As compliance officers and IT executives in charge of compliance systems contemplate the one-year anniversary of the regulatory reform brought on by the Dodd-Frank Act, only more uncertainty and change lie ahead. The U.S. Court of Appeals’ recent decision striking down shareholder proxy access rules mandated by Dodd-Frank, for example, ensures that rulemaking from the […]
James Bone
Posted inTechnology
Preparing the IT Department for Dodd-Frank
Just as companies were beginning to recover from the biggest financial collapse since the Great Depression, President Obama signed into law the Dodd-Frank Wall Street Reform and Consumer Protection Act last July. Dodd-Frank creates new regulators, provides existing regulators with new rulemaking and enforcement powers, and creates a host of new regulatory hoops for companies […]
Posted inTechnology
Managing the Risks of IT Project Failure
Every year, companies invest millions of dollars on large-scale IT projects that are technically correct, yet still fail to deliver promised results. Sometimes these large projects fail because nobody could clearly articulate what a successful outcome would look like in the first place. Without doubt, IT auditors and risk managers need a better approach that […]
Posted inTechnology
Where Good Risk Management IT Systems Come From
In case you’ve been living under a rock the last few quarters, here’s a quick update: all the hip, in-the-know business leaders are focusing these days on how to understand and manage risks more effectively. At a conference I recently attended, several senior executives stated that prior to the financial crisis of 2008, their firms […]
Posted inData Privacy
Updating PCI Compliance to Thwart Breaches
Breaches of consumers’ personal information are quickly becoming one of the biggest operational risks facing any business conducting electronic commerce. How big? The Federal Trade Commission estimates that breaches of “PCI” hit 9 million Americans and cost about $52 billion—annually. With so many PCI security breaches making headlines, you can’t help but question how effective […]
Posted inTechnology
Finding GRC Software to Suit Your Needs
The popularity and proliferation of governance, risk, and compliance systems has grown over the years as regulatory requirements have become more complex. So it’s little wonder that IT, risk, and compliance professionals have sought ways to make their lives less complex. After all, who wouldn’t want some form of automated process that delivers real-time data […]
Posted inData Privacy
Developing a Matrix for Cloud-Computing Compliance
If you spend any time eavesdropping on your CIO’s conversations these days, you’re likely to hear him or her talk about “virtualization.” As technology goes, virtualization is a nifty idea: software programs out on the Internet somewhere serving the same function as hardware typically housed in your company’s data center. It travels under multiple names—cloud […]
Posted inInternal Controls
Managing IT Controls for SOX Compliance
The Sarbanes-Oxley Act is considered by many to be the road to redemption for the past sins of Enron, WorldCom, and other corporate players who subverted the rules of business by using financial engineering to inflate the performance of their businesses. Advocates for SOX consider this legislation an approach to ensure corporate responsibility for financial […]