While companies that haven’t yet had to comply with Section 404 of Sarbanes-Oxley await more guidance and expected tweaks to the standards in place for auditors, those that have already bitten the Section 404 bullet have turned their attention to the next phase in compliance, experts say. With three years of 404 compliance under their […]
Technology
Posted inData Privacy
The Importance Of Auditing IT Projects Well
Changes to a company’s IT infrastructure are a significant source of risk for every business; to protect the corporate crown jewels, robust change-management practices are absolutely critical. The need for a positive “control environment” within IT and a very unforgiving attitude regarding unauthorized IT changes cannot be overstated. In fact, a recent study by the […]
Posted inTechnology
XBRL Advances; SEC: Heed Comment Letters
The Securities and Exchange Commission has decided to forge ahead with its push for widespread adoption of XBRL, announcing a major overhaul of its database of corporate regulatory filings that will use the interactive computer language as its technological heart. The overhaul comes through three contracts worth a total of $54 million, which the SEC […]
Posted inTechnology
Who Are You? ID Management Under SOX
Once upon a time, managing identities was a snap. Corporate IT infrastructure consisted of a single, hulking IBM mainframe with a relatively specialized group of back-office users who were either logged on or not. If line employees or managers had computers at all, they were used for word processing and spreadsheets, and people “networked” machines […]
Posted inRegulatory Enforcement
New IT Risk: Not Monitoring Computer Use
Most savvy corporations already have strict policies about what employees can and cannot do at their workplace computers, but the stakes for not enforcing those policies and properly investigating misuse are rising. In one recent case from New Jersey, a company was sued by the victim of child pornography that a worker had on his […]
Posted inTechnology
Battling The Online Threats To SOX Compliance
Once upon a time, compliance executives didn’t need to worry about the big bad Internet all that much. In the old days, protecting corporate data meant not losing floppy disks or reels of tape. And as corporate networks cropped up in the 1990s, IT security went medieval, erecting the digital equivalent of ramparts and moats […]
Posted inTechnology
Editorial: XBR Hell: The SEC Tries To Dump Its Problems On Public Companies
My goodness, the Securities and Exchange Commission is pushing XBRL hard. Listening to Chairman Christopher Cox and reading the Commission’s related releases, you’d think they had found the Holy Grail of financial reporting. But it ain’t. XBRL, if you haven’t heard, is shorthand for “eXtensible Business Reporting Language.” Basically, it’s a “tagging” language, in which […]
Posted inTechnology
‘Foundational Controls’ For IT Systems
A new study says businesses struggling with controls over IT systems should focus on a select number of “foundational controls” that can make the greatest improvement in a company’s operating and security performance as well as meet regulatory requirements. Conducted by the Information Technology Process Institute, the study identified 21 controls that should be the […]
Posted inTechnology
Building Compliance Efforts With IT Roadmaps
With the heightened focus on corporate governance in general and compliance in particular, companies are weighing more than ever the potential effect of technology on their compliance programs—both to get the job done, and to make the job more complicated. The blueprint to see how technology can help or hinder compliance efforts is a “technology […]
Posted inInternal Controls
Beyond Delete: Intelligent Email Policies
Corporate email retention policies continue to be driven by fears of litigation, leading many companies to adhere to strict “save it until you can delete it” procedures. But more nuanced alternatives exist for companies that want their email policies to be motivated more by business needs than legal risks. Kennedy “Some companies just don’t get […]