Search results for: " IT risk "
When Cybersecurity and IT Risk Converge
The other week I had the good fortune to speak on a webinar about IT risk management, and specifically how compliance and security teams should take more of a risk-focused approach to cybersecurity, rather than a compliance-focused approach. I’d like to unpack some of that today, because the challenges within a risk-focused approach are becoming…
Read MoreThoughts on IT Risk Management
Another week, another report painting a mottled picture of corporations and their approach to IT risk and compliance. This time around we have interesting points to explore about the pandemic’s effect on IT risk, how companies are responding to that pressure, and who is or isn’t in charge of all this stuff. The report is…
Read MoreTalking to Leaders About Risk
This week I attended the annual user conference for AuditBoard, maker of software for internal audit and risk management teams. I wandered into one session about how those teams should talk to enterprise leaders about IT risks, and wanted to pass along my notes. After all, IT risks are going nowhere but up these days.…
Read MoreRTX Settles Huge Export Controls Mess
Anyone looking for a complicated case-study in export controls compliance, turn your eyes to RTX Corp. The defense contracting giant just agreed to pay $200 million and overhaul its export compliance function, to settle charges that the company improperly sent classified defense goods to foreign countries and allowed employees to bring along sensitive information while…
Read MoreCompliance Jobs Report: June 7
The Compliance Jobs Report this week delivers big news from FedEx, plus other personnel gossip at Heico Cos., Petrofac, Walmart, ONO Pharma, and lots more. We also note the passing of an antitrust compliance thinker; have job leads in biotech, auto manufacturing, and food service; and our Meme of the Week. Always remember that we…
Read MoreAn Update on SOX Compliance Issues
Earlier this week I attended a webinar hosted by KPMG about the current state of Sarbanes-Oxley compliance, since 2023 is coming toward a close and audit professionals need to start thinking about the SOX compliance season that will start up early next year. We have lots to go through here. For starters, SOX compliance does…
Read MoreMorgan Stanley Fined on Data Destruction
We have quite the reminder on IT risk today courtesy of the Securities and Exchange Commission. The agency just fined a subsidiary of Morgan Stanley for poor data protection practices, which even led to one incident where the bank’s old IT equipment was sold at auction with customer data still on the hard drives. The…
Read MoreRobinhood Crypto Compliance Meltdown
New York financial regulators have issued a scorcher of an enforcement action against Robinhood, hitting the online trading app with a $30 million for allowing a weak compliance program that, in turn, allowed a wide range of other compliance failures. The New York Department of Financial Services (DFS) announced the sanction on Tuesday. The precise…
Read MoreSome Thoughts on IT Workforce Risks
Looking for another reason to worry about the long-term success of your compliance, audit, or risk management efforts? Fear not! A recent report on workforce development in cybersecurity paints a stark picture of just how challenging it is these days to build and maintain a good team. The report comes from ISACA, the professional association…
Read MorePodcast: The Importance of ‘ITGCs’
Everybody understands that strong controls over technology are crucial to effective corporate compliance, governance, and external reporting — but not enough people (myself included) understand how those IT controls are supposed to work. So when the Institute of Internal Auditors recently announced a certificate in IT general controls, I was intrigued. What education need did…
Read More