Wednesday, March 19th, 2008
Audit quality has improved because of changes introduced by Sarbanes-Oxley, a US audit body has said.
The US Centre for Audit Quality released a report this week showing that 78% of the 253 public company audit committee members surveyed by the Center rated overall audit quality as either ‘very good’ or ‘excellent.’
Eighty-two percent said it has improved somewhat or significantly in the past several years while a further 60% agreed that the risk of fraud had declined after the introduction of SOX in 2002, WebCPA.com reported.
Sixty-five percent of the respondents agreed that investors should have more confidence in the markets as a result of SOX, while 58% said that changes resulting from SOX had a positive impact.
The most common reasons given for the improvement includes increased audit committee oversight, requirements regarding internal controls, better communication with audit committees, more rigorous audits, increased emphasis on quality by auditors, and audit committee oversight of the auditors.
Posted in General, Sarbanes Oxley | No Comments »
Wednesday, March 19th, 2008
Usher, 10,000 BC, and your company’s confidential spreadsheets could all be out there for the world to grab. Here’s how these data leaks happen and what you can do to prevent them.
By John Foley, InformationWeek
What might have been a minor breach of IT policy at Pfizer last year cascaded into a serious security incident when the personal data of 17,000 employees and former employees leaked onto a peer-to-peer network. Connecticut’s state attorney general, concerned that state residents were at risk, launched an investigation. At least one former employee filed a lawsuit against the company.
It all started when the spouse of a Pfizer employee used file-sharing software on a company laptop, presumably to swap music or other content with other P2P users. Unknowingly, the laptop user also exposed 2,300 work files, including those containing sensitive Pfizer employee data–names, Social Security numbers, addresses, and bonus information resident on the laptop.
Pfizer isn’t the only company to have its sensitive data exposed in this way. A former employee of ABN Amro Mortgage Group last year exposed spreadsheets with personal data on 5,000 customers from a home computer loaded with the BearShare file-sharing program. And last fall, a terrorist threat assessment of Chicago’s transit system, completed by Booz Allen Hamilton under contact to the Federal Transit Administration, surfaced on a P2P network.
READ MORE!
Posted in Information Security | No Comments »
Tuesday, March 18th, 2008
When we think of disaster, we tend to think of fires, floods, hurricanes, earthquakes, and now terrorism. But an event does not need to be large-scale or catastrophic to qualify as a disaster. Human error, malicious behavior, and even the complexity of the systems themselves can bring about high-impact outages that affect your service levels and business operations. In order to build a resilient communications network that can survive any type of disaster, organizations must create a contingency plan that considers the people, hardware, operating and escalation plans, and, ultimately, the money to put it all together and keep it running.
Developing an Uptime Plan
Developing an uptime management plan provides organizations with a structured way to assess critical processes and threats, and to build a program of detection, notification, restoration, and recovery to implement when a disaster or major disruption occurs.
The National Institute of Standards and Technology (NIST) has produced a Contingency Planning Guide for Information Technology Systems which is an invaluable resource to help any organization with this goal. It outlines a seven-step approach:
>>>>>>>> Click Here to Read the Entire Article <<<<<<<<<<<
Posted in Business Continuity Management, Disaster Recovery | No Comments »
