Posts Tagged ‘grc technology’
Yes, Automating ICFR Helps, But…
Internal audit and GRC professionals talk all the time about the importance of automating internal controls. Now we have some fresh academic research demonstrating what sort of benefit a company can gain from following that path. The research comes from Musaib Ashraf, an accounting professor at Michigan State University who published a nifty paper several…
Read MoreSurveys Depict Compliance Strains
Everyone loves end-of-year surveys predicting corporate compliance challenges for the year to come, and today we have a double dose of them: one survey report from the audit world and the other from legal, both suggesting that companies are struggling to keep pace with regulatory burdens and compliance risk. First is a survey from the…
Read MoreSOX Costs Drop; Struggles Don’t
Sarbanes-Oxley compliance costs fell for many companies last year, according to an analysis released this week — although time spent on SOX compliance work actually rose, suggesting that many companies are struggling to implement automation technologies even as demands from their audit firms keep rising. In other words, as usual, SOX compliance is a bit…
Read MoreCyber Failure Leads to False Claims Penalty
We have a fascinating enforcement action from the Justice Department this week, where a subsidiary of Verizon has agreed to settle charges that its failure to meet certain cybersecurity standards as part of a government contract qualified as a violation of the False Claims Act. Verizon Business Network Services, an IT services subsidiary within the…
Read MoreUsing GRC Frameworks for New Tech
Today we have another dispatch from this week’s ISACA-Institute of Internal Auditors GRC Conference, on a subject that gives compliance and audit professionals plenty of heartburn: emerging technologies. How can you apply GRC frameworks to assure that as those technologies spread through your enterprise, they don’t cause unnecessary risk? That was the question for a…
Read MoreThoughts on Data Security
This week I’m attending the ISACA-Institute of Internal Auditors GRC Conference in Las Vegas. As one might imagine, data security is all over the agenda, so I’ve been taking notes for those audit and compliance executives back home looking for suggestions on how to make your GRC efforts better. For starters I attended a fascinating…
Read MoreA Survey on Compliance IT Issues
KPMG published a survey last week that delivers news both good and bad for compliance officers. Spending on staff and technology are likely to increase in the next year (yay!) — but compliance functions are also under more pressure, primarily from boards and regulators, to do better (boo!). The survey polled 240 chief compliance officers…
Read MoreA GRC Analysis of FTX Implosion
I try to avoid writing about the cryptocurrency business because it’s such an isolated field, led by oddballs and filled with esoteric operations not really relevant to compliance professionals here in the non-crypto world. The bankruptcy of crypto exchange FTX, however, is an exception — a story that’s flat-out crazy, with compliance lessons galore. For…
Read MoreReport: Cyber Compliance Still Struggling
Another week, another report capturing the strains and dysfunction in cybersecurity risk management. This time, we have a survey of IT security and compliance professionals who still struggle to move beyond planning phases and are burdened with duplicative audits and a flood of customer documentation requests. The report comes from A-LIGN, which sells software to…
Read MoreMiddling News on Anti-Fraud Efforts
The Association of Certified Fraud Examiners has a report out this week about which technologies companies are using to fight fraud, although one major theme is that plenty of companies still use traditional anti-fraud tactics — even as the nature of fraud risk is changing rapidly. Hmmm. ACFE’s 2022 Anti-Fraud Benchmarking Report polled more than…
Read More