Whether real estate developer Forest City is building monolithic skyscrapers or mixed-use developments with thousands of homes, the projects all spring from common origins—in contracts, work documents, permits, engineering drawings, and correspondence that consumed, well, forests of paper. In 2003, the company recognized that its intensifying blizzard of documentation was beginning to be a business […]
Todd Neff
Posted inData Privacy
The Secret Life of Application Controls
Viruses. Worms. Trojans. Denial-of-service attacks. IT security professionals have long wrestled with these and many other external threats, and a bustling industry has sprung up to fend off the pests. Such risks and others posed by those aiming to compromise corporate IT systems and steal data have garnered nearly all the public attention. And from […]
Posted inFrom the Archive
Proof That Cos. Can Go From SOX to ERM
The stage is set for enterprise risk management. Sarbanes-Oxley forced companies to spend a great deal of time and money demonstrating oversight of financial risk—often to the point of overkill. Now, with new guidance from the Securities and Exchange Commission and the Public Company Accounting Oversight Board’s Accounting Standard No. 5, the tectonic shift from […]
Posted inInternal Controls
Defense Giants Step Up IT Security Controls
The U.S. Army describes its Future Combat Systems program as a “cohesive system-of-systems” comprised of software, networks, and hardware (as in next-generation tanks) that will allow the future soldier “to see first, understand first, act first, and finish decisively.” Not long after Boeing was named a lead system integrator on the program in 2004, the […]
Posted inTechnology
Case Study: GeoEye’s Process Improvement
This “case study” is the latest in a series of articles aimed at helping public companies understand how other organizations are using technology to comply with new regulations and standards. These are not advertisements or marketing vehicles for the companies mentioned; Compliance Week’s editorial staff speaks with the public company that has deployed the technology, […]
Posted inBoards & Shareholders
Lessons From HP, Fannie Mae Troubles
All is well these days with electronics giant Hewlett-Packard and mortgage mammoth Fannie Mae. But both suffered recent—and very public—governance crises, and regaining their footing required a good deal of organizational change. Jon Hoak, an HP vice president and chief ethics and compliance officer, and Bill Senhauser, senior vice president and chief compliance officer at […]
Posted inFrom the Archive
“Principles” For Rationalizing Expanding GRC Scope
Since the early 1990s, some 125,000 new rules and regulations have piled up on American businesses, says Miles Everson, a partner with PwC Advisory. At the same time, the pace of change is accelerating, the operating environment is growing more complex, and the extreme transparency of alleged or real compliance transgressions is such that customers, […]
Posted inBoards & Shareholders
Harvey Pitt’s Crisis Management Tips
Former Securities and Exchange Commission chief Harvey Pitt closed out the Compliance Week 2007 conference with his Top 10 list of suggestions for corporate crisis management—or, as he put it, “when bad things happen to good companies.” Pitt’s list stretched a bit past 10 points, something Pitt admitted a weakness for. It boiled down to […]
Posted inFrom the Archive
Cooperation Important For GRC Business-Case Justification
Building the business case for governance, risk, and compliance programs is a bit harder than it was five years ago when Sarbanes-Oxley loomed and hulking fines were breaking news. These days, the fear factor alone won’t cut it, said compliance experts on a panel for building the GRC business case at Thursday’s Compliance Week 2007 […]
Posted inInternal Controls
The Top 10 List For Implementing AS5
Fat risk, lean controls. That’s what Bruce McCuaig said SEC guidance and Public Company Accounting Oversight Board standards should be looking for—risk in this case being the rigorous inventorying of compliance risk. It’s not what he found. McCuaig, chief risk officer for governance, risk, and compliance software firm Paisley, did some word counting recently. In […]