Thursday, May 29th, 2008
Sarbanes-Oxley gives shareholders powerful tools to fight investment fraud, said a group of investment advisers attending a recent corporate governance conference in Paris. In that sense, the highly controversial corporate reform law does exactly as Congress intended it, whether or not it makes the United States less competitive from an economic standpoint. One caveat, according to nternational Herald Tribune commentator and former Arthur Andersen auditor Jim Peterson: The already shaky audit industry — built only on four major players — may not be able to survive another failure, especially in light of the current economic downturn. READ MORE
Posted in Sarbanes Oxley | No Comments »
Friday, May 23rd, 2008
Two lawsuits filed by former employees against Fidelity Investments may resolve a simmering dispute in the securities industry: Whether mutual fund employees are protected by a whistle-blower law adopted in the wake of corporate accounting scandals. The Sarbanes-Oxley Act does not specifically apply to the Fidelity Investments chairman’s firm and other privately held companies.
Congress gave whistle-blowers at public companies strong protections against retaliations when it passed the Sarbanes-Oxley Act in 2002 after the collapse of Enron Corp. and WorldCom. But the law does not specifically extend to privately held firms such as Fidelity that invest in public companies.
Posted in Sarbanes Oxley | No Comments »
Tuesday, May 20th, 2008
Gartner has published a new report ‘A Risk Hierarchy for Enterprise and IT Risk Managers’ in which it claims that risk management practices in many enterprises are in a poor state. Many enterprises continue to take a narrow ‘siloed’ approach to risk assessment and management, often developing risk practices that are not effective or appropriate to their specific needs.
Gartner says that in many enterprises, specialists with functional areas of responsibility for risk management operate independently from one another, use different definitions of risk, record information inconsistently and fail to share information beyond the boundaries of their specific business or support areas. As a result, there is little transparency across processes and no holistic view of risk, which is necessary for enterprise-level analysis of exposure and mitigation decisions.
"An enterprise that wishes to better understand and manage the risks to which it is exposed should begin with enterprise-specific risk definitions and an organizational risk hierarchy to which all risk-related specialists can align," said Paul Proctor, vice president and distinguished analyst at Gartner. "Although no single definition will work for all enterprises, it is important to start from a common, overarching framework to eliminate overlap, avoid gaps in coverage and ensure good governance."
In the report Gartner details seven key steps which enable IT managers to understand and manage the risks facing them and allow them to quickly contribute to an enterprise-level risk management effort as their enterprises evolve in that direction:
* Implement a framework for risk assessment and mapping.
* Establish the responsibilities of risk managers with their areas of responsibility.
* Identify and define the risks to which the business is exposed and what constitutes a risk event or "near miss" so that incidents can be mapped to specific risks.
* Determine the threat level, and focus on those risks with the highest impact on performance.
* Establish levels of controls for processes commensurate with the perceived threat.
* Record and retain risk incident and near-miss information.
* Conduct periodic risk assessments to determine changes in the operation’s risk profile and assess control performance.
The report is available here (payment required).
Posted in Risk Management | No Comments »
