How to Disagree with Auditors: An Auditor’s Guide, IT Compliance Institute
If you’re responsible for compliance, chances are you occasionally disagree with auditor findings. What happens if the auditor and manager cannot come to an agreement? Dan Swanson offers inside advice on how to successfully change your auditor’s mind and prevent future conflicts.

Auditor Answers: Performing Post Mortems on Problem Events, IT Compliance Institute
An expert auditor offers inside advice on preparing a successful incident post mortem of a business continuity event: when it should happen, who should participate, and how to produce a better understanding of the strengths and weaknesses of the organizational BCP.

Financial Institutions Face Tight Compliance Requirements in 2007, BankInfoSecurity
Compliance alone is not sufficient to safeguard personal data. Implementing an effective compliance program starts with establishing who is who in an online world, and development of authentication mechanisms that go well beyond simple passwords in order to establish a trusted identity.

When Risk Managers Cry Wolf, Bank Systems & Technology
Avoiding “reputation risk” is becoming a questionable justification for increasing security measures since the public is showing reduced sensitivity to reports of personal data breaches. It takes a much more serious data breach for consumers to turn away from a particular institution.

Financial Firms Use Software Tools to Reduce Risk, Comply with New Regulations, Bank Systems & Technology
Many are leaving Excel spreadsheets and manual processes behind and turning to software tools that help them better deal with regulatory demands.

U.S. sets no limits on banks' commercial RE loans, Reuters.com
While regulators have been warning that a rise in commercial real estate concentrations could create problems for banks in the event of a serious economic downturn, U.S. financial regulators decided against imposing limits on banks' abilities to lend more money for commercial real estate projects.

Compliance: What about the Spreadsheets?  Sarbanes-Oxley Compliance Journal 
Studies have found that the probability of serious errors in complex spreadsheets approaches 100%. The high stakes of Sarbanes-Oxley and the risks of non-compliance are powerful motivators for executives to educate themselves about the far-reaching consequences of spreadsheet errors and to learn about best practices in spreadsheet management and control.

Four More Ways to Fix Sarbox, Boardmember.com
There is little support in the majority of boardrooms for a massive revision of Sarbanes-Oxley. The business community’s biggest beef is that the regulatory agencies have interpreted Section 404 provisions too rigidly, needlessly complicating internal-controls procedures and expanding the scope of audits.

Accountability from Project Managers to the Executive Suite, Sarbanes-Oxley Compliance Journal
Many large IT organizations lack the capacity to automatically capture, view, and report on all of the work IT is doing. This is key to implementing a project and portfolio management system that provides field level security throughout the workflow process which can help achieve sustainable corporate Sarbanes-Oxley compliance.

PCAOB Votes 5-0 to Revise Section 404, SmartPros
As expected, the Public Company Accounting Oversight Board voted unanimously to propose a new auditing standard for Section 404 of the Sarbanes-Oxley Act. The proposed new standard is a principles-based standard in an effort to focus the auditor on the most important matters. The proposed standard also urges more reliance on past audits and allows scaled down audits for small companies.

Solving the Audit Gap, IT Compliance Institute
Audits of information technology are a challenge for finance professionals who rely heavily on IT systems, but don't necessarily understand how they work. When it comes to keeping IT control deficiencies to a minimum, it's more important to improve communication than it is to improve your technology.

Free Symantec IT Controls Poster, IT Compliance Institute
This free poster highlights the similarities between a multitude of regulations and frameworks, including ISO 17799, COBIT 4.0, Sarbanes-Oxley, HIPAA, PCI, GLBA, NERC and PIPEDA.

The Reshaping of the CIO in the Era of SarbOx, Baseline
Gartner analyst, French Caldwell, discusses the impact of regulatory developments on information-technology executives.

SMBs need different security strategies for wireless, TechRepublic
Wireless networking can make it easier for you to do business; but security is the major obstacle to implementing wireless, particularly for organizations that deal with sensitive information or belong to regulated industries where laws mandate confidentiality of certain types of data.

Consider content monitoring for data protection compliance, TechRepublic
Content monitoring can be an effective tool in managing the movement of information when used in combination with well designed access controls and acceptable use policies.

CIOs: Do Your Peers Need An IT University?, Forrester Research
Rather than complain privately that the heads of functional departments don't "get" IT, CIOs should organize a seminar series for business execs, tackling key knowledge gaps and educating them on the role they and their team must play to ensure that projects will succeed. (Free registration required)