If compliance is from Mars, then IT security is from Venus. Take Sarbanes-Oxley compliance as an example. The law makes clear that a corporation’s financial information shall be secure, but it says nothing about exactly how a company is supposed to achieve security in the IT realm. At the other, far more verbose end of […]
Technology
Posted inData Privacy
Still A Disconnect Between Compliance, IT
It’s the disappointing truth about much of Corporate America’s IT efforts: Despite years of overhauls, tweaks, and projects, many companies still remain unprepared for lawsuits, audits, or regulatory probes because they lack the IT infrastructure to manage their data effectively and apply it to compliance efforts. So say two recent studies trying to gauge the […]
Posted inTechnology
Electronic Delivery, Cost Savings For Public Companies Remains On The SEC Backburner
The folks over at the Securities and Exchange Commission have been pretty busy this year. So far in 2006, they’ve already proposed rules on executive compensation disclosure, mutual fund fees, commodity trading, short selling and more—including the Section 404 extension for non-accelerated filers. And just last month the SEC announced it would propose an amendment […]
Posted inTechnology
Experts Expect Surge In IT-Controls Automation
While companies that haven’t yet had to comply with Section 404 of Sarbanes-Oxley await more guidance and expected tweaks to the standards in place for auditors, those that have already bitten the Section 404 bullet have turned their attention to the next phase in compliance, experts say. With three years of 404 compliance under their […]
Posted inTechnology
XBRL Advances; SEC: Heed Comment Letters
The Securities and Exchange Commission has decided to forge ahead with its push for widespread adoption of XBRL, announcing a major overhaul of its database of corporate regulatory filings that will use the interactive computer language as its technological heart. The overhaul comes through three contracts worth a total of $54 million, which the SEC […]
Posted inData Privacy
The Importance Of Auditing IT Projects Well
Changes to a company’s IT infrastructure are a significant source of risk for every business; to protect the corporate crown jewels, robust change-management practices are absolutely critical. The need for a positive “control environment” within IT and a very unforgiving attitude regarding unauthorized IT changes cannot be overstated. In fact, a recent study by the […]
Posted inTechnology
Who Are You? ID Management Under SOX
Once upon a time, managing identities was a snap. Corporate IT infrastructure consisted of a single, hulking IBM mainframe with a relatively specialized group of back-office users who were either logged on or not. If line employees or managers had computers at all, they were used for word processing and spreadsheets, and people “networked” machines […]
Posted inRegulatory Enforcement
New IT Risk: Not Monitoring Computer Use
Most savvy corporations already have strict policies about what employees can and cannot do at their workplace computers, but the stakes for not enforcing those policies and properly investigating misuse are rising. In one recent case from New Jersey, a company was sued by the victim of child pornography that a worker had on his […]
Posted inTechnology
Battling The Online Threats To SOX Compliance
Once upon a time, compliance executives didn’t need to worry about the big bad Internet all that much. In the old days, protecting corporate data meant not losing floppy disks or reels of tape. And as corporate networks cropped up in the 1990s, IT security went medieval, erecting the digital equivalent of ramparts and moats […]
Posted inTechnology
Editorial: XBR Hell: The SEC Tries To Dump Its Problems On Public Companies
My goodness, the Securities and Exchange Commission is pushing XBRL hard. Listening to Chairman Christopher Cox and reading the Commission’s related releases, you’d think they had found the Holy Grail of financial reporting. But it ain’t. XBRL, if you haven’t heard, is shorthand for “eXtensible Business Reporting Language.” Basically, it’s a “tagging” language, in which […]
