Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.
News
32 results found, filtered by:
-
News Article
Achieving a Unified View of Financial Crime Risk
Jaclyn Jaeger | November 24, 2015
Increased regulatory scrutiny and the sting of billions in fines and penalties resulting from misconduct have prompted many financial firms to pour money into their compliance programs—investments that may be in vain without a unified view of risk. The tech challenges to build that view are considerable, but not impossible if you try to harmonize all the risk data you have. Inside this week, a closer look at how to get started.
-
News Article
ISO 20022: Tepid U.S. Embrace for New Financial Standard
Jaclyn Jaeger | September 1, 2015
The push to adopt a new ISO standard for financial transactions is gaining momentum on a global scale—even as the United States continues to weigh the business case for it. “It’s important because it is seen as the standard that all new financial transactions will move to over time,” says Barry Kislingbury at consulting firm ACI Worldwide. Compliance technologists in the U.S. banking sector, however, remain unconvinced. Details inside.
-
The Filing Cabinet Blog
Firms Struggle to Secure Data
Jaclyn Jaeger | December 12, 2014
Many companies still struggle with how to secure their most sensitive data, elevating the risk of a data breach, according to a new cyber-security report of nearly 500 IT and security professionals conducted by information-security firm Trustwave. The report reveals significant security deficiencies and common security weaknesses still remain in most companies. More study details inside.
-
News Article
Hard Measures: Gauging the Effectiveness of Online Training
Karen Kroll | August 26, 2014
Nearly all companies provide some online compliance training. So how do they know it is working? Many don’t. But companies are getting better at evaluating the effectiveness of training and observing to see if it actually changes behavior at the company. “Over the last twelve to 18 months, I’m hearing more clients talk about effectiveness,” says Ingrid Fredeen, vice president of advisory services with NAVEX Global.
-
News Article
Study Up: Online Learning May Be Vulnerable to Hack
Karen Kroll | July 29, 2014
Online learning is a booming part of compliance training—and a seldom-discussed IT weakness in such systems is growing along with it. Learning systems can be hacked, experts say, jeopardizing a company’s training documentation. “Both sides of the equation have changed,” says Jan Sramek of Better, an e-learning vendor. “Cheating has gotten easier, while breaches have become more costly.” More on the hack (and how to stop it) is inside.
-
News Article
Facebook’s Big Data Fail Spurs Call for More Ethics
Joe Mont | July 14, 2014
Facebook’s recent stumble with an experiment that manipulated users’ news feeds has once again reopened the discussion of integrating ethics into how companies and their vendors use Big Data. “We are starting to realize that, when it comes to data, the era of digital strip mining is over,” says Neil Richards, a law professor at Washington University.
-
News Article
States Making Tough New Breach Notification Demands
Joe Mont | July 8, 2014
Florida has become the latest state to adopt its own data breach notification law in the absence of any federal legislation to that end. The Sunshine State’s law is more expansive than most, and the fundamental problem for compliance officers isn’t going away. “The key is understanding what the entire patchwork [of legislation] is and then trying to set some standards to account for all of them,” says Philip Zender of the law firm Squire Sanders.
-
News Article
ERP Systems Have Come a Long Way on GRC Solutions
Dann Anthony Maurno | June 30, 2014
Sure, a company can put together an elegant suite of best-in-class solutions for governance, risk, and compliance, but before investing in dedicated solutions, don’t overlook what you might have in place already—an enterprise resource planning suite that may be well suited to cover your GRC needs. “Industry-specific compliance, plus regulations like the Sarbanes-Oxley Act, plus globalization and outsourcing, have led users to expect more from GRC features from ERP,” says Chuck Langenhop, senior director of CFO Advisory Services.
-
News Article
ERP Systems Have Come a Long Way on GRC Solutions
Dann Anthony Maurno | June 30, 2014
Sure, a company can put together an elegant suite of best-in-class solutions for governance, risk, and compliance, but before investing in dedicated solutions, don’t overlook what you might have in place already—an enterprise resource planning suite that may be well suited to cover your GRC needs. “Industry-specific compliance, plus regulations like the Sarbanes-Oxley Act, plus globalization and outsourcing, have led users to expect more from GRC features from ERP,” says Chuck Langenhop, senior director of CFO Advisory Services.
-
GRC Announcements Blog
BlackLine Systems Unveils COSO Jumpstart Solution
GRC Announcements | June 23, 2014
BlackLine Systems has unveiled its "COSO Jumpstart Solution" to help companies comply with new guidelines set forth in the updated 2013 COSO Internal Control—Integrated Framework. Details inside.
-
GRC Announcements Blog
New Data Governance Tool Helps Mitigate Regulatory Risk for Banks
GRC Announcements | June 19, 2014
Collibra, a global data governance provider, has released a new product suite, designed to help large, complex financial institutions directly address some of their most challenging regulatory compliance and data reliability challenges. Details inside.
-
GRC Announcements Blog
TSYS Partners With Oversight Systems
GRC Announcements | April 14, 2014
TSYS, a processor of merchant acquirers and bank credit card issuers, this month announced an agreement with Oversight Systems to provide an automated monitoring and analysis solution to help corporate purchasing professionals detect and eliminate fraud, policy misuse, and waste within their card programs.
-
Accounting & Auditing Update Blog
ISACA Explains Interplay of COBIT Framework with COSO
Tammy Whitehouse | March 27, 2014
ISACA, an organization that provides guidance and information on auditing computer controls, has published a guide to explain how its COBIT framework, widely used for the governance and management of enterprise information technology, relates to the new COSO Internal Control—Integrated Framework.
-
GRC Announcements Blog
ARMA International Launches Information Governance Assessment
GRC Announcements | February 20, 2014
ARMA International launched this week its Information Governance Assessment, a software platform that organizations can use to identify information-related compliance risks across the enterprise, drive improvements, and develop metrics for measuring information governance program maturity. Details inside.
-
News Article
Busting the Barriers Between Compliance, IT, and the Business
Joe Mont | October 22, 2013
Large, global companies have plenty of language barriers to consider—including the communication gaps that divide business functions. During a panel discussion at last week's Compliance Week Europe conference, compliance and legal executives from telecom giant BT and Bank of Ireland looked at how compliance executives can unify all three sides early, often, and effectively. More inside.
-
News Article
Investigations & Data: Get a Grip
Dann Anthony Maurno | August 6, 2013
Internal investigations, and the endless reams of data each one can bring, may seem overwhelming—but with savvy use of modern IT systems, compliance teams can cut an investigation's time and cost while increasing its effectiveness. Big Data analysis, de-duplication, automated translation, visualization, and other tools can turn an unwieldy probe into an organized one. More details inside.
-
News Article
e-Discovering the Cloud
Todd Neff | March 26, 2013
Moving data-heavy components such as e-mail and collaboration systems to the cloud is a no-brainer, right? Not so fast. Companies that don't consider the cloud's implications on e-discovery could suffer major headaches later in excess litigation costs or damages resulting from poor recordkeeping. "You can see it as a train wreck waiting to happen if you don't think about these things in advance," says Michael Lackey, a partner at law firm Mayer Brown.
-
News Article
After Fending Off a Cyber-Attack, Disclosure Questions Will Arise
Jaclyn Jaeger | November 13, 2012
When hit with a cyber-attack, many companies choose to remain tight-lipped on the incident, despite guidance from the SEC that requires disclosure of cyber-security risks and attacks that result in material losses. "Companies may find that the risk of actual disclosure is much higher than the penalties for not disclosing," says Josh Walderbach, senior network security and compliance analyst at data security company LogRhythm.
-
Jose Tabuena
Auditing in the Cloud Creates Storm of Problems and Concerns
Jose Tabuena | July 12, 2011
The move to cloud services continues to accelerate, but the shift is more than just a change in technological platforms. It fundamentally alters the way business and IT systems function. Inside, Columnist José Tabuena looks at the many challenges the cloud creates for internal audit, including a lack of security standards, and finds that no way currently exists to audit the cloud in a consistent manner.
-
News Article
Defense Giants Step Up IT Security Controls
Todd Neff | July 3, 2007
The U.S. Army describes its Future Combat Systems program as a “cohesive system-of-systems” comprised of software, networks, and hardware (as in next-generation tanks) that will allow the future soldier “to see first, understand first, act first, and finish decisively.”
-
News Article
Beyond Delete: Intelligent Email Policies
Martinek Paul J. | June 13, 2006
Corporate email retention policies continue to be driven by fears of litigation, leading many companies to adhere to strict “save it until you can delete it” procedures. But more nuanced alternatives exist for companies that want their email policies to be motivated more by business needs than legal risks.
-
News Article
Spreadsheet Controls, Without Going Crazy
Dunn Christine | June 13, 2006
Companies trying to comply with the Sarbanes-Oxley Act of 2002 are finding that one of the toughest—and yet most essential—areas for establishing controls over internal processes and procedures isn’t even required under the law: spreadsheets.
-
News Article
Getting Through A SAS 70 Audit: First-Hand Experience
Matt Kelly | August 30, 2005
In the wake of Section 404 of Sarbanes-Oxley, Compliance Week has written extensively about SAS 70 Type II audits. This week, we speak with the CEO of a database company that has recently undergone a SAS 70 audit
-
News Article
Spreadsheet Blues: Few Controls Yield Many Weaknesses
Matt Kelly | August 23, 2005
Hussain Hasan, managing director of technology risk management services at the Chicago accounting firm RSM McGladrey, minces no words about how poorly spreadsheets satisfy the requirements of The Sarbanes-Oxley Act of 2002. “They don’t at all,” he says. “Most public companies should not use spreadsheets as their main financial tool.”
-
News Article
Case Study: Internal Control Software At FMC Corp.
Matt Kelly | March 15, 2005
This "case study" is the latest in a series articles aimed at helping public companies understand how other organizations are using technology to comply with new regulations and standards.
Displaying 25 of 32 results
Load more