We peruse the Internet headlines so you don’t have to. Here are the recent SOX and GRC headlines (and links) we felt are newsworthy:

SEC Outlines Compensation Disclosure Challenges Resulting from Bailout - John White, who directs the Corporate Finance Division of the Securities and Exchange Commission, warned that companies participating in the $700 billion rescue package might face disclosure challenges when it comes to executive compensation. The bailout’s restrictions on so-called "golden parachutes" - now limited to $500,000 per senior executive - may even impact non-participating companies, in that their disclosures may need to include salary restructuring that resulted from the economic crisis. White also noted that the SEC would examine the annual reports of the nine largest U.S. banks as part of its SOX-mandated selective review program.

PCAOB Proposes New Risk Rules - In an effort to highlight the integral nature of fraud and risk assessment to the auditing process, the PCAOB has proposed seven new auditing standards. The standards incorporate improved risk assessment methodologies and integrate risk assessment standards, while coming into greater alignment with those developed by the International Assurance Standards Board and the U.S. Auditing Standards Board. The proposed standards are open for public comment until February 18, 2009.

U.S. Firms Pressured to Reduce Power of CEOs - Among corporate governance activists, there’s an increasing demand for a "separation of powers" in the CEO and chairman roles. While European companies typically have a different person filling each role, in slightly over half of U.S. and Canadian companies, the same person is both CEO and chairman. The activists, who are looking to mutual funds to take the lead in urging the split, argue that many of the companies that have gone under or faced problems during the stock meltdown had dual-role leaders at the helm.

Employee Ghosts Haunt Your System - Just as the Powell Doctrine calls for a threat to national security, use of overwhelming force, and a clear exit strategy before going into battle, those engaged in IT risk management need to develop and implement a plan to mitigate the risk left behind by former employees. Deleting accounts and files poses a minefield of legal compliance issues; removing access and tracking data access provides no meaningful information; and the unknown detritus of employees gone bad could derail you. The solution? A centralized ID management strategy that defines roles and privileges ahead of time. This gives you the force and exit strategy you need to mitigate threats to your company’s security.