The U.S. Judicial Conference recently took an important step toward addressing electronic discovery issues by approving proposed amendments to the Federal Rule of Civil Procedure that will force e-discovery issues to be addressed early in the litigation process and protect companies from having to dig up data that is not reasonably accessible. Although the amendments […]
Technology
Posted inData Privacy
MIT Researcher Talks IT Risk And Impact On Enterprise
Companies engaged in risk assessments typically review financial and operational risks, sometimes at the expense of technical risks. We recently tracked down and spoke with Dr. George Westerman—a researcher at the Center for Information Systems Research at MIT’s Sloan School of Business—to hear about his research into IT risk and effective risk management practices. An […]
Posted inTechnology
“Zubulake” Decisions Raise Expectations For E-Records
A series of rulings by a federal judge in New York have significantly raised expectations for corporations and their lawyers when it comes to preserving electronic evidence in the face of threatened litigation, experts tell Compliance Week. Kotler The often-cited rulings by U.S. District Court Judge Shira A. Scheindlin came in an employment discrimination suit […]
Posted inData Privacy
Companies Deal With New Data Security Regulations
In today’s corporate digital world, where paranoia over data security abounds, at least one business believes in the value of getting inside a person’s head—and it may be onto something. First Financial Credit Union, serving 70,000 members in California, falls under data-security regulations mandated by the Graham-Leach-Bliley Act. Also known as the Financial Modernization Act, […]
Posted inTechnology
Investment Advisers Want SEC To Clarify Email Obligations
As a securities broker, Morgan Stanley, which is facing a possible $10 million fine from the Securities and Exchange Commission for failing to keep certain email (see related coverage at right), is subject to tougher record-retention requirements under the Securities Exchange Act than other public companies. Similarly, investment advisers also have enhanced obligations under the […]
Posted inInternal Controls
Getting Through A SAS 70 Audit: First-Hand Experience
In the wake of Section 404 of Sarbanes-Oxley, Compliance Week has written extensively about SAS 70 Type II audits. (see coverage below, right.) The audits have become increasingly important for some public companies; management has to assess the effectiveness of the company’s internal control over financial reporting, and critical outsourced services that might materially impact […]
Posted inTechnology
Case Study: Entity, Document Management At Valeant
This “case study” is the latest in a series of articles aimed at helping public companies understand how other organizations are using technology to comply with new regulations and standards. These are not advertisements or marketing vehicles for the companies mentioned; Compliance Week’s editorial staff speaks with the public company that has deployed the technology, […]
Posted inInternal Controls
Spreadsheet Blues: Few Controls Yield Many Weaknesses
Hussain Hasan, managing director of technology risk management services at the Chicago accounting firm RSM McGladrey, does not mince words when discussing how poorly spreadsheets satisfy the requirements of The Sarbanes-Oxley Act of 2002. “They don’t at all,” Hasan says. “Most public companies should not use spreadsheets as their main financial tool.” Hasan Such criticism […]
Posted inTechnology
Non-Profit To Develop Whistleblower Hotline Standards
Thanks to Sarbanes-Oxley, whistleblower hotlines are a hot topic for public companies. But what’s the best way to manage a hotline? And how can a company measure whether its hotline is effective? A coalition of governance experts has taken the first step toward answering those questions. The non-profit Open Compliance and Ethics Group, which recently […]
Posted inData Privacy
Email Security Poses IT And Compliance Obstacles
In the world of compliance, securing email is a lot like sex: everybody does it, few discuss it, and none really know whether their technique is quite right. By comparison, many other compliance challenges pose relatively simple obstacles for IT staff. A finance application, for example, can be sealed off from workers without proper access […]