InformationWeek: Financial institutions are rushing to comply with the Basel II accord, an international agreement that mandates how banks compute the risk associated with the assets they carry on their books. U.S. companies have until January 2008 to comply, while European banks must finish a year earlier. The purpose of Basel II is to require that the mandatory reserves that banks must keep to cover losses from defaults be computed on the basis of asset risk. Basel II allows banks to create internal ratings systems for grading financial instruments and to develop their own measurements of operational risk. Experts say that compliance should help banks develop better credit processes. But compliance is also difficult and costly. A recent Accenture survey showed that 45 percent of North American and European banks expect to spend at least $60 million on Basel II compliance. Of that sum, 36 percent will be spent on IT systems and interfaces. The article looks at the compliance approaches of several financial firms.
| Sponsor: IT Manager Development Series | | Maximize Your IT Management Career
This collection of 10 PDF-format books is packed with real-world advice that will help you realize your full potential as an IT manager. And the bonus IT Manager Toolkit includes 80 Word and Excel tools you can use right away. > Click here to learn more. |
CFO.com: Automation is likely to play a greater role in Sarbanes-Oxley compliance in Year Two than in Year One. The first year was focused on process documentation. Now areas such as the testing, monitoring, and remediation of controls will come to the fore. These areas provide greater opportunities for cutting costs and gaining in efficiency and are also where technology can best be brought to bear. A CFO Research Services survey found that 76 percent of companies, and a higher percentage of larger enterprises, regard automating the compliance and control environment as a top priority. Of those, 56 percent say they will leverage controls within their ERP systems.
Sarbanes-Oxley Compliance Journal: Sarbanes-Oxley compliance is fueling growth in the implementation of contract management solutions. A recent Aberdeen Group report estimates that the contract management market will grow 20 percent annually through 2008. Aberdeen also notes that nearly half of companies now track contracts in paper-based systems. Others manage contract compliance with Excel spreadsheets or unreliable in-house systems. Weak contract management means a company cannot tell if it is overpaying or underpaying its suppliers, or being underpaid by its customers, factors that can affect the accuracy of financial reporting. Contract management tools can help with Sarbanes-Oxley compliance by facilitating the summary of contractual obligations contained in SEC reports, by properly disclosing assets in the form of vendor-managed inventory, by disclosing all outsourced operations, and by ensuring that all outsourcing service providers have adequate internal controls and safeguards.
| Special Offer: Free White Paper A Strategic Imperative for Averting Risk & Improving Performance
White paper explalins how business continuity and high availability contributes to comprehensive risk mitigation and business enhancement. In addition, it outlines the HP portfolio of solutions available to help businesses maximize the value of business continuity and availability - to transform challenges into opportunities for success. Read it today! | | | |
Wired: The Federal Financial Institutions Examination Council (FFIEC) has announced that banks must protect online transactions with two-factor authentication by the end of 2006. For two-factor authentication, users will need some sort of physical device, such as a smartcard or fingerprint reader, in addition to username and password, to access their online accounts. As the banking industry switches to two-factor authentication, online merchants may adopt similar technologies or enter federated identity partnerships with banks. silicon.com: Banks need to remain alert to the increasingly sophisticated fraud schemes launched by cybercriminals, says John Meakin, head of information security at Standard Chartered Bank. Speaking at the recent Financial Services IT Summit, Meakin says organized crime has the money and the leverage to make this happen. While still mostly content to pick low-lying fruit with simple scams such as phishing, they won't remain satisfied for long, he says. He contends that in five years, organized criminals will be looking to keep up their revenue streams with more sophisticated targets and technologies. Science Daily: The Electronic Frontier Foundation says it has deciphered a code of colored dots used in Xerox's DocuColor printers under an agreement with the United States government. Xerox agreed to program its printers to put encoded dots on all documents to enable federal investigators to track the source of counterfeit currency. The dots appear in an 8-by-15-inch grid visible only under a magnifying glass or blue light, and give the date and time of the printout and the serial number of the printer that made it. Xerox says it does not routinely share customer data with governments, and the U.S. Secret Service says it uses the dots only to track down counterfeiters. But privacy advocates fret that non-democratic governments could use the dots to crack the anonymity of dissidents. | IT Marketplace | | | | Tell the IT Business Edge audience of technology decision makers about your product, service, event, or job. Click here to list it in the IT Marketplace! |
|
3 QUESTIONS:
SMB Compliance Challenges
With David Luft, senior vice president responsible for Computer Associates' Small and Medium Business Program Office. Luft is CA's advocate for SMBs and is responsible for delivering enterprise-caliber technologies that address their IT needs. Question: What compliance challenges do SMBs face?
Luft: One of the significant challenges is that SMBs have fewer resources to allocate to the task than do enterprises. Enterprises typically are able to delegate compliance tasks to different groups within the organization. In an SMB, there may not be anyone to delegate these tasks to. Another major challenge is that the overall spending on compliance as a percentage of revenue is often higher for an SMB as compared to an enterprise. Question: How are SMBs doing with compliance, and where should they start?
Luft: Over the past 12 months, SMBs have made significant strides. A year ago, less than 25 percent, and especially those on the small side, understood what was required of them. Today, at least 50 percent to 75 percent are in a better position to understand what is required and have come down the path of compliance if they are not already there. One thing companies need to be aware of, depending on their geography and industry vertical, is that compliance is not limited to Sarbanes-Oxley. They need to constantly stay on top of what the developments are and look at compliance, not just as a way to meet specific regulatory requirements, but also as a way to do more and better business.
Then you need to lay the groundwork to cover your bases by addressing needs such as clear accounting standards, auditability, securing and backing up data, and appropriately archiving data so you can get it back quickly. One big piece is making sure that everyone in the company is aware of compliance requirements. This requires strong communications on what everyone's role is, not just one time but on an ongoing basis. Everyone in the organization must be aware of the regulatory requirements and the company's own internal processes that they must follow. When it comes to specific products, SMBs should look first at backing up and restoring data. They should take a look at how they store data and whether they are able to recover data, not only from a reporting and auditability standpoint, but also when it comes to disaster recovery. Enforcement of password security for system control access also tends to be one of the starting points. Question: What business benefits can SMBs expect from investing in compliance processes and technologies?
Luft: Most businesses still tend to look at compliance as a cost and don't see the upside of it. We emphasize that when you invest in technology and processes you're not just going to meet compliance requirements, but it will also help run your business better by streamlining financial processes, responding quicker to market opportunities, and providing better visibility and auditability to analyze the business and provide information to decision makers. A lot of the return on the investment comes from being able to respond quicker and become more efficient.
| | Also from IT Business Edge: Leveraging Open Source Leveraging Open Source gives you a comprehensive view of open source adoption in the enterprise. From Linux's growing role in the mid-tier server market to open source corporate blogging software, the open source movement is making inroads in the enterprise. Click here to sign up! |
By the Numbers
76 percent Proportion of companies surveyed by CFO Research Services that consider automating the compliance and control environment to be a priority. $4.2 million Average cost of a corporate audit in 2004, up from $1.6 million in 2001, according to a Foley & Lardner study. $93 million Portion of the Department of Homeland Security's fiscal 2006 budget earmarked for cybersecurity exercises and outreach.
Breaking Headlines
GovExec.com: In a move designed to elevate the Department of Homeland Security's cybersecurity mission, Congress has divided the department's information analysis and infrastructure protection unit into two: the analysis and operations wing and the preparedness directorate. Basically, the cybersecurity division was removed from information analysis and infrastructure protection and its director was made an assistant secretary. This is supposed to focus more resources and attention on cybersecurity. The new assistant secretary is also charged with coordinating national telecommunications security. The Register: European Union Justice Ministers have agreed to negotiate with the European Parliament on proposed data retention laws that would require telcos and Internet service providers to keep metarecords on communications between customers. European Parliament members reportedly threatened to take the Council of Ministers to court if they did not cooperate on the directive. British Home Secretary Charles Clarke, on behalf of the United Kingdom's presidency over the EU, said the Council of Ministers may force through the directive if negotiations with Parliament are unfruitful. The directive would require companies to retain metarecords of telephone calls for 12 months and Internet communications for six months. Individual member states would decide whether to reimburse industry for the cost of retention. Websense Security Labs: The number of malicious Web sites and the amount of crimeware have increased, according to the 2005 Semi-Annual Web Security Trends Report. The first half of 2005 saw dramatic increases in the number of smaller, regional banks being targeted. More than 30 small credit unions were targeted by puddle phishing scams. This type of phishing has changed considerably, as has spyware, which has been increasingly utilizing keyloggers and screen scrapers. The report found that although several browser vulnerabilities were exploited, the method used most often involved e-mails and instant messages that entice users to visit Web sites in order to infect them. Researchers predict that scammers will increase their tactic of hunting in packs, whereby groups share tools to create large-volume attacks. Emerging Trends
Better Business Bureau: A report released by Javelin Strategy and the Better Business Bureau indicates that the most frequently reported source of information used to commit fraud is a lost or stolen wallet or checkbook. The 2005 Javelin Identity Fraud Survey Report revealed that in 2004, computer crimes accounted for 11.6 percent of identity fraud cases (half of those resulting from the use of spyware), while 29 percent of victims experienced a lost or stolen wallet, checkbook or credit card. Reported fraud attributed to computer viruses or hackers amounted to just 2.2 percent of the total. The report also found the average financial loss attributed to online theft, $551 per incident, was less than one-eighth the cost of paper-based crimes, at $4,543.
silicon.com: Software developers should be held personally responsible for writing secure code and receive training in safer programming practices, believes former White House cybersecurity adviser Howard Schmidt. He complains that most university programming courses have focused on usability, scalability and manageability, rather than security. The British Computer Society agrees with the general direction of Schmidt's sentiment, but says that companies, rather than individuals, should be held responsible for insecure code. The BCS points out that code is not under developers' control after its release, and that users must bear some responsibility for security by installing security patches. TechWeb: European and American consumers are spending more money than ever online. But Americans are more worried about fraud and identity theft, according to a new survey from Momentum Research Group. The report indicates that German, French and British consumers were more confident in online security than Americans during September. Consumers in all countries say they are more likely to trust a site if they have used it before, the survey says. Most respondents say businesses should protect their personal data and back their security policies by reimbursing them if their accounts are compromised. IT Business Edge: Managing Compliance Standards
| Issue 43, Vol. 2 | | DISCLAIMER: At the time of publication, all links in this e-mail functioned properly. However, since many links point to sites other than itbusinessedge.com, some links may become invalid as time passes. | | This e-mail is sent by: NarrowCast Group, LLC, 124 N.First St., Louisville, KY 40202 | Copyright ©2003-2005 NarrowCast Group, LLC. All Rights Reserved.
|
| 
Research
Consultant Rates
Free for Subscribers! | | Don't budget IT projects in the dark! Find out what contractors are charging for the skills you need by querying our database of more than 12,000 consultants and firms. Click here to begin your research now! |
| Find Related Technology Solutions |
|
About the Editor
Peter Buxbaum has been writing about business, technology, and law for 12 years. He has published over 1,000 articles in publications such as Fortune, Forbes, Chief Executive, Computerworld, InformationWeek, and dozens of others. He earned a law degree from Temple University, studied economics at Columbia University, and taught seminars in international business at Penn State University.
He can be reached at editorial@itbusinessedge.com.
|
|
|
0 Comments:
Post a Comment
<< Home