http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, COOP & COG, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Mon, 05 May 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13684.html Corporate spending on compliance with the Sarbanes-Oxley Act's Section 404 fell sharply again last year, and so did overall auditor costs. But a 5-percent spurt in average audit fees cut deep into the savings, according to a new survey from Financial Executives International. The average cost for Section 404 compliance was $1.7 million during fiscal 2007, the FEI study said. While the group noted that direct comparisons with prior-year costs couldn't be made because of variations in the respondent pool, it suggested that the average compliance cost was around $2.9 million in 2006, and $3.8 million in 2005. http://www.compliancehome.com/resources/SOX/Articles/abstract13684.html Fri, 02 May 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13668.html olution with New Version of IT Business Management (ITBM(TM)) Suite 29/04/2008 13:00:00 Business Wire eco-friendly goals of an organization. http://www.compliancehome.com/resources/SOX/Articles/abstract13668.html Fri, 02 May 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Regulations/abstract13665.html The Sarbanes Oxley Act of 2002 is explained in detail in this article. http://www.compliancehome.com/resources/SOX/Regulations/abstract13665.html Fri, 02 May 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13663.html Today, data governance is all the rage. With Sarbanes-Oxley and Basel II, corporations must face the fact that corporate data is no longer a luxury, but a necessity. It is ironic that the corporations that had embraced the concept of an enterprise data warehouse (EDW) had the least difficulty in adapting to the new regulatory requirements for data. Conversely, organizations that had rejected and obfuscated the EDW for years had (and are still having) the most problems with Sarbanes-Oxley and Basel II. It is with this background that the need for data governance has been recognized. There are many facets to data governance. One facet is the day-to-day administration of the data. This includes the tasks of making sure data is loaded properly, making sure that the mechanisms for ensuring transaction and data update are in place and are followed, making sure that data is accessible when it needs to be accessible, making sure that data is available during the promised hours of availability, http://www.compliancehome.com/resources/SOX/Articles/abstract13663.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13648.html Protiviti Inc., a leading global provider of internal audit and risk and advisory services, has released the fourth edition of its resource guide about Section 404 of the Sarbanes-Oxley Act - Guide to the Sarbanes-Oxley Act: Internal Control Reporting Requirements. The guide answers 258 frequently asked questions about Section 404 and other related topics, addresses new guidance and standards issued in 2007 by the SEC and the PCAOB. The book also includes topics related to foreign filers and U.S. domestic non-accelerated filers and takes into account lessons learned since the guide's third edition was published in 2004. http://www.compliancehome.com/resources/SOX/Articles/abstract13648.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13647.html THERE are a number of emerging issues that modern organisations are facing increasingly frequently. It is important that business decision makers are aware of these so they can be prepared to deal with them. Data including work documents, databases and email are imperative for the day-to-day running of any organisation. However, as applications become more sophisticated, the volume of data continues to grow. Add to this legal requirements, such as the necessity to retain your data, and the need for extensive and reliable storage methods is of paramount importance. Off-site hosting and remote data back-up has become essential to cater for this exponential growth of data. Companies should recognise that by backing up their data with automated remote methods using private networks or even the internet, they can overcome many problems associated with traditional techniques. Also, if this data is stored in a secure, ISO 27001-accredited offsite location, they will be relieved of the burden http://www.compliancehome.com/resources/SOX/Articles/abstract13647.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13646.html The security market continues to grow unabated, and with new business areas frequently arising, along with the increasing amounts of data that companies amass (and the growing legislation requiring them to keep it secure), there seems little chance of things slowing down. A review conducted by IDC has estimated that over 80 percent of all security software in Australia and New Zealand was sold through the channel in 2007. Senior analyst for security solutions, Patrik Bihammar, confirms that the channel is crucial to the security vendor community as it is the frontline of understanding customer needs as they often own the customer relationship. Unlike the enterprise market in which vendors can closely manage the relationships with their largest clients, the majority of SMBs are managed indirectly through partners, he said. http://www.compliancehome.com/resources/SOX/Articles/abstract13646.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13645.html The cost of complying with Section 404 of the Sarbanes-Oxley Act in 2007 was less than in previous years, according to a new survey. The seventh annual Financial Executives International Sarbanes-Oxley compliance survey included 168 companies with market capitalizations above $75 million. The average cost for Section 404 compliance was $1.7 million. http://www.compliancehome.com/resources/SOX/Articles/abstract13645.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13644.html Corporate spending on compliance with the Sarbanes-Oxley Act's Section 404 fell sharply again last year, and so did overall auditor costs. But a 5-percent spurt in average audit fees cut deep into the savings, according to a new survey from Financial Executives International. The average cost for Section 404 compliance was $1.7 million during fiscal 2007, the FEI study said. While the group noted that direct comparisons with prior-year costs couldn't be made because of variations in the respondent pool, it suggested that the average compliance cost was around $2.9 million in 2006, and $3.8 million in 2005. http://www.compliancehome.com/resources/SOX/Articles/abstract13644.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13643.html The total average cost of Sarbanes-Oxley Section 404 compliance reached $1.7 million last year, according to a newly released survey. Financial Executives International polled 185 companies to gauge their experiences with Section 404 internal control audit compliance in fiscal 2007. The organization found that total audit fees for U.S. accelerated filers averaged $3.6 million, a slight increase of 1.8 percent from the previous year. Companies reported requiring an average of 11,100 people hours internally to comply with Section 404 in 2007, a decrease of 8.6 percent from the previous year. An average of 1,244 external people hours were required to comply with Section 404 in 2007, a decrease of 13.7 percent from the prior year. http://www.compliancehome.com/resources/SOX/Articles/abstract13643.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13614.html Respondents believe most SOX-related changes have had positive impact. More than three-quarters of audit committee members who took part in a recent survey commissioned by the Center for Audit Quality (CAQ) rate overall audit quality very good or excellent, and 82 percent say it has improved in recent years. The survey offers an unprecedented look at the views of key players in the fight against corporate fraud corporate board members who oversee the preparation and auditing of public company financial statements. The findings indicate that even in the face of market turbulence, audit committee members have high confidence in the quality of audited financial statements and consider the Sarbanes-Oxley Act (SOX) a positive influence. http://www.compliancehome.com/resources/SOX/Articles/abstract13614.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13605.html Enterprises must find innovative ways to file archives in light of increasing compliance, productivity and cost-control needs. For the enterprises that choose to store data for decades, finding a long-term solution can be challenging, particularly as media changes. Regulatory mandates like the Health Insurance Portability and Accountability Act (HIPAA) or the Sarbanes-Oxley Act, as well as awareness about potential litigation, have already caused public companies to store data for longer amounts of time and in a secure fashion, but many enterprises are using a strategy that goes above and beyond whats simply required. http://www.compliancehome.com/resources/SOX/Articles/abstract13605.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13603.html There's an alphabet soup of acronyms -- including SOX, HIPAA, GLBA and FISMA -- that enterprises must become familiar with in their effort to comply with data management regulations. Compliance with these regulations keep them in the clear legally, and also helps them stem the tide of cyber-crime.When it comes to properly managing and protecting critical enterprise data and information resources, Corporate America is stuck between two strongly opposing forces. The U.S. is world http://www.compliancehome.com/resources/SOX/Articles/abstract13603.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13588.html The way people communicate with each other in both personal and business contexts has changed dramatically in a few short decades. In todays virtual, paperless world, massive quantities of information can be transmitted in seconds from one location to another, anywhere in the world. As companies adopt and benefit from messaging technologies, they also struggle to define the parameters for their appropriate use. Forcing the issue are governing bodies and regulators in all industries, who have imposed strict requirements on the storage and management of messaging data in response to groundbreaking lawsuits in recent years. Organizations of all sizes are now realizing that a corporate e-mail archive is no longer a luxury, but a necessity in todays regulatory environment. What may seem an overwhelming prospect, however, should also be viewed as a key tool in creating a companys strategic advantage. More, e-mail archiving need not be daunting. Incredible growth in this market has led to http://www.compliancehome.com/resources/SOX/Articles/abstract13588.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13577.html How crucial is Europe to the global pharmaceutical market? First consider that Europe, North America, and Japan comprise 80 percent of the world's pharmaceutical market. Take that statistic in conjunction with the estimation from Report Buyer, a renowned market research firm, that the Western European market alone is expected to grow to $245.3 billion by 2012. The engine that drives the European pharmaceutical market machine is, without question, the European Union (EU). With 27 member states, the EU represents the bulk of the European market. The 10 individual European markets that joined the EU in 2004 continue to show strong growth and contribute to the EU pharmaceutical market's overall strength. Pharmaceutical companies searching for further success in Europe or those wanting to capitalize on these strong growth trends by entering the European market for the first time must efficiently and cost-effectively obtain and maintain marketing authorization (MA). While individual member s http://www.compliancehome.com/resources/SOX/Articles/abstract13577.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13566.html Congress, led by Representative Barney Frank, is planning to overhaul regulation of the financial community, and Treasury Secretary Paulson has already proposed a broad program for that purpose. No doubt, much of what is proposed is needed. But it should be obvious from repeated experience over the decades that regulations alone will not prevent periodic economic booms and busts. Only by dealing with the root cause will we moderate economic cycles. And that root cause is the ineluctable human tendency to over-expand bank credit when the money supply is artificially enlarged. Today's proposed subprime mortgage regulations may prevent tomorrow's repetition of that phenomenon, but they will have no restraining impact upon whatever the next speculative bubble may be. Sarbanes-Oxley regulation was instituted after the dot.com bubble-burst and the corporate collapse of Enron, but it had no restraining effect upon the speculative housing bubble, of which subprime lending is merely a sympt http://www.compliancehome.com/resources/SOX/Articles/abstract13566.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13562.html The PCAOB on Tuesday voted to adopt Rule 3526, Communication with Audit Committees Concerning Independence, and an amendment to Rule 3523, Tax Services for Persons in Financial Reporting Oversight Roles. The board adopted Rule 3526 to enhance communication between audit committees and registered firms regarding the firm's independence. The rule will require a registered public accounting firm, before accepting an initial engagement pursuant to the standards of the PCAOB, to describe in writing to the audit committee all relationships between the firm or any of its affiliates and the issuer or persons in a financial reporting oversight role at the issuer that may reasonably be thought to bear on the firm's independence. Registered firms will also be required to discuss with the audit committee the potential effects of any such relationships on the firm's independence. Rule 3526 will require firms to make a similar communication annually for continuing engagements. http://www.compliancehome.com/resources/SOX/Articles/abstract13562.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13561.html Growing awareness of the damage caused by security breaches, together with the increasing demand for a more mobile and remote workforce, will keep the worldwide market for security software buoyant, according to Gartner. Worldwide security software revenue is projected to total $10.5 billion in 2008, an 11.2 per cent increase from 2007. The market is forecast to surpass $13.1 billion in 2012. http://www.compliancehome.com/resources/SOX/Articles/abstract13561.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13560.html Sarbanes Oxley and other regulations have meant that CFOs just don't have enough hours in the day to keep up, says Peter McLean, vice chairman of recruiting firm Spencer Stuart. Some companies that have long had CFOs are now creating compliance positions including roles for a financial controller, the Wall Street Journal reported. McLean says that the search for corporate controller positions had jumped nearly 40% on last years' figures. 'These positions add a level of expertise to the compliance role, and it frees up the chief financial officer to tackle the jobs that they are really expert at, such as the financial analysis involved in the business operations,' McLean said. http://www.compliancehome.com/resources/SOX/Articles/abstract13560.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13558.html Growing awareness of the damage caused by security breaches, together with the increasing demand for a more mobile and remote workforce, will keep the worldwide market for security software buoyant, according to Gartner. Worldwide security software revenue is projected to total $10.5 billion in 2008, an 11.2 per cent increase from 2007. The market is forecast to surpass $13.1 billion in 2012. http://www.compliancehome.com/resources/SOX/Articles/abstract13558.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13552.html So Hannaford was certified PCI-compliant, right? And they still got pwned. And though it is not really news, that points to the fact that compliancy does NOT equal security. So why do companies still stop at compliance? I am asking this because I ran into one of the most frustrating situations today. Namely, a potential client that thinks his company has got security all wrapped up. And how did he guage that? He was SOX compliant. Someone had come in and said he was complaint to SOX, and that was good enough for him. When I tried to dig into his environment to figure out some issues he may have, he stonewalled me as quick as you please. He wasn't going to hear anything that gave any doubt to his security. http://www.compliancehome.com/resources/SOX/Articles/abstract13552.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13550.html If you think that a lot of your enterprises resources are being drained on Sarbanes-Oxley (SOX) compliance, youre not alone. Despite three years of experience with Sarbanes-Oxley, auditors and enterprises still struggle to achieve a balance between effective compliance, and the high cost sustaining the SOX initiative. Kenneth Wilcox1, President and CEO of SVB Financial Group, alleges that his company paid over $20 million to the Big Four accounting firms in 2006 - an increase of more than five times what it paid in 2003. In particular, he says audits today are prolonged, require more personnel, and auditors have an overly broad definition of http://www.compliancehome.com/resources/SOX/Articles/abstract13550.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13521.html Infosecurity will this week host a mock courtroom trial to demonstrate that the boardroom has ultimate responsibility for information security breaches. The trial will be based on a fictionalised account of the real theft of thousands of credit card account details. In the dock will be the chief executive, the chief information officer, the chief information security officer and other suspects. Paul Williams, former president of the Information Systems Audit and Control Association, will defend the CIO's role. http://www.compliancehome.com/resources/SOX/Articles/abstract13521.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13520.html Whether its the latest health and safety rule, security standard or accounting regulation, an increasing reliance on automation to track company assets and trading activities has made IT a major part of the compliance agenda. The example of mergers and acquisitions (M&A) provides an excellent example of ITs role, not only because it calls for unprecedented levels of management control, but also because it is a key focus of yet another looming piece of European Union (EU) corporate legislation. In a nutshell, European Sarbanes-Oxley or EuroSOX, as it has become known, requires that any new business created through either merger or acquisition should be able to produce consolidated accounts within a month of joining forces. http://www.compliancehome.com/resources/SOX/Articles/abstract13520.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13519.html Information and its conduits provide the lifeblood of the modern business, writes Alan Calder of IT Governance. They provide the key to competitive advantage, improved productivity, cost reductions and general organizational effectiveness. As a result, information and IT deserve far more board-level attention than they enjoy currently, and most organizations urgently need to adopt IT governance measures to achieve proper oversight. Information technology is a critical enabler for virtually any enterprise, particularly in a knowledge-based economy, where barriers to entry are low and the speed of innovation is immense, businesses have to constantly invest in their technology and ensure its dependability. Organisations with ill-conceived or outdated systems are in deep strategic trouble or heading out of business. http://www.compliancehome.com/resources/SOX/Articles/abstract13519.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13506.html Apple's 160GB iPod Classic, introduced last September, is a music and movie lover's dream machine. But for IT departments, it's a security nightmare. That's because any employee can plug this pocket-sized USB storage device into their computer and use it to steal vast amounts of corporate information, including mailing lists, databases, financial records and confidential customer data. Of course you don't need an iPod to steal data: 4GB USB memory sticks are cheap and ubiquitous, or, for employees intent on stealing really large amounts of data, devices like Buffalo's recently announced LinkStation Mini offer a terabyte of storage in a case that fits in the palm of the hand. http://www.compliancehome.com/resources/SOX/Articles/abstract13506.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13503.html Information-systems auditors, who evaluate how a company's computer systems safeguard assets and maintain data integrity, are in hot demand in the wake of corporate scandals in recent years. Opportunities for these professionals, who are commonly known as information-technology auditors, surged thanks to the 2002 Sarbanes-Oxley legislation that tightened U.S. financial-reporting regulations. Executives with 15 or more years of experience in IT audit, as it is called, may secure big pay gains if they change employers, some recruiters say. http://www.compliancehome.com/resources/SOX/Articles/abstract13503.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13481.html As money laundering rules become more onerous we look at what the finance director has to consider and how to build an appropriate strategy. By Dr Abe Abrahami. It has long been a necessity for the criminal, making their ill-gotten gains appear legitimate to their family friends and government. But today with the illegal drugs' business rivalling the size of the pharmaceutical industry and terrorists acting like multi-national executives, money-laundering has become an even more sophisticated business. New laws and renewed vigour by global intelligence and police agencies to stamp it out, have put more pressure on companies and their directors to be pro-active in fighting it. And like anything that revolves around money, the process of monitoring it and being prepared to defend against it, falls to the beleaguered finance director. In the simplest terms money-laundering is a criminal attempt to conceal the true origin and ownership of proceeds from theft, fraud, drug trafficking, insid http://www.compliancehome.com/resources/SOX/Articles/abstract13481.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13480.html When it comes to securing remote data, iSCSI appliances offer the most flexible, affordable and secure technology, according to Hifn,the catalyst behind storage and networking innovation. The importance of simple, effective and affordable data protection for companies with remote offices takes on added significance when considering that the Enterprise Strategy Group (ESG) estimates that as much as 70 percent of corporate data is located outside of the data center, with only 30 to 40 percent of this offsite data successfully backed up. And for companies that are subject to regulatory requirements, such as Sarbanes-Oxley, remote data is subject to the same retention, privacy and security requirements so that without proper remote data management policies they are risking civil and, in some cases, criminal penalties. The bottom line: when it comes to remote data protection, out of sight, out of mind is no longer acceptable. Fortunately iSCSI is the perfect platform to eliminate these s http://www.compliancehome.com/resources/SOX/Articles/abstract13480.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13478.html A three-judge panel in the US Court of Appeals for the District of Columbia Circuit heard arguments Tuesday regarding the constitutionality of a private body established by Congress to oversee accounting practices in publicly traded companies. In 2006, conservative business organization Free Enterprise Fund challenged [JURIST report] provisions in the Sarbanes-Oxley Act of 2002 [PDF text] establishing the Public Company Accounting Oversight Board (PCAOB) [official website], alleging that it violates the separation of powers doctrine. In 2007, the District Court for the District of Columbia granted summary judgment [opinion, PDF] in favor of the PCAOB, finding that the plaintiffs' facial challenge failed to establish that no set of circumstances could exist under which the Act would be valid. The five-member PCAOB board is appointed and overseen by the Securities and Exchange Commission (SEC) [official website]; plaintiffs argued Tuesday that the board is outside of presidential control http://www.compliancehome.com/resources/SOX/Articles/abstract13478.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13477.html CM adds a great deal of value to any application lifecycle. But there is probably no other area that is so quickly growing as the need for solid Configuration Management to support IT Governance and Compliance. This is due, in no small part, to the Sarbanes-Oxley (section 404) laws as well as the renewed focus on corporate governance in the wake of the credit market crisis. CM practitioners have a responsibility to lend their skills to corporate citizenship by supporting the best practices that are needed in IT Governance and Compliance. At CM Crossroads, we consider this issue nothing less than a call to battle. The good news is that this is also a great way to demonstrate the value and benefits realized from implementing Configuration Management the right way. Read on if you want to implement CM best practices to support IT Governance and Compliance. http://www.compliancehome.com/resources/SOX/Articles/abstract13477.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13468.html Due to an unrelenting rise in the many different types of fraud, Infogov is to supply its Proteus Enterprise governance, risk and compliance solution as the underpinning technology for the BSI's forthcoming standard on fraud prevention and detection. The first development meeting for the standard, to be issued initially as a publicly accessible specification (PAS 8000) in August 2008 was held on January 22nd. This meeting was very well represented. Sponsored by Telsecure via the BSI, those attending were the Anti-Money Laundering Professionals Forum, Barclaycard, Citibank, City of London Police, Credit Industry Fraud Avoidance Scheme, Financial Services Authority, Fraud Advisory Panel, Home Retail Group, London Fraud Forum, National Fraud Strategic Authority, Nottingham Trent University, Security Watchdog, Telecommunications UK Fraud Forum, University of Cardiff, Vodafone and of course InfoGov. In Proteus Enterprise, InfoGov's software solution provides such essential capability http://www.compliancehome.com/resources/SOX/Articles/abstract13468.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13467.html C2C, the leading developer of policy driven, cost effective message management and archiving products, and Titus Labs, Inc., a provider of email and document classification solutions that enable organizations to classify, manage and control e-mail and documents, are working together to provide solutions that will allow organizations to make more informed decisions concerning the archiving, storage, retention and discovery of business records, while reducing storage costs simultaneously. Organizations need to decide which messages to archive based on their own specific internal classification structures, in addition to the advanced centralized policy criteria that are offered within Archive One. Storage demands for email are growing quickly and governance requirements continue to expand. So organizations need to find solutions that will manage the number of emails archived while still meeting all internal and external compliance requirements, said David Cassell, Product Manager at http://www.compliancehome.com/resources/SOX/Articles/abstract13467.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13462.html Large enterprises have teams of IT admins to tackle the big task of compliance with regulations like HIPAA, SOX and PCI DSS. Mid-sized firms, however, have plenty of records to account for but not as many resources to do the accounting. Some simply resign themselves to penalties if and when they're ever audited. Some software makers, however, are beginning to address the niche. http://www.compliancehome.com/resources/SOX/Articles/abstract13462.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13452.html In the 21st century, corporate governance has become a critical concern for all large and medium-sized organisations. However, with statutes, rules and practices varying between countries, directors are often uncertain which corporate governance requirements apply to their organisation. Alan Calder, the international authority on governance and compliance, has therefore written Corporate Governance as a practical guide to the legal frameworks and international codes of practice that directors must obey to meet todays requirements and promote their organisations interests. Published by Kogan Page, Corporate Governance is essential reading for directors of all types and sizes of organisation, both publicly and privately owned. It provides a comprehensive overview of corporate governance today, including its historical background, the prevailing requirements in the United States, United Kingdom and European Union, and the practical consequences of these for management. As well as S http://www.compliancehome.com/resources/SOX/Articles/abstract13452.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13442.html Tizor Systems Inc., a provider of enterprise database auditing and protection solutions for the data center, announced Monday a technology alliance with ArcSight Inc., a global provider of compliance and security management solutions. This partnership was formed to address a major need for integrated solutions that provide a comprehensive, enterprise-class approach to data security. The partnership, which will be promoted through ArcSight's EnterpriseView Partner Program, will help customers safeguard critical data assets, control data risk and meet a range of compliance requirements. The integration between Tizor Mantra and ArcSight ESM will allow for correlation, analysis, viewing and response to all incidents across the enterprise, which provides enterprises with a single, unified view into security and compliance incidents. http://www.compliancehome.com/resources/SOX/Articles/abstract13442.html Mon, 14 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13435.html McAfee officials elaborated on their plan to put a greater emphasis on IT governance, risk and compliance April 9 at the RSA Conference here. The security vendor's recently established Risk and Compliance Business Unit allows the company to focus on integrating and adding products and services to its GRC portfolio - starting with the release of McAfee Vulnerability Manager 6.5. Vulnerability Manager 6.5, which supports Windows and Unix systems, includes agent-less scanning to assist in policy compliance audits and is meant to help companies meet the requirements for compliance reporting mandated by both regulatory and industry standards. http://www.compliancehome.com/resources/SOX/Articles/abstract13435.html Mon, 14 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13433.html Supervisory board members are often seen as the boardroom big-wigs with high-profile connections and fat paychecks. But that perception is changing, as accountability standards such as the US' Sarbanes-Oxley Act take root and shareholders demand more value from their supervisory boards. http://www.compliancehome.com/resources/SOX/Articles/abstract13433.html Mon, 14 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13432.html A group of top CIOs, led by H&R Block, says the growing cost and complexities of complying with Sarbanes-Oxley means that corporate IT execs need better face-to-face communications between CIOs and government regulators, especially the Securities and Exchange Commission (SEC). # The CIO Executive Council, founded last year by more than 230 CIOs across 30 different sectors, noted several IT challenges that Sarbanes-Oxley presents, including: Cost of Compliance: To meet compliance deadlines, some CIOs have been forced to shift their organization's focus and budget away from other IT projects and investments; # Inconsistent Approaches by External Auditors: Forty-two percent of council members recently polled stated that SOA compliance auditors have not helped them comply with SOA; and # Uncertainty About Baselining: Lack of clarity about baselining (the process of establishing a http://www.compliancehome.com/resources/SOX/Articles/abstract13432.html Mon, 14 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13431.html Retired Sen. Paul S. Sarbanes addressed a full house of students, alumni and Rutgers University leaders Wednesday night to defend the business legislation that bears his name. University President Richard McCormick introduced Sarbanes, coauthor of the 2002 Sarbanes-Oxley Act, who talked about the malicious corporate accounting that inspired the legislation and the need for ongoing regulation. The Eagleton Institute of Politics at Rutgers invited Sarbanes to give the lecture at the Douglass Campus Center in New Brunswick. After a quick overview of his 36-year congressional career, Sarbanes jumped to the Enron debacle in 2001 that became the hallmark of bad accounting at the turn of the millennium. http://www.compliancehome.com/resources/SOX/Articles/abstract13431.html Mon, 14 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13420.html The Sarbanes-Oxley corporate reform law passed after the collapse of Enron Corp has been called every nasty name in Big Business's book: costly, burdensome, a bane to U.S. capital markets. But now that investor confidence has again been shaken by market turmoil, calls to ease Sarbanes-Oxley have quieted as the regulatory pendulum swings again to reform. Even at the U.S. Chamber of Commerce's annual conference on capital markets this week, there was a marked shift in tone from last year, when Sarbanes-Oxley was blamed for making U.S. markets less attractive to overseas investors. http://www.compliancehome.com/resources/SOX/Articles/abstract13420.html Mon, 14 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13419.html Security issues are on the minds of all CIOs these days. Whether the CIO of a 1,300-student liberal-arts college or that of a 13,000-employee Fortune 100 company, never before has the issue of data security been more important. Besides a record-breaking year of data breaches, legislation such as Sarbanes-Oxley, Gramm-Leach-Bliley and HIPAA mandates new security protocols that must be followed or violators face severe penalties. http://www.compliancehome.com/resources/SOX/Articles/abstract13419.html Fri, 11 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13401.html The world's biggest banks rebuffed calls for stricter rules as a response to the global credit crisis, saying politicians risk choking one of the biggest engines of the world economy. At meetings tomorrow in Washington, finance ministers and central bankers from the Group of Seven are expected to endorse recommendations by an international group of finance and regulatory officials on how to avoid a repeat of the credit crisis now seizing financial markets. Proposals by the Financial Stability Forum include a call for banking supervisors to improve guidelines for how banks plan for cash shortages and a suggestion that banks be forced to publish their exposure to risk from complex securities, such as those that are backed by risky subprime mortgages. The banking industry, which is facing losses approaching $1-trillion (U.S.), says policy makers risk introducing rules that are too burdensome. http://www.compliancehome.com/resources/SOX/Articles/abstract13401.html Fri, 11 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13400.html http://www.compliancehome.com/resources/SOX/Articles/abstract13400.html Fri, 11 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13399.html In some Australian organisations the CSO is a toothless tiger and employed only to meet regulatory requirements, which can lead to companies limping from one IT security disaster to another. Many financial institutions and government agencies require a CSO to meet compliance audits for such benchmarks as PCI, Sarbanes Oxley and ACSI33. It's often asserted that meeting these benchmarks is the only reason the role exists. http://www.compliancehome.com/resources/SOX/Articles/abstract13399.html Fri, 11 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13398.html There's been a lot of attention paid recently to the threat cyber attacks pose to business, society and government. And no wonder, with U.S. Air Force advertisements claiming the Pentagon is attacked three million times a day; the Computer Security Institute announcing that 10,000 distributed DoS attacks occur around the world daily; or the estimate that as many as 80 million machines may have been compromised by the STORM software worm. Security and business professionals alike are increasingly concerned, and even Department of Homeland Security Chief Michael Chertoff says that the department has been increasing its anti-hacking efforts. U.S. companies have been primary targets for cyber-attacks, and the frequency and sophistication of these attacks are increasing. Given the regularity of cyber attacks, they have now entered into the category of a foreseeable risk, which in legal terms is defined as a danger that a reasonable person should anticipate as the result of his or her act http://www.compliancehome.com/resources/SOX/Articles/abstract13398.html Fri, 11 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13379.html There were 18 times more corporate financial restatements in 2006 than in 1997, according to a study released by the US Treasury today, but they had less and less impact on the stock market as the number grew. The study was conducted by University of Kansas accounting professor Susan Scholz and contained no policy recommendations. She found financial restatements grew from 90 in 1997 to 1,577 in 2006. There was an acceleration in restatements beginning in 2001 before the passage of the Sarbanes-Oxley Act regulations on corporate accounting and a decline in restatements associated with fraud or revenue after 2001. The market reaction or 'announcement return' to a restatement averaged -9.5% from 1997-2000 but fell to -1.3% from 2001-2006. http://www.compliancehome.com/resources/SOX/Articles/abstract13379.html Fri, 11 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13378.html The number of financial restatements has risen sharply over the past decade, but market reactions have grown more muted, according to a study released today by the U.S. Treasury. The study, conducted by University of Kansas Professor Susan Scholz, examines the growth in financial restatements in the years before and after the Sarbanes-Oxley Act. Financial restatements grew nearly 18-fold, from 90 in 1997 to 1,577 in 2006 with acceleration in restatement activity occurring in 2001 before the implementation of the Sarbanes-Oxley Act. However, restatements associated with fraud and revenue declined after 2001. Fraud was a factor in 29% of all 1997 restatements, but only 2% of 2006 restatements. The proportion of revenue-related restatements also decreased from 41% in 1997 to 11% in 2006. It also found that market reactions to the restatements dampened over the period, as the number of restatements grew. Market reaction to financial restatements tended to be more negative when the restatem http://www.compliancehome.com/resources/SOX/Articles/abstract13378.html Fri, 11 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13377.html Sarbanes-Oxley compliance is taking a back seat to other governance and risk management initiatives, according to a new AMR Research study. Sarbanes-Oxley (SOX) compliance is taking a back seat to other governance and risk management initiatives, according to a new AMR Research study. For the first time since AMR began polling IT and business executives on governance, risk management and compliance (GRC) in 2003, SOX is not at the top of the GRC priority list. While companies plan to increase spending on GRC projects by 7.4 percent to $32 billion this year, spending on SOX will tick up only 2 percent to $6.2 billion. Survey respondents indicated that SOX may still be on their to-do lists, but 31 percent say better management and mitigation of risk is what is really driving GRC investment this year. http://www.compliancehome.com/resources/SOX/Articles/abstract13377.html Wed, 09 Apr 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract13372.html Compliance concerns and worries of security breaches are driving midmarket IT departments to security information and event management (SIEM) products in growing numbers, analysts at Gartner Inc. say. And as the market for those network watchdog products heats up, small vendors are trying to hold their ground against industry heavyweights that see cash in what is still a relatively new product field. SIEM products, sometimes known as security event management or security information management products, seek to track network activity and alert administrators to potential security threats. That goes beyond Web browsing activity and could mean catching user login failures or identifying malware as it's installed on a company computer, among other security threats. http://www.compliancehome.com/resources/SOX/Articles/abstract13372.html