Accume Partners is pleased to share the most up-to-date banking industry news and information with our clients through our monthly newsletter, eFocus on Banking.
We hope you find it useful, and appreciate your input. Send comments and suggestions to our editor, Mark Benner.
This Month's Focus...
Getting on the Offensive - Focus on the Fiduciary Fundamentals
Trust and fiduciary operations have always been held to a higher standard. In today’s environment of tightening regulations and increased liability, Accume Partners’ Audit Manager – Kathleen Root, Certified Trust Auditor – advises how fiduciaries can assume an offensive position to minimize their financial exposures, ensure compliance, and insulate themselves from internal and external threats. 
Practice Aid: Internal Audit Guide, OCEG Online
The Internal Audit Guide will help directors, executives, and other senior managers charged with governance responsibilities to better understand the issues and processes involved in an internal audit of a compliance and ethics program. Free subscription required.
Develop a scalable security auditing strategy, TechRepublic
Whether auditing is required to meet government regulations or just recommended for internal use, you need an auditing strategy to track and report on important security information on an ongoing basis.
Day of the Geek, ABA Banking Online
Changing philosophies of compliance and recent laws and regulations have contributed to narrowing the once-wide compliance gap between banking management and banking compliance practitioners.
Ask the Auditor: Who is Responsible for Information Security? IT Compliance Institute
All parts of the organization have information security responsibilities. Security goals include a mixture of technical, procedural, and oversight controls which includes the board of directors, management of staff and business lines, and internal audit functions.
Forensics By Choice, Not Chance, BankInfoSecurity.com
Once IT staff determines that a possible security incident has occurred, the matter is turned over to security investigators for further action. Some regulations and standards require proper training of the security incident investigator who may not be a lawyer, but is trained in pertinent legal areas.
Corporate Directors May Not Be Providing Sufficiently Robust Enterprise Risk Oversight, RiskCenter
Corporate directors could find themselves exposed to liability if they fail to keep pace with evolving best practices in enterprise risk management. Free registration required.
Risk management key to bank oversight: Bernanke - MarketWatch
U.S. banks' capital levels should match up to the risks they're taking to avoid endangering the American banking system, according to Federal Reserve Chairman, Ben Bernanke.
Disaster Recovery at the Macro Level, BankInfoSecurity
Disaster Recovery is about three things: planning, testing, and procedures. DRP and its partner Business Continuity Planning (BCP) are board level initiatives that should be treated as such.
First Movers Step Up The Pace of Governance, Business Finance
Call them "governance first-movers." Rather than waiting for new regulations or standard practices to emerge, these companies proactively institute governance and compliance changes that please shareholders; strengthen risk management; and, make their businesses better-managed.
Banking on Small Business - Financial Services Foresight
Banks have found the small business customer base to be a source of frustration. Nowadays, customers in this growing segment choose financial providers by the products and services that meet their needs rather than the traditional factor of branch convenience.
Five Steps for Melding Compliance Efforts with ERM, IT Compliance Institute
Compliance is a subset of the many risks companies face. By merging multiple corporate compliance efforts into the overall risk management strategy a company can help make compliance management a long-term strategy rather than a short-term scramble.
Survey: Most Professionals Never Had a Mentor, WebCPA
A survey of 1,400 CFOs finds that having a mentor is often cited as the single greatest benefit to their careers.
Undoing SOX's Unintended Consequences, TCS Daily
Implementation of the Sarbanes-Oxley Act (SOX) has created a tremendously expensive amount of paperwork and bureaucracy. However, the principal provisions of the "Compete Act", introduced by Congressman Tom Feeney (R-Florida), constitute an excellent reform of SOX implementation by addressing these problems.
The Cost of Being Public, CFO.com
An annual study released by law firm Foley and Lardner calculates that while compliance and governance costs eased this year for companies of all sizes, they remain much higher than before Sarbanes-Oxley.
Pulling Up Your SOX, Sarbanes-Oxley Compliance Journal
A range of problems, such as corporate fraud and violations of privacy, can arise when organizations abuse the way they manage information. Additionally, legislation like the Sarbanes Oxley Act is forcing organizations to assess the adequacy of their internal controls and change the way they manage information from an IT standpoint.
SOX Costs Derailed by Poor Management, Institute of Management Accountants
Lack of management implementation guidance is a significant cost driver for companies in complying with Section 404 requirements, according to this study’s assessment of the views of nearly 400 CFOs, controllers, internal auditors, and SOX compliance specialists at publicly traded companies.
Does Your Ethics Policy Comply With the Sarbanes-Oxley Act? HR.BLR.com
Publicly traded companies are required to abide by ethical standards included in Section 406 of the Sarbanes-Oxley Act which specifically addresses corporate codes of ethics and disclosure requirements. Federal Sentencing Guidelines amendments specify seven requirements for ethics policies that apply to public, private, and not-for-profit companies.
What Every Company Should Know About Email Management for Sarbanes-Oxley Compliance, Sarbanes-Oxley Compliance Journal
Complying with the regulation means establishing a process for managing communications and the information lifecycle. Since email has become the de facto method of business communication, the management of email is a fundamental element of SOX compliance.
Execs Express Top Security Concerns, Network Security
A survey of security executives shows the top security concerns are: unauthorized systems access, auditability/compliance, customer data breaches, sabotage (internal and external), theft of intellectual property, and cost of administration.
Why data encryption is no substitute for comprehensive security, TechRepublic
Data encryption is of little use unless you apply it to specifically mitigate a risk or to address a legal requirement. Data encryption can actually increase security risks if you apply it without considering how it will affect other IT functions.
A rising demand for integrated IT and telecom services, The McKinsey Quarterly
CIOs increasingly want just "one throat to choke" when it comes to IT and telecom services. So far, providers haven't stuck out their necks. Free registration required.
Locking your workstations down, TechRepublic Blog
This article discusses ways to restrict what users can install and download with their computers/workstations, including those that are not operating in a Windows domain environment which can seem a lot more daunting to set restrictive policies on.
So You Think You’re Secure? BankInfoSecurity
Protection from the multitude of attacks requires deployment of security in layers – where each layer enhances overall security. Providing the appropriate layers of security is no longer just a “best practice” but a regulatory requirement.
Managing Technology Risks Using Industrial Strength Change Management, webpronews.com
Often, an IT group will be chastised because a new technology did not provide the business benefits that were promised, only to find that the user groups are not using the technology correctly, and sometimes not at all. Two common causes are inadequate user preparation / readiness and workforce resistance.
FSTC Concludes Phase I of Better Mutual Authentication Project, Bank Systems & Technology
The Financial Services Technology Consortium (FSTC) has concluded phase I of its Better Mutual Authentication (BMA) Project, part of an ongoing effort to secure access to customer accounts and combat fraud in the financial services industry.
Time to face the truth about data security, TechRepublic
Most security professionals would concur that security defenses are lacking. Add to that, many companies do a poor job at monitoring, communicating and enforcing their security policies and procedures.
IT Governance: Overcoming the Triple Threat, Baseline
Companies are turning to information technology to help them comply with Sarbanes-Oxley and other mandates. Software products are helping them keep track of employees, business processes, and assess how compliance is contributing to the business.
How IT can contribute to a more productive, positive workplace culture, TechRepublic
IT can get so caught up in making sure new technology works as advertised and is managed properly, that we forget something pretty important: How to communicate the effective use of the new technology and its etiquette to the users.
 |
© Accume Partners 2006 | privacy policy | terms and conditions |