Yes, Automating ICFR Helps, But… 

icfr

Internal audit and GRC professionals talk all the time about the importance of automating internal controls. Now we have some fresh academic research demonstrating what sort of benefit a company can gain from following that path. The research comes from Musaib Ashraf, an accounting professor at Michigan State University who published a nifty paper several…

Read More

Surveys Depict Compliance Strains

survey

Everyone loves end-of-year surveys predicting corporate compliance challenges for the year to come, and today we have a double dose of them: one survey report from the audit world and the other from legal, both suggesting that companies are struggling to keep pace with regulatory burdens and compliance risk. First is a survey from the…

Read More

SOX Costs Drop; Struggles Don’t

sox compliance

Sarbanes-Oxley compliance costs fell for many companies last year, according to an analysis released this week — although time spent on SOX compliance work actually rose, suggesting that many companies are struggling to implement automation technologies even as demands from their audit firms keep rising.  In other words, as usual, SOX compliance is a bit…

Read More

Cyber Failure Leads to False Claims Penalty

SolarWinds

We have a fascinating enforcement action from the Justice Department this week, where a subsidiary of Verizon has agreed to settle charges that its failure to meet certain cybersecurity standards as part of a government contract qualified as a violation of the False Claims Act.  Verizon Business Network Services, an IT services subsidiary within the…

Read More

Using GRC Frameworks for New Tech

GRC frameworks

Today we have another dispatch from this week’s ISACA-Institute of Internal Auditors GRC Conference, on a subject that gives compliance and audit professionals plenty of heartburn: emerging technologies. How can you apply GRC frameworks to assure that as those technologies spread through your enterprise, they don’t cause unnecessary risk?  That was the question for a…

Read More

Thoughts on Data Security

data protection

This week I’m attending the ISACA-Institute of Internal Auditors GRC Conference in Las Vegas. As one might imagine, data security is all over the agenda, so I’ve been taking notes for those audit and compliance executives back home looking for suggestions on how to make your GRC efforts better.  For starters I attended a fascinating…

Read More

A Survey on Compliance IT Issues

survey

KPMG published a survey last week that delivers news both good and bad for compliance officers. Spending on staff and technology are likely to increase in the next year (yay!) — but compliance functions are also under more pressure, primarily from boards and regulators, to do better (boo!).  The survey polled 240 chief compliance officers…

Read More

A GRC Analysis of FTX Implosion

FTX

I try to avoid writing about the cryptocurrency business because it’s such an isolated field, led by oddballs and filled with esoteric operations not really relevant to compliance professionals here in the non-crypto world. The bankruptcy of crypto exchange FTX, however, is an exception — a story that’s flat-out crazy, with compliance lessons galore. For…

Read More

Report: Cyber Compliance Still Struggling

SolarWinds

Another week, another report capturing the strains and dysfunction in cybersecurity risk management. This time, we have a survey of IT security and compliance professionals who still struggle to move beyond planning phases and are burdened with duplicative audits and a flood of customer documentation requests.  The report comes from A-LIGN, which sells software to…

Read More

Middling News on Anti-Fraud Efforts

fraud

The Association of Certified Fraud Examiners has a report out this week about which technologies companies are using to fight fraud, although one major theme is that plenty of companies still use traditional anti-fraud tactics — even as the nature of fraud risk is changing rapidly. Hmmm.  ACFE’s 2022 Anti-Fraud Benchmarking Report polled more than…

Read More