Thursday, September 13th, 2007
Whistle-blowers remain in the line of fire - When the Securities and Exchange Commission came under congressional fire this year for its handling of an insider trading probe into hedge fund Pequot Capital, Senator Charles Grassley said the episode showed that whistle-blowers were "as welcome as a skunk at a picnic".
Enron’s Skilling Seeks New Trial - Imprisoned former Enron chief executive Jeffrey Skilling asked Friday for a new trial, saying the Justice Department used incorrect legal theories and "coercive and abusive tactics" to win a conviction.
Executives Say Corporate Responsibility Can Be Profitable - Company executives believe that corporate responsibility programs can positively impact their business and help achieve strategic goals, according to a survey of more than 500 business executives conducted by Grant Thornton LLP.
Women Take A Seat On The Board - Headhunters thought the Sarbanes-Oxley Act would force boards to look for women outside the executive suite, since the law limits the number of directorships insiders can hold.
CSC Restates Results After FIN 48 - Computer Sciences Corp. said it would restate its fiscal 2007 results after examining the impact of FASB Interpretation No. 48, or FIN 48, and discovering accounting errors for fiscal 1997 through 2007.
Fragmentation, weak risk management pose risks to Indian banking sector - S&P - The banking sector in India is highly fragmented, with 53 domestic banks accounting for about 93 pct of the system’s assets. Risk management is still largely a work in progress, although significant improvements occurred in the past decade.
Deloitte Consulting Survey - CFOs Worried About Availability of Future Finance Leaders and Talent
Off to School, in a Corporate Jet - Some high school students will be making their way back to school this week on a bus, or, if they are lucky, in their very own car. But the stepdaughter of Edward Mueller, the new chief executive of Qwest Communications, has a much fancier option.
The Six Signs of Internal Fraud - There are six signs in all organizations. By understanding them and looking for them, we significantly improve our chances of detecting and reporting fraud.
Posted in Sarbanes Oxley | 1 Comment »
Tuesday, September 11th, 2007
In Remembrance of
September 11, 2001
As I typed the date for this blog entry…the memories that came flooding back to me are as vivid today 6 years after the 9/11 terrorist attacks as they were on September 11, 2002. I still have in my desk drawer, my ID cards that granted me access to The World Trade Center and to my then employer’s corporate facilities located there. Attached to these ID’s is the key to a ladies washroom on the 56 floor that I’ll never need again. Although I didn’t work permanently in the building, I visited enough to have been granted ongoing access.
Like so many people, even though I was 750 miles away from ground zero, 9/11 and the immediate days afterward, changed my life. Prior to 9/11, I had been a Director of Business Continuity Planning for one of the organization’s subsidiaries and like many parts of the organization; I was called upon to assist in the emergency response effort that began within the hour of the plane hitting the tower.
What was immediately evident was what makes any organization a family. The whereabouts of all the employees, contractors and visitors and whether they were injured and/or needed assistance was of paramount importance. In the days after the event, the media wanted to know if we had located all of our people and how many we may have lost. Secondarily to that, they wanted to know if we would be ready to open when the market reopened.
After I left the firm in 2003, my new career path was laid out for me. I started a consulting business providing Business Continuity Planning services for small and medium sized businesses. I knew first hand how much smoother, not easier, the tasks of emergency response and recovery can be when a company has taken the time to develop a plan and integrate the process into the entire business. I remember the simple thank you from so many employees who knew that the firm cared about them as we spoke with them over the first week after the disaster.
Since 9/11, areas of the United States have experienced crippling hurricanes, mudslides, massive power outages, tornados, fires and just about everything else that both Mother Nature and man can think of. But I still hear from businesses that they can’t afford to develop a plan, or they have a plan to recover their data and that is enough, or even, nothing is going to happen to their business. My response to that has become my two mantras, 1) ‘It’s not if something will happen to your business….it’s when.’ 2) ‘Without a plan, can you continue to support the people that rely on you and have placed their trust in you everyday……your employees and your customers?’
Everyone’s memories are personal today and a million stories can and have been told. I hope as many plans have now been written.
Posted in Business Continuity Management, General | No Comments »
Wednesday, September 5th, 2007
Sometimes a few words from a software vendor, potential partner or consulting security expert tell you everything you need to know about whose advice is worthwhile — when it’s best to smile and nod, or whether you need to interrupt and challenge someone who’s seriously off the rails. Here are 10 telltale phrases that signal troublesome advice.
"Our software is HIPAA (SOX, etc.) compliant."
No, it’s not.
Many security standards, such as the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley Act, include requirements for the implementation and operation of a system. These detail the actual practice of protecting sensitive data, not just the type or design of security controls.
Proper security controls in a piece of software can support compliance with HIPAA, Sarbanes-Oxley or other regulatory requirements, but a direct claim of compliance-in-a-box is laughable. There’s no way to box up a proven-compliant life cycle into an unimplemented piece of software without incorporating your data and experience.
Have you heard these before?
"It uses an encrypted database." "… a proprietary security algorithm …" "You’re 77.83% compliant." "…all the data at your fingertips…" "… policies are ready-to-implement …" "It’s secure; just plug it in." "… highly customized security system …" "… completely removes files and evidence …" "Distribution of your content is controlled."
READ MORE at computerworld.com
Posted in General, Risk Management | No Comments »
