Big 4 audit firms are quietly offshoring portions of the external audit work for publicly held companies, raising a bevy of questions about whether the work is visible to the companies themselves, their investors, and even regulators. Brian Daugherty, assistant professor at the University of Wisconsin, says he first learned of the effort in 2007 […]
Data Privacy
Posted inData Privacy
Security Control Threats in Tight IT Budgets
For all the improvements companies have made to their IT security and control systems in the last five years, one menace still looms large these days: that layoffs will wreck the compliance system you’ve carefully crafted. The most significant threats to a company have always lurked within its own walls. Now, as job security diminishes […]
Posted inInternal Controls
Making Sure Your ID Management System Works
Consider the passport security breach of three presidential candidates last year. Did the State Department have appropriate security controls that should have prevented the breach? Why did senior State Department staffers not learn of the improper access until more than two months after they first occurred? The importance of data and information security has become […]
Posted inData Privacy
Shop Talk: Best Practices on Fraud Risks
On Dec. 3, 2008, Compliance Week and the law firm of White & Case hosted an Editorial Roundtable on fraud risks in emerging markets at the Ritz-Carlton Battery Park Hotel in New York City. Eleven legal and compliance officers were invited to discuss how their companies address global fraud issues. The Roundtable was moderated by […]
Posted inInternal Controls
Avoiding Segregation-of-Duties Woe in IT
With the United States in the grips of an economic crisis, now is as good a time as any for Corporate America to reassess its internal controls. And segregation of duties is always crucial to reducing the occurrence of fraud or error within an organization. “Generally, fraud tends to increase as the economic environment gets […]
Posted inData Privacy
Many Companies Still Unprepared for Red Flag Rules
The compliance deadline for the so-called Red Flag Rules that require financial institutions and creditors to have written programs in place to detect, prevent, and mitigate consumer identity theft, is just around the corner. But, while compliance with the regulations shouldn’t be overly burdensome for most companies, many of them won’t be ready because they’re […]
Posted inData Privacy
Spy vs. Spy: Battling Fraud in Social Networks
So you finally joined the 21st century and created a Facebook page. Now, proudly displayed on your profile for the whole world to see are your date of birth, dating status, hometown, college affiliation, and complete employment history. Welcome to fraud risk in the age of online social networks. As employees, acquaintances and everyone else […]
Posted inData Privacy
DoJ Tools to Pry Information From You
In modern Corporate America, what happens overseas rarely stays overseas—especially if federal prosecutors want to hear about it. Any regulatory investigation can be difficult for a public company, and criminal probes can turn into a nightmare. A probe that reaches overseas subsidiaries or employees, however, only compounds the headache; that’s because the need to produce […]
Posted inInternal Controls
Achieving the Mythical ‘Mature’ GRC System
Companies with “mature” IT governance, risk, and compliance regimes have happier customers, make more money, and suffer fewer data-related disasters. To some extent, that sounds self-evident: If you’re a good company, you’re probably adept at many things, GRC being among them. But now, the fruits of GRC maturity have been statistically quantified. In the IT […]
Posted inData Privacy
Educating Staff Leads to Improved IT Security
In today’s business environment, information security and protection of information assets are vital to the long-term success of all organizations. Information is the lifeblood of corporations and a vital business asset. IT systems connect every internal department of a company and connect the whole company to myriad suppliers, partners, customers, and others on the outside, […]