From a regulatory compliance perspective, IT teams have two responsibilities: support enterprise-wide compliance efforts and ensure that IT itself is compliant with internal and external regulations such as Sarbanes-Oxley (SOX), HIPAA, PCI DSS, FDA, etc. In other words, the IT and SAP teams support the compliance efforts across all departments in the company as well as ensure their own governance, risk, controls and systems are compliant.
This means IT is second only to the finance department when you assess the day to day impact of SOX. Most of the internal compliance effort is focused on the change management controls driven by section 404, which dictates management’s responsibility to implement/document internal controls, implement good segregation of duties, assess their effectiveness, and report on their ultimate compliance to the documented process.
For SAP teams, this translates into several (more…)
Popularity: 15% [?]
Financial statements present information about an organization’s financial resources and liabilities at a point in time, the results of its activities during a particular period, and its flow of cash during that period. In the for-profit world, these statements focus on information that is useful in making investment and lending decisions. In the nonprofit world, they are useful for lenders, donors, funding organizations, and other stakeholders to ascertain the financial viability of the nonprofit and to judge how well, or poorly, the nonprofit is being managed. In addition, the IRS requires nonprofits to report financial information to determine if the nonprofit is eligible to keep its tax-exempt status under section 501(c)(3) in the Internal Revenue Code. Having accurate financial statements is thus in the best interest of any nonprofit! What can a nonprofit do to assure that its financial statements are accurate and in good order? (more…)
Popularity: 4% [?]
When dealing with on-site auditors or approved scanning vendors, most people fit into one of three groups. Some people are intimated by auditors.They see them as someone with a lot of power, and they hope they will say and do the right things to get by.A second group seems to look at auditors as their enemy.They believe they must wrestle with the auditor and hopefully win in the end.The last set of people treat the auditor like a consultant they’ve brought in to help bring their company into compliance.They respect the auditor’s opinions and keep the auditor in the loop as they work out solutions.This last group will get the most out of their auditor and will have the best overall experience and be able to bring their company into compliance with the least amount of hassle.
As hard as it might be to believe, auditors are there to help you. It’s important to know how to work well with auditors so that your audit will go smoothly and efficiently, and ensure that you get your money’s worth. A good auditor will go over your company’s systems, practices, and policies with a fine-toothed comb, and tell you what you can do to improve your security. Hopefully, your primary goal in becoming Sarbanes Oxley compliant is to have your company become more secure. When you realize that auditors provide you with a valuable service and that you’re both on the same team working towards a common goal, you will have the right attitude. Remember that auditors have moral and professional obligations to follow the guidelines and procedures they’ve been given for the audit. It is not appropriate to ask them to compromise those obligations. Auditors are trained and likely have per formed many audits, and they can give you great advice on what you can do to bring yourself into compliance. (more…)
Popularity: 17% [?]
Traditional approaches to IT management have included centralized, decentralized, federal and distributed structures, which also serve as useful labels for IT governance models (Peppard and Ward, 1999; Schwarz and Hirschheim, 2003).
The centralized IT governance model relies on a strong, positive, capable IT steering committee that is able to interact with the board directly, or through a one-step intermediary. All infrastructure proposals emanate from this group and all IT proposals need to gain its backing. It will have substantial delegated authority. It may be chaired by the CEO, another executive director, or a senior business manager. IT risk is one of its key areas of responsibility (along with benefits and strategy) but, as an holistic approach is necessary, this will not mean that a subcommittee is formed. In each of its formal meetings, risk reports will be produced for the board. Urgent risk matters will be dealt with on a pre-arranged basis (chairman and two others, for example), and those risks beyond a specified level will require participation of the full committee. Each segment of the risk portfolio will be the responsibility of an individual, who reports to this committee. In smaller organizations one individual may take responsibility for several of the segments. This committee should have a formal meeting with the board on a regular basis, at least annually. (more…)
Popularity: 11% [?]
- An election year is not proper to overhaul a complicated area like securities regulation.
- Simply follows headlines from Enron and others with little appreciation for systemic problems
- The efforts of SEC and other SROs is not taken into account by Congress.
- Little appreciation for markets` response to the scandals.
- Many provisions are simply delegations of authority to the SEC to adopt rules, some of them involve the SEC or the other SROs had already undertaken rulemaking initiatives.
- May cause long-term systemic harm to the competitiveness of US capital markets
These regulations are damaging American capital markets by providing an incentive for small US firms and foreign firms to deregister from US stock exchanges.
Detractors such as Congressman Ron Paul contend that SOX was an unnecessary and costly government intrusion into corporate management that places U.S. corporations at a competitive disadvantage with foreign firms, driving businesses out of the United States. In an April 14, 2005 speech before the U.S. House of Representatives,
The number of American companies deregistering from public stock exchanges nearly tripled during the year after Sarbanes-Oxley became law, while the New York Stock Exchange had only 10 new foreign listings in all of 2004.
A study by the Wharton Business School,
Popularity: 6% [?]