Continuous Auditing Gains Momentum, CFOdirect.com
PwC second annual State of the Internal Audit Profession Study finds that half of the U.S. companies surveyed are now using "continuous auditing" techniques to accelerate the internal audit cycle and improve risk and control assurance.

Continuous Auditing Not Yet Automatic, CFO.com
Continuous auditing and its subset, technology-enabled auditing, have the potential to shorten audit cycle times and provide more timely risk and control assurance.

Focus your DR planning by using these five levels of disaster classification, TechRepublic
An effective disaster recovery plan should map out your response to varying levels of severity. This classification system defines disaster levels and what your response should be for each one.

Survey of Over 800 Chief Audit Executives Highlights Mounting Pressures Faced By Internal Audit, IIA
This global survey of senior audit professionals uncovers their key business challenges that have arisen from balancing compliance requirements with the traditional duties of internal audit.

Backdating Woes Beg Question of Auditors' Role, Associated Press
An increasing number of companies are being probed about the practice of backdating employee stock options, which in some cases allowed executives to profit by retroactively locking in low purchase prices for stock.

Compliance on a Shoestring: SMB Strategies, IT Compliance Institute
Complex and intimidating federal mandates like SOX and HIPAA can cover anyone who does business in the US. But for many small businesses IT budgets—if they exist—lack the muscle to support such a focus.

Ask the Auditor: Business Risk vs. Audit Risk, IT Compliance Institute
Business risk relates mainly to an organization’s goals and objectives while audit risk relates mainly to the internal and external audit efforts to achieve its objectives. Leveraging the efforts of both can produce a more efficient overall risk-management effort.

Revised Bank Secrecy Act/Anti-Money Laundering Examination Manual, FDIC
FFIEC released the revised BSA/AML Examination Manual on July 28, 2006 to further clarify supervisory expectations and incorporate regulatory changes since the manual's 2005 release, and to reflect feedback from the banking industry and examination staff.

Information Security, Fraud Risk Top Audit Committee Concerns, BankNet 360
Public company audit committee members believe they must improve fraud prevention and security audits, but still maintain that they are “very effective.”

Creating a Culture of Compliance, IT Compliance Institute
Getting your workforce to pay attention and embrace your compliance initiative can be more critical than the strongest technology solutions. Here are eight top tips to help embed compliance into your workplace culture.

Audit Committees Refocusing Agendas, WebCPA
Many audit committees concede some specific issues and processes could be improved -- including oversight of accounting judgments and estimates, risk management, and agenda setting, according to a recent survey.

Risk Management: More Talk Than Action, CFO.com
A new survey of 230 financial executives says companies recognize the importance of enterprise risk management, but fall short when it comes to implementation.

“Reaping the Rewards'' ERM Business Benefits as Important as Compliance Goals for Financial Services Industry, Ri$k Capital 2006
Reaping business benefits now matches regulatory compliance as the key driver of enterprise risk management (ERM) systems. These benefits include improved performance management, better risk-based pricing, and reduced capital allocation and credit loss.

Disaster Response: What to Do First—A Checklist for CFOs and Controller, AICPA
When a company faces a disaster, whether it is a local or regional situation, it must address a variety of issues in a timely manner. These checklists help walk the finance executive through disaster response in a series of phases, outlining issues that need to be addressed to understand damage and minimize ongoing risks.

Operational Risk Management: An Evolving Discipline, FDIC: Supervisory Insights
Risks stemming from events such as processing errors, internal and external fraud, legal claims, and business disruptions have existed at financial institutions since the inception of banking. One of the great challenges in systematically managing operational risks is that operational losses can be quite diverse in their nature and highly unpredictable in their overall financial impact.

Is Your Organization Safe from Ghosts in the Machine? DMReview
Effective management of user changes is a top IT control issue. The threat from former employees who recently left the organization but still have their data access privileges - the "ghost employee" – poses a very serious threat.

Five Steps for Melding Compliance Efforts with ERM, IT Compliance Institute
Most companies are still in the early stages—if that—of melding compliance initiatives with enterprise-wide efforts to define and manage risk.

Financial Institutions Face Surge in External Security Attacks, BankInfoSecurity
The fourth annual Deloitte Security Survey of senior security officers from the world's top 100 global financial institutions finds that phishing/pharming, spyware/malware, insider fraud and customer data leaks were cited among the most common breaches.

Marketing Audits, the Perfect Strategic Tool, BNET.com
The marketing audit is an invaluable instrument to help an organization establish its unique competitive position and identify its superior skills, resources, and capabilities – all prerequisites for achieving a sustainable competitive advantage. (Free registration required)

Setting Directors' Fees After Sarbanes-Oxley, E-Commerce News: Boardroom
Regulation, negative attention, and exposure to personal liability has resulted in fewer people wanting to serve on a corporate board. Directors' fees have gone up accordingly to make board service more attractive.

Remediating SOX: The End of Conservative Auditing? IT Compliance Institute
After two years of expensive audits and related controversy, many are hoping for the end of an era of ultra-conservative audits that has resulted from inconsistencies between PCAOB’s guidance and inspection practices.

Why SOX Matters to Small Private Companies, SmartPros
Small, private companies are implementing SOX-like programs even though there is no requirement for them to do so. Two provisions in particular -- whistleblower protection and document preservation -- are recommended best practices for a small business.

Streamlining SOX Compliance, IT Compliance Institute
Discover four key success strategies for handling SOX compliance more efficiently and avoiding some of the big mistakes that inflate costs and disrupt day-to-day operations.

Sarbanes-Oxley impact extends far beyond public companies, National Center for Business Journalism
The impact of SOX has been far broader than its supporters intended or envisioned. Not-for-profits and private companies are feeling the impact with some calling for similar regulation at the state and local government level.

High Risk of SOX Control Weaknesses Common in Financial Reporting Cycles, RevenueRecognition.com
92% of public companies’ revenue processes are at risk for compliance failures and restatements according to a new study that reveals widespread reliance on spreadsheets – increasing the likelihood of control weakness and accounting errors. (Free registration required)

Executive Compensation Disclosure Rules: Son of Sarbanes? Business Finance Article Archives
The most sweeping executive compensation change, which has been dubbed the "Son of Sarbanes," is currently being finalized by the SEC. In their current state, the proposed rules would mean a lot more work for finance departments.

Next from Sarbox: Industry Exemptions? CFO.com
There is growing concern within certain sectors that they are being unfairly burdened by 404 compliance – among them, biotech and community bank executives who contend that meeting the Sarbanes-Oxley Act's Section 404 requirements are diverting money and attention away from conducting business.

Microsoft Regulatory Compliance Planning Guide, TechRepublic
Most regulations do not clearly state what is required from an IT perspective. Microsoft has created the Regulatory Compliance Planning Guide to help IT professionals and others interested in regulatory compliance.

Security Watch: When two factor fails, CNET
Real-world two-factor authentication is secure, for the moment. But two-factor authentication on the Internet should be held as suspect.

Encryption Isn’t Enough: Five Vital Protection Steps, IT Compliance Institute
Encryption is a powerful weapon in the CIO’s data protection arsenal. But other options are needed to ensure a well-rounded security system.

FFIEC Single Factor Authentication Roundtable, BankInfoSecurity
In a roundtable session, top financial institutions share their experiences with multifactor authentication techniques, implementation best practices and concerns, customer education, and usability in an effort to comply with new FFIEC guidelines.

10 things you can do to protect your data, TechRepublic
Operating systems and applications can always be reinstalled, but your data is unique--making it the most important thing on your computer or network. Here are 10 ways you can protect that data from loss and unauthorized access. (Free registration required)

Banks face Web security deadline, Computerworld
Last fall's release of federal guidelines on validating the identities of online users helped catalyze ongoing efforts to adopt so-called strong authentication measures; but, the majority of banks are unprepared to meet Dec. 31 deadline for complying with these guidelines.

How Regulations Are Changing The Enterprise IT Landscape, Processor Editorial
Integrating compliance into enterprise strategy is a difficult process, particularly when employees struggle to understand that compliance should be a regular part of business operations and not a separate procedure.

10 ways to protect systems from electrical catastrophes, TechRepublic
Your systems and peripherals are constantly at risk of sustaining electrical damage, whether the culprit is improper site wiring, fluctuations in a system's electrical supply, overtaxed circuits, or lightning strikes.

Learn how IT governance can benefit your organization, TechRepublic
You can hardly browse a technology publication these days without reading at least one article on business and IT alignment. But without an IT governance process, it is nearly impossible to be aligned with organizational goals.