Recently Published Articles
Control Self-Assessments
There are many ways to judge a self assessment, is after all something that most people find hard to do with complete objectivity and clarity. In many cases when completing a self assessment the respondent doesn’t want to appear in a bad light and interprets the objective or question to match the positive side of there activities. With the best will in the world, an unevidenced assessment can only be an indication of what is happening, without evidence there cannot be any substantial reliance for any audit or regulatory requirements. In some instances unevidenced assessments can be misleading and damaging leading to reputational and financial loss... [Read Full Article]
Reporting
Knowledge is one of the key factors used to maintain an effective control framework. The interpretation of data is key to the management of risk and compliance. Various types of reporting should exist within a firm to provide management with a complete view of the risk and compliance landscape. From detailed logs, exception reporting, individual user compliance reporting to management matrices, knowledge enables management to make strategic decisions that can impact the whole firm... [Read Full Article]
Compliance
Compliant to what? What is mandatory and what is nice to have? Regardless of location, a firm will find that it has to be compliant to local and in some cases global legislation. There is no maybe or partially, it’s black or white, you either are or are not compliant to regulations. Failure of compliance can have very adverse affects; share price, share holder confidence, client confidence and financial penalties... [Read Full Article]
Controls
More than 80% of all threats originate by trusted employees, or "insiders" who have access to sensitive applications and customer data as well as the organizational knowledge that lets them fly under the radar. Incidents resulting from insider threats are also more costly, with each incident costing $175,000 on average and more than a quarter of breaches costing over $1 million... [Read Full Article]
Mappings
By using our extensive libraries we are able to map internal controls to policies, standards, methodologies and regulations. We have the ability to load internal policies and control assessment results into our tool set and map these against external requirements. We can provide firms with gap analysis, between controls, internal policies, and external requirements.... [Read Full Article]
Regulatory Update
- April 2010 - Federal Financial Institutions Examination Council (FFIEC) - Financial Regulators Release Updated Retail Payment Systems Booklet.
- March 2010 - The Public Company Accounting Oversight Board proposed for comment an auditing standard on Communications with Audit Committees, and a series of related amendments to its interim standards.
- March 2010 - The Public Company Accounting Oversight Board announced the 2010 schedule of its Forum on Auditing in the Small Business Environment.
- February 2010 - NIST, Partners Develop Testing Infrastructure for Health IT Systems.
Click on any of the above for more detail and other historic updates.