relevant information to carry out oversight responsibilities effectively. But it’s not easy to know exactly what that information should be, the form it should take, or where it should come from. Unfortunately, experience shows that too often boards of directors don’t sufficiently focus on these issues, get caught by surprise, and pay a high price.

Chief Compliance Officer Now a Full-Time Job

Melissa Klein Aguilar December 15, 2009

Two new studies confirm what those tasked with oversight of corporate compliance probably already know: More and more often these days, the chief compliance officer’s job is a full-time, stand-alone gig, rather than a secondary duty one handles while wearing some other title.

Navigating Import-Export Compliance

Melissa Klein Aguilar December 08, 2009

Compliance executives at companies conducting business internationally may want to add a check of their import-export compliance policies to their to-do list. You might have more work to do on that front than you think.

Case Study: Small Alaska Utility Gets SOX Compliant

Todd Neff November 10, 2009

Doing business as an electric utility in Alaska has its special challenges, such as bad weather and sometimes-uncertain fuel supplies. But as the leaders of Chugach Electric Association, Alaska’s largest electric utility, will tell you, regulatory compliance is much the same there as in the Lower 48.

404 Study Shows Little Automation Yet

Melissa Klein Aguilar November 03, 2009

Automated internal controls may be the buzzword for compliance with Section 404 of Sarbanes-Oxley, but most companies still rely on old-fashioned manual controls even today, nearly six years after 404 first started going into effect.

Constructing a Privacy-Risk Assessment

Wood David October 06, 2009

At the request of subscribers, Compliance Week offers a Remediation Center, in which readers can submit questions—anonymously—to securities and accounting experts. Compliance Week’s editors will review all questions and then submit them—confidentially, of course—to specialists who can address the issues. The questions and responses will then be reprinted in a future edition of Compliance Week. Below is one of the Q&As; ask your own questions by clicking here.

Why ERM Fails at Small Companies

Stephens Bill October 06, 2009

In my 34 years of experience as an internal auditor, I’ve seen a wide variety of enterprise risk management control failures. And to my thinking, they all share one common denominator: a failure by the board or the CEO to implement an effective ERM program that addressed the right risks.

Maintaining Efficiency, Despite Cutbacks

Jaclyn Jaeger September 15, 2009

“Doing more with less” sounds like a wise, if unwanted, business policy these days—right up until reckless cost-cutting alienates employees and weakens carefully crafted segregation of duties.

Auditing Governance: It Can Be Done

José Tabuena September 09, 2009

A few columns ago, I posited the idea that you can develop an integrated approach to auditing corporate governance, risk, and compliance. First I explored auditing compliance, and the risk. Now I will conclude the series and explain (finally) how governance (the “G” in GRC) provides the foundation that binds these disciplines together in a coherent way.

Amid Anxiety, Red Flag Rules Take Effect

Jaclyn Jaeger July 28, 2009

The Federal Trade Commission’s compliance deadline for its so-called Red Flag Rules has finally arrived, requiring banks and other creditors to have written programs in place to find, stop, and mitigate theft of consumers’ personal data.

Overseeing Subsidiaries’ Internal Controls for SOX

Gramm Brian June 23, 2009

SOX Compliance in the Tech Sector

Todd Neff June 16, 2009

A KPMG survey of technology companies has found that the cost of Sarbanes-Oxley compliance is falling, the number of key controls shrinking, and, most surprisingly, the number of automated controls declining as well.

Toy Story: Industry Mounts Compliance Campaign

Todd Neff June 09, 2009

Earlier this year, the toy industry knew it had a big problem: tough new product-safety rules barreling down the regulatory turnpike, and most toy businesses too small to manage compliance with those rules well.

Managing IT Controls for SOX Compliance

James Bone June 02, 2009

The Sarbanes-Oxley Act is considered by many to be the road to redemption for the past sins of Enron, WorldCom, and other corporate players who subverted the rules of business by using financial engineering to inflate the performance of their businesses. Advocates for SOX consider this legislation an approach to ensure corporate responsibility for financial reports. Others call it over-regulation at its best.

Achieving a Risk-Free Outsourcing System

Bledsoe Yanan May 27, 2009

Corporations face brutal economic conditions these days. To improve business performance, many have cut costs by outsourcing some of their business processes to cheaper labor, often based overseas.

Subscribe to the RSS for this page [view all our RSS feeds here]

Thought Leadership

Compliance and the Road Ahead
Sponsored by Alix Partners

Compliance Week Podcasts ...

Every week we chat with leading thinkers in compliance, auditing, risk management, public policy and more. These short (10-15 minutes) interviews are free to all. Follow Compliance Week podcasts on iTunes.

Compliance Week LinkedIn Group

Compliance Week now has a companion group on LinkedIn, where members can network and discuss the compliance and governance news of the day. Open to all compliance professionals, free to join.

Survey

2012 Compliance Trends, Challenges
Sponsored by Lockpath

COMPLIANCE WEEK SITEMAP

RSS

This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions

Compliance Week provides general information only and does not constitute legal or financial guidance or advice.