Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.
e-Book: Cultivating a Culture of Compliance
In this e-Book, produced by Compliance Week in cooperation with NAVEX Global, we explore practical steps organizations can take to create and sustain a culture of compliance—from fine-tuning and globalizing their code of conduct to ensuring employees are equipped to make ethical business decisions. Download here.
The Office of the National Coordinator for Health IT has released an updated version of its privacy and security guidance to help healthcare providers better understand how to integrate federal health information privacy and security requirements into their practices. The guidance was last published in 2011. Details inside.
The SEC is not the only government agency cracking down on “pre-taliation risk” in confidentiality agreements with employees; many others are turning their attention to the issue, too. “This is really a new focus for these agencies,” says Christopher Calsyn of the law firm Crowell Moring. Compliance officers may feel stuck between preserving proprietary information and encouraging a speak-up culture. More inside on how to balance those priorities.
Sure, compliance officers do not have to fulfill their company’s ethics and compliance mission alone, but building a network of compliance ambassadors (or champions, or liaisons, or whatever you call your helpers) can be laborious. Inside, we asked compliance officers from Lockheed, GenCorp, DTE Energy, and elsewhere how they built their networks and what strategies they recommend to others.
Five years of increasingly rigorous PCAOB inspections have driven audit firms to improve their efforts at scrutinizing corporate financial statements and internal control. Companies receiving that pressure say the heightened scrutiny is clear; the question is whether it is making audits better, or just bigger and more expensive. “Companies are feeling the pressure from auditors,” says Lorraine Malonza of Financial Executives International. “The audit process has become longer and more difficult.”
Sometimes all the angst and analysis about FCPA enforcement need not happen; sometimes, voices in the enforcement community just tell us what’s coming. That has been the case lately, Compliance Week columnist Tom Fox writes this week, as the SEC’s recent settlement with KBR over confidentiality agreements proves. Inside, he examines where the KBR case came from and how your compliance team should react to it.
A novel interpretation of the Dodd-Frank Act is rattling buyers of raw materials. The Commodities Futures Trading Commission is moving against Kraft Foods for a big bet in the wheat market, using a section of Dodd-Frank everyone previously assumed was intended to curb high-frequency traders. “The case shows that the new Dodd-Frank anti-manipulation rules are broad and cover both users and traders,” says Braden Perry, a former CFTC attorney now in private practice.
Pop quiz: Try to name a recent example of corporate misconduct that did not somehow include a company’s vendors or third parties. It’s not easy, and third parties are now a huge part of the compliance officer’s responsibility. In our latest Compliance Week executive forum, we gathered a dozen CCOs to talk about vendor risks and building a systematic approach to handling them. The full conversation is inside.
Amassing terabytes of data is easy; for most businesses, managing those valuable—and sometimes very risky—assets is the hard part. A successful data governance initiative, experts say, isn’t a project you can hand off to the IT department or solve with a software purchase. Compliance, audit, and risk executives all need to work with business and IT leaders to craft a useful governance program. How to get started? Read on.