IT Strategy Maps: A Tool For Strategic Alignment, Forrester Research
Aligning IT and business strategy remains the number 1 or number 2 business IT issue year after year. Forrester recommends that firms start measuring strategic alignment and start using strategy maps to build consensus around strategic objectives. Free registration required.

The Benefits of Outsourcing Security, BankInfoSecurity
As regulators put more pressure on banks to shore up their information assets, financial institutions are turning toward outsourced security deals as they seek to restore their reputations, which have been sullied by disclosures of theft or loss of sensitive customer information.

A Better Metric for IT Efficiency, Optimize Magazine
High efficiency and low cost don't always equate with operational IT excellence. Ironically, many IT initiatives designed to create value end up destroying it because they undermine the company's goals; and IT initiatives that destroy value actually become more harmful as their efficiency improves.

10 things you can do to protect your data, Tech Republic
Your data is unique--making it the most important thing on your computer or network. This article looks at 10 ways you can protect that data from loss and unauthorized access.

Trouble In Authentication Land, BankInfoSecurity
Two–factor authentication compliance is on the horizon. While you’re at it, plan to implement website authentication as the next step to make sure your customer comes to your website, not a phisher’s.

Creating and enforcing acceptable use policies, TechRepublic
If you haven't developed an Acceptable Use Policy for your organization’s computers and network, you’re leaving your company open to security breaches, possible regulatory fines and lawsuits.

Compliance, Not Malware, Drives IT Budgets, Bank Systems & Technology
50 North American chief information security officers said regulatory compliance ranks as the top business reason driving demand for security software, according a Merrill Lynch survey.

Ask the Auditor: Business Risk vs. Audit Risk, IT Compliance Institute
What’s the difference between business risk and audit risk?  Business risk relates mainly to an organization’s goals and objectives and the potential cost of not achieving them. By contrast, audit risk relates to the internal and external audit efforts to achieve business objectives.

Why abandonment isn't the right MSB response, ABA Banking Online
Money services businesses are subject to as broad array of BSA and AML compliance obligations as are banks and other financial institutions. Simply cutting off all money services businesses not only denies service to some communities, but undermines the industry's own anti-money-laundering efforts.

Security Incident Investigations Within Banks, BankInfoSecurity
The way security investigations are performed in banks is receiving more attention these days. This article provides an overview of the security investigation process, how it fits within the incident response process, and specific issues in banks that need to be considered including security intelligence activities.

Exams by audit watchdog to eye controls, costs, Reuters.com
The source of some business complaints about Section 404 has been that audit firms are billing clients for control audits seen by some as too comprehensive and costly. The PCAOB said its exams will look at the "efficiency of (audit) firms' performance of audits of internal control.”

Customizing Enterprise Risk Management, Business Finance
Accume Partners’ own John Palmer comments on the use of the COSO framework to raise awareness for understanding the key risks businesses face. The COSO ERM framework coordinates risk management, internal controls, and enterprise performance management, and includes a process for setting objectives.

Credit Risk Management: Concentration alert,  ABA Banking Online
It’s time for banks and thrifts to adopt better commercial real estate risk management practices on their own rather than waiting for the final interagency ruling. It is estimated that the proposed interagency guidelines will impose “heightened risk management practices” and/or increased capitalization requirements for as many as one third of all banks involved in commercial real estate lending – severely impacting profitability and pricing for the sector.

What Companies Lose from Forced Disclosure, Harvard Business School Working Knowledge
Increased corporate financial reporting may benefit many parties, but not necessarily the companies themselves, according to a study – led by Harvard Business School professor Romana Autrey – examining the relationship between executive performance and public disclosure.

Security Risk Analysis, Processor
As part of an overall risk management strategy, risk analysis can help enterprises determine the likelihood they’ll fall victim to network breaches, theft of confidential information, and other risks, enabling managers to prepare response plans to swiftly get the enterprise back on its feet.

Industry Risk - Banks Missing Opportunities in Wealth Management and Private Banking, RiskCenter
Which financial service firms do executives at small businesses and middle-market companies in the United States choose for their personal wealth management business?

The Joy of SOX: Why Sarbanes Oxley May Be the Best Thing That Ever Happened to American Business
In his new book, The Joy of SOX, Hugh Taylor argues that compliance with the Sarbanes Oxley Act is good, not bad, for business -- a point of view that puts him at odds with many in Washington.

Compliance Costs are Dropping, Sarbanes-Oxley Compliance Journal
This SOX compliance survey finds that accelerated filers' total average cost for Section 404 compliance was down 16.3 percent from 2004. Many of these reductions can be attributed to lower staff and consultant time and reduced auditor fees.

White SOX / Black SOX? - Yahoo! News
Critics argue that the costs of complying with SOX exceed any benefits generated by the statute, and that U.S. securities exchanges are losing market share to overseas rivals as companies seek to avoid SOX's burdens by doing their capital-raising beyond the borders.

Study Reveals Insufficient Management Guidance Is a Major Cost Driver, The Institute of Management Accountants
This comprehensive IMA study addresses various issues related to Sarbanes-Oxley (SOX) compliance and reveals that the majority of respondents cite a lack of practical guidance on what constitutes an effective (or ineffective) system of internal control over financial reporting was a significant cost driver.

PCAOB: Auditor Judgment under Scrutiny, CFO.com
Responding to corporate complaints, the PCAOB says inspections of audit firms, slated to begin this month, will examine whether audits were cost-effective and properly focused on controls that posed the greatest risks, and whether they achieved objectives with the least expenditure of effort and resources.

Section 404, Year Three: Ready for IT? CFO.com
Panelists agree that assessing IT internal controls still poses a challenge since a body of knowledge about information technology and the internal controls function doesn't exist; as companies and auditors haven't yet developed the practical experience, in this arena, that usually accompanies audits and testing.

Financial Executive SOX Report, Sarbanes-Oxley Compliance Journal
Despite its cost, the SOX Act continues to achieve its objective. A survey of financial executives shows an across-the-board increase in the benefits that respondents experienced in 2005 from SOX compliance, with the greatest increases found in SOX’s ability to improve the accuracy of financial reports.

An Integrated-Data View of Compliance, Sarbanes-Oxley Compliance Journal
Today's financial enterprises need to transform their risk and compliance approaches, from reactive to predictive, best-triggered by efficient control-driven information technology. Companies struggling with less-efficient, manual processes will find themselves at a competitive disadvantage.