| SearchCIO.com: Eastman Kodak appointed its first chief compliance officer two weeks after the company announced that the SEC was investigating its 2003 and 2004 restatements of earnings. The company denied any connection — saying that, while the position was new, its duties had been performed by its general counsel. A growing number of companies are appointing CCOs, many of them former general counsels. Many CCOs are involved with IT projects. The growing prominence of compliance issues, the importance of their responsibilities and the advanced educations that most CCOs boast means that they can command impressive compensation packages. A survey of over 100 top companies showed CCO compensation packages averaging $750,000. | Sponsor: IT Manager Development Series | | Maximize Your IT Management Career
This collection of 10 PDF-format books is packed with real-world advice that will help you realize your full potential as an IT manager. And the bonus IT Manager Toolkit includes 80 Word and Excel tools you can use right away. > Click here to learn more. | internetnews.com: When it comes to data retention requirements, most companies were able to achieve their goals in Year One of Sarbanes-Oxley. But many are struggling to implement ongoing processes that will allow them to remain in compliance. Two-thirds of CFOs surveyed by PricewaterhouseCoopers and compliance software vendor Virsa say they discovered potentially damaging control weaknesses during the Sarbox process. Fifty-eight percent say they plan to add more business controls, such as data storage and transaction processing controls. Forty percent have implemented security and access controls in their networks, while 20 percent say they will automate that process. Forty-five percent say they don't have security for access controls yet in place. Automating compliance and controls is a high priority with 30 percent of the survey participants, while 45 percent term it a moderate priority in the next 12 months. Half the survey participants say that perceptions of loose governance and poor controls yields lower share prices in the market. CSOonline.com: Inappropriate access to taxpayers' personal data by Department of Revenue employees is against the law in Massachusetts. The DOR's former system monitored employee access to info on high-profile citizens, an apparent hobby of some departmental employees. The system caught several perpetrators each year, most of whom were summarily dismissed from employment. The department spent $300,000 in 1997 to develop the home-grown system which monitored every access to taxpayer information by logging employee keystrokes, allowing managers to investigate suspicious cases. The article discusses the upsides and downsides of deploying such a keystroke logging system, as well as other data monitoring options. | | Special Offer: Free White Paper IT Consolidation: How to Do More with Less Infrastructure
IT consolidation provides organizations with a way to simplify their complex IT environments while adding a flexibility that helps them react quickly to changing business strategies and processes. Read ahead to find out how HP's services can help reduce IT and operational costs, improve service levels, and create a competitive advantage. Read the white paper now! | | | | Legal Week: Executives of foreign corporations subject to the provisions of Sarbanes-Oxley are under increased risk of prosecution in U.S. courts, for several reasons. The Sarbanes-Oxley law itself gives prosecutors a broad scope of authority. U.S. prosecutors and regulators are increasingly using so-called long-arm jurisdiction, provisions that allow foreigners to be hauled before U.S. courts. Few individuals subject to these proceedings have challenged them, preferring to settle instead, thus emboldening the authorities. In addition, there may be pressure coming from U.S. corporations to prosecute more foreigners. U.S. businesses argue that they are subject to more regulatory rigor than foreign corporations. Prosecutors and regulators have responded by instituting a greater number of proceedings against foreigners, just to show they're being fair. Accounting SmartPros: Compliance requirements are playing a key role in shaping the skills required of future accountants, according to research conducted by Robert Half International, an accounting and finance staffing service firm. Pressure to meet compliance deadlines is the biggest impact of corporate governance reforms, according to 37 percent of chief financial officers surveyed. Fifty-eight percent of CFOs at privately held companies said their organizations are implementing new practices in response to governance mandates for publicly held companies. Fifty-three percent of CFOs said an understanding of foreign accounting regulations will be increasingly important for accountants over the next five years. The study also demonstrated that accountants with expertise in internal controls, business continuity planning, anti-fraud measures and mergers and acquisitions are experiencing the greatest demand for their services. FCW.com: The Government Accountability Office has released a report finding that federal data mining activities have not adhered to privacy regulations. Based on a review of data mining practices at the Small Business Administration, the Agriculture Department's Risk Management Agency, the Internal Revenue Service, the State Department and the Federal Bureau of Investigation, the GAO found that each agency practiced some, but not all, of the privacy protection measures required by law. Most agencies notify the public about the use of personal information in data mining programs, but not the purpose of the program itself. Officials fail to understand the impact data mining can have on personal privacy. None of the agencies reviewed had produced an acceptable privacy impact report, according to the GAO. | IT Marketplace | | | | | Tell the IT Business Edge audience of technology decision makers about your product, service, event, or job. Click here to list it in the IT Marketplace! | | 3 QUESTIONS:
Compliance Training Challenges
With Sanjay Anand, chairperson of the SOX Institute. Anand is a globally recognized compliance, risk management and business process consultant, professional speaker and published author. Question: What training challenges do companies face when it comes to Sarbanes-Oxley compliance?
Anand: One challenge many companies face is that some executives don't think they need Sarbanes-Oxley training. Many think they can wing it and don't have to go through a formal training program. Once they get past that, they don't often still know who they need to train, whether (it should be) executives, managers, project leaders or everyone involved in the implementation. Another challenge companies face is that they have a hard time allocating sufficient budgets to training. It's a question of either paying now or paying later, and many are opting to pay later. They think they can go back later and fix what they did wrong. Finding the time to train is also pretty difficult for many companies. Question: How do companies decide whom to train?
Anand: The key to training is to do a job analysis to determine what training is relevant to whom. You have the executive level, project managers and leaders, and the hands-on people who do the documentation and implementation. You also have several disciplines involved, including finance, accounting, IT, ethics and legal. So with the various disciplines and levels, you draw a matrix to identify who in the organization needs to attend which program. We recommend that C-level executives stay at the C-level; they don't need a hands-on workshop. Those working on Section 404 documentation processes need to understand what the requirements of Section 404 are from an implementation standpoint. It's important to avoid overkill because there's no need for it. Organizations don't need to be training more people than they need to. Question: What roles do corporate leadership and the corporate code of conduct play in making a company compliant?
Anand: The leadership sets the stage and the ground rules on how an organization is to behave. The leadership has to set the right example of ethics, integrity and honesty by making it clear that these values must be prevalent throughout the organization in order for it to meet compliance objectives. Another value is transparency. Compliance is intended to introduce transparency to business processes. This can occur only if the top level is clean. The other side of the equation is that a code of conduct empowers employees to do the right thing without having to micromanage them. Without such a code, the tendency is to micromanage to try to control the outcome. With a code, there is a guiding light, something that says who we are, this is what we believe in, and this is how we behave.
A good compliance initiative has the leaders managing the process and not the people. If the process is properly managed, the people will actually follow. One may argue that not all will follow, which is true. The reason you need the process is to handle discrepancies, so it's always about the process. This is communicated through the corporate code of conduct. It sets up consistent expectations so that you don't have to manage every fine detail of employee behavior. Instead, you can trust people to work together to achieve a common objective. This trust can come from a well-written corporate code of conduct. | | Also from IT Business Edge: Leveraging Open Source Leveraging Open Source gives you a comprehensive view of open source adoption in the enterprise. From Linux's growing role in the mid-tier server market to open source corporate blogging software, the open source movement is making inroads in the enterprise. Click here to sign up! | By the Numbers
$30 million Amount outside directors of WorldCom and Enron have agreed to pay out of their own pockets to settle securities lawsuits.
(Free registration required) Two-thirds Financial executives surveyed by PricewaterhouseCoopers and Virsa who said they discovered control weaknesses during the Sarbanes-Oxley compliance process. 30 percent Increase in amount of time required for an audit since the Sarbanes-Oxley Act became law.
Breaking Headlines
Reuters: The Securities and Exchange Commission has threatened to levy the heftiest fine ever for failure to preserve records against the investment bank Morgan Stanley. The threatened $10 million fine stems from several regulatory cases the SEC is considering in which the preservation of e-mail messages has become an issue. The actual penalties are not likely to be imposed any time soon, as the company and the regulatory body continue to haggle over the document preservation issues. Red Herring: The Electronic Privacy Information Center (EPIC), a civil liberties watchdog group, has thrown a privacy issue into the lap of the Federal Communications Commission, a regulatory body which normally concerns itself with competition and technology issues. EPIC has filed a petition with the FCC demanding that the agency issue more stringent regulations on the release of personal information by telecommunications companies. EPIC says that a raft of unauthorized individuals, including data brokers, private investigators and divorce attorneys, receive access to private information held by telecom companies under the pretext of having authority to review those records. silicon.com: A committee of California's state legislature has tabled the Identity Information Protection Act of 2005, a measure which would have prohibited the use of radio frequency identification tags in driver's licenses and other state documents. The American Electronics Association, along with California technology companies, argued against the bill, saying it was too complex. Privacy advocates are concerned that RFID could be used to monitor citizens. The bill's author says he still intends to push the bill through the legislature. Emerging Trends
Fort Wayne Journal Gazette: Compliance activities, particularly under Sarbanes-Oxley, provide a large part of the explanation of why the market for accounting talent has become very hot of late. Other factors include the strong growth the U.S. economy has experienced in recent years. Accounting firms are luring top students with attractive salaries and have proved not to be above trying to steal top practitioners from competitors. Starting salaries for accountants is on the rise, and the profession is enjoying increased cachet among college students.
FCW.com: A survey of federal chief information security officers is showing increased reporting demands to comply with federal regulations. CISOs spend an average of 3.75 hours a day on Federal Information Security Management Act reporting, a 23 percent increase over 2004. CISOs named network attacks, software patch management and FISMA compliance as their top activities. Wireless networks, multifactor authentication and increasing database security were named as the three top emerging trends. CISOs' top concern was getting software vendors to improve the quality of their products. Pacific Business News: Banks are becoming overly cautious and suspicious to the point that they are inundating investigators with the U.S. Treasury Department's Financial Crimes Enforcement Network with an avalanche of suspicious activity reports, experts say. The same tendency could potentially infringe on the privacy rights of customers. Financial institutions apparently believe that filing more reports will help them avoid regulatory and criminal scrutiny under the Bank Secrecy Act. But FinCen officials say that populating FinCen databases with defensive filings degrades the overall value of reports. IT Business Edge: Managing Compliance Standards
| Issue 37, Vol. 2 | | DISCLAIMER: At the time of publication, all links in this e-mail functioned properly. However, since many links point to sites other than itbusinessedge.com, some links may become invalid as time passes. | | This e-mail is sent by: NarrowCast Group, LLC, 124 N.First St., Louisville, KY 40202 | Copyright ©2003-2005 NarrowCast Group, LLC. All Rights Reserved.
| | 
Research
Consultant Rates
Free for Subscribers! | | Don't budget IT projects in the dark! Find out what contractors are charging for the skills you need by querying our database of more than 12,000 consultants and firms. Click here to begin your research now! | | Find Related Technology Solutions | | Hurricane Relief
| IT Business Edge encourages support for these and other organizations engaged in the relief effort in New Orleans and the Gulf of Mexico coast. 
| | About the Editor
Peter Buxbaum has been writing about business, technology, and law for 12 years. He has published over 1,000 articles in publications such as Fortune, Forbes, Chief Executive, Computerworld, InformationWeek, and dozens of others. He earned a law degree from Temple University, studied economics at Columbia University, and taught seminars in international business at Penn State University.
He can be reached at editorial@itbusinessedge.com.
| | |
0 Comments:
Post a Comment
<< Home