When Cybersecurity and IT Risk Converge

risk

The other week I had the good fortune to speak on a webinar about IT risk management, and specifically how compliance and security teams should take more of a risk-focused approach to cybersecurity, rather than a compliance-focused approach.  I’d like to unpack some of that today, because the challenges within a risk-focused approach are becoming…

Read More

Thoughts on IT Risk Management

risk

Another week, another report painting a mottled picture of corporations and their approach to IT risk and compliance. This time around we have interesting points to explore about the pandemic’s effect on IT risk, how companies are responding to that pressure, and who is or isn’t in charge of all this stuff. The report is…

Read More

Talking to Leaders About Risk

risk

This week I attended the annual user conference for AuditBoard, maker of software for internal audit and risk management teams. I wandered into one session about how those teams should talk to enterprise leaders about IT risks, and wanted to pass along my notes. After all, IT risks are going nowhere but up these days.…

Read More

RTX Settles Huge Export Controls Mess

rtx

Anyone looking for a complicated case-study in export controls compliance, turn your eyes to RTX Corp. The defense contracting giant just agreed to pay $200 million and overhaul its export compliance function, to settle charges that the company improperly sent classified defense goods to foreign countries and allowed employees to bring along sensitive information while…

Read More

Compliance Jobs Report: June 7

compliance jobs

The Compliance Jobs Report this week delivers big news from FedEx, plus other personnel gossip at Heico Cos., Petrofac, Walmart, ONO Pharma, and lots more. We also note the passing of an antitrust compliance thinker; have job leads in biotech, auto manufacturing, and food service; and our Meme of the Week. Always remember that we…

Read More

An Update on SOX Compliance Issues

sox compliance

Earlier this week I attended a webinar hosted by KPMG about the current state of Sarbanes-Oxley compliance, since 2023 is coming toward a close and audit professionals need to start thinking about the SOX compliance season that will start up early next year. We have lots to go through here.  For starters, SOX compliance does…

Read More

Morgan Stanley Fined on Data Destruction

Morgan Stanley

We have quite the reminder on IT risk today courtesy of the Securities and Exchange Commission. The agency just fined a subsidiary of Morgan Stanley for poor data protection practices, which even led to one incident where the bank’s old IT equipment was sold at auction with customer data still on the hard drives.  The…

Read More

Robinhood Crypto Compliance Meltdown

robinhood

New York financial regulators have issued a scorcher of an enforcement action against Robinhood, hitting the online trading app with a $30 million for allowing a weak compliance program that, in turn, allowed a wide range of other compliance failures. The New York Department of Financial Services (DFS) announced the sanction on Tuesday. The precise…

Read More

Some Thoughts on IT Workforce Risks

Looking for another reason to worry about the long-term success of your compliance, audit, or risk management efforts? Fear not! A recent report on workforce development in cybersecurity paints a stark picture of just how challenging it is these days to build and maintain a good team.  The report comes from ISACA, the professional association…

Read More

Podcast: The Importance of ‘ITGCs’ 

control environment

Everybody understands that strong controls over technology are crucial to effective corporate compliance, governance, and external reporting — but not enough people (myself included) understand how those IT controls are supposed to work. So when the Institute of Internal Auditors recently announced a certificate in IT general controls, I was intrigued. What education need did…

Read More