IT Compliance News

·         TJX breach involved data forbidden by the PCI DSS

Breach occurred seven months prior to discovery - http://www.itcinstitute.com/info.aspx?id=34941

·         Law firm settles Enron malpractice case out of court

Firm pays $18.5MM before case even reaches court - http://www.itcinstitute.com/info.aspx?id=34942

·         "Storm" Trojan mounts worst malware threat in 20 months

More than 1.6 million infections reported in only five days - http://www.itcinstitute.com/info.aspx?id=34943

ProsecutionWATCH

·         Enron key witness enters prison

Former Enron IR exec Koenig helped put away Lay and Skilling - http://www.itcinstitute.com/info.aspx?id=34952

·         Shareholder suit based on media stories rather than corporate disclosures

Incident may be the first of its kind - http://www.itcinstitute.com/info.aspx?id=34953

·         Arbitrators uphold Gemstar-TV Guide conviction

Former CEO Yuen forks over $93MM as his wrongful termination claim is denied - http://www.itcinstitute.com/info.aspx?id=34954

·         SEC moves against pump-and-dump hacker

Russian-born US citizen manipulated stock using hijacked trading accounts - http://www.itcinstitute.com/info.aspx?id=34955

New Research

·         Mobile hacking on the rise

Volume of mobile malware is doubling every six months - http://www.itcinstitute.com/info.aspx?id=34950

·         Telecommuting might be a career-ending move, survey finds

Face-time with the boss outweighs convenience for many - http://www.itcinstitute.com/info.aspx?id=34948

Regulation Watch

·         PCAOB issues guidance for auditors looking for fraud

Report reminds auditors of their responsibilities - http://www.itcinstitute.com/info.aspx?id=34944

·         UK regulators find US certification firm guilty of discrimination

First US company with no presence in the UK held liable under UK's Disability Discrimination Act - http://www.itcinstitute.com/info.aspx?id=34946  

Supporting Corporate Compliance Round Table Series

Free Roundtable discussion at ITA Chicago. Attend the 3-part IT Strategy Series beginning February 8^th through April 19^th, 2007.

[Naperville] 01/26/2007 - The Radian Group is currently presenting a free industry discussion for IT Management professionals and those dealing with the issues of Compliance Management for SMBs – both those companies that are publicly held and those considering IPO strategies in the future and those organizations in the supply chain. Many ideas and experiences will be shared from industry experts to help turn IT Compliance challenges into opportunities. Information Technology departments continue to be under pressure to support more and more of the ever growing Corporate Compliance requirements being placed on their organizations – these sessions offer a way for them to get control over the audit and be a hero to the boardroom when meeting those challenges.

The 3-part IT Strategy Series Roundtable discussion will be held monthly from 12:00 – 1:30 p.m. at Illinois Technology Association Conference Centre, 200 S. Wacker – 15th floor, Chicago, IL 60101. Registration begins at 11:45 a.m.

PRE-REGISTER TODAY!

Our Roundtable Sessions are Open to all!

Part-1: IT Strategy Series: IT Compliance – What is it? DATE: 02/08/2007 TIME: 12:00 – 1:30 p.m.

This information packed session will highlight what the “compliance” buzz is all about. An introduction of the Sarbanes-Oxley Act of 2002 (2002), the new Federal Laws regarding emails, information management retention, HIPAA, etc., and how they affect IT. This series will also look at COSO and governance at a high level to determine what organizations probably already have in place that align to the compliance requirements. This series will give you the takeaway of having a general understanding of Compliance and how it will or will not affect your IT organization.

Part-2: IT Strategy Series: IT Controls – Do I have them and where I can I find them?

DATE: 03/08/2007 TIME: 12:00 – 1:30 p.m.

Having the springboard of a general understanding of IT Compliance, this second strategy series narrows into the identification of Risk within your IT department. Compliance is based on knowing you’re IT Controls and mitigating any risks to them. This session will define known IT controls (as accepted by governing bodies), understanding common risks and their impacts along with an introduction to some known IT Frameworks (ITIL, Cobit, ISO). This session will give a high level mapping of known controls to SOX and also how IT Controls align to other compliance laws (ECM, Privacy Laws, Data Recovery).

Part-3: IT Strategy Series: Ask the Experts

DATE: 04/19/2007 TIME: 12:00 – 1:30 p.m.

The finale for this IT Strategy Series is to Ask The Experts. We will bring together experts from all facets of Compliance, including Financial, Information Management, Audit and Corporate. We will offer an open forum to submit questions before hand as well as on the spot information sharing. We will use feedback from the first two sessions to build a value based session.

Board Issues Report on Auditors’ Implementation of PCAOB Standards Relating to Auditors’ Responsibilities With Respect to Fraud

Washington, DC, January 22, 2007 – The Public Company Accounting Oversight Board today issued a report that discusses auditors’ implementation of PCAOB interim standards regarding the auditor’s responsibility with respect to fraud.

The auditor’s responsibility with respect to the detection of fraud is an important focus of the Board and has been discussed by the Board’s Standing Advisory Group in past meetings. The report draws on important or recurring observations made during the Board’s inspection of audit work performed by registered public accounting firms.  Using those observations as a focal point, the report addresses several topics, including –

• Auditor’s Overall Approach to the Detection of Financial Fraud
• Required Brainstorming Sessions and Fraud-Related Inquiries
• Auditor’s Response to Fraud Risk Factors
• Financial Statement Misstatements
• Fraud Associated with Management Override of Controls

In the report, the Board is not changing or proposing to change any existing standard, nor is the Board providing any new interpretation of any existing standards.  The Board issued the report both for the purposes of generally focusing auditors on being diligent about their responsibilities as they relate to fraud and providing information that audit committees may find useful in working with auditors.

“This report is a constructive way to remind all auditors of what the Board’s standards require of them in these areas,” said PCAOB Chairman Mark Olson.  “Careful attention to these requirements is important to best position auditors to detect material misstatements caused by fraud.”

The report is a general report under the Board’s Rule 4010 and does not identify any firm or firms to which the inspection observations in the report relate.  The text of the report is available on the Board’s Web site here.