IT Compliance and Controls

July 30th marked the anniversary, and among the numerous dissertations on the legislation and its one year review I caught this short news release.  The release highlights three very important points that every Executive and Practitioner should be aware of -

The Upcoming Case on the Constitutionality of SOX
The Lack of Compliance by Audit Firms
The continued […]

[Read more →]

The need for organizations to define and communicate effective policies and procedures resonates around the globe, and is strongly supported by such governance organizations to include the WTO, The World Bank, OCEG, and the OECD, to name but a few. A first, but essential, step to ensuring appropriate controls and operational efficiency is the […]

[Read more →]

Personally Identifiable Information is defined differently by each industry, country, and region. Companies must have information intelligence practices in place that account for these types of information, and means of classifying and protecting. Such information in the U.S. varies by jurisdiction, but can include medical records, financial information, and now perhaps in the […]

[Read more →]

There are three conditions (that are in line with the ACFE Fraud Triangle) that are present where fraud exists - incentives, opportunities, and rationalizations.  These breakdown as:

Incentives - Perpetrator is under pressure or receives a benefit from action (ex: default mortgage)
Opportunity - Capability to execute fraud (ex: low possibility of detection, no controls, no monitoring)
Rationalize […]

[Read more →]

It seems that these past few days everyone is releasing a study or report surrounding business compliance and controls. Each has very valuable information and is definitely worth the download and read. I have included each below, and will add as new ones come out (if any) tomorrow). The biggest takeaways of […]

[Read more →]