CA on Governance, Risk and Compliance (GRC)
- Insights and observations on happenings in the GRC market
Articles for: ‘Compliance’
The following are all the postings categorized under: ‘Compliance’ -- if you cannot find what you are looking for here, try using Search or browse by tags.
Dec 29 08
A COBIT Resurgence
Though first published in 1996, COBIT has undergone a resurgence in the past four years as companies began to see its value to help manage IT controls in support of Sarbanes-Oxley compliance. Christopher Daugherty takes a look at COBIT's history in this blog post.
Read MoreDec 18 08
Madoff Scheme Highlights Need for Impartial CCO
Merritt Maxim weighs in on the recent Bernard Madoff Ponzi scandal and what it means for the role of the Chief Compliance Officer.
Read MoreNov 20 08
Insights from CA World: OCEG Luncheon with Scott Mitchell
Insights from CA World are still rolling in from the CA GRC blog team. Check out this latest post, which offers a brief recap of OCEG CEO Scott Mitchell's exclusive luncheon session at CA World this week.
Read MoreNov 19 08
Live from CA World: A Behind the Scenes Look at Casino Compliance
Sumner Blount reporting live from CA World, shares his experiences on an exclusive behind the scenes tour of the hotel, and conversations with the hotel's VP of IT.
Read MoreNov 12 08
UCF Q4 2008 Update Released
Network Frontiers announced the release of the Q4 2008 Unified Compliance Framework (UCF) today. Check out the announcement here: http://www.unifiedcompliance.com/what_is_ucf/press/q4-2008-ucf.html.
Read MoreNov 5 08
Government Regulation: A Growth Industry
CA's Merritt Maxim weighs in on the impact of the federal regulatory spending phenomenon, as highlighted by a recent report from the Weidenbaum Center on the Economy, Government and Public Policy at Washington University at St. Louis.
Read MoreOct 30 08
EuroSOX - Does it really exist?
Against a whole wave of financial scandals driven by fraudulent accounting practices that involved major US corporations such as Worldcom, Enron and Tyco, the US Senate and House of Representatives …
Read MoreOct 24 08
CA Global Survey Highlights Key Compliance Trends
Results of a recent CA global survey of nearly 575 IT professionals finds that the continuing high cost of compliance and manual processes remain top issues for compliance executives. Read this recap of the survey findings by CA's Sumner Blount to learn more.
Read MoreOct 23 08
CA’s Yves Le Roux Presenting at ISACA Info Security Management Forum
If you plan to attend the ISACA Information Management Security Forum in Scottsdale, AZ next week, make sure to introduce yourself to CA’s Yves Le Roux. He is presenting two sessions at the event on Monday, Oct. 27.
In …
Read MoreOct 21 08
Auditing Standard No. 5: Helping to Streamline SOX Compliance Efforts
Familiar with Auditing Standard No. 5? CA's Christopher Daugherty offers up an interpretation of the standard and touches on one of the key benefits -- that following the guidance presented in the AS 5 standard can help to streamline SOX compliance efforts.
Read MoreOct 6 08
Cyberwar: New Regulations Address External Cyber Threats & Increase Need for a Centralized View
Ever considered the implications cyber-warfare may have on your GRC initiatives? Allan Gajadhar takes a look at the federal IT security landscape, touching on the increasingly complex regulatory environment, and weighs in on how organizations can better manage oversight of their IT security initiatives through a more centralized approach.
Read MoreOct 2 08
Sometimes Even the Politicians Get It Wrong
Comments from a panelist on “This Week with George Stephanopolous” point to the lack of regulation (particularly SOX) as a cause for the current financial crisis. Sumner Blount weighs in on how they got it wrong and shares his thoughts on the real intent of SOX.
Read MoreOct 1 08
Are You Counting on a PCI Guarantee?
Likening PCI compliance to locking your windows and doors to prevent a burglary, Mike Hoefgen explores a dangerous assumption that some experts still seem to be making: That becoming PCI compliant means you’re fully protected from a data breach.
Read MoreSep 22 08
Does Compliance Equal Security?
In case you are one of the few CIOs or IT managers out there still asking this question, Network World offers up its answer in its “Does compliance equal security?” post in mid-August.
While it may be common understanding …
Read MoreSep 18 08
The Importance of Fostering Your “Compliance Culture”
Late last week, headlines in US newspapers included a story about a notable ethics scandal in the Denver office of the Mineral Management Service (MMS) division of the US Department of the Interior.
While stories about ethical lapses in …
Read MoreSep 9 08
When Too Much Green Isn’t Good: NERC Compliance is much more than just IT
The United States is fortunate to have pretty reliable power, for the consumer and for commercial enterprise. I am certainly thankful that on the 98 degree days that we get during the DC summer, my air conditioning continues to work. As someone who has earned a living from IT for the last 15 years, I’m glad for the reliable power that allows data centers to operate and businesses to run uninterrupted. I’ve lived places where electricity was neither as plentiful nor as predictable, and UPS batteries and the contents of a refrigerator both have a finite life-span when the power stops flowing.
Read More