A GRC Analysis of FTX Implosion


I try to avoid writing about the cryptocurrency business because it’s such an isolated field, led by oddballs and filled with esoteric operations not really relevant to compliance professionals here in the non-crypto world. The bankruptcy of crypto exchange FTX, however, is an exception — a story that’s flat-out crazy, with compliance lessons galore. For…

Read More

Report: Cyber Compliance Still Struggling


Another week, another report capturing the strains and dysfunction in cybersecurity risk management. This time, we have a survey of IT security and compliance professionals who still struggle to move beyond planning phases and are burdened with duplicative audits and a flood of customer documentation requests.  The report comes from A-LIGN, which sells software to…

Read More

Middling News on Anti-Fraud Efforts


The Association of Certified Fraud Examiners has a report out this week about which technologies companies are using to fight fraud, although one major theme is that plenty of companies still use traditional anti-fraud tactics — even as the nature of fraud risk is changing rapidly. Hmmm.  ACFE’s 2022 Anti-Fraud Benchmarking Report polled more than…

Read More

Portrait of Internal Audit Teams, Squeezed


We have two new reports this week on the predicament of internal audit functions, trapped between the need to provide better risk analysis during the pandemic and corporate overlords a bit less than willing to fund your need for better technologies. The first report came from research firm Gartner on Wednesday, and found that for…

Read More

SEC Dings PwC on GRC Deal


The Securities and Exchange Commission has slapped audit firm PwC with a $7.9 million penalty for violating audit firm independence rules — including PwC implementing a GRC software system for one of its audit clients.  An audit firm can’t do that, since those GRC software systems ultimately help employees assess the effectiveness of internal controls…

Read More

Five-Part Series on Compliance Technology


Corporate compliance and risk officers work under tremendous pressure today — not necessarily to do more with less, but to do better with what the compliance function has, amid increasingly complex regulatory and business environments. Clearly technology is the answer to that call, but astute use of technology remains challenging. How can risk and compliance…

Read More

LRN Gets Private Equity Infusion


News today from the GRC vendor world: LRN, a leading player in ethics training and consulting, has taken a “significant investment” from private equity firm Leeds Equity Partners. How much of an investment? LRN and Leeds won’t say. The language of the press release gives the impression that it could be a controlling interest in…

Read More

Thoughts on Compliance, AI, and AML


Accenture published a report Tuesday speculating on the future of financial markets for the next few years, with some thought-provoking points for compliance officers mired in anti-money laundering compliance. First, Accenture estimates the overall cost of risk and compliance for the financial sector at roughly $96 billion annually, and the cost of AML compliance specifically…

Read More

Update on Third-Party Risk Programs


Navex Global gave a sneak peek this week of its latest report on third-party risk. The headline: too many compliance departments still rely on paper-based systems to track third parties, and therefore too many probably underestimate the risks their third parties truly pose. The 2018 Navex Global Third-Party Risk Management Benchmark Report, which surveyed 1,200…

Read More

Two Issues on SOX Compliance


More than 1,700 audit and compliance professionals have gathered in Nashville this week for Workiva’s annual user conference and the annual meeting of the SOX Professionals Group. Yours truly is on the scene, trying to capture all the good insight and latest news on SOX compliance. Here’s what we have from Day 1. Tuesday was…

Read More