http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, COOP & COG, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14972.html Comodo, a leading Certification Authority and Internet security company, announced today the availability of version 1.0 of SecureEmail. Comodo SecureEmail employs well-established, de facto industry standard, PKI-based solutions/technologies that enable encryption and digital signature of outgoing emails, assuring recipients that the email has not been tampered with during transmission. Comodo's solution can be deployed with either Comodo or third party SSL Certificates. Email is one of the most vulnerable systems to attack. Comodo SecureEmail is the install-and-forget application that can automatically encrypt and sign all messages. Featuring full integration with Microsoft Outlook, Mozilla Thunderbird and other S/MIME-capable email clients, it includes a built-in wizard that allows users to easily download and setup a free Comodo email certificate. This helps automate the digital certificate acquisition, distribution, signature and encryption processes, freely building a secure emai http://www.compliancehome.com/resources/SOX/Articles/abstract14972.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14971.html For many corporate executives, complying with the Sarbanes-Oxley Act of 2002 is a lot like cleaning out a cluttered basement -- dreaded and tedious, but necessary. That's because the federal law requires business managers to continually identify, monitor and verify that they have effective financial controls in place. Now that most large publicly held firms have gone through at least one round of meeting these so-called Section 404 requirements, many executives have recognized the need to automate those controls processes in order to make those activities repeatable and cheaper to maintain. Big companies like Time Warner Inc. and The Dow Chemical Co. each devoted hundreds of thousands of man-hours in 2004 to manually identifying, evaluating and testing their business and IT controls. http://www.compliancehome.com/resources/SOX/Articles/abstract14971.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14970.html Sarbanes-Oxley has been estimated to have cost U.S. businesses more than 30 million dollars. The law was created to require publicly held corporations to be more accurate, reliable and accountable to shareholders in the presentation of their financial statements and disclosures. The Act itself as born out of public demand stemming from the financial scandals that shook the corporate world with some of the higher profile cases involving Enron and WorldCom. The Sarbanes-Oxley Act (SOX) sets up regulations over a range of financial matters that focus on auditor independence and corporate responsibility for financial reporting. The provisions are clear and the penalties are significant in terms of corporations adhering to the financial guidelines set forth by the Act. Chief executive officers and chief financial officers sign-off of financial statements are required; the officers must state that all financial information has been resented fairly with U.S. Generally Accepted Accounting http://www.compliancehome.com/resources/SOX/Articles/abstract14970.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14969.html A three-judge panel of the U.S. Court of Appeals for the District of Columbia Circuit sided with Sarbanes-Oxley last week when it decided the issues raised in a suit filed against the Public Company Accounting Oversight Board (PCAOB) did not merit a trial. The plaintiffs alleged that, inasmuch as Sarbanes-Oxley created the PCAOB so that its members are appointed by the Securities and Exchange Commission, the law violates the Appointments Clause of the U.S. Constitution. The Appointments Clause requires executive officers to be appointed by the President, subject to the advice and consent of the Senate. http://www.compliancehome.com/resources/SOX/Articles/abstract14969.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14968.html A federal appeals court in Washington, D.C., on Friday rejected a legal challenge to the Sarbanes-Oxley Act co-authored by former Maryland Sen. Paul S. Sarbanes. The six-year-old law, which requires top executives of publicly traded companies to certify corporate financial statements and increases the level of auditing, has been criticized by some Maryland business executives for being too costly and unclear. Rockville real estate development company Bresler & Reiner recently delisted from the over-the-counter bulletin board regulated stock service due largely to the costs involved in complying with the law. http://www.compliancehome.com/resources/SOX/Articles/abstract14968.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14964.html Two-to-one opinion by a panel of the U.S. Court of Appeals for the District of Columbia Circuit, upholding the creation of a nonprofit board to set auditing requirements and oversee accounting firms that audit public companies. The authority of the Public Company Accounting Oversight Board had been challenged by Beckstead and Watts, a Nevada accounting firm, and the Free Enterprise Fund, as violating the constitutional separation of powers. The ruling is here. From Washington Post, http://www.compliancehome.com/resources/SOX/Articles/abstract14964.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14963.html Most investors think Sarbanes-Oxley regulations have been the rule of the road in corporate governance since put into law in 2002. That has never quite been true. The law has been challenged in the courts for almost six years, accused of giving the federal government too much power to push public companies around. What appears to be the final challenge to Sarbanes came to an end as a federal appeals court turned back a legal challenge to the act. According to The Washington Post, http://www.compliancehome.com/resources/SOX/Articles/abstract14963.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14962.html Even CEOs can't read statements compliant with the law.The goal of the 2002 Sarbanes-Oxley Act was to make corporate accounting more transparent. In practice, a new Cato Institute study finds, the law's requirements have had the opposite effect. Sarbanes-Oxley sought to achieve its aims by having the Financial Accounting Standards Board (FASB) mandate that corporations use Generally Accepted Accounting Principles (GAAP) in reporting their balance sheets to shareholders. In the Cato Institute Briefing Paper http://www.compliancehome.com/resources/SOX/Articles/abstract14962.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14961.html An effort to overturn the Sarbanes-Oxley Act has failed, with a federal appeals court upholding a nonprofit board that polices accounting firms. The creation of the board, known as the Public Company Accounting Oversight Board, is central to the 2002 law, which was passed after the accounting scandals involving Enron and WorldCom. Critics say the intensive auditing requirements imposed on public companies are expensive to comply with and are undermining American competitiveness against foreign companies. At issue in the appeal was whether the creation of the Public Company Accounting Oversight Board violated the Constitution's separation of powers clause by leaving the president with too little oversight. A panel of the U.S. Court of Appeals for the D.C. Circuit decided Friday in 2-1 vote that the board, whose members can't be directly removed by the president, was constitutional. http://www.compliancehome.com/resources/SOX/Articles/abstract14961.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14957.html An appeals court yesterday upheld the Sarbanes-Oxley Act of 2002, dismissing arguments that the government's attempt to protect investors from repeats of the scandals at Enron and WorldCom gave federal overseers unchecked power. The U.S. Court of Appeals for the District of Columbia Circuit rejected a challenge to the heart of the act, the creation of a nonprofit board to set auditing requirements and police the accounting firms that audit public companies. http://www.compliancehome.com/resources/SOX/Articles/abstract14957.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14949.html A federal appeals court upheld the legality of the board created by the Sarbanes-Oxley Act to oversee auditors, affirming the Public Company Accounting Oversight Board as the industry's watchdog. The U.S. Appeals Court for the District of Columbia Circuit ruled 2-1 today in rejecting a challenge by a Las Vegas accounting firm that argued the board's makeup violated the Constitution's separation of powers clause. A lower court judge tossed out the suit last year. PCAOB members are ``not required to be appointed by the president,'' Judge Judith Rogers, an appointee of President Bill Clinton, wrote in the majority opinion. http://www.compliancehome.com/resources/SOX/Articles/abstract14949.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14944.html ArcSight, a global provider of compliance and security management solutions, has joined the McAfee Security Innovation Alliance. The initial focus of this partnership will be on the integration of the ArcSight SIEM Platform with McAfee ePolicy Orchestrator (ePO). McAfee ePO is a unified security and compliance management platform that delivers a single console for monitoring the business, managing compliance and addressing internal and external threats. This enables customers to more efficiently manage security incident and compliance management workflow and minimise business risk. http://www.compliancehome.com/resources/SOX/Articles/abstract14944.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14941.html The goal of the 2002 Sarbanes-Oxley Act was to make corporate accounting more transparent. In practice, a new Cato Institute study finds, the law's requirements have had the opposite effect. Sarbanes-Oxley sought to achieve its aims by having the Financial Accounting Standards Board (FASB) mandate that corporations use Generally Accepted Accounting Principles (GAAP) in reporting their balance sheets to shareholders. In the Cato Institute Briefing Paper http://www.compliancehome.com/resources/SOX/Articles/abstract14941.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14917.html Award-Winning Speaker Carol Woodbury to Offer Advice on Security Compliance Through Series of Workshops and Her Key Note Speech to Delegates at Australasia's Largest IBM User Groups Event Renowned US security compliance expert, author and award-winning speaker, Carol Woodbury is to deliver the key note speech at Interaction's September 2008 annual conference in Australia's Surfer's Paradise. This significant event is the largest gathering of IBM solutions providers across Australia and New Zealand and is organised by IBM user group, Interaction. This annual conference will showcase the latest server technologies and provide the opportunity for IT professionals to discuss the hottest market topics including: hardware streams, solutions, programming and development, systems management, operating systems and networking, and IT future trends. http://www.compliancehome.com/resources/SOX/Articles/abstract14917.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14912.html Less than two months after a jury found Arthur Andersen guilty of http://www.compliancehome.com/resources/SOX/Articles/abstract14912.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14911.html Even CEOs can't read statements compliant with the law The goal of the 2002 Sarbanes-Oxley Act was to make corporate accounting more transparent. In practice, a new Cato Institute study finds, the law's requirements have had the opposite effect. Sarbanes-Oxley sought to achieve its aims by having the Financial Accounting Standards Board (FASB) mandate that corporations use Generally Accepted Accounting Principles (GAAP) in reporting their balance sheets to shareholders. In the Cato Institute Briefing Paper http://www.compliancehome.com/resources/SOX/Articles/abstract14911.html Wed, 27 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14894.html Data security is seeing increased attention these days. Wide spread media coverage coupled with mounting losses due to fraud and identity theft has increased the pressure being brought to bear on this problem. At last count there are over 100 different regulations pertaining to data protection and security breaches. All these overlapping regulations and the blur surrounding jurisdictional authority have increased the complexity of compliance. The government is getting tough on organizations that are not in compliance. Two areas of compliance that touches a very broad group of organizations are HIPAA and SOX. Both of these areas are currently seeing stepped up auditing and compliance enforcement. http://www.compliancehome.com/resources/SOX/Articles/abstract14894.html Mon, 18 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14865.html Toronto-based Informatica Security introduces its improved FlexProtect 365 security consulting and support solution to the Canadian market. Based on industry standards and incorporating a complete array of best practices, the FlexProtect solution is delivered by experienced, certified professionals. Informaticas president, Claudiu Popa is an authority on information risk management and advises executives on the risks their organizations face with respect to compliance, privacy and security. Over the past few years, few industries have been spared from spectacularly embarrassing and costly security breaches. With our new solution, every organization can mitigate the risks it faces while keeping IT and security budgets under control. The last few years have seen an increase in security breaches that range from misdirected financial faxes to stolen health data. This indicates that the value of corporate information assets is taking centre stage as firms are scrambling to address their http://www.compliancehome.com/resources/SOX/Articles/abstract14865.html Mon, 18 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14864.html For the IT sector, information is as valuable as any currency. But it can be easily lost or destroyed. Hard drives break down frequently and natural disasters can wipe out facilities and equipment. If your company loses valuable information, daily business operations will be interrupted and you may be at risk of failing security audits and falling out of compliance with regulations like PCI DSS (Payment Card Industry Data Security Standard), the Sarbanes-Oxley Act and HIPAA (Health Insurance Portability and Accountability Act). This can translate into costly legal fees and fines. http://www.compliancehome.com/resources/SOX/Articles/abstract14864.html Mon, 18 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14848.html Security and compliance spending is often viewed as a necessary evil by CFOs, whose endless quest for cost-cutting opportunities is the bane of every CIO. Even the threat of an expanded risk profile is sometimes not enough to loosen the purse strings. But what if some spending now could not only result in better security and compliance, but ultimately higher profits, lower expenses, and improved customer satisfaction and retention? That would paste a smile on the face of the most frugal of CFOs, not to mention making him or her look like a hero to the Big Boss. According to a report from the IT Policy Compliance Group (IT PCG), those are the results to expect from moving up the IT governance, risk and compliance (IT GRC) maturity scale. The five-category maturity scale (or six, if you count Level 0, non-existent procedures and processes) runs the gamut from basic ad-hoc processes through the completely optimized, money-saving top level, and maps to the standard capability maturity mode http://www.compliancehome.com/resources/SOX/Articles/abstract14848.html Tue, 12 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14834.html Although mainly affecting businesses in the U.S, many organisations here in the U.K are affected by the Sarbanes Oxley Act and its implication on the management of email and other forms of business communications. The Sarbanes-Oxley Act was passed in 2002, in the wake of one of the Enron saga, one of the largest financial scandals ever. This, and other alleged financial irregularities in some of America's largest corporations, led the Government to call for businesses to have a greater transparency and accountability for their financial dealings. The affects of this legislation are wide reaching and affect many businesses here in the U.K. Under Section 404 of the Act, any business with a listing on the NASDAQ or New York Stock must include a statement with all financial reports to confirm that the company has measures to ensure that records of all transactions are accurate. http://www.compliancehome.com/resources/SOX/Articles/abstract14834.html Tue, 12 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14833.html With government increasingly telling businesses how they need to comply with regulations, I wonder if this means that my data is more secure. At the end of the day, does compliance equal security? A common misunderstanding among business and IT managers is that compliance signoff from the auditors automatically means that critical data is secure. The breach discovered at the supermarket company Hannaford Bros. earlier this year certainly indicates that compliance doesn't automatically equal security. It appears that Hannaford was in compliance with the PCI DSS at the time of the breach, and the firm continues to investigate how the breach could have happened. One theory is that an insider planted the code that led to the breach of customer credit card numbers as they streamed through company servers. Don't Miss!Read the latest WhitePaper - Top 10 Considerations for Scaling a WAN Acceleration Solution The threat from trusted insiders continues to be high on organizations' watch lists. O http://www.compliancehome.com/resources/SOX/Articles/abstract14833.html Tue, 12 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14829.html Compliance with Sarbanes Oxley Section 404 is expensive, labor intensive, and unfortunately subject to divergent interpretations. The differences in responsibilities between management and auditors can turn contentious when priorities for security and compliance come into conflict. The demands of security and compliance can only become aligned with tools that are integrated into the normal business process. Security and compliance management solutions provide an automatic improvement in real security while providing continuous evidence of compliance http://www.compliancehome.com/resources/SOX/Articles/abstract14829.html Tue, 12 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14827.html Conventional wisdom urges corporate executive to enhance profitability. Issues of the larger world belong to policy. Executives, of course, employ lobbyists to promote friendly regulations, but feel little responsibility to create a greater good. Milton Friedman embodied this, saying that for, businessmen to preach the pure and unadulterated socialism of corporate social responsibility would be a fundamentally subversive doctrine in a free society in such a society, there is one and only one social responsibility of businessto use its resources and engage in activities designed to increase its profits. Friedman died before recognizing that this approach has brought the world to the edge of a crumbling cliff. Global climate crisis, high and rising energy prices, the loss of ecosystems worldwide, a debt ridden economy, and the growing demand for commodities by China and India are forces that will inevitably change everything about how we do business. Increasingly, business leaders http://www.compliancehome.com/resources/SOX/Articles/abstract14827.html Tue, 12 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14820.html Sarbanes-Oxley turned 6 on July 30 and I didn't get invited to a single Silicon Valley party. There are a few possible reasons: Either I'm a total loser and nobody loves me (possible); my Evite account is screwed up (less likely); or because the corporate reform measure remains widely vilified throughout Silicon Valley. I'll take reason No. 3. My self-esteem couldn't handle No. 1 and Evite has yet to fail me. But does Sarbanes-Oxley deserve this vitriol? Of course not. The impact, I think, was always exaggerated and there's evidence that the costs of compliance are falling. Beyond that, there were up-sides to the new regulations that are commonly ignored. http://www.compliancehome.com/resources/SOX/Articles/abstract14820.html Fri, 08 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14790.html SecondFloor, a rapidly expanding IT services company based in The Netherlands will take a core role in an ambitious project to develop a risk management platform for Allianz Group. The custom built solution provides Allianz with auditable, automated, centralized and SOX compliant risk calculations on the basis of a new replication portfolio approach. SecondFloor will be responsible for the analysis, information architecture, server based implementation, testing, deployment and support, providing Allianz with a robust, reliable and auditable solution. Martin Knook, CEO of SecondFloor explains: We share the Allianz ambition to move from getting the numbers to actually using the numbers. We are delighted with the opportunity to provide a Risk Platform that offers risk computation on group level; weve been down this road before we have won an IT innovation Award with a similar solution - and we know we have an exciting project ahead of us. Our team is fully committed to deliver the righ http://www.compliancehome.com/resources/SOX/Articles/abstract14790.html Fri, 08 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14789.html A productive, efficient datacenter is crucial to daily business operations. Managing a datacenter to its maximum potential requires a strategy that addresses a range of issues, including growth, compliance, consolidation, security, migration and business continuity. Considering the diverse responsibilities they are entrusted with, datacenter managers must be talented in several areas, including technology, resource management, cost control, security and environmental protection. A manager must also possess innate planning abilities, solid people-handling skills and an ability to take stay cool and collected when things go terribly wrong, as they inevitably will from time to time. http://www.compliancehome.com/resources/SOX/Articles/abstract14789.html Fri, 08 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14768.html Large public companies in the United States reported dramatically fewer weaknesses in their financial accounting last year compared to 2006, according to an analysis by Boston-based trade publication Compliance Week released today. Eleven companies reported a total of 14 weaknesses in the study of 426 of the S&P 500 companies, the analysis said. In the 2006 study, almost every single one of the more than 400 randomly selected companies reported at least one material weakness with more than 800 weaknesses reported. This year's results showcase the progress of the Sarbanes-Oxley Act, which enacted financial reporting rules, said Matt Kelly, editor-in-chief of Compliance Week. http://www.compliancehome.com/resources/SOX/Articles/abstract14768.html Fri, 08 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14767.html The Network Inc., a technology-based company providing hotline, insurance claim reporting and employee communication services to nearly half the Fortune 500, today announced the completion of the Statement on Auditing Standards No. 70 (SAS 70) Type II audit by independent firm Porter, Keadle and Moore (PKM). The review states that The Network is SAS 70 Type II compliant as of June 20, 2008. PKM extensively evaluated the control objectives for The Networks business operating areas through a review of documented procedures, verifying the existence and analyzing the output of each process. The Network was examined by PKM in the following key business areas: Client services processes and methods Business systems and applications security IT control systems Contact center processes and methods Human resources policies and practices http://www.compliancehome.com/resources/SOX/Articles/abstract14767.html Tue, 05 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14740.html July is the beginning of a new fiscal year for many nonprofits. Along with the joy for many of starting a year totally unsure of where some of their funding will come from for the next 12 months, they also have the added pleasure of closing out the prior year. This means preparing for audits and producing IRS Form 990. An audit can be intimidating to people newer to the field. But they are really just an opportunity for someone with specific training to review the organization's books and report that everything is being done well or point out areas where things can be done differently. http://www.compliancehome.com/resources/SOX/Articles/abstract14740.html Tue, 05 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14739.html As options have increased for midmarket companies to house their data, so, too, have options for securing their databases and data stores. Once the preserve of only large companies, a range of data storage options are now available and within reach of companies of all sizes. Databases are rarely seen by users and are usually hidden behind the scenes as part of inaccessible back-end systems. Yet they're the unsung heroes of applications, particularly Web applications, where they're at the heart of what makes most websites dynamic. Without them, modern e-commerce wouldn't be possible. Protection of data in databases and other stores is also part of compliance with regulations such as the Sarbanes-Oxley, Gramm-Leach Bliley and Health Insurance Portability and Accountability acts, and industry guidelines like the Payment Card Industry (PCI) Data Security Standard. http://www.compliancehome.com/resources/SOX/Articles/abstract14739.html Tue, 05 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14738.html Recent security breaches in both the private and public sector have highlighted the need for organisations to ensure personal information is processed and stored securely. Ever growing collections of personal data, more remote access and the prevalence of crime such as identity theft all create vulnerabilities. It is essential that effective data protection policies and practices are in place, combined with vigilance and strong governance at all levels in all organisations to ensure data protection is taken seriously. Individuals expect the Data Protection Act to shield the security of their information. At the same time information security is increasingly at risk. http://www.compliancehome.com/resources/SOX/Articles/abstract14738.html Tue, 05 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14735.html The implementation of Sarbanes-Oxley Section 404 (the time consuming and costly auditor attestation requirements) for small businesses, those having a market capitalisation of $75 million or less, continues to get pushed back in fact Chase Cooper News could probably recycle the same news item on an annual basis. For large US companies, and large overseas companies having a presence in the USA, SOX is business as usual with only the Financial Accounting Standards Board (FASB) accounting rules provisions creating concern. However even that gets delayed. Banks would have had to consolidate off-balance-sheet vehicles directly into their accounts they have now been given a one-year reprieve as this could have resulted in $5,000 billion of debt assets appearing on balance sheets and forcing many to raise new capital to cover their regulatory requirements. Given the current state of many banks balance sheets Bear Sterns went, Merrill Lynch is creaking, questions are being asked about W http://www.compliancehome.com/resources/SOX/Articles/abstract14735.html Mon, 04 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14729.html A problem with a software contract threatened to impede instant messaging communications between traders and others in the financial industry this week. U.S. District Court Judge Colleen McMahon ruled that Thomson Reuters had to stop using its instant messaging software by Friday after failing to make a final payment to the contractor that provided the technology. The Reuters news service used FaceTime software for an instant messaging service it sold to traders and others in the financial industry. The software helped Wall Street insiders use IM while also complying with Sarbanes-Oxley and other Securities and Exchange Commission regulations that require archiving and retrieval of electronic communications. Most instant messages are not stored. http://www.compliancehome.com/resources/SOX/Articles/abstract14729.html Mon, 04 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14714.html The concept of corporate governance implies consistent and effective laws, methods, and metrics for governing our nation's public companies. The sad fact is that there is no such thing. It's a myth. Here's why: People talk about the fiduciary responsibility of boards of directors. What that means, in plain speak, is that boards are supposed to: 1) Hire and fire the CEO and appoint other corporate officers 2) Compensate the CEO and other corporate officers 3) Oversee corporate strategy 4) Represent shareholders in the transparent and effective governance of the company http://www.compliancehome.com/resources/SOX/Articles/abstract14714.html Fri, 01 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14699.html With major technology mergers dominating the news in 2008, having up-to-date information on the investor relations Web sites of companies like Microsoft, Yahoo, or Google can help reporters on deadlines as well as shareholders wondering whether their life savings are about to chewed up and spit out by Carl Icahn. Federal guidelines for what type of information companies can provide on their official Web sites, however, have not been updated since 2000, so the Securities and Exchange Commission (SEC) on Wednesday voted unanimously to modernize its rules to fit in with an increasingly digital economy. Under the revamped rules, which have not yet been released in their entirety, information posted on a company Web site does not necessarily have to comply with Sarbanes-Oxley rules relating to a company's disclosure controls and procedures. http://www.compliancehome.com/resources/SOX/Articles/abstract14699.html Fri, 01 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14697.html For more than a decade, Bresler & Reiner filed annual reports with the U.S. Securities and Exchange Commission. That changed about a month ago when the Rockville real estate development company delisted from the over-the-counter bulletin board regulated stock service and moved to the pink sheets, an electronic system that is not registered with the SEC. A key reason? The Sarbanes-Oxley Act, authored by former Maryland Sen. Paul S. Sarbanes and former Ohio Rep. Michael Oxley and enacted six years ago this week. The companys board of directors decided to take this action because it believes the burdens associated with operating as a registered public company currently outweigh any advantage to the company and its stockholders, CEO and president Sidney M. Bresler said in a statement. http://www.compliancehome.com/resources/SOX/Articles/abstract14697.html Fri, 01 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14695.html # To help organizations secure all their enterprise databases and address regulatory requirements, Oracle today announced the general availability of Oracle(r) Audit Vault Release 10.2.3. # This latest release of Oracle Audit Vault now collects audit data from Microsoft SQL Server 2000 and 2005, in addition to Oracle Databases, addressing the lack of a Microsoft solution for enterprise database auditing and activity monitoring. # Oracle leads the DBMS industry in native database auditing capabilities including support for auditing privileged and database users. It supports auditing at the statement level, object level, and fine-grained auditing that allow organizations the flexibility to effectively audit their databases. http://www.compliancehome.com/resources/SOX/Articles/abstract14695.html Fri, 01 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14690.html External audit fees are finally beginning to moderate and in some cases decline for big companies for the first time since the Sarbanes-Oxley Act went into effect in 2004. A study by Compliance Week of the audit fees paid in 2007 by S&P 500 companies with more than $1 billion in annual revenue found only a 3.2 percent median increase over their audit costs in 2006. That compared to a 4.4 percent increase from 2005 to 2006. When audit fees at a handful of 2007 companies with extraordinary transactions were eliminated from the calculations, the average audit fee in 2007 actually fell by 0.3 percent. The study credited the approval of Auditing Standard No. 5 for making audits more cost effective. http://www.compliancehome.com/resources/SOX/Articles/abstract14690.html Fri, 01 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14689.html The Washington Metropolitan Area Association of Corporate Counsel, together with Morrison & Foerster, will host a webcast program titled Sarbanes-Oxley 101: More than Just Checking the Boxes! on Tuesday, August 5. The one hour at-your-desk program will provide lawyers with an understanding of The Act itself, as well as the pitfalls and challenges in implementing a compliance program. A deeper understanding of the origins of Sarbanes-Oxley can improve any attorney's decision-making about their company's compliance, which has become, too often, a http://www.compliancehome.com/resources/SOX/Articles/abstract14689.html Fri, 01 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14688.html According to a new survey from Protiviti Inc., a global consulting and internal audit firm, organizations today are realizing tangible benefits from updated regulatory rules and guidance pertaining to Section 404 of the Sarbanes-Oxley Act that were issued in May of 2007 by the Public Company Accounting Oversight Board (PCAOB) and U.S. Securities and Exchange Commission (SEC). According to the study, approximately four in 10 internal audit departments have been able to decrease the amount of time devoted to Sarbanes-Oxley compliance activities since the new guidance and standard were announced. As a result, these departments are increasing their efforts to http://www.compliancehome.com/resources/SOX/Articles/abstract14688.html Fri, 01 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14672.html Constellation Energy invested in project and portfolio management (PPM) software from HP in part to comply with requirements laid out in the Sarbanes-Oxley legislation, states PC World.In addition to achieving compliance, the integrated energy company reduced repetitive processes and is saving nearly $1 million annually. http://www.compliancehome.com/resources/SOX/Articles/abstract14672.html Fri, 01 Aug 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14670.html As the board that oversees the U.S. auditing industry awaits a court ruling that may dismantle it, investor advocates say the Public Company Accounting Oversight Board hasn't been aggressive enough in fighting fraud. The panel has fined one large accounting firm and released six new standards for auditors since its 2003 inception. The board, a private, nonprofit corporation funded by fees from publicly traded companies, inspects auditing firms with more than 100 clients annually and smaller firms every three years. The Securities and Exchange Commission appoints the PCAOB's five members and approves the board's $144.6 million budget and its rules before they go into effect. http://www.compliancehome.com/resources/SOX/Articles/abstract14670.html Mon, 28 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14640.html Former U.S. Congressman Michael Oxley, vice chairman of Nasdaq, acknowledges that the Sarbanes-Oxley Act he co-authored was too onerous at first -- but says it has since spurred a global compliance trend. http://www.compliancehome.com/resources/SOX/Articles/abstract14640.html Mon, 28 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14639.html In the high-risk, high-reward advertising industry, Arnold Worldwide has been a winner. In fact, it has helped to formulate the advertising plans for a whole range of heavyweights, including ESPN, Fidelity Investments, Hersheys, Tyson Foods, and Vonage. Yet, although these client are happy with the ad agencys creativity, they haven't always been enamored with the companys IT environment. Thats because, just a few years ago, Arnold was answering the question, Are you sure that no one else is looking at our confidential data? with a shrug of the shoulders, a scratch on the cheek, and a lot of stammering. The ad agency needed a better way of controlling and auditing data access. It wasn't a simple challenge. Arnold has a distributed workforce. The bulk of the companys 900 employees are stationed in its headquarters in Boston, but others work in satellite offices in New York City, Los Angeles, Milwaukee, Philadelphia, and McLean, Va. The agency serves mainly North American companies http://www.compliancehome.com/resources/SOX/Articles/abstract14639.html Mon, 28 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14626.html As if business needed one more reason to dislike the Sarbanes-Oxley Act, here's a doozy: It may actually worsen the impact of financial statement fraud, the very problem it was created to address. A new report from the Association of Certified Fraud Examiners found that companies that had the controls mandated by Sarbanes-Oxley actually suffered greater losses from financial statement fraud than those that did not have the controls. What's more, the study found, companies whose management certified financial statements and had independent audit committees actually took longer to detect financial misstatements than companies without those controls. http://www.compliancehome.com/resources/SOX/Articles/abstract14626.html Mon, 28 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14624.html Datacraft Asia, a leading IT services and solutions company in Asia Pacific, has extended the breadth of Microsoft solutions available to clients across the region with new partnerships with Quest Software and Activate Technologies. Quest Software (Quest), Microsofts 2007 Global Independent Software Vendor Partner of the Year, offers an extensive range of Windows Management solutions that can simplify, automate and secure Active Directory, Microsoft Exchange Server, SharePoint Products and Technologies, Microsoft SQL Server, .NET and Microsoft Windows Server as well as integrating Unix, Linux and Java into the managed environment. By incorporating Quests Windows Management tools into its Microsoft deployment, migration and provisioning strategy, Datacraft can assist clients to plan and execute NT, Active Directory, NDS, Exchange and SharePoint migration cost effectively with minimal disruption to its users. http://www.compliancehome.com/resources/SOX/Articles/abstract14624.html Mon, 28 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14619.html In 2007 and 2008 the industry has seen an upsurge in data breaches affecting millions of consumers and causing corporations to pay heavily in fines. Despite the increase in the number of data breaches via illicit means, internal controls seem to fail when it comes to the assurance that critical assets remain uncompromised. According to the Identity Theft Resource Center a total of 336 breaches have been reported in 2008 alone, putting the overall number at 69 per cent greater then this time last year . This is a concern for security teams especially given the fact that a lack of dedicated resources exist to combat and revert this trend. This is significantly important to take into consideration when going through the formal audit process to certify adherence to Sarbanes-Oxley (SOX), Graham Leach Bliley (GLBA), Payment Card Industry (PCI), or Health Insurance and Portability and Accountability Act (HIPAA). http://www.compliancehome.com/resources/SOX/Articles/abstract14619.html Thu, 24 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14610.html The solution implemented included the following: 1. Automatic outbound message encryption. Messages were encrypted when the content filtering engine, referencing HIPAA and PII lexicons, calculated a score greater than the threshold set. 2. Encrypted messages could be delivered to recipients as password-protected attachments. The solution also supported sending affected messages to an online mailbox in the enterprise data center, forwarding a notification to the recipient, and requiring the recipient to log in to the online mailbox to retrieve the message. Remote access was via SSL. However, senior management thought this was too much trouble for vendors, customers, etc. They directed the technical team to go the attachment route. 3. Manual encryption was possible by marking the message confidential. http://www.compliancehome.com/resources/SOX/Articles/abstract14610.html Thu, 24 Jul 2008 00:00:00 CST http://www.compliancehome.com/resources/SOX/Articles/abstract14603.html SA says one U.S. bank and several abroad are testing the Bedford, Mass.-based vendor's first security token modeled on a credit card. The RSA SecurID Display Card, which is thin and easily fits in a wallet, is another option that RSA's bank clients can offer their own customers when it comes to online security -- specifically, to meet the Federal Financial Institutions Examination Council's (FFIEC) multifactor authentication requirements. The card could possibly be bank-branded, notes Rachael Stockton, product manager of the RSA SecurID card. But customers actually would need a different security card for each bank, she explains. That's partly because the software that manages the authentication process resides with the particular bank. The latest version of the companion software, RSA Authentication Manager 7.1, released in late May by RSA -- the security division of Hopkinton, Mass.-based EMC -- offers, at additional cost, the option of authenticating customers by using a software to http://www.compliancehome.com/resources/SOX/Articles/abstract14603.html