The SOX Technology Burden
By Brian Mitchell, JPMorgan
Why has SOX become such technology burden?
In year one, SOX was a burden for all. The business had to define all of the key controls associated with financial reporting and it had to identify the key systems on which the business depends to support these controls. Meanwhile, the technology group applied a typical general computing controls assessment to those
When Is a Risk Not a Risk?
By Mike Everall, CISO, DrKW
Yes, we have all seen the seminars and training camps and white papers, such as: "This is how you manage risk!" The trouble is there are as many ways to "manage" risk as there are pundits and white papers. So, I say let's get back to basics and get the fundamentals laid out. What is risk? What are the types of risk? And when is a risk not a risk?
What is a risk?
A risk is when an active (or potentially active) exposure by your organization creates an
Is IT Neglecting Risk?
By Greg MacSweeney, Wall Street & Technology
A survey of more than 200 governance risk and compliance (GRC) professionals, 37.8 percent of whom represent financial services companies, reports that the majority of respondents believe their IT departments aren't meeting the GRC needs of the business. Fifty-five percent of respondents to the survey by the Open Compliance and Ethics Group and GRC solution provider